1 Topic by djbahati1 (edited by djbahati1 2016-05-02 19:47:16)

  • djbahati1
  • Member
  • Offline
  • Registered: 2013-08-27
  • Posts: 102

Topic: Blacklisting not Working

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

I have tried to blacklist some sender and recipient in iredadmin-LDAP pro. But stll they can send and recieve e-amil as usual. My setting in postfix are check_policy_service inet:xx.xxx.xx.x:7777, reject_unknown_sender_domain, ......... while ina iredapd is

plugins = ["reject_null_sender","amavisd_wblist","greylisting","throttle","reject_sender_login_mismatch","ldap_maillist_access_policy"]

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: Blacklisting not Working

*) Please show us output of commands below:

postconf smtpd_recipient_restrictions
postconf smtpd_end_of_data_restrictions

*) Turn on debug in iRedAPD, then send one more testing email to get debug log in /var/log/iredapd/iredapd.log, paste FULL log of this testing email here.

FYI: http://www.iredmail.org/docs/debug.iredapd.html

3 Reply by djbahati1 (edited by djbahati1 2016-05-02 19:47:53)

  • djbahati1
  • Member
  • Offline
  • Registered: 2013-08-27
  • Posts: 102

Re: Blacklisting not Working

Here is the log.

admin@test.com is in outbound blacklist while camust@test.com inbound blacklist. admin was sending email to camust and the messages was successfully delivered to camust.

# postconf smtpd_recipient_restrictions
smtpd_recipient_restrictions = check_policy_service inet:xx.xxx.xxx:7777, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, permit_sasl_authenticated, reject_unauth_destination


# postconf smtpd_end_of_data_restrictions
smtpd_end_of_data_restrictions = check_policy_service inet:xx.xxx.xxx.1:7777


# postconf smtpd_sender_restrictions
smtpd_sender_restrictions = check_policy_service inet:xx.xxx.xxx.1:7777, reject_unknown_sender_domain, reject_unknown_address, permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_authenticated_sender_login_mismatch, reject_unauthenticated_sender_login_mismatch, reject_unlisted_sender, reject




2016-05-02 12:36:30 DEBUG smtp session: sender=admin@test.com
2016-05-02 12:36:30 DEBUG smtp session: sasl_username=admin@test.com
2016-05-02 12:36:30 INFO [172.16.21.2] RCPT, => admin@test.com -> camust@test.com, DUNNO
2016-05-02 12:36:30 DEBUG smtp session: sender=admin@test.com
2016-05-02 12:36:30 DEBUG smtp session: sasl_username=admin@test.com
2016-05-02 12:36:30 INFO [172.16.21.2] RCPT, => admin@test.com -> camust@test.com, DUNNO
2016-05-02 12:36:30 DEBUG smtp session: sender=admin@test.com
2016-05-02 12:36:30 DEBUG smtp session: sasl_username=admin@test.com
2016-05-02 12:36:30 INFO [172.16.21.2] END-OF-MESSAGE, => admin@test.com -> camust@test.com, DUNNO

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: Blacklisting not Working

djbahati1 wrote:

smtpd_sender_restrictions = check_policy_service inet:xx.xxx.xxx.1:7777, reject_unknown_sender_domain, reject_unknown_address, permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_authenticated_sender_login_mismatch, reject_unauthenticated_sender_login_mismatch, reject_unlisted_sender, reject

Don't enable it in "smtpd_sender_restrictions =". Just "smtpd_recipient_restrictions" and "smtpd_end_of_data_restrictions".

Show us FULL debug log, do not filter it with 'grep'.

