IRedMail/FAQ/MySQL/per-user.send.receive.restrictions

From iRedMail
Jump to: navigation, search

This tutorial is applicable to MySQL and PostgreSQL backends.


iRedMail ships iRedAPD (a Postfix policy server) for per-user send/receive restrictions, it's provided by plugin sql_user_restrictions. Please make sure it's enabled in iRedAPD config file: /opt/iredapd/settings.py:

File: /opt/iredapd/settings.py
plugins = [..., 'sql_user_restrictions']

Sample usage: allow local mail user 'user@example.com' to send to and receive from the same domain (example.com) and 'gmail.com', but not others.

Terminal:
sql> USE vmail;
sql> UPDATE mailbox \
     SET \
         rejectedsenders='@.', \
         allowedsenders='@example.com,@gmail.com', \
         rejectedrecipients='@.' \
         allowedrecipients='@example.com,@gmail.com', \
     WHERE \
          username='user@example.com';

Valid sender/recipient formats are:

  • @.: all addresses (user, domain, sub-domain). NOTE: There's a dot after '@'.
  • @domain.com: single domain.
  • @.domain.com: single domain and its all sub-domains. NOTE: There's a dot after '@'.
  • user@domain.com: single email address

NOTES:

  • Multiple senders/recipients must be separated by comma (,).
  • allowedsenders has higher priority than rejectedsenders.
  • allowedrecipients has higher priority than rejectedrecipients.

IMPORTANT NOTES:

There's a bug in iRedAPD-1.4.1 (the one shipped in iRedMail-0.8.5), you have to download fixed version and override existing one, then restart iRedAPD service:

Terminal:
# cd /tmp/
# wget https://bitbucket.org/zhb/iredapd/raw/312521c215c3d3bb057fdd5adcaa475a267461ad/plugins/sql_user_restrictions.py
# cp /tmp/sql_user_restrictions.py /opt/iredapd/plugins/
# /etc/init.d/iredapd restart

OpenLDAP backend

  • With OpenLDAP backend, if you have iRedAdmin-Pro, you can manage this restriction in user profile page, under tab "White/Blacklist".
  • If you don't have iRedAdmin-Pro, you can manage it with phpLDAPadmin (or other LDAP tools). Related LDAP attributes are:
    • mailWhitelistRecipient (same as mailbox.allowedrecipients in SQL backend)
    • mailBlacklistRecipient (same as mailbox.rejectedrecipients)
    • amavisWhitelistSender (same as mailbox.allowedsenders)
    • amavisBlacklistSender (same as mailbox.rejectedsenders)

Values for these LDAP attributes are the same as the ones used in SQL backends ('@.', '@domain.com', ...)

Personal tools