1 (edited by depearg 2014-10-24 12:07:39)

Topic: Problems with lists

==== Required information ====
- iRedMail version: 0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Centos 6.5
- Related log if you're reporting an issue:

Oct 23 22:16:25 mail postfix/qmgr[1451]: C25068115D: from=<d****@gmail.com>, size=2425, nrcpt=1 (queue active)
Oct 23 22:16:25 mail postfix/smtpd[11569]: disconnect from mail.********.***[127.0.0.1]
Oct 23 22:16:25 mail amavis[9674]: (09674-10) Passed CLEAN {RelayedInternal}, LOCAL [***.**.***.**]:40053 [***.***.***.*] <d*****@gmail.com> -> <postmaster@*******.***>, Queue-ID: D9FE88115C, Message-ID: <34052EF7-0944-494F-8221-3B6DF1819212@gmail.com>, mail_id: bmF6PxQzNe35, Hits: 0.692, size: 1822, queued_as: C25068115D, dkim_sd=20120113:gmail.com, 2209 ms
Oct 23 22:16:25 mail postfix/smtp[11565]: D9FE88115C: to=<postmaster@***********.***>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.5, delays=2.2/0.03/0.01/2.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as C25068115D)

====

I have several lists, restricted to only receive mails from lists moderators, but when send mails to the lists from a public external address (gmail), I still receive the mails forwarded to the members.

In the logs, I send a mail to list_test@mydomain, only 1 member (postmaster), 1 moderator (postmaster), restricted to receive only from moderators, and still, receive from externals senders.

Any help will be appreciated.

PD. upgraded today to 0.8.7, and 2.1.2, to test if was a problem solved with the upgrade.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Problems with lists

Mailing list access is controlled by iRedAPD with plugin 'ldap_maillist_access_policy'. Please make sure you have this plugin enabled in iRedAPD config file /opt/iredapd/settings.py, if yes, then please turn on debug mode in iRedAPD and send testing email again, paste debug log in iRedAPD log file here so that others can help troubleshoot.

Reference: Turn on debug mode in iRedAPD.
http://www.iredmail.org/docs/turn.on.de … edapd.html

3 (edited by depearg 2014-10-24 19:39:23)

Re: Problems with lists

Hi, attached the log.

Say access policy: public, when in iredadmin-pro, is checked members only.

In ldapmyadmin, I see accessPolicy = allowedOnly

Regards

So far I can see, the function recipient_ldif.get('accessPolicy', ['public'])[0].lower() is returning always public, don't know why.

Forced allowedonly, and now get the following errors.

2014-10-24 08:36:29 DEBUG postmaster@xxx.xx.ar -> lista_test@xx.xx.ar, access policy: allowedonly
2014-10-24 08:36:29 DEBUG Sender is not explicitly allowed, query user aliases and alias domains.
2014-10-24 08:36:29 DEBUG [+] Getting allowed senders of mail list: lista_test@xx.xx.ar
2014-10-24 08:36:29 DEBUG result: []
2014-10-24 08:36:29 DEBUG Allowed users:
2014-10-24 08:36:29 DEBUG Allowed domains:
2014-10-24 08:36:29 DEBUG Allowed subdomains:
2014-10-24 08:36:29 DEBUG All possible sender domains: xx.xx.ar, .xx.xx.ar, .xx.ar, .ar
2014-10-24 08:36:29 DEBUG <-- Result: REJECT Not authoried


I think I have some ldap problems ?

Regards.

Post's attachments

iredapd.log.txt 3.78 kb, 2 downloads since 2014-10-24 

You don't have the permssions to download the attachments of this post.

4

Re: Problems with lists

Could you please paste full LDIF data of this mailing list account?

5

Re: Problems with lists

Yes, the ldif is :

dn: mail=lista_test@xxxxxx.xxx.ar,ou=Groups,domainName=xxxxxxxx.xxx.ar,o=domains,dc=xxxxxxxx,dc=xxx,dc=ar
accessPolicy: allowedOnly
accountStatus: active
cn: Lista Test
enabledService: mail
enabledService: deliver
listAllowedUser: postmaster@xxxxxx.xxx.ar
mail: lista_test@xxxxxxx.xxx.ar
objectClass: mailList
shadowAddress: lista_test@xxxxxxxx.xxx.ar

Regards.