5 Reply by djbahati1 (edited by djbahati1 2016-05-02 21:57:42)

  • djbahati1
  • Member
  • Offline
  • Registered: 2013-08-27
  • Posts: 102

Re: Blacklisting not Working

2016-05-02 16:01:16 DEBUG Connect from 172.16.21.1, port 43218.
2016-05-02 16:01:16 DEBUG smtp session: request=smtpd_access_policy
2016-05-02 16:01:16 DEBUG smtp session: protocol_state=RCPT
2016-05-02 16:01:16 DEBUG smtp session: protocol_name=ESMTP
2016-05-02 16:01:16 DEBUG smtp session: client_address=172.16.21.2
2016-05-02 16:01:16 DEBUG smtp session: client_name=unknown
2016-05-02 16:01:16 DEBUG smtp session: reverse_client_name=unknown
2016-05-02 16:01:16 DEBUG smtp session: helo_name=172.16.21.1
2016-05-02 16:01:16 DEBUG smtp session: sender=admin@test.com
2016-05-02 16:01:16 DEBUG smtp session: recipient=dbtest@ym.co.tz
2016-05-02 16:01:16 DEBUG smtp session: recipient_count=0
2016-05-02 16:01:16 DEBUG smtp session: queue_id=
2016-05-02 16:01:16 DEBUG smtp session: instance=721e.57274f9c.46182.0
2016-05-02 16:01:16 DEBUG smtp session: size=5618
2016-05-02 16:01:16 DEBUG smtp session: etrn_domain=
2016-05-02 16:01:16 DEBUG smtp session: stress=
2016-05-02 16:01:16 DEBUG smtp session: sasl_method=PLAIN
2016-05-02 16:01:16 DEBUG smtp session: sasl_username=admin@test.com
2016-05-02 16:01:16 DEBUG smtp session: sasl_sender=
2016-05-02 16:01:16 DEBUG smtp session: ccert_subject=
2016-05-02 16:01:16 DEBUG smtp session: ccert_issuer=
2016-05-02 16:01:16 DEBUG smtp session: ccert_fingerprint=
2016-05-02 16:01:16 DEBUG smtp session: ccert_pubkey_fingerprint=
2016-05-02 16:01:16 DEBUG smtp session: encryption_protocol=TLSv1.2
2016-05-02 16:01:16 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES128-GCM-SHA256
2016-05-02 16:01:16 DEBUG smtp session: encryption_keysize=128
2016-05-02 16:01:16 DEBUG LDAP connection initialied success.
2016-05-02 16:01:16 DEBUG LDAP bind success.
2016-05-02 16:01:16 DEBUG --> Apply plugin: reject_null_sender
2016-05-02 16:01:16 DEBUG <-- Result: DUNNO
2016-05-02 16:01:16 DEBUG --> Apply plugin: greylisting
2016-05-02 16:01:16 DEBUG Found SASL username, bypass greylisting for outbound email.
2016-05-02 16:01:16 DEBUG <-- Result: DUNNO
2016-05-02 16:01:16 DEBUG --> Apply plugin: reject_sender_login_mismatch
2016-05-02 16:01:16 DEBUG Sender: admin@test.com, SASL username: admin@test.com
2016-05-02 16:01:16 DEBUG SKIP: sender == sasl username.
2016-05-02 16:01:16 DEBUG <-- Result: DUNNO
2016-05-02 16:01:16 DEBUG --> Apply plugin: throttle
2016-05-02 16:01:16 DEBUG Check sender throttling.
2016-05-02 16:01:16 DEBUG [SQL] Query throttle setting:

        SELECT id, account, priority, period, max_msgs, max_quota, msg_size
          FROM throttle
         WHERE kind='outbound' AND account IN ('172.16.21.2', '@ip', '@.', 'admin@test.com', '@test.com', '@.test.com', '@co.tz', '@.co.tz', '@tz', '@.tz', '172.16.*.2', '172.16.*.*', '*.*.*.2', '172.16.21.*', '*.*.21.2', '*.*.*.*', '*.16.21.2', '172.*.*.2', '172.*.*.*', '172.*.21.2')
         ORDER BY priority DESC
         
2016-05-02 16:01:16 DEBUG [SQL] Query result:
[]
2016-05-02 16:01:16 DEBUG No sender throttle setting.
2016-05-02 16:01:16 DEBUG Check recipient throttling.
2016-05-02 16:01:16 DEBUG [SQL] Query throttle setting:

        SELECT id, account, priority, period, max_msgs, max_quota, msg_size
          FROM throttle
         WHERE kind='inbound' AND account IN ('172.16.21.2', '@ip', '@.', 'dbtest@ym.co.tz', '@ym.co.tz', '@.ym.co.tz', '@co.tz', '@.co.tz', '@tz', '@.tz', '172.16.*.2', '172.16.*.*', '*.*.*.2', '172.16.21.*', '*.*.21.2', '*.*.*.*', '*.16.21.2', '172.*.*.2', '172.*.*.*', '172.*.21.2')
         ORDER BY priority DESC
         
