Topic: blacklist not working (0.9.2 - 1.6.0)

======== Required information ====
- iRedMail version: 0.9.2
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MYSQL
- Web server (Apache or Nginx): Apache
- Linux/BSD distribution name and version: Debian Wheezy
- Related log if you're reporting an issue:
After upgrading to iredapd 1.6.0 I still cannot blacklist 2 domains I  get spam from,
I am adding them at the ireadadmin page :
iredadmin/profile/domain/general/<DOMAIN>#profile_wblist where it states Mails sent from blacklisted senders will be quarantined by default.
but I am still receiving them, why might this be ?

I added the relevant plugin listed below

This feature requires iRedAPD plugin 'amavisd_wblist', please make sure it's enabled in file /opt/iredapd/settings.py.


Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.


Re: blacklist not working (0.9.2 - 1.6.0)


i'd like blacklist all sousdomain from monbonplan-fide.fr


it is possible

i now @mail2511.fr121.monbonplan-fide.fr

but @*monbonplan-fide.fr not working

can you help me ?



Re: blacklist not working (0.9.2 - 1.6.0)

Need some info for troubleshooting:

*) Could you please show me output of below commands?

# grep 'plugins' /opt/iredapd/settings.py

*) Show us mail headers of sample spam messages sent from @126.com and @163.com.


Re: blacklist not working (0.9.2 - 1.6.0)

plugins = ["sql_alias_access_policy", "sql_user_restrictions", "amavisd_wblist"]

header of 163.com to a user at my domain, i have a catchall forwarding to my other domain

Return-Path: <MAILER-DAEMON>
Received: from localhost (localhost.localdomain [])
    by mx.deejc.net (Postfix) with ESMTP id 194FF484198D
    for < CATCHALL ADDRESS >; Tue,  9 Jun 2015 21:57:45 +0100 (BST)
X-Virus-Scanned: by amavisd at mx.deejc.net
Received: from mx.deejc.net ([])
    by localhost (mx.deejc.net []) (amavisd-new, port 10024)
    with ESMTP id 0Xv1M9MA6dYh for < CATCHALL ADDRESS >;
    Tue,  9 Jun 2015 21:57:42 +0100 (BST)
Received: from m12-99.163.com (m12-99.163.com [])
    by mx.deejc.net (Postfix) with ESMTP id 051024841981
    for <USER @ OTHER DOMAIN>; Tue,  9 Jun 2015 21:57:39 +0100 (BST)
From: Postmaster@163.com
Subject: =?gb2312?B?z7XNs83L0MU=?=
MIME-Version: 1.0
Content-Type: Multipart/report;
Message-Id: <5577533F.36035B.12750@163mx49.163.com>
Date: Wed, 10 Jun 2015 04:57:35 +0800 (CST)
Delivered-To: eleogg@163.comeleogg@163.com
X-CM-Original-Message-ID: <21EEE0D08378512838A6DD640F457244@dubobssqo>
X-Mailer: Coremail MTA server


Re: blacklist not working (0.9.2 - 1.6.0)

I can confirm that blacklist in 0.9.2 is not working as expecting .... I blacklisted bounce@* but such mails are still coming to inboxes....

grep 'plugins' /opt/iredapd/settings.py

plugins = ["reject_null_sender", "amavisd_message_size_limit", "amavisd_wblist", "ldap_maillist_access_policy"]


Re: blacklist not working (0.9.2 - 1.6.0)

deejc wrote:

plugins = ["sql_alias_access_policy", "sql_user_restrictions", "amavisd_wblist"]

Hi deejc,

Please change the order of plugins to:

plugins = ["amavisd_wblist", "sql_alias_access_policy", "sql_user_restrictions"]

Also, please turn on debug mode in iRedAPD and show me full log of new @163.com spam  in /var/log/iredapd.log. I need the smtp session data for troubleshooting.

Reference: http://www.iredmail.org/docs/debug.iredapd.html


Re: blacklist not working (0.9.2 - 1.6.0)

kmihalj wrote:

I blacklisted bounce@* but such mails are still coming to inboxes....

