Dec 29, 2023: iRedMail-1.6.8 has been released.

**wildweasel** · 2013-09-23 21:39:49

wildweasel
Member
Offline

Registered: 2010-04-09
Posts: 9

Topic: iRedAPD plugin sql_user_restrictions dont work as expected

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version: 0.8.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Debian 6 squeeze
- Related log if you're reporting an issue: end of topic
====

Hi all, thanks for this great piece of software, it's great!

Need your help to fix a problem, i have one virtual domain in mysql backend ( mydomain.local ) and i want to lock all users of this domain to send and receive mail only within the local domain, so no mail coming from or directed to internet domain are allowed.

From the research I found this forum topic:
http://www.iredmail.org/forum/topic5325 … users.html

but the iRedAPD plugin sql_user_restrictions dont work as expected.

In practice i have updated the user row on vmail.mailbox as described and set the field allowedrecipients='@mydomain.local', rejectedrecipients='@' for all users.

The problem is that when a user try to send a mail outside of mydomain.local (for example john.smith@gmail.com) the mail is delivered successfully.

One notice: when i set the field rejectedrecipients='@.' (whit a dot after the @) no one is allowed to send mail everywhere

I have enebled debug mode log in the iRedAPD settings (/opt/iredapd/settings.py)

Here is the log where user_1@mydomain.local send a mail to user_2@mydomain.local and to john.smith@gmail.com :

2013-09-23 15:27:38 DEBUG Connect from 127.0.0.1, port 58643.
2013-09-23 15:27:38 DEBUG smtp session: request=smtpd_access_policy
2013-09-23 15:27:38 DEBUG smtp session: protocol_state=RCPT
2013-09-23 15:27:38 DEBUG smtp session: protocol_name=ESMTP
2013-09-23 15:27:38 DEBUG smtp session: client_address=127.0.0.1
2013-09-23 15:27:38 DEBUG smtp session: client_name=localhost
2013-09-23 15:27:38 DEBUG smtp session: reverse_client_name=localhost
2013-09-23 15:27:38 DEBUG smtp session: helo_name=192.168.1.10
2013-09-23 15:27:38 DEBUG smtp session: sender=user_1@mydomain.local
2013-09-23 15:27:38 DEBUG smtp session: recipient=user_2@mydomain.local
2013-09-23 15:27:38 DEBUG smtp session: recipient_count=0
2013-09-23 15:27:38 DEBUG smtp session: queue_id=
2013-09-23 15:27:38 DEBUG smtp session: instance=a72.524041ca.dcafc.0
2013-09-23 15:27:38 DEBUG smtp session: size=0
2013-09-23 15:27:38 DEBUG smtp session: etrn_domain=
2013-09-23 15:27:38 DEBUG smtp session: stress=
2013-09-23 15:27:38 DEBUG smtp session: sasl_method=LOGIN
2013-09-23 15:27:38 DEBUG smtp session: sasl_username=user_1@mydomain.local
2013-09-23 15:27:38 DEBUG smtp session: sasl_sender=
2013-09-23 15:27:38 DEBUG smtp session: ccert_subject=
2013-09-23 15:27:38 DEBUG smtp session: ccert_issuer=
2013-09-23 15:27:38 DEBUG smtp session: ccert_fingerprint=
2013-09-23 15:27:38 DEBUG smtp session: encryption_protocol=
2013-09-23 15:27:38 DEBUG smtp session: encryption_cipher=
2013-09-23 15:27:38 DEBUG smtp session: encryption_keysize=0
2013-09-23 15:27:38 DEBUG --> Apply plugin: sql_alias_access_policy
2013-09-23 15:27:38 DEBUG SQL: SELECT accesspolicy, goto, moderators
            FROM alias
            WHERE
                address='user_2@mydomain.local'
                AND address <> goto
                AND domain='rapspa.local'
                AND active=1
            LIMIT 1

2013-09-23 15:27:38 DEBUG SQL Record: None
2013-09-23 15:27:38 DEBUG <-- Result: DUNNO (Not mail alias)
2013-09-23 15:27:38 DEBUG --> Apply plugin: sql_user_restrictions
2013-09-23 15:27:38 DEBUG SQL to get restriction rules of sender (user_1@mydomain.local):
        SELECT
            allowedrecipients, rejectedrecipients,
            allowedsenders, rejectedsenders
        FROM mailbox
        WHERE username='user_1@mydomain.local'
        LIMIT 1

