1 (edited by alexeilevinzon 2016-07-18 03:11:39)

Topic: blacklist skiped from outlook

==== Required information ====
- iRedMail version (check 0.9.5.1):
- Linux/BSD distribution name and version: CentOS 6.7
- Store mail accounts in which backend (LDAP):
- Web server (Apache):
- Manage mail accounts with iRedAdmin-Pro? NO
- Related log if you're reporting an issue:
====

Hello,

I dont have PRO version yes so I added wblist rules by hand...

I want to allow all mails betwen local accounts and outgoing mails to specific domain only.

I blacklisted @. globally in Inbound and Outbound by thoose commands:
python wblist_admin.py --add --blacklist @.
python wblist_admin.py --add --outbound --blacklist @

Then I Whitelisted the local domain to be able send emails betwen local users

python wblist_admin.py --add --whitelist @localdomain.com
python wblist_admin.py --add --whitelist --outbound @localdomain.com

and my sencond not local domain

python wblist_admin.py --add --whitelist @secondomain.com
python wblist_admin.py --add --whitelist --outbound @secondomain.com

It working well when receiving email I can receive only from local and second...
but when sending I'm still able to send to domains like gmail.com from outlook...
from roundcube I'm getting error... ((5.7.1 <test@gmail.com>: Recipient address rejected: Blacklisted) SMTP (554): "test@gmail.com" ).

but from outlook I'm not... thats the log from outlook

2016-07-17 21:56:00 INFO [127.0.0.1] RCPT, amin@localdomain.com -> test@gmail.com, OK wblist=(1, 1, 'W')
2016-07-17 21:56:00 INFO [127.0.0.1] END-OF-MESSAGE, admin@localdomain.com -> test@gmail.com, DUNNO

Whats wrong with my configuration?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: blacklist skiped from outlook

alexeilevinzon wrote:

python wblist_admin.py --add --outbound --blacklist @

Did you use '@' or '@.' (the dot)?

Please show us output of commands:

python wblist_admin.py --list --whitelist
python wblist_admin.py --list --blacklist

python wblist_admin.py --list --whitelist --account '@localdomain.com'
python wblist_admin.py --list --blacklist --account '@localdomain.com'

python wblist_admin.py --list --whitelist --account 'amin@localdomain.com'
python wblist_admin.py --list --blacklist --account 'amin@localdomain.com'

Also, please turn on debug mode in iRedAPD, then reproduce this issue again, extract related log from iRedAPD log file (/var/log/iredapd/iredapd.log) and paste here. FYI: http://www.iredmail.org/docs/debug.iredapd.html

3 (edited by alexeilevinzon 2016-07-19 22:17:15)

Re: blacklist skiped from outlook

hello,

I used @.

Anyway I checked that issue with my friend who got pro version.

http://i68.tinypic.com/14tooxh.png

here we sended two email, tosame address.
The first is from Outlook and it was sended dispite the wblist.
the second is from EM client, that was not success....

2016-07-19 17:07:24 DEBUG Connect from 127.0.0.1, port 58104.
2016-07-19 17:07:24 DEBUG smtp session: request=smtpd_access_policy
2016-07-19 17:07:24 DEBUG smtp session: protocol_state=RCPT
2016-07-19 17:07:24 DEBUG smtp session: protocol_name=ESMTP
2016-07-19 17:07:24 DEBUG smtp session: client_address=127.0.0.1
2016-07-19 17:07:24 DEBUG smtp session: client_name=mail.barcol.pw
2016-07-19 17:07:24 DEBUG smtp session: reverse_client_name=mail.barcol.pw
2016-07-19 17:07:24 DEBUG smtp session: helo_name=mail.barcol.pw
2016-07-19 17:07:24 DEBUG smtp session: sender=alexei@barcol.pw
2016-07-19 17:07:24 DEBUG smtp session: recipient=alexeilevinzon@gmail.com
2016-07-19 17:07:24 DEBUG smtp session: recipient_count=0
2016-07-19 17:07:24 DEBUG smtp session: queue_id=
2016-07-19 17:07:24 DEBUG smtp session: instance=4523.578e341c.7308d.0
2016-07-19 17:07:24 DEBUG smtp session: size=0
2016-07-19 17:07:24 DEBUG smtp session: etrn_domain=
2016-07-19 17:07:24 DEBUG smtp session: stress=
2016-07-19 17:07:24 DEBUG smtp session: sasl_method=
2016-07-19 17:07:24 DEBUG smtp session: sasl_username=
2016-07-19 17:07:24 DEBUG smtp session: sasl_sender=
2016-07-19 17:07:24 DEBUG smtp session: ccert_subject=
2016-07-19 17:07:24 DEBUG smtp session: ccert_issuer=
2016-07-19 17:07:24 DEBUG smtp session: ccert_fingerprint=
2016-07-19 17:07:24 DEBUG smtp session: encryption_protocol=
2016-07-19 17:07:24 DEBUG smtp session: encryption_cipher=
2016-07-19 17:07:24 DEBUG smtp session: encryption_keysize=0
2016-07-19 17:07:24 DEBUG --> Apply plugin: reject_null_sender
2016-07-19 17:07:24 DEBUG Local sender.
2016-07-19 17:07:24 DEBUG <-- Result: DUNNO
2016-07-19 17:07:24 DEBUG --> Apply plugin: reject_sender_login_mismatch
2016-07-19 17:07:24 DEBUG Not an authenticated sender (no sasl_username).
2016-07-19 17:07:24 DEBUG Local sender.
2016-07-19 17:07:24 DEBUG <-- Result: DUNNO
2016-07-19 17:07:24 DEBUG --> Apply plugin: greylisting
2016-07-19 17:07:24 DEBUG Local sender.
2016-07-19 17:07:24 DEBUG <-- Result: DUNNO
2016-07-19 17:07:24 DEBUG --> Apply plugin: throttle
2016-07-19 17:07:24 DEBUG Bypass sender throttling (No sasl_username).
2016-07-19 17:07:24 DEBUG Check recipient throttling.
2016-07-19 17:07:24 DEBUG [SQL] Query throttle setting:

        SELECT id, account, priority, period, max_msgs, max_quota, msg_size
          FROM throttle
         WHERE kind='inbound' AND account IN ('127.0.0.1', '@ip', '@.', 'alexeilevinzon@gmail.com', '@gmail.com', '@.gmail.com', '@com', '@.com', '127.*.0.1', '127.*.*.*', '*.*.*.1', '127.0.0.*', '*.*.0.1', '*.0.0.1', '127.0.*.1', '*.*.*.*', '127.*.*.1', '127.0.*.*')
         ORDER BY priority DESC
         
2016-07-19 17:07:24 DEBUG [SQL] Query result:
[]
2016-07-19 17:07:24 DEBUG No recipient throttle setting.
2016-07-19 17:07:24 DEBUG <-- Result: DUNNO
2016-07-19 17:07:24 DEBUG --> Apply plugin: sql_alias_access_policy
2016-07-19 17:07:24 DEBUG [SQL] query access policy:
SELECT accesspolicy, goto, moderators
               FROM alias
              WHERE
                    address='alexeilevinzon@gmail.com'
                    AND islist=1
                    AND active=1
              LIMIT 1
   
2016-07-19 17:07:24 DEBUG SQL query result: None
2016-07-19 17:07:24 DEBUG [SQL] Check whether recipient domain is an alias domain:
SELECT target_domain
                   FROM alias_domain
                  WHERE alias_domain = 'gmail.com'
                  LIMIT 1
                 
2016-07-19 17:07:24 DEBUG [SQL] query result: None
2016-07-19 17:07:24 DEBUG Recipient domain is not an alias domain.
2016-07-19 17:07:24 DEBUG <-- Result: DUNNO (Not a mail alias account)
2016-07-19 17:07:24 DEBUG --> Apply plugin: amavisd_wblist
2016-07-19 17:07:24 DEBUG Possible policy senders: ['@.', 'alexei@barcol.pw', '@barcol.pw', '@.barcol.pw', '@pw', '@.pw', 'alexei@*', '127.0.0.1', '127.*.0.1', '127.*.*.*', '*.*.*.1', '127.0.0.*', '*.*.0.1', '*.0.0.1', '127.0.*.1', '*.*.*.*', '127.*.*.1', '127.0.*.*']
2016-07-19 17:07:24 DEBUG Possible policy recipients: ['@.', 'alexeilevinzon@gmail.com', '@gmail.com', '@.gmail.com', '@com', '@.com']
2016-07-19 17:07:24 DEBUG Apply wblist for inbound message.
2016-07-19 17:07:24 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('@.', 'alexeilevinzon@gmail.com', '@gmail.com', '@.gmail.com', '@com', '@.com')
           ORDER BY priority DESC
2016-07-19 17:07:24 DEBUG No record found in SQL database.
2016-07-19 17:07:24 DEBUG No valid sender id or recipient id.
2016-07-19 17:07:24 DEBUG <-- Result: DUNNO
2016-07-19 17:07:24 DEBUG Session ended
2016-07-19 17:07:24 INFO [127.0.0.1] RCPT, alexei@barcol.pw -> alexeilevinzon@gmail.com, DUNNO
2016-07-19 17:07:24 DEBUG smtp session: request=smtpd_access_policy
2016-07-19 17:07:24 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2016-07-19 17:07:24 DEBUG smtp session: protocol_name=ESMTP
2016-07-19 17:07:24 DEBUG smtp session: client_address=127.0.0.1
2016-07-19 17:07:24 DEBUG smtp session: client_name=mail.barcol.pw
2016-07-19 17:07:24 DEBUG smtp session: reverse_client_name=mail.barcol.pw
2016-07-19 17:07:24 DEBUG smtp session: helo_name=mail.barcol.pw
2016-07-19 17:07:24 DEBUG smtp session: sender=alexei@barcol.pw
2016-07-19 17:07:24 DEBUG smtp session: recipient=alexeilevinzon@gmail.com
2016-07-19 17:07:24 DEBUG smtp session: recipient_count=1
2016-07-19 17:07:24 DEBUG smtp session: queue_id=93FF71A01AF
2016-07-19 17:07:24 DEBUG smtp session: instance=4523.578e341c.7308d.0
2016-07-19 17:07:24 DEBUG smtp session: size=2607
2016-07-19 17:07:24 DEBUG smtp session: etrn_domain=
2016-07-19 17:07:24 DEBUG smtp session: stress=
2016-07-19 17:07:24 DEBUG smtp session: sasl_method=
2016-07-19 17:07:24 DEBUG smtp session: sasl_username=
2016-07-19 17:07:24 DEBUG smtp session: sasl_sender=
2016-07-19 17:07:24 DEBUG smtp session: ccert_subject=
2016-07-19 17:07:24 DEBUG smtp session: ccert_issuer=
2016-07-19 17:07:24 DEBUG smtp session: ccert_fingerprint=
2016-07-19 17:07:24 DEBUG smtp session: encryption_protocol=
2016-07-19 17:07:24 DEBUG smtp session: encryption_cipher=
2016-07-19 17:07:24 DEBUG smtp session: encryption_keysize=0
2016-07-19 17:07:24 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2016-07-19 17:07:24 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2016-07-19 17:07:24 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2016-07-19 17:07:24 DEBUG --> Apply plugin: throttle
2016-07-19 17:07:24 DEBUG Bypass sender throttling (No sasl_username).
2016-07-19 17:07:24 DEBUG Check recipient throttling.
2016-07-19 17:07:24 DEBUG [SQL] Query throttle setting:

