Dec 29, 2023: iRedMail-1.6.8 has been released.

**tom cotton** · 2017-10-10 03:18:18

tom cotton
Member
Offline

Registered: 2016-11-01
Posts: 49

Topic: Whitelist / Blacklist not applied to alias address

==== Required information ====
- iRedMail version (check /etc/iredmail-release): v0.9.7
- Linux/BSD distribution name and version: CentOs 6.9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I have found that email sent to the domain alias bypass the Whitelist / Blacklist exclusion.

I am applying the Whitelist / Blacklist at the user lever.

Domain = domain.com
Alias Domain for domain.com = alias.com

user@domain.com

email sent here gets returned as blacklisted

user@alias.com

email sent here gets delivered to user@domain.com

Whitelist / Blacklist should be applied to domain and all aliases. Correct?

Please let me know what you think.

Thanks.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**ZhangHuangbin** · 2017-10-10 09:50:59

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: Whitelist / Blacklist not applied to alias address

Could you please turn on debug mode in iRedAPD, send one more testing email to user@alias.com, extract full log related to this testing email from /var/log/iredapd/iredapd.log and paste here?

FYI: http://www.iredmail.org/docs/debug.iredapd.html

**tom cotton** · 2017-10-10 10:13:08

tom cotton
Member
Offline

Registered: 2016-11-01
Posts: 49

Re: Whitelist / Blacklist not applied to alias address

Here is the log entries. user@alias.com is thomas@answeringspecialists.com aliased from thomas@ansspc.com

2017-10-10 01:59:42 DEBUG smtp session: request=smtpd_access_policy
2017-10-10 01:59:42 DEBUG smtp session: protocol_state=RCPT
2017-10-10 01:59:42 DEBUG smtp session: protocol_name=ESMTP
2017-10-10 01:59:42 DEBUG smtp session: client_address=108.60.195.213
2017-10-10 01:59:42 DEBUG smtp session: client_name=cx-a.mxthunder.net
2017-10-10 01:59:42 DEBUG smtp session: reverse_client_name=cx-a.mxthunder.net
2017-10-10 01:59:42 DEBUG smtp session: helo_name=cx-a.mxthunder.net
2017-10-10 01:59:42 DEBUG smtp session: sender=cotton59@gmail.com
2017-10-10 01:59:42 DEBUG smtp session: recipient=thomas@answeringspecialists.com
2017-10-10 01:59:42 DEBUG smtp session: recipient_count=0
2017-10-10 01:59:42 DEBUG smtp session: queue_id=
2017-10-10 01:59:42 DEBUG smtp session: instance=73bd.59dc298e.60108.0
2017-10-10 01:59:42 DEBUG smtp session: size=3093
2017-10-10 01:59:42 DEBUG smtp session: etrn_domain=
2017-10-10 01:59:42 DEBUG smtp session: stress=
2017-10-10 01:59:42 DEBUG smtp session: sasl_method=
2017-10-10 01:59:42 DEBUG smtp session: sasl_username=
2017-10-10 01:59:42 DEBUG smtp session: sasl_sender=
2017-10-10 01:59:42 DEBUG smtp session: ccert_subject=
2017-10-10 01:59:42 DEBUG smtp session: ccert_issuer=
2017-10-10 01:59:42 DEBUG smtp session: ccert_fingerprint=
2017-10-10 01:59:42 DEBUG smtp session: ccert_pubkey_fingerprint=
2017-10-10 01:59:42 DEBUG smtp session: encryption_protocol=TLSv1.2
2017-10-10 01:59:42 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-GCM-SHA384
2017-10-10 01:59:42 DEBUG smtp session: encryption_keysize=256
2017-10-10 01:59:42 DEBUG LDAP connection initialied success.
2017-10-10 01:59:42 DEBUG LDAP bind success.
2017-10-10 01:59:42 DEBUG --> Apply plugin: reject_null_sender
2017-10-10 01:59:42 DEBUG <-- Result: DUNNO
2017-10-10 01:59:42 DEBUG --> Apply plugin: greylisting
2017-10-10 01:59:42 DEBUG Client address (108.60.195.213) is trusted networks (MYNETWORKS).
2017-10-10 01:59:42 DEBUG <-- Result: DUNNO
2017-10-10 01:59:42 DEBUG --> Apply plugin: throttle
2017-10-10 01:59:42 DEBUG Check sender throttling.
2017-10-10 01:59:42 DEBUG [SQL] Query throttle setting:

SELECT id, account, priority, period, max_msgs, max_quota, msg_size
FROM throttle
WHERE kind='external' AND account IN ('108.60.195.213', '@ip', 'cotton59@gmail.com', '@gmail.com', '@.', '@.gmail.com', '@.com', '108.60.195.*', '108.60.*.213')
ORDER BY priority DESC

2017-10-10 01:59:42 DEBUG [SQL] Query result:
[]
2017-10-10 01:59:42 DEBUG No sender throttle setting.
2017-10-10 01:59:42 DEBUG Check recipient throttling.
2017-10-10 01:59:42 DEBUG [SQL] Query throttle setting:

SELECT id, account, priority, period, max_msgs, max_quota, msg_size
FROM throttle
WHERE kind='inbound' AND account IN ('108.60.195.213', '@ip', 'thomas@answeringspecialists.com', '@answeringspecialists.com', '@.', '@.answeringspecialists.com', '@.com', '108.60.195.*', '108.60.*.213')
ORDER BY priority DESC

2017-10-10 01:59:42 DEBUG [SQL] Query result:
[]
2017-10-10 01:59:42 DEBUG No recipient throttle setting.
2017-10-10 01:59:42 DEBUG <-- Result: DUNNO
2017-10-10 01:59:42 DEBUG [+] Getting LDIF data of account: thomas@answeringspecialists.com
2017-10-10 01:59:42 DEBUG search base dn: o=domains,dc=ansspc,dc=com
2017-10-10 01:59:42 DEBUG search scope: SUBTREE
2017-10-10 01:59:42 DEBUG search filter: (&(!(domainStatus=disabled))(|(mail=thomas@answeringspecialists.com)(shadowAddress=thomas@answeringspecialists.com))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2017-10-10 01:59:42 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy']
2017-10-10 01:59:42 DEBUG result: [('mail=thomas@ansspc.com,ou=Users,domainName=ansspc.com,o=domains,dc=ansspc,dc=com', {'objectClass': ['inetOrgPerson', 'mailUser', 'shadowAccount', 'amavisAccount']})]
2017-10-10 01:59:42 DEBUG --> Apply plugin: ldap_maillist_access_policy
2017-10-10 01:59:42 DEBUG <-- Result: DUNNO (Recipient is not a mailing list account)
2017-10-10 01:59:42 DEBUG --> Apply plugin: amavisd_wblist
2017-10-10 01:59:42 DEBUG Possible policy senders: ['cotton59@gmail.com', '@gmail.com', '@.', '@.gmail.com', '@.com', 'cotton59@*', '108.60.195.213', '108.60.195.*', '108.60.*.213']
2017-10-10 01:59:42 DEBUG Possible policy recipients: ['thomas@answeringspecialists.com', '@answeringspecialists.com', '@.', '@.answeringspecialists.com', '@.com']
2017-10-10 01:59:42 DEBUG Apply wblist for inbound message.
2017-10-10 01:59:42 DEBUG [SQL] Query local addresses:
SELECT id, email
FROM users
WHERE email IN ('thomas@answeringspecialists.com', '@answeringspecialists.com', '@.', '@.answeringspecialists.com', '@.com')
ORDER BY priority DESC
2017-10-10 01:59:42 DEBUG Local addresses (in `users`): [(2L, '@.')]
2017-10-10 01:59:42 DEBUG [SQL] Query external addresses:
SELECT id, email
FROM mailaddr
WHERE email IN ('cotton59@gmail.com', '@gmail.com', '@.', '@.gmail.com', '@.com', 'cotton59@*', '108.60.195.213', '108.60.195.*', '108.60.*.213')
ORDER BY priority DESC
2017-10-10 01:59:42 DEBUG Addresses (in `mailaddr`): [(2L, '@.')]
2017-10-10 01:59:42 DEBUG [SQL] Query CIDR network:
SELECT id, email
FROM mailaddr
WHERE email LIKE '108.%%'
ORDER BY priority DESC
2017-10-10 01:59:42 DEBUG [SQL] Query inbound wblist (in `wblist`):
SELECT rid, sid, wb
FROM wblist