Hi kmihalj,

Please turn on debug mode in iRedAPD and show me full log of new spam from 'bounce@*' in /var/log/iredapd.log. I need the smtp session data for troubleshooting.
Reference: http://www.iredmail.org/docs/debug.iredapd.html

8 (edited by kmihalj 2015-06-10 15:26:59)

Re: blacklist not working (0.9.2 - 1.6.0)

I don't know is it relevant but in /opt/iredapd/settings.py in last section (# Log reject (and other non-DUNNO) action in iRedAdmin SQL database) iredadmin_db_password is set to 'password' so I corrected this to correct password.

iredadp in debug mode - relevant part of log (usernames replaced with XXX)

2015-06-10 09:15:53 DEBUG smtp session: request=smtpd_access_policy
2015-06-10 09:15:53 DEBUG smtp session: protocol_state=RCPT
2015-06-10 09:15:53 DEBUG smtp session: protocol_name=ESMTP
2015-06-10 09:15:53 DEBUG smtp session: client_address=
2015-06-10 09:15:53 DEBUG smtp session: client_name=server.simotamo.com
2015-06-10 09:15:53 DEBUG smtp session: reverse_client_name=server.simotamo.com
2015-06-10 09:15:53 DEBUG smtp session: helo_name=server.simotamo.com
2015-06-10 09:15:53 DEBUG smtp session: sender=bounce@temporis.hr
2015-06-10 09:15:53 DEBUG smtp session: recipient=bkXXXXX@efzg.hr
2015-06-10 09:15:53 DEBUG smtp session: recipient_count=0
2015-06-10 09:15:53 DEBUG smtp session: queue_id=
2015-06-10 09:15:53 DEBUG smtp session: instance=3a02.5577e429.83742.0
2015-06-10 09:15:53 DEBUG smtp session: size=57238
2015-06-10 09:15:53 DEBUG smtp session: etrn_domain=
2015-06-10 09:15:53 DEBUG smtp session: stress=
2015-06-10 09:15:53 DEBUG smtp session: sasl_method=
2015-06-10 09:15:53 DEBUG smtp session: sasl_username=
2015-06-10 09:15:53 DEBUG smtp session: sasl_sender=
2015-06-10 09:15:53 DEBUG smtp session: ccert_subject=
2015-06-10 09:15:53 DEBUG smtp session: ccert_issuer=
2015-06-10 09:15:53 DEBUG smtp session: ccert_fingerprint=
2015-06-10 09:15:53 DEBUG smtp session: ccert_pubkey_fingerprint=
2015-06-10 09:15:53 DEBUG smtp session: encryption_protocol=TLSv1.2
2015-06-10 09:15:53 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-GCM-SHA384
2015-06-10 09:15:53 DEBUG smtp session: encryption_keysize=256
2015-06-10 09:15:53 DEBUG LDAP connection initialied success.
2015-06-10 09:15:53 DEBUG LDAP bind success.
2015-06-10 09:15:53 DEBUG --> Apply plugin: reject_null_sender
2015-06-10 09:15:53 DEBUG <-- Result: DUNNO
2015-06-10 09:15:53 DEBUG Skip plugin: amavisd_message_size_limit (protocol_state != RCPT)
2015-06-10 09:15:53 DEBUG --> Apply plugin: amavisd_wblist
2015-06-10 09:15:53 DEBUG Possible policy senders: ['@.', 'bounce@temporis.hr', '@temporis.hr', '@.temporis.hr', '@hr', '@.hr', '', '107.181.*.72', '*.181.172.72', '107.*.172.72', '107.181.172.*', '*.*.*.72', '107.*.*.72', '107.181.*.*', '*.*.172.72', '107.*.*.*', '*.*.*.*']
2015-06-10 09:15:53 DEBUG Possible policy recipients: ['@.', 'bkXXXXX@efzg.hr', '@efzg.hr', '@.efzg.hr', '@hr', '@.hr', 'bkXXXXX@*']
2015-06-10 09:15:53 DEBUG SQL: Get policy senders: SELECT id,email FROM mailaddr WHERE email IN ('@.', 'bounce@temporis.hr', '@temporis.hr', '@.temporis.hr', '@hr', '@.hr', '', '107.181.*.72', '*.181.172.72', '107.*.172.72', '107.181.172.*', '*.*.*.72', '107.*.*.72', '107.181.*.*', '*.*.172.72', '107.*.*.*', '*.*.*.*') ORDER BY priority DESC
2015-06-10 09:15:53 DEBUG No senders found in SQL database.