        SELECT id, account, priority, period, max_msgs, max_quota, msg_size
          FROM throttle
         WHERE kind='inbound' AND account IN ('127.0.0.1', '@ip', '@.', 'alexeilevinzon@gmail.com', '@gmail.com', '@.gmail.com', '@com', '@.com', '127.*.0.1', '127.*.*.*', '*.*.*.1', '127.0.0.*', '*.*.0.1', '*.0.0.1', '127.0.*.1', '*.*.*.*', '127.*.*.1', '127.0.*.*')
         ORDER BY priority DESC
         
2016-07-19 17:07:24 DEBUG [SQL] Query result:
[]
2016-07-19 17:07:24 DEBUG No recipient throttle setting.
2016-07-19 17:07:24 DEBUG <-- Result: DUNNO
2016-07-19 17:07:24 DEBUG Skip plugin: sql_alias_access_policy (protocol_state != END-OF-MESSAGE)
2016-07-19 17:07:24 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2016-07-19 17:07:24 DEBUG Session ended
2016-07-19 17:07:24 INFO [127.0.0.1] END-OF-MESSAGE, alexei@barcol.pw -> alexeilevinzon@gmail.com, DUNNO
2016-07-19 17:07:43 DEBUG smtp session: request=smtpd_access_policy
2016-07-19 17:07:43 DEBUG smtp session: protocol_state=RCPT
2016-07-19 17:07:43 DEBUG smtp session: protocol_name=ESMTP
2016-07-19 17:07:43 DEBUG smtp session: client_address=84.111.100.20
2016-07-19 17:07:43 DEBUG smtp session: client_name=bzq-84-111-100-20.red.bezeqint.net
2016-07-19 17:07:43 DEBUG smtp session: reverse_client_name=bzq-84-111-100-20.red.bezeqint.net
2016-07-19 17:07:43 DEBUG smtp session: helo_name=[10.0.0.10]
2016-07-19 17:07:43 DEBUG smtp session: sender=alexei@barcol.pw
2016-07-19 17:07:43 DEBUG smtp session: recipient=alexeilevinzon@gmail.com
2016-07-19 17:07:43 DEBUG smtp session: recipient_count=0
2016-07-19 17:07:43 DEBUG smtp session: queue_id=
2016-07-19 17:07:43 DEBUG smtp session: instance=4516.578e342e.ee84b.0
2016-07-19 17:07:43 DEBUG smtp session: size=1476
2016-07-19 17:07:43 DEBUG smtp session: etrn_domain=
2016-07-19 17:07:43 DEBUG smtp session: stress=
2016-07-19 17:07:43 DEBUG smtp session: sasl_method=PLAIN
2016-07-19 17:07:43 DEBUG smtp session: sasl_username=alexei@barcol.pw
2016-07-19 17:07:43 DEBUG smtp session: sasl_sender=
2016-07-19 17:07:43 DEBUG smtp session: ccert_subject=
2016-07-19 17:07:43 DEBUG smtp session: ccert_issuer=
2016-07-19 17:07:43 DEBUG smtp session: ccert_fingerprint=
2016-07-19 17:07:43 DEBUG smtp session: encryption_protocol=TLSv1.2
2016-07-19 17:07:43 DEBUG smtp session: encryption_cipher=DHE-RSA-AES256-GCM-SHA384
2016-07-19 17:07:43 DEBUG smtp session: encryption_keysize=256
2016-07-19 17:07:43 DEBUG --> Apply plugin: reject_null_sender
2016-07-19 17:07:43 DEBUG <-- Result: DUNNO
2016-07-19 17:07:43 DEBUG --> Apply plugin: reject_sender_login_mismatch
2016-07-19 17:07:43 DEBUG Sender: alexei@barcol.pw, SASL username: alexei@barcol.pw
2016-07-19 17:07:43 DEBUG SKIP: sender == sasl username.
2016-07-19 17:07:43 DEBUG <-- Result: DUNNO
2016-07-19 17:07:43 DEBUG --> Apply plugin: greylisting
2016-07-19 17:07:43 DEBUG Found SASL username, bypass greylisting for outbound email.
2016-07-19 17:07:43 DEBUG <-- Result: DUNNO
2016-07-19 17:07:43 DEBUG --> Apply plugin: throttle
2016-07-19 17:07:43 DEBUG Check sender throttling.
2016-07-19 17:07:43 DEBUG [SQL] Query throttle setting:

        SELECT id, account, priority, period, max_msgs, max_quota, msg_size
          FROM throttle
         WHERE kind='outbound' AND account IN ('84.111.100.20', '@ip', '@.', 'alexei@barcol.pw', '@barcol.pw', '@.barcol.pw', '@pw', '@.pw', '84.111.*.20', '*.111.100.20', '*.*.*.*', '84.111.100.*', '84.*.100.20', '84.111.*.*', '84.*.*.*', '84.*.*.20', '*.*.*.20', '*.*.100.20')
         ORDER BY priority DESC
         
2016-07-19 17:07:43 DEBUG [SQL] Query result:
[]
2016-07-19 17:07:43 DEBUG No sender throttle setting.
2016-07-19 17:07:43 DEBUG Bypass recipient throttling (found sasl_username).
2016-07-19 17:07:43 DEBUG <-- Result: DUNNO
2016-07-19 17:07:43 DEBUG --> Apply plugin: sql_alias_access_policy
2016-07-19 17:07:43 DEBUG [SQL] query access policy:
SELECT accesspolicy, goto, moderators
               FROM alias
              WHERE
                    address='alexeilevinzon@gmail.com'
                    AND islist=1
                    AND active=1
              LIMIT 1
   
2016-07-19 17:07:43 DEBUG SQL query result: None
2016-07-19 17:07:43 DEBUG [SQL] Check whether recipient domain is an alias domain:
SELECT target_domain
                   FROM alias_domain
                  WHERE alias_domain = 'gmail.com'
                  LIMIT 1
                 
2016-07-19 17:07:43 DEBUG [SQL] query result: None
2016-07-19 17:07:43 DEBUG Recipient domain is not an alias domain.
2016-07-19 17:07:43 DEBUG <-- Result: DUNNO (Not a mail alias account)
2016-07-19 17:07:43 DEBUG --> Apply plugin: amavisd_wblist
2016-07-19 17:07:43 DEBUG Possible policy senders: ['@.', 'alexei@barcol.pw', '@barcol.pw', '@.barcol.pw', '@pw', '@.pw']
2016-07-19 17:07:43 DEBUG Possible policy recipients: ['@.', 'alexeilevinzon@gmail.com', '@gmail.com', '@.gmail.com', '@com', '@.com']
2016-07-19 17:07:43 DEBUG Apply wblist for outbound message.
2016-07-19 17:07:43 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('@.', 'alexei@barcol.pw', '@barcol.pw', '@.barcol.pw', '@pw', '@.pw')
           ORDER BY priority DESC
2016-07-19 17:07:43 DEBUG Local addresses (in `users`): [(1L, '@barcol.pw')]
2016-07-19 17:07:43 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('@.', 'alexeilevinzon@gmail.com', '@gmail.com', '@.gmail.com', '@com', '@.com')
           ORDER BY priority DESC
2016-07-19 17:07:43 DEBUG Addresses (in `mailaddr`): [(2L, '@.')]
2016-07-19 17:07:43 DEBUG [SQL] Query outbound wblist:
SELECT rid, sid, wb
               FROM outbound_wblist
              WHERE sid IN (1) AND rid IN (2)
2016-07-19 17:07:43 DEBUG Found outbound wblist: [(2L, 1L, 'B')]
2016-07-19 17:07:43 INFO Blacklisted: outbound_wblist=(2, 1, 'B')
2016-07-19 17:07:43 DEBUG <-- Result: REJECT Blacklisted
2016-07-19 17:07:43 DEBUG Session ended
2016-07-19 17:07:43 INFO [84.111.100.20] RCPT, alexei@barcol.pw => alexeilevinzon@gmail.com, REJECT Blacklisted

4

Re: blacklist skiped from outlook

alexeilevinzon wrote:

2016-07-19 17:07:24 DEBUG smtp session: client_name=mail.barcol.pw
2016-07-19 17:07:24 DEBUG smtp session: reverse_client_name=mail.barcol.pw
2016-07-19 17:07:24 DEBUG smtp session: helo_name=mail.barcol.pw
2016-07-19 17:07:24 DEBUG smtp session: sender=alexei@barcol.pw
2016-07-19 17:07:24 DEBUG smtp session: recipient=alexeilevinzon@gmail.com
...
2016-07-19 17:07:24 DEBUG smtp session: sasl_method=
2016-07-19 17:07:24 DEBUG smtp session: sasl_username=
2016-07-19 17:07:24 DEBUG smtp session: sasl_sender=

*) Why email sent from Outlook doesn't have a smtp authentication username (sasl_username=)? Do you have SMTP AUTH enabled in Outlook?
*) Please show us output of command "postconf -n".