2016-05-02 16:01:16 DEBUG [SQL] Query result:
[]
2016-05-02 16:01:16 DEBUG No recipient throttle setting.
2016-05-02 16:01:16 DEBUG <-- Result: DUNNO
2016-05-02 16:01:16 DEBUG [+] Getting LDIF data of account: dbtest@ym.co.tz
2016-05-02 16:01:16 DEBUG search base dn: o=domains,dc=gov,dc=go,dc=tz
2016-05-02 16:01:16 DEBUG search scope: SUBTREE
2016-05-02 16:01:16 DEBUG search filter: (&(|(mail=dbtest@ym.co.tz)(shadowAddress=dbtest@ym.co.tz))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2016-05-02 16:01:16 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy']
2016-05-02 16:01:16 DEBUG result: [('mail=dbtest@ym.co.tz,ou=Users,domainName=ym.co.tz,o=domains,dc=gov,dc=go,dc=tz', {'objectClass': ['inetOrgPerson', 'mailUser', 'shadowAccount', 'amavisAccount', 'top', 'calEntry', 'turbaContact']})]
2016-05-02 16:01:16 DEBUG --> Apply plugin: ldap_maillist_access_policy
2016-05-02 16:01:16 DEBUG <-- Result: DUNNO (Not a mail list account)
2016-05-02 16:01:16 DEBUG --> Apply plugin: amavisd_wblist
2016-05-02 16:01:16 DEBUG Possible policy senders: ['@.', 'admin@test.com', '@test.com', '@.test.com', '@co.tz', '@.co.tz', '@tz', '@.tz']
2016-05-02 16:01:16 DEBUG Possible policy recipients: ['@.', 'dbtest@ym.co.tz', '@ym.co.tz', '@.ym.co.tz', '@co.tz', '@.co.tz', '@tz', '@.tz']
2016-05-02 16:01:16 DEBUG Apply wblist for outbound message.
2016-05-02 16:01:16 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('@.', 'admin@test.com', '@test.com', '@.test.com', '@co.tz', '@.co.tz', '@tz', '@.tz')
           ORDER BY priority DESC
2016-05-02 16:01:16 DEBUG Local addresses (in `users`): [(2L, 'admin@test.com'), (1L, '@.')]
2016-05-02 16:01:16 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('@.', 'dbtest@ym.co.tz', '@ym.co.tz', '@.ym.co.tz', '@co.tz', '@.co.tz', '@tz', '@.tz')
           ORDER BY priority DESC
2016-05-02 16:01:16 DEBUG No record found in SQL database.
2016-05-02 16:01:16 DEBUG No valid sender id or recipient id.
2016-05-02 16:01:16 DEBUG <-- Result: DUNNO
2016-05-02 16:01:16 INFO [172.16.21.2] RCPT, => admin@test.com -> dbtest@ym.co.tz, DUNNO
2016-05-02 16:01:16 DEBUG Session ended
2016-05-02 16:01:16 DEBUG Close LDAP connection.
2016-05-02 16:01:16 DEBUG smtp session: request=smtpd_access_policy
2016-05-02 16:01:16 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2016-05-02 16:01:16 DEBUG smtp session: protocol_name=ESMTP
2016-05-02 16:01:16 DEBUG smtp session: client_address=172.16.21.2
2016-05-02 16:01:16 DEBUG smtp session: client_name=unknown
2016-05-02 16:01:16 DEBUG smtp session: reverse_client_name=unknown
2016-05-02 16:01:16 DEBUG smtp session: helo_name=172.16.21.1
2016-05-02 16:01:16 DEBUG smtp session: sender=admin@test.com
2016-05-02 16:01:16 DEBUG smtp session: recipient=dbtest@ym.co.tz
2016-05-02 16:01:16 DEBUG smtp session: recipient_count=1
2016-05-02 16:01:16 DEBUG smtp session: queue_id=56C08E400B1
2016-05-02 16:01:16 DEBUG smtp session: instance=721e.57274f9c.46182.0
2016-05-02 16:01:16 DEBUG smtp session: size=5620
2016-05-02 16:01:16 DEBUG smtp session: etrn_domain=
2016-05-02 16:01:16 DEBUG smtp session: stress=
2016-05-02 16:01:16 DEBUG smtp session: sasl_method=PLAIN
2016-05-02 16:01:16 DEBUG smtp session: sasl_username=admin@test.com
2016-05-02 16:01:16 DEBUG smtp session: sasl_sender=
2016-05-02 16:01:16 DEBUG smtp session: ccert_subject=
2016-05-02 16:01:16 DEBUG smtp session: ccert_issuer=
2016-05-02 16:01:16 DEBUG smtp session: ccert_fingerprint=
2016-05-02 16:01:16 DEBUG smtp session: ccert_pubkey_fingerprint=
2016-05-02 16:01:16 DEBUG smtp session: encryption_protocol=TLSv1.2
2016-05-02 16:01:16 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES128-GCM-SHA256
2016-05-02 16:01:16 DEBUG smtp session: encryption_keysize=128
2016-05-02 16:01:16 DEBUG LDAP connection initialied success.
2016-05-02 16:01:16 DEBUG LDAP bind success.
2016-05-02 16:01:16 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2016-05-02 16:01:16 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2016-05-02 16:01:16 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2016-05-02 16:01:16 DEBUG --> Apply plugin: throttle
2016-05-02 16:01:16 DEBUG Check sender throttling.
2016-05-02 16:01:16 DEBUG [SQL] Query throttle setting:
        SELECT id, account, priority, period, max_msgs, max_quota, msg_size
          FROM throttle
         WHERE kind='outbound' AND account IN ('172.16.21.2', '@ip', '@.', 'admin@test.com', '@test.com', '@.test.com', '@co.tz', '@.co.tz', '@tz', '@.tz', '172.16.*.2', '172.16.*.*', '*.*.*.2', '172.16.21.*', '*.*.21.2', '*.*.*.*', '*.16.21.2', '172.*.*.2', '172.*.*.*', '172.*.21.2')
         ORDER BY priority DESC
         