Demian

6

Re: Problems with lists

Your iRedAPD plugin file /opt/iredapd/plugins/ldap_maillist_access_policy.py doesn't seems right. In your attached log file:

2014-10-24 07:14:53 DEBUG [+] Getting LDIF data of account: lista_test@xxxxxxxxx.xxx
2014-10-24 07:14:53 DEBUG search filter: (&(|(mail=lista_test@xxxxxxxxx.xxx)(shadowAddress=lista_test@xxxxxxxxx.xxx))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2014-10-24 07:14:53 DEBUG search attributes: ['objectClass']
2014-10-24 07:14:53 DEBUG result: [('mail=lista_test@xxxxxxxxx.xxx,ou=Groups,domainName=xxxxxxxxx.xxx,o=domains,dc=xxxxxx,dc=xxx', {'objectClass': ['mailList']})]

Search attribute doesn't contain attribute 'accessPolicy'. Did you modify iRedAPD plugin before?

7 (edited by depearg 2014-10-25 15:36:09)

Re: Problems with lists

Hi,
No modification, is the last iredapd (1.4.4).
Will reupload, or change to 1.4.3.

Regards.

Demian

8

Re: Problems with lists

Back to 1.4.2 and now is working !!!

just for your info.

[root@mail plugins]# diff ldap_maillist_access_policy.py ../../iRedAPD-1.4.2/plugins/ldap_maillist_access_policy.py
8a9
> REQUIRE_LOCAL_SENDER = False
9a11
> SENDER_SEARCH_ATTRLIST = []
62c64
<             return SMTP_ACTIONS['reject_not_authorized']
---
>             return SMTP_ACTIONS['reject']
71c73
<             return SMTP_ACTIONS['reject_not_authorized']
---
>             return SMTP_ACTIONS['reject']
104c106
<             return SMTP_ACTIONS['reject_not_authorized']
---
>             return SMTP_ACTIONS['reject']

9

Re: Problems with lists

Confirmed, it's a bug in pre-release iRedAPD-1.4.4 version shipped in iRedMail-0.9.0-rc1. here's patch:
https://bitbucket.org/zhb/iredapd/commi … at=default

Thanks for your feedback. smile

NOTE: the final release of iRedAPD-1.4.4 shipped by iRedMail-0.9.0 stable release will include this fix.

By the way, here's debug log of working plugin (test@a.cn is a mailing list account):

2014-10-25 05:14:10 DEBUG [+] Getting LDIF data of account: test@a.cn
2014-10-25 05:14:10 DEBUG search filter: (&(|(mail=test@a.cn)(shadowAddress=test@a.cn))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2014-10-25 05:14:10 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy']
2014-10-25 05:14:10 DEBUG result: [('mail=test@a.cn,ou=Groups,domainName=a.cn,o=domains,dc=example,dc=com', {'objectClass': ['mailList'], 'accessPolicy': ['allowedOnly'], 'listAllowedUser': ['test@a.cn']})]
2014-10-25 05:14:10 DEBUG --> Apply plugin: ldap_maillist_access_policy
2014-10-25 05:14:10 DEBUG postmaster@a.cn -> test@a.cn, access policy: allowedonly
2014-10-25 05:14:10 DEBUG Sender is not explicitly allowed, query user aliases and alias domains.
2014-10-25 05:14:10 DEBUG [+] Getting allowed senders of mail list: test@a.cn
2014-10-25 05:14:10 DEBUG result: ['test@a.cn']
2014-10-25 05:14:10 DEBUG Allowed users: test@a.cn
2014-10-25 05:14:10 DEBUG Allowed domains:
2014-10-25 05:14:10 DEBUG Allowed subdomains:
2014-10-25 05:14:10 DEBUG Query to get user alises of allowed senders under same domain.
2014-10-25 05:14:10 DEBUG base dn: ou=Users,domainName=a.cn,o=domains,dc=example,dc=com
2014-10-25 05:14:10 DEBUG search scope: 1 (ldap.SCOPE_ONELEVEL)
2014-10-25 05:14:10 DEBUG search filter: (&(objectClass=mailUser)(enabledService=shadowaddress)(|(mail=test@a.cn)(shadowAddress=test@a.cn)))
2014-10-25 05:14:10 DEBUG search attributes: mail, shadowAddress
2014-10-25 05:14:10 DEBUG result: []
2014-10-25 05:14:10 DEBUG All possible sender domains: a.cn, .a.cn, .cn
2014-10-25 05:14:10 DEBUG <-- Result: REJECT Not authoried
2014-10-25 05:14:10 INFO [127.0.0.1] postmaster@a.cn -> test@a.cn, REJECT Not authoried