1 (edited by ahsiangsiang 2012-02-29 00:42:40)

Topic: Per Domain Whitelist and Blacklist not working

Hi Zhang,

Need your help on this.

I have problem on iRedAPD.

Ubuntu 10.04 LTS 64bit
iRedMail 0.7.4 with LDAP backend

iRedAPD 1.3.6

iredapd.ini

[general]
# Listen address and port.
listen_addr = 127.0.0.1
listen_port = 7777

# Run as a low privileged user.
# If you don't want to create one, you can try 'nobody'.
run_as_user = iredapd

# Background/daemon mode: yes, no.
# Run iRedAPD as daemon, detach iredapd from terminal.
run_as_daemon = yes

# Path to pid file.
pid_file        = /var/run/iredapd.pid

# Log type: file.
# Set 'log_file = /dev/null' if you don't want to keep the log.
log_type        = file
log_file        = /var/log/iredapd.log

# Log level: info, error, debug.
log_level       = debug

# Backend: ldap, mysql.
backend = ldap

[ldap]
# For ldap backend only.
# LDAP server setting.
# Uri must starts with ldap:// or ldaps:// (TLS/SSL).
#
# Tip: You can get binddn, bindpw from /etc/postfix/ldap_*.cf.
#
uri = ldap://127.0.0.1:389
binddn = cn=vmail,dc=test,dc=com
bindpw = xxxxxxxxxxxxxxxxxxxxxxxxx
basedn = o=domains,dc=test,dc=com

# Enabled plugins.
#   - Plugin name is file name which placed under 'src/plugins/' directory.
#   - Plugin names MUST be seperated by comma.
#
# Available plugins:
#   * ldap_domain_wblist: per-domain white/blacklist support.
#       Note: If you want to enable this plugin, it's better to make it the
#             first one in enabled plugin list.
#   * ldap_maillist_access_policy: mail list deliver restrictions.
#   * block_amavisd_blacklisted_senders: per-user white/blacklist support.
plugins = ldap_domain_wblist, block_amavisd_blacklisted_senders, ldap_maillist_access_policy

[mysql]
# For MySQL backend only.
server      = 127.0.0.1
db          = vmail
user        = vmail
password    = xxxxxxxxxxxxxxxxxxxxxxxx

# Enabled plugins.
#   - Plugin name is file name which placed under 'src/plugins/' directory.
#   - Plugin names MUST be seperated by comma.
plugins = ldap_maillist_access_policy

iredapd-rr.ini

[general]
# Listen address and port.
listen_addr = 127.0.0.1
listen_port = 7778

# Run as a low privileged user.
# If you don't want to create one, you can try 'nobody'.
run_as_user = iredapd

# Background/daemon mode: yes, no.
# Run iRedAPD as daemon, detach iredapd from terminal.
run_as_daemon = yes

# Path to pid file.
pid_file        = /var/run/iredapd-rr.pid

# Log type: file.
# Set 'log_file = /dev/null' if you don't want to keep the log.
log_type        = file
log_file        = /var/log/iredapd-rr.log

# Log level: info, error, debug.
log_level       = debug

# Backend: ldap, mysql.
backend = ldap

# Bypass clients listed in postfix 'mynetworks': yes, no.
bypass_mynetworks = no

[ldap]
# For ldap backend only.
# LDAP server setting.
# Uri must starts with ldap:// or ldaps:// (TLS/SSL).
#
# Tip: You can get binddn, bindpw from /etc/postfix/ldap_*.cf.
#
uri = ldap://127.0.0.1:389
binddn = cn=vmail,dc=test,dc=com
bindpw = xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
basedn = o=domains,dc=test,dc=com

# Enabled plugins.
#   - Plugin name is file name which placed under 'src/plugins/' directory.
#   - Plugin names MUST be seperated by comma.
#
# Available plugins:
#   * ldap_domain_wblist: per-domain white/blacklist support.
#       Note: If you want to enable this plugin, it's better to make it the
#             first one in enabled plugin list.
#   * ldap_maillist_access_policy: mail list deliver restrictions.
#   * block_amavisd_blacklisted_senders: per-user white/blacklist support.
plugins = ldap_recipient_restrictions

