1

Topic: Alias moderators question

==== Required information ====
- iRedMail version: 1.9.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Ubuntu 14.04.01 LTS
- Related log if you're reporting an issue:
====

Hello,

I have a general/group alias for domain memebrs (@domain.org) . This alias is allowed to received mails from memebrs and moderators (like moderator1@example.com).

Is there a way I can all moderators from example.com? Like *@example.com ? Adding them one by one is time consuming.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Alias moderators question

swaclawski wrote:

Is there a way I can all moderators from example.com? Like *@example.com ?

Good idea. I created a patch for iRedAPD-1.4.4, you can try it, please do let me know whether or not it works for you:

diff -r 60aaed64e202 plugins/ldap_maillist_access_policy.py
--- a/plugins/ldap_maillist_access_policy.py    Wed Jan 28 12:56:43 2015 +0800
+++ b/plugins/ldap_maillist_access_policy.py    Thu Jan 29 01:01:22 2015 +0800
@@ -72,17 +72,22 @@
     elif policy in ['membersonly', 'allowedonly', 'membersandmoderatorsonly']:
         allowed_senders = recipient_ldif.get('listAllowedUser', [])
         if policy == 'allowedonly':
-            if sender in allowed_senders or sender_domain in allowed_senders:
+            if sender in allowed_senders \
+               or sender_domain in allowed_senders \
+               or '*@' + sender_domain in allowed_senders:
                 return 'DUNNO (Allowed explicitly)'
+
             logging.debug('Sender is not explicitly allowed, query user aliases and alias domains.')
 
+        # Remove '*@domain.com'
+        qr_allowed_senders = [s for s in allowed_senders if not s.startswith('*@')]
         allowedSenders = conn_utils.get_allowed_senders_of_mail_list(
             conn=conn,
             dn_of_mail_list=recipient_dn,
             sender=sender,
             recipient=recipient,
             policy=policy,
-            allowed_senders=allowed_senders,
+            allowed_senders=qr_allowed_senders,
         )
 
         if policy == 'allowedonly':

Note: with this patch, if you set '*@example.com' as a moderators, all users under '@example.com' will become a moderator.

3

Re: Alias moderators question

Thanks. Just 2 things:

1) Isn't it for LDAP ?
2) How should I aply? Just edit the plugin (ldap_maillist_access_policy.py) and restart APD?

4

Re: Alias moderators question

My mistake, will give you patch for sql edition soon. Please give me some time.

5

Re: Alias moderators question

Here's patch for iRedAPD-1.4.4, SQL edition. please do let me know whether or not it works for you:

diff -r 60aaed64e202 plugins/sql_alias_access_policy.py
--- a/plugins/sql_alias_access_policy.py    Wed Jan 28 12:56:43 2015 +0800
+++ b/plugins/sql_alias_access_policy.py    Thu Jan 29 09:47:55 2015 +0800
@@ -130,6 +130,7 @@
     elif policy == MAILLIST_POLICY_ALLOWEDONLY:
         # Bypass all moderators.
         if sender in moderators \
+           or '*@' + sender_domain in moderators \
            or is_allowed_alias_domain_user(sender,
                                            sender_username,
                                            sender_domain,
@@ -142,7 +143,9 @@
 
     elif policy == MAILLIST_POLICY_MEMBERSANDMODERATORSONLY:
         # Bypass both members and moderators.
-        if sender in members or sender in moderators\
+        if sender in members \
+           or sender in moderators \
+           or '*@' + sender_domain in moderators \
            or is_allowed_alias_domain_user(sender,
                                            sender_username,
                                            sender_domain,

6

Re: Alias moderators question

Modified sql_alias_access_policy.py

    elif policy == MAILLIST_POLICY_ALLOWEDONLY:
        # Bypass all moderators.
        if sender in moderators \
           or '*@' + sender_domain in moderators \
           or is_allowed_alias_domain_user(sender,
                                           sender_username,
                                           sender_domain,
                                           recipient_domain,
                                           rcpt_alias_domains,
                                           moderators):
            return 'DUNNO'

        return SMTP_ACTIONS['reject_not_authorized']

    elif policy == MAILLIST_POLICY_MEMBERSANDMODERATORSONLY:
        # Bypass both members and moderators.
        ## edit SW 29-01
        # if sender in members or sender in moderators\
          if sender in members \
          or sender in moderators \
          or '*@' + sender_domain in moderators \
          or is_allowed_alias_domain_user(sender,
                                           sender_username,
                                           sender_domain,
                                           recipient_domain,
                                           rcpt_alias_domains,
                                           members + moderators):
            return 'DUNNO'

        return SMTP_ACTIONS['reject_not_authorized']

restarted APD (service iredapd restart) and tried to addd webpanel - does not seem to work

1) No results in webpanel (not visible when I add *@ , only older entries with single moderators)
2) No results in mysql / phpmyadmin (db: vmail table alias) - same as point 1

7

Re: Alias moderators question

iRedAdmin-Pro filters invalid mail addresses, so you can not add '*@domain' with iRedAdmin-Pro. Please try to add this address with sql command line tool first.