WHERE sid IN (2) AND rid IN (2)
2017-10-10 01:59:42 DEBUG No wblist found.
2017-10-10 01:59:42 DEBUG <-- Result: DUNNO
2017-10-10 01:59:42 DEBUG Session ended.
2017-10-10 01:59:42 INFO [108.60.195.213] RCPT, cotton59@gmail.com -> thomas@answeringspecialists.com, DUNNO [0.0108s]
2017-10-10 01:59:42 DEBUG Close LDAP connection.
2017-10-10 01:59:42 DEBUG smtp session: request=smtpd_access_policy
2017-10-10 01:59:42 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2017-10-10 01:59:42 DEBUG smtp session: protocol_name=ESMTP
2017-10-10 01:59:42 DEBUG smtp session: client_address=108.60.195.213
2017-10-10 01:59:42 DEBUG smtp session: client_name=cx-a.mxthunder.net
2017-10-10 01:59:42 DEBUG smtp session: reverse_client_name=cx-a.mxthunder.net
2017-10-10 01:59:42 DEBUG smtp session: helo_name=cx-a.mxthunder.net
2017-10-10 01:59:42 DEBUG smtp session: sender=cotton59@gmail.com
2017-10-10 01:59:42 DEBUG smtp session: recipient=thomas@answeringspecialists.com
2017-10-10 01:59:42 DEBUG smtp session: recipient_count=1
2017-10-10 01:59:42 DEBUG smtp session: queue_id=69A32F1F
2017-10-10 01:59:42 DEBUG smtp session: instance=73bd.59dc298e.60108.0
2017-10-10 01:59:42 DEBUG smtp session: size=3093
2017-10-10 01:59:42 DEBUG smtp session: etrn_domain=
2017-10-10 01:59:42 DEBUG smtp session: stress=
2017-10-10 01:59:42 DEBUG smtp session: sasl_method=
2017-10-10 01:59:42 DEBUG smtp session: sasl_username=
2017-10-10 01:59:42 DEBUG smtp session: sasl_sender=
2017-10-10 01:59:42 DEBUG smtp session: ccert_subject=
2017-10-10 01:59:42 DEBUG smtp session: ccert_issuer=
2017-10-10 01:59:42 DEBUG smtp session: ccert_fingerprint=
2017-10-10 01:59:42 DEBUG smtp session: ccert_pubkey_fingerprint=
2017-10-10 01:59:42 DEBUG smtp session: encryption_protocol=TLSv1.2
2017-10-10 01:59:42 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-GCM-SHA384
2017-10-10 01:59:42 DEBUG smtp session: encryption_keysize=256
2017-10-10 01:59:42 DEBUG LDAP connection initialied success.
2017-10-10 01:59:42 DEBUG LDAP bind success.
2017-10-10 01:59:42 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2017-10-10 01:59:42 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2017-10-10 01:59:42 DEBUG --> Apply plugin: throttle
2017-10-10 01:59:42 DEBUG Check sender throttling.
2017-10-10 01:59:42 DEBUG [SQL] Query throttle setting:

SELECT id, account, priority, period, max_msgs, max_quota, msg_size
FROM throttle
WHERE kind='external' AND account IN ('108.60.195.213', '@ip', 'cotton59@gmail.com', '@gmail.com', '@.', '@.gmail.com', '@.com', '108.60.195.*', '108.60.*.213')
ORDER BY priority DESC

2017-10-10 01:59:42 DEBUG [SQL] Query result:
[]
2017-10-10 01:59:42 DEBUG No sender throttle setting.
2017-10-10 01:59:42 DEBUG Check recipient throttling.
2017-10-10 01:59:42 DEBUG [SQL] Query throttle setting:

SELECT id, account, priority, period, max_msgs, max_quota, msg_size
FROM throttle
WHERE kind='inbound' AND account IN ('108.60.195.213', '@ip', 'thomas@answeringspecialists.com', '@answeringspecialists.com', '@.', '@.answeringspecialists.com', '@.com', '108.60.195.*', '108.60.*.213')
ORDER BY priority DESC

