1 (edited by cegner 2015-05-19 22:28:41)

Topic: Policy rejections after iRedAPD 1.5.0 update

======== Required information ====
- iRedMail version: 0.9.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Linux/BSD distribution name and version: Debian 7.9
- Related log if you're reporting an issue:
====

Hello,

I just updated a server to iRedMail 0.9.1 / iRedAdmin Pro 2.3.0. The update includes a new version of iRedAPD (1.5.0). I'm encountering the following problem after the update:

- Domain a.tld is hosted on the iRedMail Server (server 1)
- Some users@a.tld relay over another server (server 2), not server 1
- Now, user1@a.tld send sends a mail through server 2 to user2@a.tld

Server 1 rejects these emails (Recipient address rejected: Policy rejection not logged in), altough server 2's IP address is listed in mynetworks on server 1. This used to be working up to iRedAPD 1.4.4.

Best Regards
Christof

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Policy rejections after iRedAPD 1.5.0 update

iRedAPD does not take into account mynetworks for this - it does seem like a legitimate reasoning - but I consider this a bug, basically iRedAPD now FORCES all local domains (sender) to be SASL Authenticated (which is correct) - but I think it should respect a mynetworks or similar parameter, hopefully Zhang sees this too.

3

Re: Policy rejections after iRedAPD 1.5.0 update

Fixed moment ago:
https://bitbucket.org/zhb/iredapd/commi … 7d3979dfae

It uses variable `mynetworks` to store all trusted or internal networks you want to bypass.

7t3chguy wrote:

hopefully Zhang sees this too.

Don't worry, i will check every post. smile

4

Re: Policy rejections after iRedAPD 1.5.0 update

We have the same problem. So glad to see there is an additional variable.

My question is now: Can I also add a IP subnet (like 0.0.0.0/20)

5

Re: Policy rejections after iRedAPD 1.5.0 update

frank.daeuble wrote:

My question is now: Can I also add a IP subnet (like 0.0.0.0/20)

iRedAPD doesn't support IP subnet like this. so, no. Maybe in future release.