1 Topic by mlocati

  • mlocati
  • Member
  • Offline
  • Registered: 2014-11-03
  • Posts: 20

Topic: Access policy not valid for aliased domains

======== Required information ====
- iRedMail version: 0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version:  Ubuntu 14.04.1 LTS
- Related log if you're reporting an issue: from /var/log/iredapd.log
2014-11-10 17:45:36 INFO [MY.IP.ADDRE.SS] me@alias.com -> list@domain.com, REJECT Not authorized
====

I created a new list like this:

INSERT INTO alias SET
    address='list@domain.com',
    goto='you@domain.com',
    accesspolicy='domain',
    domain='domain.com',
    islist=1;

And I have

INSERT INTO alias_domain SET
    alias_domain='alias.com',
    target_domain='domain.com'

When sending an email to list@domain.com from me@domain.com everything works as expected (you@domain.com receives the email).
When sending an email to list@domain.com from me@alias.com iredapd refuses to send the email.
How could I fix this?

I also tried to change the accesspolicy from 'domain' to 'membersOnly', but the result is the same...

Thank you
Michele

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Access policy not valid for aliased domains

BUG in iRedAPD, it doesn't check alias domain names.
I will try to fix it later and come back to you. Thanks for your feedback.

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Access policy not valid for aliased domains

By the way, iRedMail doesn't allow to login as alias domain user, how do you send as alias domain user?

4 Reply by mlocati

  • mlocati
  • Member
  • Offline
  • Registered: 2014-11-03
  • Posts: 20

Re: Access policy not valid for aliased domains

ZhangHuangbin wrote:

it doesn't check alias domain names.

IMHO you should make sure that also the list domain is resolved to the standard domain. So, you should:
- un-alias the sender domain
- un-alias the list domain
- compare the two domains

ZhangHuangbin wrote:

how do you send as alias domain user?

With my email client (Thunderbird)

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Access policy not valid for aliased domains

mlocati wrote:

With my email client (Thunderbird)

Did you modify any iRedMail config files? e.g. Postfix, Dovecot?

6 Reply by mlocati

  • mlocati
  • Member
  • Offline
  • Registered: 2014-11-03
  • Posts: 20

Re: Access policy not valid for aliased domains

ZhangHuangbin wrote:

Did you modify any iRedMail config files?

We have a rather complex system.
We have an internal mail server to which our clients send emails.
The internal mail server connects to the iRedMail external server to deliver external emails, using a single account.
For this to work we added the internal IP address to the mynetworks list, and modified /etc/postfix/main.cf removing reject_sender_login_mismatch from smtpd_sender_restrictions

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Access policy not valid for aliased domains

OK.

This iRedAPD bug was fixed yesterday, and will be available in next release. Sorry we don't have a patch for iRedAPD-1.4.3.

8 Reply by mlocati

  • mlocati
  • Member
  • Offline
  • Registered: 2014-11-03
  • Posts: 20

Re: Access policy not valid for aliased domains

What if I try to apply this patch to the current iRedAPD-1.4.3?

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Access policy not valid for aliased domains

This patch is for the latest development edition of iRedAPD, it may not work with iRedAPD-1.4.3.