5 (edited by alexeilevinzon 2016-07-19 23:09:08)

Re: blacklist skiped from outlook

Hello,

I configured outlook as Exchange/ActiveSync by your GUIDE: http://www.iredmail.org/docs/activesync.outlook.html

I dont see any place to change that option.


[root@mail ~]# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_vrfy_command = yes
enable_original_recipient = no
header_checks = pcre:/etc/postfix/header_checks
inet_interfaces = all
inet_protocols = all
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
message_size_limit = 15728640
mydestination = $myhostname, localhost, localhost.localdomain
mydomain = mail.barcol.pw
myhostname = mail.barcol.pw
mynetworks = 127.0.0.1
myorigin = mail.barcol.pw
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
queue_directory = /var/spool/postfix
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf    proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination    proxy:mysql:/etc/postfix/mysql/relay_domains.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf    proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks    permit_sasl_authenticated    reject_non_fqdn_helo_hostname    reject_invalid_helo_hostname    check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_recipient_domain    reject_non_fqdn_recipient    reject_unlisted_recipient    check_policy_service inet:127.0.0.1:7777    permit_mynetworks    permit_sasl_authenticated    reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = reject_unknown_sender_domain    reject_non_fqdn_sender    reject_unlisted_sender    permit_mynetworks    permit_sasl_authenticated    check_sender_access pcre:/etc/postfix/sender_access.pcre
smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail.crt
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail.crt
smtpd_tls_dh1024_param_file = /etc/pki/tls/dh2048_param.pem
smtpd_tls_dh512_param_file = /etc/pki/tls/dh512_param.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_security_level = may
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf    proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf    proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf    proxy:mysql:/etc/postfix/mysql/catchall_maps.cf    proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /users/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000

Just for the record, it's a clean installation on a clean server, nothing has been changed...

6

Re: blacklist skiped from outlook

Confirmed it's a bug of iRedAPD and fixed in latest iRedAPD development edition. Here's patch for iRedAPD-1.9.1:
http://pastebin.com/ycztsnYT

The root cause: SOGo doesn't perform SMTP AUTH against SMTP server to send email, so it doesn't contains 'sasl_username='. So iRedAPD must detect whether or not the email was sent by a local user.

BTW, Ridiculous thing is, SOGo doesn't support SMTP AUTH (a 7-year old feature request):
https://sogo.nu/bugs/view.php?id=31

7 (edited by alexeilevinzon 2016-07-20 14:11:09)

Re: blacklist skiped from outlook

thanks for the quick solution ZhangHuangbin smile
you are great!

I got error while applying the patch


(Stripping trailing CRs from patch.)
patching file libs/ldaplib/conn_utils.py
(Stripping trailing CRs from patch.)
patching file libs/sql/__init__.py
(Stripping trailing CRs from patch.)
patching file plugins/amavisd_wblist.py
(Stripping trailing CRs from patch.)
patching file libs/utils.py
patch unexpectedly ends in middle of line
patch: **** malformed patch at line 155:

8

Re: blacklist skiped from outlook

Are you running iRedAPD-1.9.1? Please show me output of command:

ls -l /opt

9

Re: blacklist skiped from outlook

Yep thats correct....
ls -l /opt
total 4
lrwxrwxrwx 1 root root   18 Jul 18 11:59 iredapd -> /opt/iRedAPD-1.9.1
dr-x------ 8 root root 4096 Jul 20 09:04 iRedAPD-1.9.1

10

Re: blacklist skiped from outlook

Re-generated one, please try again:
http://pastebin.com/raw/EzvcFDbH

Works fine with original iRedAPD-1.9.1:

# patch -p1 < ~/1.patch 
patching file libs/ldaplib/conn_utils.py
patching file libs/sql/__init__.py
patching file libs/utils.py
patching file plugins/amavisd_wblist.py

11 (edited by alexeilevinzon 2016-07-21 14:44:57)

Re: blacklist skiped from outlook

hello,

I removed iredapd completly, downloaded clean version and updated the setting.
the when I try to apply the patch, I get:

[root@mail opt]# cd iredapd
[root@mail iredapd]# patch -p1 < ~/outlook.patch
patching file libs/ldaplib/conn_utils.py
patching file libs/sql/__init__.py
patching file libs/utils.py
patching file plugins/amavisd_wblist.py
patch unexpectedly ends in middle of line
Hunk #4 succeeded at 229 with fuzz 1.