2015-06-10 09:15:53 DEBUG <-- Result: DUNNO
2015-06-10 09:15:53 DEBUG [+] Getting LDIF data of account: bkXXXXX@efzg.hr
2015-06-10 09:15:53 DEBUG search base dn: o=domains,dc=efzg,dc=hr
2015-06-10 09:15:53 DEBUG search scope: SUBTREE
2015-06-10 09:15:53 DEBUG search filter: (&(|(mail=bkXXXXX@efzg.hr)(shadowAddress=bkXXXXX@efzg.hr))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2015-06-10 09:15:53 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy']
2015-06-10 09:15:53 DEBUG result: [('mail=bkXXXXXpl@efzg.hr,ou=Users,domainName=efzg.hr,o=domains,dc=efzg,dc=hr', {'objectClass': ['inetOrgPerson', 'shadowAccount', 'amavisAccount', 'mailUser', 'top']})]
2015-06-10 09:15:53 DEBUG --> Apply plugin: ldap_maillist_access_policy
2015-06-10 09:15:53 DEBUG <-- Result: DUNNO (Not a mail list account)
2015-06-10 09:15:53 INFO [] RCPT, bounce@temporis.hr -> bkXXXXX@efzg.hr, DUNNO
2015-06-10 09:15:53 DEBUG Session ended
2015-06-10 09:15:53 DEBUG Close LDAP connection.
2015-06-10 09:15:53 DEBUG smtp session: request=smtpd_access_policy
2015-06-10 09:15:53 DEBUG smtp session: protocol_state=RCPT
2015-06-10 09:15:53 DEBUG smtp session: protocol_name=ESMTP
2015-06-10 09:15:53 DEBUG smtp session: client_address=
2015-06-10 09:15:53 DEBUG smtp session: client_name=server.simotamo.com
2015-06-10 09:15:53 DEBUG smtp session: reverse_client_name=server.simotamo.com
2015-06-10 09:15:53 DEBUG smtp session: helo_name=server.simotamo.com
2015-06-10 09:15:53 DEBUG smtp session: sender=bounce@temporis.hr
2015-06-10 09:15:53 DEBUG smtp session: recipient=deXXX@efzg.hr
2015-06-10 09:15:53 DEBUG smtp session: recipient_count=0
2015-06-10 09:15:53 DEBUG smtp session: queue_id=
2015-06-10 09:15:53 DEBUG smtp session: instance=1a20.5577e429.83dd8.0
2015-06-10 09:15:53 DEBUG smtp session: size=57234
2015-06-10 09:15:53 DEBUG smtp session: etrn_domain=
2015-06-10 09:15:53 DEBUG smtp session: stress=
2015-06-10 09:15:53 DEBUG smtp session: sasl_method=
2015-06-10 09:15:53 DEBUG smtp session: sasl_username=
2015-06-10 09:15:53 DEBUG smtp session: sasl_sender=
2015-06-10 09:15:53 DEBUG smtp session: ccert_subject=
2015-06-10 09:15:53 DEBUG smtp session: ccert_issuer=
2015-06-10 09:15:53 DEBUG smtp session: ccert_fingerprint=
2015-06-10 09:15:53 DEBUG smtp session: ccert_pubkey_fingerprint=
2015-06-10 09:15:53 DEBUG smtp session: encryption_protocol=TLSv1.2
2015-06-10 09:15:53 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-GCM-SHA384
2015-06-10 09:15:53 DEBUG smtp session: encryption_keysize=256
2015-06-10 09:15:53 DEBUG LDAP connection initialied success.
2015-06-10 09:15:53 DEBUG LDAP bind success.
2015-06-10 09:15:53 DEBUG --> Apply plugin: reject_null_sender
2015-06-10 09:15:53 DEBUG <-- Result: DUNNO
2015-06-10 09:15:53 DEBUG Skip plugin: amavisd_message_size_limit (protocol_state != RCPT)
2015-06-10 09:15:53 DEBUG --> Apply plugin: amavisd_wblist
2015-06-10 09:15:53 DEBUG Possible policy senders: ['@.', 'bounce@temporis.hr', '@temporis.hr', '@.temporis.hr', '@hr', '@.hr', '', '107.181.*.72', '*.181.172.72', '107.*.172.72', '107.181.172.*', '*.*.*.72', '107.*.*.72', '107.181.*.*', '*.*.172.72', '107.*.*.*', '*.*.*.*']
2015-06-10 09:15:53 DEBUG Possible policy recipients: ['@.', 'deXXX@efzg.hr', '@efzg.hr', '@.efzg.hr', '@hr', '@.hr', 'deXXX@*']
