1

Topic: White list not working

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version:  Deb 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====

I've put ip mailout02.domain2.com[111.111.111.111] to the whitelist but still rejected. What I'm I doing wrong?

Server mailout02.domain2.com is sending email as user1@domain.com to user1@domain.com at iRedMailSrv.

Aug 18 22:31:45 iRedMailSrv postfix/smtpd[32245]: NOQUEUE: reject: RCPT from mailout02.domain2.com[111.111.111.111]: 554 5.7.1 <user1@domain.com>: Recipient address rejected: Policy rejection not logged in; from=<user1@domain.com> to=<user1@domain.com> proto=SMTP helo=<mailout02.domain2.com>

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: White list not working

tyllee wrote:

Server mailout02.domain2.com is sending email as user1@domain.com to user1@domain.com at iRedMailSrv.

... Recipient address rejected: Policy rejection not logged in ...

The easiest way and BEST way to solve this is enabling SMTP AUTH to send email. No whitelist required.

3

Re: White list not working

The easiest way and BEST way to solve this is enabling SMTP AUTH to send email. No whitelist required.


I solved it this way. Is this a bad solution? Does it mix up iRedADP?

I moved rule 4 before rule 5 in list below:
mynetworks = 111.111.111.111

# Recipient restrictions
smtpd_recipient_restrictions =
1   reject_unknown_recipient_domain
2  reject_non_fqdn_recipient
3   reject_unlisted_recipient
4   permit_mynetworks
5   check_policy_service inet:127.0.0.1:7777
6   permit_sasl_authenticated
7   reject_unauth_destination
8   reject_rbl_client zen.spamhaus.org
9   reject_rbl_client bl.spamcop.net
10  reject_rbl_client b.barracudacentral.org
    reject_rbl_client dnsbl.sorbs.net

4

Re: White list not working

tyllee wrote:

4   permit_mynetworks
5   check_policy_service inet:127.0.0.1:7777

Postfix applies the restriction rules in order.

If you have permit_mynetworks before 'check_policy_service', all emails sent from servers/clients listed in Postfix "mynetworks" will bypass further restrictions specified in smtpd_recipient_restrictions.

As mentioned in my last reply: "The easiest way and BEST way to solve this is enabling SMTP AUTH to send email."

5

Re: White list not working

ZhangHuangbin wrote:

As mentioned in my last reply: "The easiest way and BEST way to solve this is enabling SMTP AUTH to send email."

It seems to be enabled?

#
# Enable SASL authentication
#
smtpd_sasl_auth_enable = yes

So, I did not know how to proceed.

Should I add something like this?:

-------------------------------------
smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   permit_mynetworks,
   check_relay_domains
-------------------------------------

6

Re: White list not working

You misunderstood my reply. I mean, enable SMTP AUTH in your mail client - the program you used to send email.

7 (edited by tyllee 2016-09-14 04:00:43)

Re: White list not working

Ah, this is not possible.

The server sending email is an other server that I do not have control over. The system is a economy system for invoicing salaries etc. This is a big company and really hard to get any things changed in their systems...

The problem is that my client wants to send from the same domain that is on my server.

I've been trying to make them implement some kind of AUTH in the SMTP system but they refuse... So, I have to solve this some other way. My solution right now is to accept everything from this smtp server they have.

8

Re: White list not working

tyllee wrote:

Ah, this is not possible.

The server sending email is an other server that I do not have control over. The system is a economy system for invoicing salaries etc. This is a big company and really hard to get any things changed in their systems...

The problem is that my client wants to send from the same domain that is on my server.

I've been trying to make them implement some kind of AUTH in the SMTP system but they refuse... So, I have to solve this some other way. My solution right now is to accept everything from this smtp server they have.

Did you get this figured out?  Having this same issue with our AS400 server.

9

Re: White list not working

Luke6283 wrote:
tyllee wrote:

Ah, this is not possible.

The server sending email is an other server that I do not have control over. The system is a economy system for invoicing salaries etc. This is a big company and really hard to get any things changed in their systems...

The problem is that my client wants to send from the same domain that is on my server.

I've been trying to make them implement some kind of AUTH in the SMTP system but they refuse... So, I have to solve this some other way. My solution right now is to accept everything from this smtp server they have.

Did you get this figured out?  Having this same issue with our AS400 server.

Senders IP should be included on mynetwork, that should work just fine.

10 (edited by tyllee 2016-09-28 02:51:17)

Re: White list not working

Senders IP should be included on mynetwork, that should work just fine.

Yes this was how I solved it. I hade to move the rule one step up also.

4   permit_mynetworks
5   check_policy_service inet:127.0.0.1:7777