1

Topic: whitelisting

==== Required information ====
- iRedMail version: 0.8.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Mysql
- Linux/BSD distribution name and version: Debian / Wheezy

====

http://www.iredmail.org/forum/post22801.html#p22801

I think there are some changes in the database, so that I cannot find where the Whitelist Sender is. Previously that was in postfixpolicyd -> whitelist_sender. But where is it in the version 0.8.5 ?


Thanks.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: whitelisting

Do you have SQL database "cluebringer"? Debian 7 ships Cluebringer instead of Policyd.

3

Re: whitelisting

Yes, there is a cluebringer database. But the greylisting_whitelist table in cluebringer database shows IP addresses. But I need to whitelist sender email address, for instance abcd@yahoo.com. So whenever abcd@yahoo.com sends email to mydomain.com or a particular email id in mydomain.com, it will bypass the greylisting and I will receive it instantly.

mysql> select * from greylisting_whitelist;
+----+---------------------------+---------------------------------------------------------------------+----------+
| ID | Source                    | Comment                                                             | Disabled |
+----+---------------------------+---------------------------------------------------------------------+----------+
|  1 | SenderIP:127.0.0.0/8      | Local loopback address                                              |        0 |
|  2 | SenderIP:192.168.0.0/16   | Private range                                                       |        0 |
|  3 | SenderIP:10.0.0.0/8       | Private range                                                       |        0 |
|  4 | SenderIP:172.16.0.0/12    | Private range                                                       |        0 |
|  5 | SenderIP:12.5.136.141     | Southwest Airlines (unique sender, no retry)                        |        0 |

4

Re: whitelisting

I'm afraid that you can add only IP address in greylisting whitelist. Reference: http://wiki.policyd.org/greylisting

5

Re: whitelisting

ZhangHuangbin wrote:

I'm afraid that you can add only IP address in greylisting whitelist. Reference: http://wiki.policyd.org/greylisting

Is this a problem with cluebringer ? In previous versions I was able to do this (iRedmail Version 0.8.4).

Thanks.

6

Re: whitelisting

Zhang,

Could you please reply ? Is it possible to install Policyd instead of Cluebringer in Debian 7, with iRedmail 0.8.7 ?

Thanks.

7

Re: whitelisting

aniyan.rajan6 wrote:

Is this a problem with cluebringer ?

Yes. Cluebringer doesn't support using domain name or sender email address in greylisting whitelist.
Reference: http://wiki.policyd.org/greylisting

8

Re: whitelisting

ZhangHuangbin wrote:
aniyan.rajan6 wrote:

Is this a problem with cluebringer ?

Yes. Cluebringer doesn't support using domain name or sender email address in greylisting whitelist.
Reference: http://wiki.policyd.org/greylisting

That's very bad, because the IP address of a domain always changes. For instance, if you ping www.yahoo.com, you will get different IP Addresses each time. We could use Bitmask, but why whitelisting and blacklisting all Email IDs from an IP Address. Also a server can have multiple domains hosted.

Is there any other way to whitelist a sender email address ? What about  installing Policyd (older version) instead of Cluebringer in Debian 7, with iRedmail 0.8.7 ?

Thanks.

9

Re: whitelisting

ZhangHuangbin wrote:
aniyan.rajan6 wrote:

Is this a problem with cluebringer ?

Yes. Cluebringer doesn't support using domain name or sender email address in greylisting whitelist.
Reference: http://wiki.policyd.org/greylisting

Zhang,

I was able to bypass the policy per Email ID and per Domain. You can use ! to negate the policy match in the table policy_members.

Additionally, you can create a new policy for the whitelist, a new policy with email or domain as member, a new rule that use the new policy and the new rule is configured to not greylist.

Please see:
http://wiki.policyd.org/policies

10

Re: whitelisting

I found this to work: Cluebringer database table policy_group_members

mysql cluebringer -e "insert into policy_group_members (policygroupID,member,disabled,comment,type)
values ('3' , 'sender@domain.tld' , 0 , 'sender')""

Check to see all the policies:
mysql cluebringer -e "select * from policy_group_members"

Check to see all the whitelists:
mysql cluebringer -e "select * from policy_group_members where PolicyGroupID = '3' "

Disable or enable an item: 1=disabled 0=enabled
mysql cluebringer -e "update policy_group_members set disabled = '1' where member = 'sender@domain.tld' "

11

Re: whitelisting

jpforte wrote:

I found this to work: Cluebringer database table policy_group_members

mysql cluebringer -e "insert into policy_group_members (policygroupID,member,disabled,comment,type)
values ('3' , 'sender@domain.tld' , 0 , 'sender')""

Check to see all the policies:
mysql cluebringer -e "select * from policy_group_members"

Check to see all the whitelists:
mysql cluebringer -e "select * from policy_group_members where PolicyGroupID = '3' "

Disable or enable an item: 1=disabled 0=enabled
mysql cluebringer -e "update policy_group_members set disabled = '1' where member = 'sender@domain.tld' "

That's a better method. When I tried last time, there were no options called 'whitelists', 'blacklists', 'no_greylisting', 'no_greylisting_for_external' etc in the tables policies or policy_members. But now there are options for applying whitelisting or no_greylisting_for_external, which is better. I think just apply no_greylisting_for_external, which will work for the sender email ids.

Thanks.