2015-06-10 09:15:53 DEBUG SQL: Get policy senders: SELECT id,email FROM mailaddr WHERE email IN ('@.', 'bounce@temporis.hr', '@temporis.hr', '@.temporis.hr', '@hr', '@.hr', '', '107.181.*.72', '*.181.172.72', '107.*.172.72', '107.181.172.*', '*.*.*.72', '107.*.*.72', '107.181.*.*', '*.*.172.72', '107.*.*.*', '*.*.*.*') ORDER BY priority DESC
2015-06-10 09:15:53 DEBUG No senders found in SQL database.
2015-06-10 09:15:53 DEBUG <-- Result: DUNNO
2015-06-10 09:15:53 DEBUG [+] Getting LDIF data of account: deXXX@efzg.hr
2015-06-10 09:15:53 DEBUG search base dn: o=domains,dc=efzg,dc=hr
2015-06-10 09:15:53 DEBUG search scope: SUBTREE
2015-06-10 09:15:53 DEBUG search filter: (&(|(mail=deXXX@efzg.hr)(shadowAddress=deXXX@efzg.hr))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2015-06-10 09:15:53 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy']
2015-06-10 09:15:53 DEBUG result: [('mail=dXXX@efzg.hr,ou=Users,domainName=efzg.hr,o=domains,dc=efzg,dc=hr', {'objectClass': ['amavisAccount', 'shadowAccount', 'mailUser', 'inetOrgPerson']})]
2015-06-10 09:15:53 DEBUG --> Apply plugin: ldap_maillist_access_policy
2015-06-10 09:15:53 DEBUG <-- Result: DUNNO (Not a mail list account)
2015-06-10 09:15:53 INFO [] RCPT, bounce@temporis.hr -> deXXX@efzg.hr, DUNNO
2015-06-10 09:15:53 DEBUG Session ended
2015-06-10 09:15:53 DEBUG Close LDAP connection.
2015-06-10 09:15:54 DEBUG smtp session: request=smtpd_access_policy
2015-06-10 09:15:54 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2015-06-10 09:15:54 DEBUG smtp session: protocol_name=ESMTP
2015-06-10 09:15:54 DEBUG smtp session: client_address=
2015-06-10 09:15:54 DEBUG smtp session: client_name=server.simotamo.com
2015-06-10 09:15:54 DEBUG smtp session: reverse_client_name=server.simotamo.com
2015-06-10 09:15:54 DEBUG smtp session: helo_name=server.simotamo.com
2015-06-10 09:15:54 DEBUG smtp session: sender=bounce@temporis.hr
2015-06-10 09:15:54 DEBUG smtp session: recipient=deXXX@efzg.hr
2015-06-10 09:15:54 DEBUG smtp session: recipient_count=1
2015-06-10 09:15:54 DEBUG smtp session: queue_id=C59E0202868F06
2015-06-10 09:15:54 DEBUG smtp session: instance=1a20.5577e429.83dd8.0
2015-06-10 09:15:54 DEBUG smtp session: size=56589
2015-06-10 09:15:54 DEBUG smtp session: etrn_domain=
2015-06-10 09:15:54 DEBUG smtp session: stress=
2015-06-10 09:15:54 DEBUG smtp session: sasl_method=
2015-06-10 09:15:54 DEBUG smtp session: sasl_username=
2015-06-10 09:15:54 DEBUG smtp session: sasl_sender=
2015-06-10 09:15:54 DEBUG smtp session: ccert_subject=
2015-06-10 09:15:54 DEBUG smtp session: ccert_issuer=
2015-06-10 09:15:54 DEBUG smtp session: ccert_fingerprint=
2015-06-10 09:15:54 DEBUG smtp session: ccert_pubkey_fingerprint=
2015-06-10 09:15:54 DEBUG smtp session: encryption_protocol=TLSv1.2
2015-06-10 09:15:54 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-GCM-SHA384
2015-06-10 09:15:54 DEBUG smtp session: encryption_keysize=256
2015-06-10 09:15:54 DEBUG LDAP connection initialied success.
2015-06-10 09:15:54 DEBUG LDAP bind success.
2015-06-10 09:15:54 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2015-06-10 09:15:54 DEBUG --> Apply plugin: amavisd_message_size_limit
2015-06-10 09:15:54 DEBUG Message size: 56589
2015-06-10 09:15:54 DEBUG Getting applicable policies
2015-06-10 09:15:54 DEBUG Valid policy accounts for recipient deXXX@efzg.hr: 'deXXX@efzg.hr', '@efzg.hr', '@.efzg.hr', '@.'
