1 Topic by mejo

  • mejo
  • Member
  • Offline
  • Registered: 2017-05-04
  • Posts: 19

Topic: iRedMail as relay and iRedAPD

Hello,

I tried to configure iRedMail as relay for the other systems in our network. After reading Enable relay from send mail trough iredmail (Postfix) I appended our network (X.X.X.X/28) to mynetworks in /etc/postfix/main.cf.

Just above mynetworks in Postfix main.cf I found the following comment:

# trusted SMTP clients which are allowed to relay mail through Postfix.
#
# Note: additional IP addresses/networks listed in mynetworks should be listed
#       in iRedAPD setting 'MYNETWORKS' (in `/opt/iredapd/settings.py`) too.
#       for example:
#
#       MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]
#

I searched through '/opt/iredapt/settings.py' but didn't find a MYNETWORKS setting. Also, all options in iRedAPT settings.py are lowercase. Did the format change in the meantime? Is it still possible/necessary to add networks as 'MYNETWORKS' to iRedAPD? What's the purpose/effect of this at all?

Besides, I realized that the network should also be added to 'ignoreips' at /etc/fail2ban/jail.local. Otherwise, the smtp client nodes might become blacklisted, no?

Anything else to consider when using iRedMail as SMTP relay?

Kind regards,
jonas

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: iRedMail as relay and iRedAPD

iRedAPD has some default settings in /opt/iredapd/libs/default_settings.py, you can find MYNETWORKS in this file. If you need to modify parameters in default_settings.py, please copy the parameter to /opt/iredapd/settings.py and update it with your new values.

3 Reply by mejo

  • mejo
  • Member
  • Offline
  • Registered: 2017-05-04
  • Posts: 19

Re: iRedMail as relay and iRedAPD

ZhangHuangbin wrote:

iRedAPD has some default settings in /opt/iredapd/libs/default_settings.py, you can find MYNETWORKS in this file. If you need to modify parameters in default_settings.py, please copy the parameter to /opt/iredapd/settings.py and update it with your new values.

Thank you Zhang for the reply. I've two further questions:

  • Why has '/opt/iredapd/settings.py' permissions 0400 (readonly for user, nothing for the rest) if it's supposed to be modified by the admin?

  • What does the comment 'DO NOT TOUCH BELOW LINE.' at the beginning of '/opt/iredapd/settings.py' mean? It's a bit unclear: does it mean that any local modifications need to be above that comment? Or does it mean that the whole file should not be modified (what is implied by the file permissions)? Or does it merely mean that the line 'from libs.default_settings import *' must not be touched?

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: iRedMail as relay and iRedAPD

mejo wrote:

Why has '/opt/iredapd/settings.py' permissions 0400 (readonly for user, nothing for the rest) if it's supposed to be modified by the admin?

*) Only system user 'root' (or system user with sudo privilege) can modify this file. Since it contains passwords, it has to be 0X00 (or 0XX0).
*) iRedAdmin itself doesn't modify this file, it only manages data stored in SQL/LDAP.

mejo wrote:

What does the comment 'DO NOT TOUCH BELOW LINE.' at the beginning of '/opt/iredapd/settings.py' mean? It's a bit unclear: does it mean that any local modifications need to be above that comment? Or does it mean that the whole file should not be modified (what is implied by the file permissions)? Or does it merely mean that the line 'from libs.default_settings import *' must not be touched?

Just the "from libs.default_settings import *" line. All your own modifications must be AFTER this line.

5 Reply by mejo

  • mejo
  • Member
  • Offline
  • Registered: 2017-05-04
  • Posts: 19

Re: iRedMail as relay and iRedAPD

Thanks for the prompt reply, Zhang.

ZhangHuangbin wrote:
mejo wrote:

Why has '/opt/iredapd/settings.py' permissions 0400 (readonly for user, nothing for the rest) if it's supposed to be modified by the admin?

*) Only system user 'root' (or system user with sudo privilege) can modify this file. Since it contains passwords, it has to be 0X00 (or 0XX0).
*) iRedAdmin itself doesn't modify this file, it only manages data stored in SQL/LDAP.

Why don't you give it permissions 0600 in that case? The file is owned by root, and it's supposed to be edited by the local system admin (root). I guess that 0600 would be more appropriate here, no? The editor message that this file is read-only might confuse admins.

ZhangHuangbin wrote:
mejo wrote:

What does the comment 'DO NOT TOUCH BELOW LINE.' at the beginning of '/opt/iredapd/settings.py' mean? It's a bit unclear: does it mean that any local modifications need to be above that comment? Or does it mean that the whole file should not be modified (what is implied by the file permissions)? Or does it merely mean that the line 'from libs.default_settings import *' must not be touched?

Just the "from libs.default_settings import *" line. All your own modifications must be AFTER this line.

I see, thanks for clarification. May I suggest to slightly modify this comment then? For example "DON'T EDIT THE FOLLOWING LINE" would make more obvious to me, what is meant with the comment. Just a suggestion though smile