2013-09-23 15:27:38 DEBUG Returned SQL Record: ('@mudomain.local', '@', '', '')
2013-09-23 15:27:38 DEBUG All allowed recipient: ['@mudomain.local']
2013-09-23 15:27:38 DEBUG All rejected recipient: ['@']
2013-09-23 15:27:38 DEBUG SQL to get restriction rules of recipient (user_2@mydomain.local):
            SELECT
                allowedrecipients, rejectedrecipients,
                allowedsenders, rejectedsenders
            FROM mailbox
            WHERE username='user_2@mydomain.local'
            LIMIT 1

2013-09-23 15:27:38 DEBUG Returned SQL Record: ('@mudomain.local', '@', '', '')
2013-09-23 15:27:38 DEBUG No restrictions of recipient.
2013-09-23 15:27:38 DEBUG <-- Result: DUNNO
2013-09-23 15:27:38 INFO [127.0.0.1] user_1@mydomain.local -> user_2@mydomain.local, DUNNO
2013-09-23 15:27:38 DEBUG Connection closed
2013-09-23 15:27:38 DEBUG Closed SQL connection.
2013-09-23 15:27:39 DEBUG Connect from 127.0.0.1, port 58652.
2013-09-23 15:27:39 DEBUG smtp session: request=smtpd_access_policy
2013-09-23 15:27:39 DEBUG smtp session: protocol_state=RCPT
2013-09-23 15:27:39 DEBUG smtp session: protocol_name=ESMTP
2013-09-23 15:27:39 DEBUG smtp session: client_address=127.0.0.1
2013-09-23 15:27:39 DEBUG smtp session: client_name=localhost
2013-09-23 15:27:39 DEBUG smtp session: reverse_client_name=localhost
2013-09-23 15:27:39 DEBUG smtp session: helo_name=192.168.1.10
2013-09-23 15:27:39 DEBUG smtp session: sender=user_1@mydomain.local
2013-09-23 15:27:39 DEBUG smtp session: recipient=john.smith@gmail.com
2013-09-23 15:27:39 DEBUG smtp session: recipient_count=0
2013-09-23 15:27:39 DEBUG smtp session: queue_id=DF6D8A3AF0
2013-09-23 15:27:39 DEBUG smtp session: instance=a72.524041ca.dcafc.0
2013-09-23 15:27:39 DEBUG smtp session: size=0
2013-09-23 15:27:39 DEBUG smtp session: etrn_domain=
2013-09-23 15:27:39 DEBUG smtp session: stress=
2013-09-23 15:27:39 DEBUG smtp session: sasl_method=LOGIN
2013-09-23 15:27:39 DEBUG smtp session: sasl_username=user_1@mydomain.local
2013-09-23 15:27:39 DEBUG smtp session: sasl_sender=
2013-09-23 15:27:39 DEBUG smtp session: ccert_subject=
2013-09-23 15:27:39 DEBUG smtp session: ccert_issuer=
2013-09-23 15:27:39 DEBUG smtp session: ccert_fingerprint=
2013-09-23 15:27:39 DEBUG smtp session: encryption_protocol=
2013-09-23 15:27:39 DEBUG smtp session: encryption_cipher=
2013-09-23 15:27:39 DEBUG smtp session: encryption_keysize=0
2013-09-23 15:27:39 DEBUG --> Apply plugin: sql_alias_access_policy
2013-09-23 15:27:39 DEBUG SQL: SELECT accesspolicy, goto, moderators
            FROM alias
            WHERE
                address='john.smith@gmail.com'
                AND address <> goto
                AND domain='gmail.com'
                AND active=1
            LIMIT 1

2013-09-23 15:27:39 DEBUG SQL Record: None
2013-09-23 15:27:39 DEBUG <-- Result: DUNNO (Not mail alias)
2013-09-23 15:27:39 DEBUG --> Apply plugin: sql_user_restrictions
2013-09-23 15:27:39 DEBUG SQL to get restriction rules of sender (user_1@mydomain.local):
        SELECT
            allowedrecipients, rejectedrecipients,
            allowedsenders, rejectedsenders
        FROM mailbox
        WHERE username='user_1@mydomain.local'
        LIMIT 1