2015-06-10 09:15:54 DEBUG SELECT policy_name,message_size_limit
                 FROM users, policy
                    AND (users.email IN ('deXXX@efzg.hr', '@efzg.hr', '@.efzg.hr', '@.'))
                 ORDER BY users.priority DESC
2015-06-10 09:15:54 DEBUG No policy found.
2015-06-10 09:15:54 DEBUG <-- Result: DUNNO
2015-06-10 09:15:54 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2015-06-10 09:15:54 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2015-06-10 09:15:54 INFO [] END-OF-MESSAGE, bounce@temporis.hr -> deXXX@efzg.hr, DUNNO
2015-06-10 09:15:54 DEBUG Session ended
2015-06-10 09:15:54 DEBUG Close LDAP connection.
2015-06-10 09:15:54 DEBUG smtp session: request=smtpd_access_policy
2015-06-10 09:15:54 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2015-06-10 09:15:54 DEBUG smtp session: protocol_name=ESMTP
2015-06-10 09:15:54 DEBUG smtp session: client_address=
2015-06-10 09:15:54 DEBUG smtp session: client_name=server.simotamo.com
2015-06-10 09:15:54 DEBUG smtp session: reverse_client_name=server.simotamo.com
2015-06-10 09:15:54 DEBUG smtp session: helo_name=server.simotamo.com
2015-06-10 09:15:54 DEBUG smtp session: sender=bounce@temporis.hr
2015-06-10 09:15:54 DEBUG smtp session: recipient=bkXXXXX@efzg.hr
2015-06-10 09:15:54 DEBUG smtp session: recipient_count=1
2015-06-10 09:15:54 DEBUG smtp session: queue_id=C26CE202868F04
2015-06-10 09:15:54 DEBUG smtp session: instance=3a02.5577e429.83742.0
2015-06-10 09:15:54 DEBUG smtp session: size=56593
2015-06-10 09:15:54 DEBUG smtp session: etrn_domain=
2015-06-10 09:15:54 DEBUG smtp session: stress=
2015-06-10 09:15:54 DEBUG smtp session: sasl_method=
2015-06-10 09:15:54 DEBUG smtp session: sasl_username=
2015-06-10 09:15:54 DEBUG smtp session: sasl_sender=
2015-06-10 09:15:54 DEBUG smtp session: ccert_subject=
2015-06-10 09:15:54 DEBUG smtp session: ccert_issuer=
2015-06-10 09:15:54 DEBUG smtp session: ccert_fingerprint=
2015-06-10 09:15:54 DEBUG smtp session: ccert_pubkey_fingerprint=
2015-06-10 09:15:54 DEBUG smtp session: encryption_protocol=TLSv1.2
2015-06-10 09:15:54 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-GCM-SHA384
2015-06-10 09:15:54 DEBUG smtp session: encryption_keysize=256
2015-06-10 09:15:54 DEBUG LDAP connection initialied success.
2015-06-10 09:15:54 DEBUG LDAP bind success.
2015-06-10 09:15:54 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2015-06-10 09:15:54 DEBUG --> Apply plugin: amavisd_message_size_limit
2015-06-10 09:15:54 DEBUG Message size: 56593
2015-06-10 09:15:54 DEBUG Getting applicable policies
2015-06-10 09:15:54 DEBUG Valid policy accounts for recipient bkXXXXX@efzg.hr: 'bkXXXXX@efzg.hr', '@efzg.hr', '@.efzg.hr', '@.'
2015-06-10 09:15:54 DEBUG SELECT policy_name,message_size_limit
                 FROM users, policy
                    AND (users.email IN ('bkXXXXX@efzg.hr', '@efzg.hr', '@.efzg.hr', '@.'))
                 ORDER BY users.priority DESC
2015-06-10 09:15:54 DEBUG No policy found.
2015-06-10 09:15:54 DEBUG <-- Result: DUNNO
2015-06-10 09:15:54 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2015-06-10 09:15:54 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2015-06-10 09:15:54 INFO [] END-OF-MESSAGE, bounce@temporis.hr -> bkXXXXX@efzg.hr, DUNNO
2015-06-10 09:15:54 DEBUG Session ended
2015-06-10 09:15:54 DEBUG Close LDAP connection.