2016-05-02 16:01:16 DEBUG [SQL] Query result:
[]
2016-05-02 16:01:16 DEBUG No sender throttle setting.
2016-05-02 16:01:16 DEBUG Check recipient throttling.
2016-05-02 16:01:16 DEBUG [SQL] Query throttle setting:

        SELECT id, account, priority, period, max_msgs, max_quota, msg_size
          FROM throttle
         WHERE kind='inbound' AND account IN ('172.16.21.2', '@ip', '@.', 'dbtest@ym.co.tz', '@ym.co.tz', '@.ym.co.tz', '@co.tz', '@.co.tz', '@tz', '@.tz', '172.16.*.2', '172.16.*.*', '*.*.*.2', '172.16.21.*', '*.*.21.2', '*.*.*.*', '*.16.21.2', '172.*.*.2', '172.*.*.*', '172.*.21.2')
         ORDER BY priority DESC
         
2016-05-02 16:01:16 DEBUG [SQL] Query result:
[]
2016-05-02 16:01:16 DEBUG No recipient throttle setting.
2016-05-02 16:01:16 DEBUG <-- Result: DUNNO
2016-05-02 16:01:16 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2016-05-02 16:01:16 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2016-05-02 16:01:16 INFO [172.16.21.2] END-OF-MESSAGE, => admin@test.com -> dbtest@ym.co.tz, DUNNO
2016-05-02 16:01:16 DEBUG Session ended
2016-05-02 16:01:16 DEBUG Close LDAP connection.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: Blacklisting not Working

djbahati1 wrote:

2016-05-02 16:01:16 DEBUG --> Apply plugin: amavisd_wblist
2016-05-02 16:01:16 DEBUG Possible policy senders: ['@.', 'admin@test.com', '@test.com', '@.test.com', '@co.tz', '@.co.tz', '@tz', '@.tz']
2016-05-02 16:01:16 DEBUG Possible policy recipients: ['@.', 'dbtest@ym.co.tz', '@ym.co.tz', '@.ym.co.tz', '@co.tz', '@.co.tz', '@tz', '@.tz']
2016-05-02 16:01:16 DEBUG Apply wblist for outbound message.
2016-05-02 16:01:16 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('@.', 'admin@test.com', '@test.com', '@.test.com', '@co.tz', '@.co.tz', '@tz', '@.tz')
           ORDER BY priority DESC
2016-05-02 16:01:16 DEBUG Local addresses (in `users`): [(2L, 'admin@test.com'), (1L, '@.')]
2016-05-02 16:01:16 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('@.', 'dbtest@ym.co.tz', '@ym.co.tz', '@.ym.co.tz', '@co.tz', '@.co.tz', '@tz', '@.tz')
           ORDER BY priority DESC
2016-05-02 16:01:16 DEBUG No record found in SQL database.
2016-05-02 16:01:16 DEBUG No valid sender id or recipient id.
2016-05-02 16:01:16 DEBUG <-- Result: DUNNO

It says "No valid sender id or recipient id", no whitelisted recipient found for your local user 'admin@test.com'.