[mysql]
# For MySQL backend only.
server      = 127.0.0.1
db          = vmail
user        = vmail
password    = xxxxxxxxxxxxxxxxxxxxxxxxxxxx

# Enabled plugins.
#   - Plugin name is file name which placed under 'src/plugins/' directory.
#   - Plugin names MUST be seperated by comma.

iredapd.log

2012-02-29 00:23:13 DEBUG smtp session: encryption_keysize=0
2012-02-29 00:23:13 DEBUG LDAP connection initialied success.
2012-02-29 00:23:13 DEBUG LDAP bind success.
2012-02-29 00:23:13 DEBUG __get_recipient_dn_ldif (recipient): test@gmail.com
2012-02-29 00:23:13 DEBUG __get_recipient_dn_ldif (ldap query filter): (&(|(mail=test@gmail.com)(shadowAddress=test@gmail.com))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2012-02-29 00:23:13 DEBUG __get_recipient_dn_ldif: Can not find recipient in LDAP server.
2012-02-29 00:23:13 DEBUG Recipient DN or LDIF is None.
2012-02-29 00:23:13 DEBUG Final action: DUNNO.
2012-02-29 00:23:13 INFO www@test.com -> test@gmail.com, DUNNO
2012-02-29 00:23:13 DEBUG Connection closed

iredapd-rr.log

2012-02-29 00:23:12 DEBUG LDAP connection initialied success.
2012-02-29 00:23:12 DEBUG LDAP bind success.
2012-02-29 00:23:12 DEBUG __get_sender_dn_ldif (sender): www@test.com
2012-02-29 00:23:12 DEBUG __get_sender_dn_ldif: Quering LDAP
2012-02-29 00:23:12 DEBUG __get_sender_dn_ldif (result): [('mail=www@test.com,ou=Users,domainName=test.com,o=domains,dc=test,dc=com', {'uid': ['www'], 'mailQuota': ['104857600'], 'objectClass': ['inetOrgPerson', 'shadowAccount', 'amavisAccount', 'mailUser', 'top'], 'userPassword': ['{SSHA}gpRkBp7Y7MGqWtHzjY83iZ/zjg/L8cyh'], 'homeDirectory': ['/var/vmail/vmail1/test.com/w/w/w/www-2012.02.28.23.25.20/'], 'accountStatus': ['active'], 'sn': ['www'], 'storageBaseDirectory': ['/var/vmail'], 'mail': ['www@test.com'], 'givenName': ['www'], 'mailMessageStore': ['vmail1/test.com/w/w/w/www-2012.02.28.23.25.20/'], 'enabledService': ['mail', 'internal', 'smtp', 'smtpsecured', 'pop3', 'pop3secured', 'imap', 'imapsecured', 'deliver', 'lda', 'forward', 'senderbcc', 'recipientbcc', 'managesieve', 'managesievesecured', 'sieve', 'sievesecured', 'displayedInGlobalAddressBook', 'shadowaddress'], 'cn': ['www']})]
2012-02-29 00:23:12 DEBUG Apply plugin (ldap_recipient_restrictions).
2012-02-29 00:23:12 DEBUG Response from plugin (ldap_recipient_restrictions): DUNNO
2012-02-29 00:23:12 DEBUG Final action: DUNNO.
2012-02-29 00:23:12 INFO www@test.com -> test@gmail.com, DUNNO
2012-02-29 00:23:12 DEBUG Connection closed

LDAP
i added on LDAP domain object with attributes:
- domainWhitelistSender
- domainBlacklistSender

Please help. Thanks

2

Re: Per Domain Whitelist and Blacklist not working

Could you please show me output of below command:

# postconf smtpd_sender_restrictions
# postconf smtpd_recipient_restrictions
# postconf smtpd_end_of_data_restrictions