Re: blacklist not working (0.9.2 - 1.6.0)

Dear kmihalj,

Confirmed that it's a bug that 'username@*' doesn't work with iRedAPD-1.6.0. You can try this patch:

diff -r 5300e50901f4 plugins/amavisd_wblist.py
--- a/plugins/amavisd_wblist.py    Mon Jun 08 14:11:53 2015 +0800
+++ b/plugins/amavisd_wblist.py    Wed Jun 10 21:25:44 2015 +0800
@@ -69,8 +69,12 @@
     valid_senders = amavisd_lib.get_valid_addresses_from_email(sender)
     valid_recipients = amavisd_lib.get_valid_addresses_from_email(recipient)
-    # 'user@*'
-    valid_recipients.append(recipient.split('@', 1)[0] + '@*')
+    # Sender 'username@*'
+    sender_username = sender.split('@', 1)[0]
+    if '+' in sender_username:
+        valid_senders.append(sender_username.split('+', 1)[0] + '@*')
+    else:
+        valid_senders.append(sender_username + '@*')
     # Append original IP address and all possible wildcast IP addresses

Restaring iRedAPD service is required.


Re: blacklist not working (0.9.2 - 1.6.0)

I don't know is it relevant but in /opt/iredapd/settings.py in last section (# Log reject (and other non-DUNNO) action in iRedAdmin SQL database) iredadmin_db_password is set to 'password' so I corrected this to correct password.

Also this is normal?


Re: blacklist not working (0.9.2 - 1.6.0)

It's normal.


Re: blacklist not working (0.9.2 - 1.6.0)

Patch is working great ....

2015-06-10 16:35:47 INFO [] RCPT, bounce@domacaljekarna4.eu -> nXXX@efzg.hr, REJECT Blacklisted

What about this error ..... (to open another topic for this ?)

