1

Topic: Whitelist not working

==== Required information ====
- iRedMail version: 0.8.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Centos 6.4
- Related log if you're reporting an issue:
====

Hi i have a problem with whitelist in iRedAdmin-Pro .
I put domains like rba.hr etc in whitelist but policyd is still greylisting them based on triplets etc and mail is delayed for 15 minutes or if greylisted dosent come.
This is very urgent form me , some important mail is blocked.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Whitelist not working

Could you please show me output of below commands?

# postconf smtpd_recipient_restrictions
# postconf smtpd_end_of_data_restrictions

And this one (WARNING: REMOVE mysql password in output before pasting here):

# cat /etc/policyd.conf | grep -v '^#' | grep -v '^$'

3

Re: Whitelist not working

postconf smtpd_recipient_restrictions
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service inet:127.0.0.1:10031


postconf smtpd_end_of_data_restrictions
smtpd_end_of_data_restrictions =

cat /etc/policyd.conf | grep -v '^#' | grep -v '^$'
MYSQLHOST="127.0.0.1"
MYSQLDBASE="policyd"
MYSQLUSER="policyd"
MYSQLPASS="xxxxxxxxxxxxxxxxxxxxxxx"
MYSQLOPT=""
FAILSAFE=1
DATABASE_KEEPALIVE=0
DEBUG=0
DAEMON=1
BINDHOST="127.0.0.1"
BINDPORT="10031"
PIDFILE=/var/run/policyd.pid
SYSLOG_FACILITY="LOG_MAIL|LOG_INFO"
CHROOT=/home/policyd
UID=2003
GID=2003
CONN_ACL="127.0.0.1 192.168.0.0/24"
WHITELISTING=1
WHITELISTNULL=0
WHITELISTSENDER=1
WHITELISTDNSNAME=0
AUTO_WHITE_LISTING=1
AUTO_WHITELIST_NUMBER=10
AUTO_WHITELIST_NETBLOCK=0
AUTO_WHITELIST_EXPIRE=7d
BLACKLISTING=1
BLACKLISTDNSNAME=0
 
BLACKLIST_TEMP_REJECT=0
BLACKLIST_NETBLOCK=0
BLACKLIST_REJECTION="Abuse. Go away."
AUTO_BLACK_LISTING=1
AUTO_BLACKLIST_NUMBER=500
AUTO_BLACKLIST_EXPIRE=7d
RCPT_ACL=1
BLACKLIST_HELO=0
BLACKLIST_HELO_AUTO_EXPIRE=0
BLACKLISTSENDER=1
HELO_CHECK=1
HELO_MAX_COUNT=10
HELO_BLACKLIST_AUTO_EXPIRE=14d
HELO_AUTO_EXPIRE=7d
SPAMTRAPPING=1
SPAMTRAP_REJECTION="Abuse. Go away."
SPAMTRAP_AUTO_EXPIRE=7d
GREYLISTING=1
GREYLIST_REJECTION="Please try later."
GREYLIST_X_HEADER=0
GREYLIST_HOSTADDR=3
TRAINING_MODE=0
TRAINING_POLICY_TIMEOUT=0
TRIPLET_TIME=5m
OPTINOUT=1
OPTINOUTALL=1
TRIPLET_AUTH_TIMEOUT=7d
TRIPLET_UNAUTH_TIMEOUT=2d
SENDERTHROTTLE=0
SENDER_THROTTLE_SASL=0
SENDER_THROTTLE_HOST=1
QUOTA_EXCEEDED_TEMP_REJECT=1
SENDER_QUOTA_REJECTION="Quota Exceeded."
SENDER_SIZE_REJECTION="Message size too big."
SENDERMSGLIMIT=512
SENDERRCPTLIMIT=3600
SENDERQUOTALIMIT=250000000
SENDERTIMELIMIT=1h
SENDERMSGSIZE=10240000
SENDERMSGSIZE_WARN=50
SENDERMSGSIZE_PANIC=90
SENDER_INACTIVE_EXPIRE=31d
SENDER_THROTTLE_AUTOBLACKLIST=0
SENDER_THROTTLE_AUTOBLACKLIST_NUMBER=3
SENDER_THROTTLE_AUTOBLACKLIST_EXPIRE=6h
RECIPIENTTHROTTLE=0
RECIPIENTMSGLIMIT=64
RECIPIENTTIMELIMIT=1h
RECIPIENT_QUOTA_REJECTION="Quota Exceeded."
RECIPIENT_INACTIVE_EXPIRE=31d

4

Re: Whitelist not working

Looking at your file I would say change WHITELISTDNSNAME=0 to WHITELISTDNSNAME=1 and restart the service. That option has a risk though. If some spammer spoofs  rba.hr it will bypass policyd.

Also I would open the config file with vi or something like that and read the description of every option to check if it suits your needs or not.

5

Re: Whitelist not working

hferreira wrote:

Looking at your file I would say change WHITELISTDNSNAME=0 to WHITELISTDNSNAME=1 and restart the service. That option has a risk though. If some spammer spoofs  rba.hr it will bypass policyd.

Also I would open the config file with vi or something like that and read the description of every option to check if it suits your needs or not.

but WHITELISTSENDER=1 is for whitelisting sender address/domain like XYZ.com and WHITELISTDNSNAME is for whitelisting every subdomain  like yyy.XYZ.com xxx.XYZ.com 123.XYZ.com etc...

6

Re: Whitelist not working

Set policyd logs to debug mode (option 4 I think) and check the whole process in the mail.log file. You'll be able to see if policyd marks the domain as whitelisted or not.

7

Re: Whitelist not working

Ok thank you its working , i noticed that i forgot to put @ sign in whitelist domains. So now i disabled WHITELISTDNSNAME and using WHITELISTSENDER.

Sorry for trouble