1

Topic: Email handling issue in mail list or postfix

I received an update from the client today which is a exim filter file and 90% of rules can be handle by mail list.  But I found few rules are in different format.  I have simplified it and shown in below.   And I would like to know whether we can support it or not.  I can send you the full list as it included some audit on outgoing and spam rules.  Thanks

Case 1: all email receive from <any address> to the server (Something like whitelisting)
Case 2: allow xxx@domaina.com  send to "@domaina.com|@domainb.com.  The other domains are not allow.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Email handling issue in mail list or postfix

bongdotcom wrote:

Case 1: all email receive from <any address> to the server (Something like whitelisting)

You can use 'mynetworks' in postfix for whitelisting, policyd provides whitelisting feature for external mail servers.

bongdotcom wrote:

Case 2: allow xxx@domaina.com  send to "@domaina.com|@domainb.com.  The other domains are not allow.

Not implemented. But should be easy to implement in iRedAPD policy daemon, and use iRedAdmin-Pro to manage it.

3

Re: Email handling issue in mail list or postfix

For case 1, if I want to allow the email address to all maillist, I need to add the email from phpldap?  Am I correct?

For case 2, can you provide an example for me.  As I have no idea how to apply this to the system.  Thanks.

For all domaina.com users,  receipent != domaina.com and domainb.com, REJECT

4

Re: Email handling issue in mail list or postfix

I'm so sorry that i can't understand what you mean of case #1.

For case 2: you have to write your own plugin to implement this feature. if you need a sample plugin, just refer to src/plugins/*.py in iRedAPD source code.

5

Re: Email handling issue in mail list or postfix

I have no idea how to apply on this?  where to put domaina.com? where to put domaina.com and domainb.com as allow.  And how to apply?  Please advice.

#!/usr/bin/env python
# encoding: utf-8

# Author: Zhang Huangbin <michaelbibby (at) gmail.com>

import sys

ACTION_REJECT = 'REJECT Not Authorized'

def __get_allowed_senders(ldapConn, ldapBaseDn, listDn, sender, recipient, polic
y,):
    """return search_result_list_based_on_access_policy"""

    # Set search base dn, scope, filter and attribute list based on access polic
y.
    if policy == 'membersonly':
        basedn = ldapBaseDn
        searchScope = 2     # ldap.SCOPE_SUBTREE
        # Filter used to get domain members.
        searchFilter = "(&(|(objectclass=mailUser)(objectclass=mailExternalUser)
)(accountStatus=active)(memberOfGroup=%s))" % (recipient, )
        searchAttr = 'mail'
    else:
        basedn = listDn
        searchScope = 0     # Use SCOPE_BASE to improve performance.
        # Filter used to get domain moderators.
        searchFilter = "(&(objectclass=mailList)(mail=%s))" % (recipient, )
        searchAttr = 'listAllowedUser'

    try:
        result = ldapConn.search_s(basedn, searchScope, searchFilter, [searchAtt
r])
        userList = []
        for obj in result:
            if obj[1].has_key(searchAttr):
                # Example of result data:
                # [('dn', {'listAllowedUser': ['user@domain.ltd']})]
                # [('dn', {'listAllowedUser': ['user@domain.ltd']})]
                userList += obj[1][searchAttr]
            else:
                pass
        return userList

    except Exception, e:
        return []

def restriction(ldapConn, ldapBaseDn, ldapRecipientDn, ldapRecipientLdif, smtpSe
ssionData, **kargs):
    # Return if recipient is not a mail list object.
    if 'maillist' not in [ v.lower() for v in ldapRecipientLdif['objectClass']]:
        return 'DUNNO'

    sender = smtpSessionData['sender'].lower()
    recipient = smtpSessionData['recipient'].lower()
    policy = ldapRecipientLdif.get('accessPolicy', ['public'])[0].lower()

    if policy == "public": return 'DUNNO'   # No restriction.
    elif policy == "domain":
        # Bypass all users under the same domain.
        if sender.split('@')[1] == recipient.split('@')[1]: return 'DUNNO'
        else: return ACTION_REJECT
    else:
        # Handle other access policies: membersOnly, allowedOnly.
        allowedSenders = __get_allowed_senders(
                ldapConn=ldapConn,
                ldapBaseDn=ldapBaseDn,
                listDn=ldapRecipientDn,
                sender=sender,
                recipient=recipient,
                policy=policy,
                )

        if sender.lower() in [ v.lower() for v in allowedSenders ]:
            return 'DUNNO'
        else:
            return ACTION_REJECT

6

Re: Email handling issue in mail list or postfix

This is just for your reference, you have to write a new plugin to implement what you need.

7

Re: Email handling issue in mail list or postfix

I have no idea about the plugin?  Also I don't know how to apply even write this?  So I think it's not easy and not possible to make it by ourselves?

8

Re: Email handling issue in mail list or postfix

You need to be familiar with Python programming language: http://www.python.org/

9

Re: Email handling issue in mail list or postfix

I found a way to do on the postfix directly using restrict_sender.  But I would like to know how to get the a domain user list from ldap?  Any script or way to do on shell?  As I need to generate a script to apply the setting.

10

Re: Email handling issue in mail list or postfix

You can use 'ldapsearch' command. smile

11

Re: Email handling issue in mail list or postfix

can you give me an example of ldapsearch command to search one domain?  As I tried to use
ldapsearch -h <host> "objectClass=*"
and not work.