anyway I'm still able to send from outlook

2016-07-21 09:42:47 DEBUG Connect from 127.0.0.1, port 43752.
2016-07-21 09:42:47 DEBUG smtp session: request=smtpd_access_policy
2016-07-21 09:42:47 DEBUG smtp session: protocol_state=RCPT
2016-07-21 09:42:47 DEBUG smtp session: protocol_name=ESMTP
2016-07-21 09:42:47 DEBUG smtp session: client_address=127.0.0.1
2016-07-21 09:42:47 DEBUG smtp session: client_name=mail.barcol.pw
2016-07-21 09:42:47 DEBUG smtp session: reverse_client_name=mail.barcol.pw
2016-07-21 09:42:47 DEBUG smtp session: helo_name=mail.barcol.pw
2016-07-21 09:42:47 DEBUG smtp session: sender=10@barcol.pw
2016-07-21 09:42:47 DEBUG smtp session: recipient=alexeilevinzon@gmail.com
2016-07-21 09:42:47 DEBUG smtp session: recipient_count=0
2016-07-21 09:42:47 DEBUG smtp session: queue_id=
2016-07-21 09:42:47 DEBUG smtp session: instance=77c3.57906ee7.c68a8.0
2016-07-21 09:42:47 DEBUG smtp session: size=0
2016-07-21 09:42:47 DEBUG smtp session: etrn_domain=
2016-07-21 09:42:47 DEBUG smtp session: stress=
2016-07-21 09:42:47 DEBUG smtp session: sasl_method=
2016-07-21 09:42:47 DEBUG smtp session: sasl_username=
2016-07-21 09:42:47 DEBUG smtp session: sasl_sender=
2016-07-21 09:42:47 DEBUG smtp session: ccert_subject=
2016-07-21 09:42:47 DEBUG smtp session: ccert_issuer=
2016-07-21 09:42:47 DEBUG smtp session: ccert_fingerprint=
2016-07-21 09:42:47 DEBUG smtp session: encryption_protocol=
2016-07-21 09:42:47 DEBUG smtp session: encryption_cipher=
2016-07-21 09:42:47 DEBUG smtp session: encryption_keysize=0
2016-07-21 09:42:47 DEBUG --> Apply plugin: reject_null_sender
2016-07-21 09:42:47 DEBUG Local sender.
2016-07-21 09:42:47 DEBUG <-- Result: DUNNO
2016-07-21 09:42:47 DEBUG --> Apply plugin: amavisd_wblist
2016-07-21 09:42:47 DEBUG Possible policy senders: ['@.', '10@barcol.pw', '@barcol.pw', '@.barcol.pw', '@pw', '@.pw', '10@*', '127.0.0.1', '127.*.0.1', '127.*.*.*', '*.*.*.1', '127.0.0.*', '*.*.0.1', '*.0.0.1', '127.0.*.1', '*.*.*.*', '127.*.*.1', '127.0.*.*']
2016-07-21 09:42:47 DEBUG Possible policy recipients: ['@.', 'alexeilevinzon@gmail.com', '@gmail.com', '@.gmail.com', '@com', '@.com']
2016-07-21 09:42:47 DEBUG [SQL] query alias domains:
SELECT alias_domain
                   FROM alias_domain
                  WHERE alias_domain='barcol.pw' OR target_domain='barcol.pw'
                  LIMIT 1
2016-07-21 09:42:47 DEBUG SQL query result: None
2016-07-21 09:42:47 DEBUG Apply wblist for inbound message.
2016-07-21 09:42:47 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('@.', 'alexeilevinzon@gmail.com', '@gmail.com', '@.gmail.com', '@com', '@.com')
           ORDER BY priority DESC
2016-07-21 09:42:47 DEBUG No record found in SQL database.
2016-07-21 09:42:47 DEBUG No valid sender id or recipient id.
2016-07-21 09:42:47 DEBUG <-- Result: DUNNO
2016-07-21 09:42:47 DEBUG Session ended
2016-07-21 09:42:47 INFO [127.0.0.1] RCPT, 10@barcol.pw -> alexeilevinzon@gmail.com, DUNNO
2016-07-21 09:42:47 DEBUG smtp session: request=smtpd_access_policy
2016-07-21 09:42:47 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2016-07-21 09:42:47 DEBUG smtp session: protocol_name=ESMTP
2016-07-21 09:42:47 DEBUG smtp session: client_address=127.0.0.1
2016-07-21 09:42:47 DEBUG smtp session: client_name=mail.barcol.pw
2016-07-21 09:42:48 DEBUG smtp session: reverse_client_name=mail.barcol.pw
2016-07-21 09:42:48 DEBUG smtp session: helo_name=mail.barcol.pw
2016-07-21 09:42:48 DEBUG smtp session: sender=10@barcol.pw
2016-07-21 09:42:48 DEBUG smtp session: recipient=alexeilevinzon@gmail.com
2016-07-21 09:42:48 DEBUG smtp session: recipient_count=1
2016-07-21 09:42:48 DEBUG smtp session: queue_id=EA7A91A04E1
2016-07-21 09:42:48 DEBUG smtp session: instance=77c3.57906ee7.c68a8.0
2016-07-21 09:42:48 DEBUG smtp session: size=2682
2016-07-21 09:42:48 DEBUG smtp session: etrn_domain=
2016-07-21 09:42:48 DEBUG smtp session: stress=
2016-07-21 09:42:48 DEBUG smtp session: sasl_method=
2016-07-21 09:42:48 DEBUG smtp session: sasl_username=
2016-07-21 09:42:48 DEBUG smtp session: sasl_sender=
2016-07-21 09:42:48 DEBUG smtp session: ccert_subject=
2016-07-21 09:42:48 DEBUG smtp session: ccert_issuer=
2016-07-21 09:42:48 DEBUG smtp session: ccert_fingerprint=
2016-07-21 09:42:48 DEBUG smtp session: encryption_protocol=
2016-07-21 09:42:48 DEBUG smtp session: encryption_cipher=
2016-07-21 09:42:48 DEBUG smtp session: encryption_keysize=0
2016-07-21 09:42:48 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2016-07-21 09:42:48 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2016-07-21 09:42:48 DEBUG Session ended
2016-07-21 09:42:48 INFO [127.0.0.1] END-OF-MESSAGE, 10@barcol.pw -> alexeilevinzon@gmail.com, DUNNO