2017-10-10 01:59:42 DEBUG [SQL] Query result:
[]
2017-10-10 01:59:42 DEBUG No recipient throttle setting.
2017-10-10 01:59:42 DEBUG <-- Result: DUNNO
2017-10-10 01:59:42 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2017-10-10 01:59:42 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2017-10-10 01:59:42 DEBUG Session ended.
2017-10-10 01:59:42 INFO [108.60.195.213] END-OF-MESSAGE, cotton59@gmail.com -> thomas@answeringspecialists.com, DUNNO [0.0050s]
2017-10-10 01:59:42 DEBUG Close LDAP connection.

**ZhangHuangbin** · 2017-10-11 13:57:21

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: Whitelist / Blacklist not applied to alias address

Seems bug of iRedAPD, i will test it later and come back with a fix.

**ZhangHuangbin** · 2017-10-18 22:13:31

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: Whitelist / Blacklist not applied to alias address

Fixed:
https://bitbucket.org/zhb/iredapd/commi … 3f7ad93be0

If you're running iRedAPD-2.1, you can can download 2 files from the repo and override the ones on your server:
https://bitbucket.org/zhb/iredapd/src

- libs/sql/__init__.py
- plugins/amavisd_wblist.py

Since there're few changes made after 2.1 release, i didn't generate a simple patch for you.

**ZhangHuangbin** · 2017-10-19 10:40:48

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: Whitelist / Blacklist not applied to alias address

UPDATE: also fixed same issue in plugin 'throttle'. If you send email to user@<alias-domain>, it will apply throttle settings now.

**tom cotton** · 2017-10-25 07:19:05

tom cotton
Member
Offline

Registered: 2016-11-01
Posts: 49

Re: Whitelist / Blacklist not applied to alias address

Copied the two files, restarted iredapd and got this:

Stopping iredapd ...
Starting iredapd ...
Traceback (most recent call last):
File "/opt/iredapd/iredapd.py", line 22, in <module>
import settings
File "/opt/iRedAPD-2.1/settings.py", line 3, in <module>
from libs.default_settings import *
File "/opt/iRedAPD-2.1/libs/__init__.py", line 3, in <module>
from libs.logger import logger
File "/opt/iRedAPD-2.1/libs/logger.py", line 119, in <module>
log_level = getattr(logging, str(settings.log_level).upper())
AttributeError: 'module' object has no attribute 'log_level'

**ZhangHuangbin** · 2017-10-25 22:37:18

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: Whitelist / Blacklist not applied to alias address

Try this command:

cd /opt/iredapd
find . -name 'settings.py'

You should have only one "settings.py" and it's /opt/iredapd/settings.py.

**tom cotton** · 2017-10-25 23:59:00

tom cotton
Member
Offline

Registered: 2016-11-01
Posts: 49

Re: Whitelist / Blacklist not applied to alias address

There is only one. See below.

(30)[root@mx2 libs]$ cd /opt/iredapd
Wed Oct 25 15:54:09
(31)[root@mx2 iredapd]$ find . -name 'settings.py'
./settings.py
Wed Oct 25 15:54:12
(32)[root@mx2 iredapd]$

**ZhangHuangbin** · 2017-10-26 08:19:28

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: Whitelist / Blacklist not applied to alias address

Does file /opt/iredapd/settings.py contain parameter "log_level ="? You can find the sample setting in /opt/iredapd/settings.py.sample.

**tom cotton** · 2017-11-01 01:17:30

tom cotton
Member
Offline

Registered: 2016-11-01
Posts: 49

Re: Whitelist / Blacklist not applied to alias address

Yes /opt/iredapd/settings.py has an entry:

# Log level: info, debug.
log_level = "info"

**ZhangHuangbin** · 2017-11-01 16:35:59

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: Whitelist / Blacklist not applied to alias address

What's the file owner and permission of /opt/iredapd/settings.py?