2013-09-23 15:27:39 DEBUG Returned SQL Record: ('@mudomain.local', '@', '', '')
2013-09-23 15:27:39 DEBUG All allowed recipient: ['@mudomain.local']
2013-09-23 15:27:39 DEBUG All rejected recipient: ['@']
2013-09-23 15:27:39 DEBUG SQL to get restriction rules of recipient (john.smith@gmail.com):
            SELECT
                allowedrecipients, rejectedrecipients,
                allowedsenders, rejectedsenders
            FROM mailbox
            WHERE username='john.smith@gmail.com'
            LIMIT 1

2013-09-23 15:27:39 DEBUG Returned SQL Record: None
2013-09-23 15:27:39 DEBUG <-- Result: DUNNO
2013-09-23 15:27:39 INFO [127.0.0.1] user_1@mydomain.local -> john.smith@gmail.com, DUNNO
2013-09-23 15:27:39 DEBUG Connection closed
2013-09-23 15:27:39 DEBUG Closed SQL connection.

I hope you can help me.

Regards.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**ZhangHuangbin** · 2013-09-23 22:46:49

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,788

Re: iRedAPD plugin sql_user_restrictions dont work as expected

As documented in plugin file:

# Valid sender/recipient addresses:
#
# - @.: all addresses (user, domain, sub-domain)
# - @domain.com: single domain
# - @.domain.com: single domain and its all sub-domains
# - user@domain.com: single email address

'@' is invalid.

**wildweasel** · 2013-09-24 03:29:46

wildweasel
Member
Offline

Registered: 2010-04-09
Posts: 9

Re: iRedAPD plugin sql_user_restrictions dont work as expected

Hi Zhang,

thanks for the quick reply.

its ok but I have followed your advice on this topic:
http://www.iredmail.org/forum/topic5325 … users.html

however it is not important because there is still the problem.

In practice i have updated the user row on vmail.mailbox as described and set the field allowedrecipients='@mydomain.local', and rejectedrecipients=NULL' for all users.

Even in this case, if a user tries to send an email to an address outside the local domain mydomain.local, for example john.smith@gmail.com, the email is sent successfully

Here is the log where user_1@mydomain.local send a mail to john.smith@gmail.com where user_1@mydomain.local as the field allowedrecipients set as @mydomain.local

2013-09-23 21:17:16 DEBUG Connect from 127.0.0.1, port 58926.
2013-09-23 21:17:16 DEBUG smtp session: request=smtpd_access_policy
2013-09-23 21:17:16 DEBUG smtp session: protocol_state=RCPT
2013-09-23 21:17:16 DEBUG smtp session: protocol_name=ESMTP
2013-09-23 21:17:16 DEBUG smtp session: client_address=127.0.0.1
2013-09-23 21:17:16 DEBUG smtp session: client_name=localhost
2013-09-23 21:17:16 DEBUG smtp session: reverse_client_name=localhost
2013-09-23 21:17:16 DEBUG smtp session: helo_name=192.168.1.10
2013-09-23 21:17:16 DEBUG smtp session: sender=user_1@mydomain.local
2013-09-23 21:17:16 DEBUG smtp session: recipient=john.smith@gmail.com
2013-09-23 21:17:16 DEBUG smtp session: recipient_count=0
2013-09-23 21:17:16 DEBUG smtp session: queue_id=
2013-09-23 21:17:16 DEBUG smtp session: instance=edb.524093bc.a9128.0
2013-09-23 21:17:16 DEBUG smtp session: size=0
2013-09-23 21:17:16 DEBUG smtp session: etrn_domain=
2013-09-23 21:17:16 DEBUG smtp session: stress=
2013-09-23 21:17:16 DEBUG smtp session: sasl_method=LOGIN
2013-09-23 21:17:16 DEBUG smtp session: sasl_username=user_1@mydomain.local
2013-09-23 21:17:16 DEBUG smtp session: sasl_sender=
2013-09-23 21:17:16 DEBUG smtp session: ccert_subject=
2013-09-23 21:17:16 DEBUG smtp session: ccert_issuer=
2013-09-23 21:17:16 DEBUG smtp session: ccert_fingerprint=
2013-09-23 21:17:16 DEBUG smtp session: encryption_protocol=
2013-09-23 21:17:16 DEBUG smtp session: encryption_cipher=
2013-09-23 21:17:16 DEBUG smtp session: encryption_keysize=0
2013-09-23 21:17:16 DEBUG --> Apply plugin: sql_alias_access_policy
2013-09-23 21:17:16 DEBUG SQL: SELECT accesspolicy, goto, moderators
            FROM alias
            WHERE
                address='john.smith@gmail.com'
                AND address <> goto
                AND domain='gmail.com'
                AND active=1
            LIMIT 1