12

Re: blacklist skiped from outlook

Seems the patch pasted to pastebin.com was slightly modified after uploaded. Please try the patch attached in this post.

Post's attachments

is_local_domain.patch 5.02 kb, 1 downloads since 2016-07-21 

You don't have the permssions to download the attachments of this post.

13

Re: blacklist skiped from outlook

thanks ZhangHuangbin smile

now I applied the patch with success And restarted the iredapd.
but it's seems that there is no change...

I'm still able to send to gmail...

2016-07-22 11:36:37 DEBUG Connect from 127.0.0.1, port 51850.
2016-07-22 11:36:37 DEBUG smtp session: request=smtpd_access_policy
2016-07-22 11:36:37 DEBUG smtp session: protocol_state=RCPT
2016-07-22 11:36:37 DEBUG smtp session: protocol_name=ESMTP
2016-07-22 11:36:37 DEBUG smtp session: client_address=127.0.0.1
2016-07-22 11:36:37 DEBUG smtp session: client_name=mail.barcol.pw
2016-07-22 11:36:37 DEBUG smtp session: reverse_client_name=mail.barcol.pw
2016-07-22 11:36:37 DEBUG smtp session: helo_name=mail.barcol.pw
2016-07-22 11:36:37 DEBUG smtp session: sender=10@barcol.pw
2016-07-22 11:36:37 DEBUG smtp session: recipient=alexeilevinzon@gmail.com
2016-07-22 11:36:37 DEBUG smtp session: recipient_count=0
2016-07-22 11:36:37 DEBUG smtp session: queue_id=
2016-07-22 11:36:37 DEBUG smtp session: instance=4760.5791db15.5d856.0
2016-07-22 11:36:37 DEBUG smtp session: size=0
2016-07-22 11:36:37 DEBUG smtp session: etrn_domain=
2016-07-22 11:36:37 DEBUG smtp session: stress=
2016-07-22 11:36:37 DEBUG smtp session: sasl_method=
2016-07-22 11:36:37 DEBUG smtp session: sasl_username=
2016-07-22 11:36:37 DEBUG smtp session: sasl_sender=
2016-07-22 11:36:37 DEBUG smtp session: ccert_subject=
2016-07-22 11:36:37 DEBUG smtp session: ccert_issuer=
2016-07-22 11:36:37 DEBUG smtp session: ccert_fingerprint=
2016-07-22 11:36:37 DEBUG smtp session: encryption_protocol=
2016-07-22 11:36:37 DEBUG smtp session: encryption_cipher=
2016-07-22 11:36:37 DEBUG smtp session: encryption_keysize=0
2016-07-22 11:36:37 DEBUG --> Apply plugin: reject_null_sender
2016-07-22 11:36:37 DEBUG Local sender.
2016-07-22 11:36:37 DEBUG <-- Result: DUNNO
2016-07-22 11:36:37 DEBUG --> Apply plugin: amavisd_wblist
2016-07-22 11:36:37 DEBUG Possible policy senders: ['@.', '10@barcol.pw', '@barcol.pw', '@.barcol.pw', '@pw', '@.pw', '10@*', '127.0.0.1', '127.*.0.1', '127.*.*.*', '*.*.*.1', '127.0.0.*', '*.*.0.1', '*.0.0.1', '127.0.*.1', '*.*.*.*', '127.*.*.1', '127.0.*.*']
2016-07-22 11:36:37 DEBUG Possible policy recipients: ['@.', 'alexeilevinzon@gmail.com', '@gmail.com', '@.gmail.com', '@com', '@.com']
2016-07-22 11:36:37 DEBUG [SQL] query alias domains:
SELECT alias_domain
                   FROM alias_domain
                  WHERE alias_domain='barcol.pw' OR target_domain='barcol.pw'
                  LIMIT 1
2016-07-22 11:36:37 DEBUG SQL query result: None
2016-07-22 11:36:37 DEBUG Apply wblist for inbound message.
2016-07-22 11:36:37 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('@.', 'alexeilevinzon@gmail.com', '@gmail.com', '@.gmail.com', '@com', '@.com')
           ORDER BY priority DESC
2016-07-22 11:36:37 DEBUG No record found in SQL database.
2016-07-22 11:36:37 DEBUG No valid sender id or recipient id.
2016-07-22 11:36:37 DEBUG <-- Result: DUNNO
2016-07-22 11:36:37 DEBUG Session ended
2016-07-22 11:36:37 INFO [127.0.0.1] RCPT, 10@barcol.pw -> alexeilevinzon@gmail.com, DUNNO
2016-07-22 11:36:37 DEBUG smtp session: request=smtpd_access_policy
2016-07-22 11:36:37 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2016-07-22 11:36:37 DEBUG smtp session: protocol_name=ESMTP
2016-07-22 11:36:37 DEBUG smtp session: client_address=127.0.0.1
2016-07-22 11:36:37 DEBUG smtp session: client_name=mail.barcol.pw
2016-07-22 11:36:37 DEBUG smtp session: reverse_client_name=mail.barcol.pw
2016-07-22 11:36:37 DEBUG smtp session: helo_name=mail.barcol.pw
2016-07-22 11:36:37 DEBUG smtp session: sender=10@barcol.pw
2016-07-22 11:36:37 DEBUG smtp session: recipient=alexeilevinzon@gmail.com
2016-07-22 11:36:37 DEBUG smtp session: recipient_count=1
2016-07-22 11:36:37 DEBUG smtp session: queue_id=7CA2A1A09B5
2016-07-22 11:36:37 DEBUG smtp session: instance=4760.5791db15.5d856.0
2016-07-22 11:36:37 DEBUG smtp session: size=2696
2016-07-22 11:36:37 DEBUG smtp session: etrn_domain=
2016-07-22 11:36:37 DEBUG smtp session: stress=
2016-07-22 11:36:37 DEBUG smtp session: sasl_method=
2016-07-22 11:36:37 DEBUG smtp session: sasl_username=
2016-07-22 11:36:37 DEBUG smtp session: sasl_sender=
2016-07-22 11:36:37 DEBUG smtp session: ccert_subject=
2016-07-22 11:36:37 DEBUG smtp session: ccert_issuer=
2016-07-22 11:36:37 DEBUG smtp session: ccert_fingerprint=
2016-07-22 11:36:37 DEBUG smtp session: encryption_protocol=
2016-07-22 11:36:37 DEBUG smtp session: encryption_cipher=
2016-07-22 11:36:37 DEBUG smtp session: encryption_keysize=0
2016-07-22 11:36:37 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2016-07-22 11:36:37 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2016-07-22 11:36:37 DEBUG Session ended
2016-07-22 11:36:37 INFO [127.0.0.1] END-OF-MESSAGE, 10@barcol.pw -> alexeilevinzon@gmail.com, DUNNO

