Topic: Suggestion - change of cluebringer configuration
I'm not expert in cluebringer - so please review my ideas.
I did some research about cluebringer setup in iRedMail after some complains from my customers and I think, we should do some adjustments in default iRedMail installation.
The problem pops out when you send email using SMTP AUTH and change the MAIL FROM address (account has enabled sender_login_mismatch in iRedAPD). In this situation, cluebringer applies both EHLO and graylisting checks to the email. Especially if the new MAIL FROM is not from locally configured domain.
I think, it's not expected. It should instead work exactly as if the MAIL FROM will stay the same as sasl_username - SASL simply makes the traffic trusted/authenticated/internal.
The reason is, such that email:
a) doesn't match identifier (%internal_ips AND %internal_domains) - both the IP and also the email domain could be different in case SASL is in use,
b) does match the (!internal_ips AND !%internal_domains) - for the same reason
To allow such emails, we should:
- add new rule in policies matching (%internal_ips AND %internal_domains) and use $* instead (see below).
- change the rule (!%internal_ips AND !%internal_domains) and add "... AND $-" to also require NO SASL.
So to be specific:
1) Default Inbound - change from:
Meaning: default inbound is NOT when SASL is used to deliver the email.
2) Default Outbound
Meaning: defaoult outbound IS then SASL is used and destination in not local.
3) no_greylisting change from:
Meaning: no_greylisting can apply only if the email comes from outside world via NO SASL.
4) Default Internal
Meaning: default internal is also when mail comes via in SASL and destination is internal.