2013-09-23 21:17:16 DEBUG SQL Record: None
2013-09-23 21:17:16 DEBUG <-- Result: DUNNO (Not mail alias)
2013-09-23 21:17:16 DEBUG --> Apply plugin: sql_user_restrictions
2013-09-23 21:17:16 DEBUG SQL to get restriction rules of sender (user_1@mydomain.local):
        SELECT
            allowedrecipients, rejectedrecipients,
            allowedsenders, rejectedsenders
        FROM mailbox
        WHERE username='user_1@mydomain.local'
        LIMIT 1

2013-09-23 21:17:16 DEBUG Returned SQL Record: ('mydomain.local', '', '', '')
2013-09-23 21:17:16 DEBUG All allowed recipient: ['mydomain.local']
2013-09-23 21:17:16 DEBUG All rejected recipient: ['']
2013-09-23 21:17:16 DEBUG SQL to get restriction rules of recipient (john.smith@gmail.com):
            SELECT
                allowedrecipients, rejectedrecipients,
                allowedsenders, rejectedsenders
            FROM mailbox
            WHERE username='john.smith@gmail.com'
            LIMIT 1

2013-09-23 21:17:16 DEBUG Returned SQL Record: None
2013-09-23 21:17:16 DEBUG <-- Result: DUNNO
2013-09-23 21:17:16 INFO [127.0.0.1] user_1@mydomain.local -> john.smith@gmail.com, DUNNO
2013-09-23 21:17:16 DEBUG Connection closed
2013-09-23 21:17:16 DEBUG Closed SQL connection.

Can you help me ?

If this method does not work, there is another way to block the users of the local domain to the transmission of the email only within the local domain?

Regards.

**ZhangHuangbin** · 2013-09-24 20:03:36

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,788

Re: iRedAPD plugin sql_user_restrictions dont work as expected

wildweasel wrote:

its ok but I have followed your advice on this topic:
http://www.iredmail.org/forum/topic5325 … users.html

Sorry about my mistake, missed '.' after '@'. It should be '@.', not '@'. Fixed in original forum post so that it won't confuse others.

wildweasel wrote:

2013-09-23 21:17:16 DEBUG SQL to get restriction rules of sender (user_1@mydomain.local):
SELECT
allowedrecipients, rejectedrecipients,
allowedsenders, rejectedsenders
FROM mailbox
WHERE username='user_1@mydomain.local'
LIMIT 1
2013-09-23 21:17:16 DEBUG Returned SQL Record: ('mydomain.local', '', '', '')

You don't have value in column "rejectedrecipients"? Please set it to '@.' (without quotes) and try again.

**wildweasel** · 2013-09-24 21:37:09

wildweasel
Member
Offline

Registered: 2010-04-09
Posts: 9

Re: iRedAPD plugin sql_user_restrictions dont work as expected

Hi Zhang,

thanks for your time and your attention.

If i set the field "rejectedrecipients" to '@.' and "allowedrecipients" to "@mydomain.local" (without quotes) the user cannot send mail to no one even whitin the local virtual domain.