14

Re: blacklist skiped from outlook

alexeilevinzon wrote:

2016-07-22 11:36:37 DEBUG --> Apply plugin: amavisd_wblist
2016-07-22 11:36:37 DEBUG Possible policy senders: ['@.', '10@barcol.pw', '@barcol.pw', '@.barcol.pw', '@pw', '@.pw', '10@*', '127.0.0.1', '127.*.0.1', '127.*.*.*', '*.*.*.1', '127.0.0.*', '*.*.0.1', '*.0.0.1', '127.0.*.1', '*.*.*.*', '127.*.*.1', '127.0.*.*']
2016-07-22 11:36:37 DEBUG Possible policy recipients: ['@.', 'alexeilevinzon@gmail.com', '@gmail.com', '@.gmail.com', '@com', '@.com']

According to this log lines, seems you didn't successfully apply the patch. The "policy senders" and "policy recipients" should be switched.

Could you please show me full file of /opt/iredapd/plugins/amavisd_wblist.py? You can post to pastebin.com.

15

Re: blacklist skiped from outlook

http://pastebin.com/L7dsG9FG

16

Re: blacklist skiped from outlook

Seems patched, any error while restarting iredapd service?

17 (edited by alexeilevinzon 2016-07-22 17:57:46)

Re: blacklist skiped from outlook

[root@mail ~]# /etc/init.d/iredapd restart
Stopping iredapd ...
Starting iredapd ...
[root@mail ~]#

2016-07-22 12:56:40 INFO Starting iRedAPD (version: 1.9.0, backend: mysql), listening on 127.0.0.1:7777.
2016-07-22 12:56:40 INFO Log rotate type: time, interval: W6, backup copies: 12.
2016-07-22 12:56:40 INFO Loading plugin: reject_null_sender
2016-07-22 12:56:40 INFO Loading plugin: amavisd_wblist

18

Re: blacklist skiped from outlook

Is it possible to let me login to your server (vis ssh) for further debug?

19

Re: blacklist skiped from outlook

yeap, how can i give you the details?

20

Re: blacklist skiped from outlook

Please contact me via email: zhb _at_ iredmail.org

21

Re: blacklist skiped from outlook

done

22

Re: blacklist skiped from outlook

Fixed. it turns out it's a bug of my patch, it doesn't query real mail domain for SQL backends.

23

Re: blacklist skiped from outlook

thanks Zhang Huangbin

it's works now smile
I really appreciate it!

you are great, bought you a coffee tongue