**tom cotton** · 2017-11-04 06:41:26

tom cotton
Member
Offline

Registered: 2016-11-01
Posts: 49

Re: Whitelist / Blacklist not applied to alias address

Sorry for the delay...

(5)[root@mx2 ~]$ ls -l /opt/iredapd/settings.py
-r-------- 1 root root 2335 Oct 10 02:00 /opt/iredapd/settings.py
Fri Nov 03 22:40:08
(6)[root@mx2 ~]$

**ZhangHuangbin** · 2017-11-04 14:39:20

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: Whitelist / Blacklist not applied to alias address

Owner and permission are fine.

tom cotton wrote:

File "/opt/iRedAPD-2.1/libs/logger.py", line 119, in <module>
log_level = getattr(logging, str(settings.log_level).upper())
AttributeError: 'module' object has no attribute 'log_level'

Please try this:

*) Open file /opt/iRedAPD-2.1/libs/logger.py, find this line at the opt of file (about line 6):

import settings

*) Add one line RIGHT AFTER above line, and save your change.

import settings
print settings.__file__               # <-- Add this line

*) Start iRedAPD service manually on console:

cd /opt/iredapd/
python iredapd.py

It will print absolute path to the "settings.py" it loads. Please show us the output.

**tom cotton** · 2017-11-07 05:17:16

tom cotton
Member
Offline

Registered: 2016-11-01
Posts: 49

Re: Whitelist / Blacklist not applied to alias address

(9)[root@mx2 iredapd]$ python iredapd.py
/opt/iRedAPD-2.1/settings.py
Mon Nov 06 21:15:19
(10)[root@mx2 iredapd]$

**ZhangHuangbin** · 2017-11-08 23:04:39

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: Whitelist / Blacklist not applied to alias address

tom cotton wrote:

/opt/iRedAPD-2.1/settings.py

This one is correct.

I'm really confused here, everything looks just fine, it should work as expected.
I'm sorry that i cannot figure it out without checking it myself with direct ssh access, and it's not a iRedAPD programming bug/issue, so, are you willing to buy a support ticket for this?
https://www.iredmail.org/support.html

Dec 29, 2023: iRedMail-1.6.8 has been released.

Whitelist / Blacklist not applied to alias address

Posts: 16

1 Topic by tom cotton 2017-10-10 03:18:18

Topic: Whitelist / Blacklist not applied to alias address

2 Reply by ZhangHuangbin 2017-10-10 09:50:59

Re: Whitelist / Blacklist not applied to alias address

3 Reply by tom cotton 2017-10-10 10:13:08

Re: Whitelist / Blacklist not applied to alias address

4 Reply by ZhangHuangbin 2017-10-11 13:57:21

Re: Whitelist / Blacklist not applied to alias address

5 Reply by ZhangHuangbin 2017-10-18 22:13:31

Re: Whitelist / Blacklist not applied to alias address

6 Reply by ZhangHuangbin 2017-10-19 10:40:48

Re: Whitelist / Blacklist not applied to alias address

7 Reply by tom cotton 2017-10-25 07:19:05

Re: Whitelist / Blacklist not applied to alias address

8 Reply by ZhangHuangbin 2017-10-25 22:37:18

Re: Whitelist / Blacklist not applied to alias address

9 Reply by tom cotton 2017-10-25 23:59:00

Re: Whitelist / Blacklist not applied to alias address

10 Reply by ZhangHuangbin 2017-10-26 08:19:28

Re: Whitelist / Blacklist not applied to alias address

11 Reply by tom cotton 2017-11-01 01:17:30

Re: Whitelist / Blacklist not applied to alias address

12 Reply by ZhangHuangbin 2017-11-01 16:35:59

Re: Whitelist / Blacklist not applied to alias address

13 Reply by tom cotton 2017-11-04 06:41:26

Re: Whitelist / Blacklist not applied to alias address

14 Reply by ZhangHuangbin 2017-11-04 14:39:20

Re: Whitelist / Blacklist not applied to alias address

15 Reply by tom cotton 2017-11-07 05:17:16

Re: Whitelist / Blacklist not applied to alias address

16 Reply by ZhangHuangbin 2017-11-08 23:04:39

Re: Whitelist / Blacklist not applied to alias address

Posts: 16