In this test user_1@mydomain.local send a test mail to user_2@mydomain.local

Seems that the field rejectedrecipients prevails on allowedrecipients

Here is the log

2013-09-24 15:27:27 INFO Starting iRedAPD (version: 1.4.1, backend: mysql), listening on 127.0.0.1:7777.
2013-09-24 15:27:27 INFO Loading plugin: sql_alias_access_policy
2013-09-24 15:27:27 INFO Loading plugin: sql_user_restrictions
2013-09-24 15:27:27 DEBUG Forking first child.
2013-09-24 15:27:27 DEBUG Creating new session
2013-09-24 15:27:27 DEBUG Forking second child.
2013-09-24 15:27:27 DEBUG Setting umask
2013-09-24 15:27:27 DEBUG Changing working directory to "/"
2013-09-24 15:27:27 DEBUG Redirecting file descriptors
2013-09-24 15:27:35 DEBUG Connect from 127.0.0.1, port 47707.
2013-09-24 15:27:35 DEBUG smtp session: request=smtpd_access_policy
2013-09-24 15:27:35 DEBUG smtp session: protocol_state=RCPT
2013-09-24 15:27:35 DEBUG smtp session: protocol_name=ESMTP
2013-09-24 15:27:35 DEBUG smtp session: client_address=127.0.0.1
2013-09-24 15:27:35 DEBUG smtp session: client_name=localhost
2013-09-24 15:27:35 DEBUG smtp session: reverse_client_name=localhost
2013-09-24 15:27:35 DEBUG smtp session: helo_name=192.168.1.10
2013-09-24 15:27:35 DEBUG smtp session: sender=user_1@mydomain.local
2013-09-24 15:27:35 DEBUG smtp session: recipient=user_2@mydomain.local
2013-09-24 15:27:35 DEBUG smtp session: recipient_count=0
2013-09-24 15:27:35 DEBUG smtp session: queue_id=
2013-09-24 15:27:35 DEBUG smtp session: instance=ab2.52419347.ac32e.0
2013-09-24 15:27:35 DEBUG smtp session: size=0
2013-09-24 15:27:35 DEBUG smtp session: etrn_domain=
2013-09-24 15:27:35 DEBUG smtp session: stress=
2013-09-24 15:27:35 DEBUG smtp session: sasl_method=LOGIN
2013-09-24 15:27:35 DEBUG smtp session: sasl_username=user_1@mydomain.local
2013-09-24 15:27:35 DEBUG smtp session: sasl_sender=
2013-09-24 15:27:35 DEBUG smtp session: ccert_subject=
2013-09-24 15:27:35 DEBUG smtp session: ccert_issuer=
2013-09-24 15:27:35 DEBUG smtp session: ccert_fingerprint=
2013-09-24 15:27:35 DEBUG smtp session: encryption_protocol=
2013-09-24 15:27:35 DEBUG smtp session: encryption_cipher=
2013-09-24 15:27:35 DEBUG smtp session: encryption_keysize=0
2013-09-24 15:27:35 DEBUG --> Apply plugin: sql_alias_access_policy
2013-09-24 15:27:35 DEBUG SQL: SELECT accesspolicy, goto, moderators
            FROM alias
            WHERE
                address='user_2@mydomain.local'
                AND address <> goto
                AND domain='mydomain.local'
                AND active=1
            LIMIT 1

2013-09-24 15:27:35 DEBUG SQL Record: None
2013-09-24 15:27:35 DEBUG <-- Result: DUNNO (Not mail alias)
2013-09-24 15:27:35 DEBUG --> Apply plugin: sql_user_restrictions
2013-09-24 15:27:35 DEBUG SQL to get restriction rules of sender (user_1@mydomain.local):
        SELECT
            allowedrecipients, rejectedrecipients,
            allowedsenders, rejectedsenders
        FROM mailbox
        WHERE username='user_1@mydomain.local'
        LIMIT 1

2013-09-24 15:27:35 DEBUG Returned SQL Record: ('@mydomain.local', '@.', '@mydomain.local', '')
2013-09-24 15:27:35 DEBUG All allowed recipient: ['@mydomain.local']
2013-09-24 15:27:35 DEBUG All rejected recipient: ['@.']
2013-09-24 15:27:35 DEBUG <-- Result: REJECT Not authorized
2013-09-24 15:27:35 INFO [127.0.0.1] user_1@mydomain.local -> user_2@mydomain.local, REJECT Not authorized
2013-09-24 15:27:35 DEBUG Connection closed
2013-09-24 15:27:35 DEBUG Closed SQL connection.

Waiting for your reply.

Regards.

**ZhangHuangbin** · 2013-09-25 08:25:04

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,788

Re: iRedAPD plugin sql_user_restrictions dont work as expected

It turns out it's a bug in iRedAPD-1.4.1. Fixed moment ago, thanks very much for your report and test.
https://bitbucket.org/zhb/iredapd/commi … b8bd026b1a

Please check above link for commit log, then fix file /opt/iredapd/plugins/sql_user_restrictions.py, restart iRedAPD service and try again. Let me know whether it works for you or not.

**wildweasel** · 2013-09-25 21:04:43

wildweasel
Member
Offline

Registered: 2010-04-09
Posts: 9

Re: iRedAPD plugin sql_user_restrictions dont work as expected

Hi Zhang,

thanks for your time.