8

Re: Alias moderators question

ZhangHuangbin wrote:

iRedAdmin-Pro filters invalid mail addresses, so you can not add '*@domain' with iRedAdmin-Pro. Please try to add this address with sql command line tool first.

Does not work.

I added *@example.com through phpmyadmin in column moderators (in vmail table alias)

In fact it broke the policy. Alias was set to "Memebrs and moderators" but all senders were accepted.

9

Re: Alias moderators question

Please try the latest version of plugins/sql_alias_access_policy.py, tested on my local machine, works for me.
https://bitbucket.org/zhb/iredapd/src/d … at=default

Please do let me know whether or not it works for you.

10

Re: Alias moderators question

Please try the latest version of plugins/sql_alias_access_policy.py, tested on my local machine, works for me.
https://bitbucket.org/zhb/iredapd/src/d … at=default

Please do let me know whether or not it works for you.

11

Re: Alias moderators question

Still no luck... :

Logs:

Jan 30 09:03:44 mail1 amavis[2637]: (02637-01) Passed CLEAN {RelayedInternal}, MYUSERS LOCAL [74.125.82.172]:34184 [74.125.82.172] <shoudl_reject@domain.com> -> <restricted.group@mydomain.com>, Queue-ID: 4CA1520021, Message-ID: <CAKYSVip2+HTaYEFAhx8nePawmXay+3N=gcAm_BSzCwbTVDAv9A@mail.gmail.com>, mail_id: N98dG88FD61q, Hits: -0.819, size: 2192, queued_as: 1ECDC20086, dkim_sd=20120113:gmail.com, 661 ms
Jan 30 09:03:44 mail1 postfix/smtp[3787]: 4CA1520021: to=<restricted.group@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1, delays=1.4/0.04/0.01/0.67, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1ECDC20086)
Jan 30 09:03:44 mail1 postfix/qmgr[3391]: 4CA1520021: removed
Jan 30 09:03:44 mail1 postfix/pipe[3798]: 1ECDC20086: to=<group.member1@mydomain.com>, relay=dovecot, delay=0.2, delays=0.03/0.03/0/0.15, dsn=2.0.0, status=sent (delivered via dovecot service)
Jan 30 09:03:44 mail1 postfix/pipe[3800]: 1ECDC20086: to=<group.member2@mydomain.com>, relay=dovecot, delay=0.21, delays=0.03/0.03/0/0.14, dsn=2.0.0, status=sent (delivered via dovecot service)
Jan 30 09:03:44 mail1 postfix/pipe[3797]: 1ECDC20086: to=<group.member3@mydomain.com>, relay=dovecot, delay=0.23, delays=0.03/0.03/0/0.18, dsn=2.0.0, status=sent (delivered via dovecot service)
Jan 30 09:03:44 mail1 postfix/qmgr[3391]: 1ECDC20086: removed

1) Copied .py script from page provided
2) Added Moderator through phpmyadmin - is now: *@accepteddomain.com
3) Test even after server reboot

12

Re: Alias moderators question

Please disregard previous post. Works fine now (copy-paste error)

Just one more thing - Can I add more domains? Like *@example1.com, *@example2.com?

13

Re: Alias moderators question

swaclawski wrote:

Just one more thing - Can I add more domains? Like *@example1.com, *@example2.com?

Sure, as many as you want.
I will update iRedAdmin-Pro to allow '*@domain.com' as allowed moderator.

14

Re: Alias moderators question

Cool. Thanks.

Updating A-Pro would be essential because of the fact that when I make any changes in alias via Webpanel (like change name or add members) - it removes moderators and those have to added again via mysql.

15

Re: Alias moderators question

Just a quick update: next release of iRedAdmin-Pro-MySQL and iRedAdmin-Pro-PGSQL are able to add '*@domain.com' as moderator.

16

Re: Alias moderators question

ZhangHuangbin wrote:

Just a quick update: next release of iRedAdmin-Pro-MySQL and iRedAdmin-Pro-PGSQL are able to add '*@domain.com' as moderator.

Update: implemented this feature in iRedAdmin-Pro-LDAP today.

Forum topic closed.