2015-06-10 16:35:33 ERROR <!> Error applying plugin amavisd_message_size_limit: too many values to unpack


Re: blacklist not working (0.9.2 - 1.6.0)

kmihalj wrote:

What about this error ..... (to open another topic for this ?)

I can confirm this is a bug of amavisd_message_size_limit.py plugin without check source code. i will give you a patch later.


Re: blacklist not working (0.9.2 - 1.6.0)

kmihalj wrote:

What about this error ..... (to open another topic for this ?)

2015-06-10 16:35:33 ERROR <!> Error applying plugin amavisd_message_size_limit: too many values to unpack

Could you please paste full iRedAPD debug log? i need log for troubleshooting.


Re: blacklist not working (0.9.2 - 1.6.0)

i changed the order of plugins, and enabled debug and now i just caught 1 spam from @163.com so it seems to work, i will keep an eye on it and let you know of its ok going forward, many thanks

16 (edited by SteveLuxe 2015-06-11 03:16:01)

Re: blacklist not working (0.9.2 - 1.6.0)

Can this blacklisting feature be used without the Pro version of iRedAdmin? I'm running the MySQL version of 0.9.2 on Debian 8.1. Where do I put whitelist / blacklist rules? I looked at the settings in the python scripts, and it looks as though it's pointing to the amavisd database. I see there's a "policy" table, but I'm not quite sure what to do, as it's empty. There's also a wblist table, as well. It's empty, too. Is there documentation on how to handle this manually?


Re: blacklist not working (0.9.2 - 1.6.0)

ZhangHuangbin wrote:
kmihalj wrote:
2015-06-10 16:35:33 ERROR <!> Error applying plugin amavisd_message_size_limit: too many values to unpack

Could you please paste full iRedAPD debug log? i need log for troubleshooting.

In attachment is last 2000 lines of iredadp.log file after enabling debug .....
Error mentioned above is generated three times in that part of log


Re: blacklist not working (0.9.2 - 1.6.0)

SteveLuxe wrote:

Can this blacklisting feature be used without the Pro version of iRedAdmin?


SteveLuxe wrote:

Where do I put whitelist / blacklist rules?

White/blacklists are stored in Amavisd SQL database (3 tables: users, mailaddr, wblist), this way both iRedAPD and Amavisd uses the same white/blacklists.

SteveLuxe wrote:

Is there documentation on how to handle this manually?

Here's official document: http://www.amavis.org/README.sql-mysql.txt

Besides, iRedAdmin-Pro uses below priorities for `amavisd.users` records:

* Single IP address: 10. e.g. ``
* Single email address: 8. e.g. `username@domain.com`.
* Wildcard email address: 6. e.g. `username@*`.
* Entire mail domain: 5. e.g. `@domain.com`.
* Mail domain and all sub-domains: 3. e.g. `@.domain.com`.
* Top level domain: 1. e.g. `@com`.
* Catch-all (global): 0 (`@.`).


Re: blacklist not working (0.9.2 - 1.6.0)

kmihalj wrote:

In attachment is last 2000 lines of iredadp.log file after enabling debug .....
Error mentioned above is generated three times in that part of log

Please try this patch:

diff -r 063b3794ef3d libs/amavisd/core.py
--- a/libs/amavisd/core.py    Wed Jun 10 21:28:29 2015 +0800
+++ b/libs/amavisd/core.py    Thu Jun 11 07:10:52 2015 +0800
@@ -69,17 +69,16 @@
     logging.debug('Getting applicable policies')
     account = str(account).lower()
-    addr_type = is_valid_amavisd_address(account)
-    if addr_type == 'email':
-        sql_valid_rcpts = """'%s', '%s', '%s', '%s'""" % (
-            account,                            # full email address
-            '@' + kwargs['recipient_domain'],   # entire domain
-            '@.' + kwargs['recipient_domain'],  # sub-domain
-            '@.')                               # catch-all
-    else:
+    if is_valid_amavisd_address(account) != 'email':
         # Postfix should use full email address as recipient.
         logging.debug('Policy account is not an email address.')
-        return SMTP_ACTIONS['default']
+        return (True, {})
+    sql_valid_rcpts = """'%s', '%s', '%s', '%s'""" % (
+        account,                            # full email address
+        '@' + kwargs['recipient_domain'],   # entire domain
+        '@.' + kwargs['recipient_domain'],  # sub-domain
+        '@.')                               # catch-all
     logging.debug('Valid policy accounts for recipient %s: %s' % (account, sql_valid_rcpts))