I just made the changes to the file (/opt/iredapd/plugins/sql_user_restrictions.py) and now it works like a charm !

Here is the log:

2013-09-25 14:32:04 DEBUG Connect from 127.0.0.1, port 36956.
2013-09-25 14:32:04 DEBUG smtp session: request=smtpd_access_policy
2013-09-25 14:32:04 DEBUG smtp session: protocol_state=RCPT
2013-09-25 14:32:04 DEBUG smtp session: protocol_name=ESMTP
2013-09-25 14:32:04 DEBUG smtp session: client_address=127.0.0.1
2013-09-25 14:32:04 DEBUG smtp session: client_name=localhost
2013-09-25 14:32:04 DEBUG smtp session: reverse_client_name=localhost
2013-09-25 14:32:04 DEBUG smtp session: helo_name=192.168.1.10
2013-09-25 14:32:04 DEBUG smtp session: sender=user_1@mydomain.local
2013-09-25 14:32:04 DEBUG smtp session: recipient=john.smith@gmail.com
2013-09-25 14:32:04 DEBUG smtp session: recipient_count=0
2013-09-25 14:32:04 DEBUG smtp session: queue_id=
2013-09-25 14:32:04 DEBUG smtp session: instance=948.5242d7c4.b95ae.0
2013-09-25 14:32:04 DEBUG smtp session: size=0
2013-09-25 14:32:04 DEBUG smtp session: etrn_domain=
2013-09-25 14:32:04 DEBUG smtp session: stress=
2013-09-25 14:32:04 DEBUG smtp session: sasl_method=LOGIN
2013-09-25 14:32:04 DEBUG smtp session: sasl_username=user_1@mydomain.local
2013-09-25 14:32:04 DEBUG smtp session: sasl_sender=
2013-09-25 14:32:04 DEBUG smtp session: ccert_subject=
2013-09-25 14:32:04 DEBUG smtp session: ccert_issuer=
2013-09-25 14:32:04 DEBUG smtp session: ccert_fingerprint=
2013-09-25 14:32:04 DEBUG smtp session: encryption_protocol=
2013-09-25 14:32:04 DEBUG smtp session: encryption_cipher=
2013-09-25 14:32:04 DEBUG smtp session: encryption_keysize=0
2013-09-25 14:32:04 DEBUG --> Apply plugin: sql_alias_access_policy
2013-09-25 14:32:04 DEBUG SQL: SELECT accesspolicy, goto, moderators
            FROM alias
            WHERE
                address='john.smith@gmail.com'
                AND address <> goto
                AND domain='gmail.com'
                AND active=1
            LIMIT 1

2013-09-25 14:32:04 DEBUG SQL Record: None
2013-09-25 14:32:04 DEBUG <-- Result: DUNNO (Not mail alias)
2013-09-25 14:32:04 DEBUG --> Apply plugin: sql_user_restrictions
2013-09-25 14:32:04 DEBUG SQL to get restriction rules of sender (user_1@mydomain.local):
        SELECT
            allowedrecipients, rejectedrecipients,
            allowedsenders, rejectedsenders
        FROM mailbox
        WHERE username='user_1@mydomain.local'
        LIMIT 1