Re: blacklist not working (0.9.2 - 1.6.0)

Is creating a wblist done this way:
1) Add a user to the users table
2) Add a wb address to mailaddr
3) Add (user.id, mailaddr.id, (whitelist|blacklist)) to wblist

Only thing that puzzles me is what to enter into priority in both users and mailaddr table.


Re: blacklist not working (0.9.2 - 1.6.0)

mir wrote:

Only thing that puzzles me is what to enter into priority in both users and mailaddr table.

iRedAdmin-Pro uses below priorities for `amavisd.users` records:
* Single IP address: 10. e.g. ``
* Single email address: 8. e.g. `username@domain.com`.
* Wildcard email address: 6. e.g. `username@*`.
* Entire mail domain: 5. e.g. `@domain.com`.
* Mail domain and all sub-domains: 3. e.g. `@.domain.com`.
* Top level domain: 1. e.g. `@com`.
* Catch-all (global): 0 (`@.`).

I recommend you to use the same priorities, so that there's no issue if you run iRedAdmin-Pro.

We need a command line tool to manage wblist. iRedAdmin-Pro ships 'tools/submit_wblist.py' to add white/blacklists, but it doesn't support removing wblist.


Re: blacklist not working (0.9.2 - 1.6.0)

ZhangHuangbin wrote:

We need a command line tool to manage wblist. iRedAdmin-Pro ships 'tools/submit_wblist.py' to add white/blacklists, but it doesn't support removing wblist.

Is maddr not used at all when looking up wblists? And what about the policy table?

I will volunteer to write such a CLI management tool. Does is need to be written in Python? I would much prefer using Perl for the task.


Re: blacklist not working (0.9.2 - 1.6.0)

ZhangHuangbin wrote:

Here's official document: http://www.amavis.org/README.sql-mysql.txt

Besides, iRedAdmin-Pro uses below priorities for `amavisd.users` records:

* Single IP address: 10. e.g. ``
* Single email address: 8. e.g. `username@domain.com`.
* Wildcard email address: 6. e.g. `username@*`.
* Entire mail domain: 5. e.g. `@domain.com`.
* Mail domain and all sub-domains: 3. e.g. `@.domain.com`.
* Top level domain: 1. e.g. `@com`.
* Catch-all (global): 0 (`@.`).

Once again, Thanks Zhang for your help! When I get the money, I'd love to purchase iRedAdmin Pro. I'm running my server on a shoestring budget for a small independent record label. It was lucky enough for me to receive the funds in order to get the mail server going as it is... I wish that money were no object, but unfortunately, it is.


Re: blacklist not working (0.9.2 - 1.6.0)

mir wrote:
ZhangHuangbin wrote:

We need a command line tool to manage wblist. iRedAdmin-Pro ships 'tools/submit_wblist.py' to add white/blacklists, but it doesn't support removing wblist.

Is maddr not used at all when looking up wblists? And what about the policy table?

I will volunteer to write such a CLI management tool. Does is need to be written in Python? I would much prefer using Perl for the task.

I believe since Perl is natively found on most Linux Distro's, this will be perfectly fine.


Re: blacklist not working (0.9.2 - 1.6.0)

ZhangHuangbin wrote:

Please try this patch

Patch is not working....

After I apply patch and restart iredadp.service I get this:

2015-06-11 12:52:59 ERROR <!> Error applying plugin amavisd_message_size_limit: local variable 'sql_valid_rcpts' referenced before assignment