2013-09-25 14:32:04 DEBUG Returned SQL Record: ('@mydomain.local, @gmail.com', '@.', '@mydomain.local', '')
2013-09-25 14:32:04 DEBUG All allowed recipient: ['@mydomain.local', '@gmail.com']
2013-09-25 14:32:04 DEBUG <-- Result: OK
2013-09-25 14:32:04 INFO [127.0.0.1] user_1@mydomain.local -> john.smith@gmail.com, OK
2013-09-25 14:32:04 DEBUG Connection closed
2013-09-25 14:32:04 DEBUG Closed SQL connection.
2013-09-25 14:33:06 DEBUG Connect from 127.0.0.1, port 36985.
2013-09-25 14:33:06 DEBUG smtp session: request=smtpd_access_policy
2013-09-25 14:33:06 DEBUG smtp session: protocol_state=RCPT
2013-09-25 14:33:06 DEBUG smtp session: protocol_name=ESMTP
2013-09-25 14:33:06 DEBUG smtp session: client_address=127.0.0.1
2013-09-25 14:33:06 DEBUG smtp session: client_name=localhost
2013-09-25 14:33:06 DEBUG smtp session: reverse_client_name=localhost
2013-09-25 14:33:06 DEBUG smtp session: helo_name=192.168.1.10
2013-09-25 14:33:06 DEBUG smtp session: sender=user_1@mydomain.local
2013-09-25 14:33:06 DEBUG smtp session: recipient=john.smith@otherdomain.com
2013-09-25 14:33:06 DEBUG smtp session: recipient_count=0
2013-09-25 14:33:06 DEBUG smtp session: queue_id=
2013-09-25 14:33:06 DEBUG smtp session: instance=948.5242d802.1310f.0
2013-09-25 14:33:06 DEBUG smtp session: size=0
2013-09-25 14:33:06 DEBUG smtp session: etrn_domain=
2013-09-25 14:33:06 DEBUG smtp session: stress=
2013-09-25 14:33:06 DEBUG smtp session: sasl_method=LOGIN
2013-09-25 14:33:06 DEBUG smtp session: sasl_username=user_1@mydomain.local
2013-09-25 14:33:06 DEBUG smtp session: sasl_sender=
2013-09-25 14:33:06 DEBUG smtp session: ccert_subject=
2013-09-25 14:33:06 DEBUG smtp session: ccert_issuer=
2013-09-25 14:33:06 DEBUG smtp session: ccert_fingerprint=
2013-09-25 14:33:06 DEBUG smtp session: encryption_protocol=
2013-09-25 14:33:06 DEBUG smtp session: encryption_cipher=
2013-09-25 14:33:06 DEBUG smtp session: encryption_keysize=0
2013-09-25 14:33:06 DEBUG --> Apply plugin: sql_alias_access_policy
2013-09-25 14:33:06 DEBUG SQL: SELECT accesspolicy, goto, moderators
            FROM alias
            WHERE
                address='john.smith@otherdomain.com'
                AND address <> goto
                AND domain='otherdomain.com'
                AND active=1
            LIMIT 1

2013-09-25 14:33:06 DEBUG SQL Record: None
2013-09-25 14:33:06 DEBUG <-- Result: DUNNO (Not mail alias)
2013-09-25 14:33:06 DEBUG --> Apply plugin: sql_user_restrictions
2013-09-25 14:33:06 DEBUG SQL to get restriction rules of sender (user_1@mydomain.local):
        SELECT
            allowedrecipients, rejectedrecipients,
            allowedsenders, rejectedsenders
        FROM mailbox
        WHERE username='user_1@mydomain.local'
        LIMIT 1

2013-09-25 14:33:06 DEBUG Returned SQL Record: ('@mydomain.local, @gmail.com', '@.', '@mydomain.local', '')
2013-09-25 14:33:06 DEBUG All allowed recipient: ['@mydomain.local', '@gmail.com']
2013-09-25 14:33:06 DEBUG All rejected recipient: ['@.']
2013-09-25 14:33:06 DEBUG <-- Result: REJECT Not authorized
2013-09-25 14:33:06 INFO [127.0.0.1] user_1@mydomain.local -> john.smith@otherdomain.com, REJECT Not authorized
2013-09-25 14:33:06 DEBUG Connection closed
2013-09-25 14:33:06 DEBUG Closed SQL connection.

I think you can tag the topic as SOLVED

Thank you very much

Greetings

Dec 29, 2023: iRedMail-1.6.8 has been released.

[ Closed ] iRedAPD plugin sql_user_restrictions dont work as expected

Posts: 7

1 Topic by wildweasel 2013-09-23 21:39:49

Topic: iRedAPD plugin sql_user_restrictions dont work as expected

2 Reply by ZhangHuangbin 2013-09-23 22:46:49

Re: iRedAPD plugin sql_user_restrictions dont work as expected

3 Reply by wildweasel 2013-09-24 03:29:46

Re: iRedAPD plugin sql_user_restrictions dont work as expected

4 Reply by ZhangHuangbin 2013-09-24 20:03:36

Re: iRedAPD plugin sql_user_restrictions dont work as expected

5 Reply by wildweasel 2013-09-24 21:37:09

Re: iRedAPD plugin sql_user_restrictions dont work as expected

6 Reply by ZhangHuangbin 2013-09-25 08:25:04

Re: iRedAPD plugin sql_user_restrictions dont work as expected

7 Reply by wildweasel 2013-09-25 21:04:43

Re: iRedAPD plugin sql_user_restrictions dont work as expected

Posts: 7