1

Topic: Whitelist / Blacklist within same domain

==== Required information ====
- iRedMail version (check /etc/iredmail-release):     v0.9.5-1
- Linux/BSD distribution name and version: CentOs 6.8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====

The Whitelist and Blacklist for Inbound email do not seem to work for email sent within the same domain. Is this by design?

The Whitelist and Blacklist for Outbound email within the same domain does prohibit the sending of email.

Let me explain: user2@mydomain.com has a White/Blacklist Policy of "@." Blacklist All for both inbound and outbound email.

user1@mydomain.com has no restrictions.

user1@mydomain.com can send email to user2@mydomain.com, but when user2@mydomain.com sends to user1@mydomain.com they get a notice that the recipient is blacklisted.

Why does the outbound policy work and not the inbound?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Whitelist / Blacklist within same domain

Question first: Why do you want to block sender from same domain?

Could you please:

1) turn on debug mode in iRedAPD
2) restart iredapd service
3) send a testing email to reproduce this issue
4) Extract FULL log from iRedAPD log file (/var/log/iredapd/iredapd.log) related to this testing email

We need this log for troubleshooting.

3

Re: Whitelist / Blacklist within same domain

To you question: There is a company policy that a certain group of employees are only allowed to email their managers withing the company and not their coworkers.

Here is the log from the time I enabled the debug mode:

2016-11-08 09:02:43 INFO Starting iRedAPD (version: 1.9.0, backend: ldap), listening on 127.0.0.1:7777.
2016-11-08 09:02:43 INFO Log rotate type: time, interval: W6, backup copies: 12.
2016-11-08 09:02:43 INFO Loading plugin: reject_null_sender
2016-11-08 09:02:43 INFO Loading plugin: greylisting
2016-11-08 09:02:43 INFO Loading plugin: throttle
2016-11-08 09:02:43 INFO Loading plugin: ldap_maillist_access_policy
2016-11-08 09:02:43 INFO Loading plugin: amavisd_wblist
2016-11-08 09:04:00 DEBUG Connect from 127.0.0.1, port 39568.
2016-11-08 09:04:00 DEBUG smtp session: request=smtpd_access_policy
2016-11-08 09:04:00 DEBUG smtp session: protocol_state=RCPT
2016-11-08 09:04:00 DEBUG smtp session: protocol_name=ESMTP
2016-11-08 09:04:00 DEBUG smtp session: client_address=127.0.0.1
2016-11-08 09:04:00 DEBUG smtp session: client_name=mx1.ansspc.com
2016-11-08 09:04:00 DEBUG smtp session: reverse_client_name=mx1.ansspc.com
2016-11-08 09:04:00 DEBUG smtp session: helo_name=_
2016-11-08 09:04:00 DEBUG smtp session: sender=user1@mydomain.com
2016-11-08 09:04:00 DEBUG smtp session: recipient=user2@mydomain.com
2016-11-08 09:04:00 DEBUG smtp session: recipient_count=0
2016-11-08 09:04:00 DEBUG smtp session: queue_id=
2016-11-08 09:04:00 DEBUG smtp session: instance=9ee.58220580.46c2c.0
2016-11-08 09:04:00 DEBUG smtp session: size=0
2016-11-08 09:04:00 DEBUG smtp session: etrn_domain=
2016-11-08 09:04:00 DEBUG smtp session: stress=
2016-11-08 09:04:00 DEBUG smtp session: sasl_method=LOGIN
2016-11-08 09:04:00 DEBUG smtp session: sasl_username=user1@mydomain.com
2016-11-08 09:04:00 DEBUG smtp session: sasl_sender=
2016-11-08 09:04:00 DEBUG smtp session: ccert_subject=
2016-11-08 09:04:00 DEBUG smtp session: ccert_issuer=
2016-11-08 09:04:00 DEBUG smtp session: ccert_fingerprint=
2016-11-08 09:04:00 DEBUG smtp session: encryption_protocol=TLSv1
2016-11-08 09:04:00 DEBUG smtp session: encryption_cipher=DHE-RSA-AES256-SHA
2016-11-08 09:04:00 DEBUG smtp session: encryption_keysize=256
2016-11-08 09:04:00 DEBUG LDAP connection initialied success.
2016-11-08 09:04:00 DEBUG LDAP bind success.
2016-11-08 09:04:00 DEBUG --> Apply plugin: reject_null_sender
2016-11-08 09:04:00 DEBUG Local sender.
2016-11-08 09:04:00 DEBUG <-- Result: DUNNO
2016-11-08 09:04:00 DEBUG --> Apply plugin: greylisting
2016-11-08 09:04:00 DEBUG Found SASL username, bypass greylisting for outbound email.
2016-11-08 09:04:00 DEBUG <-- Result: DUNNO
2016-11-08 09:04:00 DEBUG --> Apply plugin: throttle
2016-11-08 09:04:00 DEBUG Sender domain (@mydomain.com) is same as recipient domain, skip throttling.
2016-11-08 09:04:00 DEBUG <-- Result: DUNNO
2016-11-08 09:04:00 DEBUG [+] Getting LDIF data of account: user2@mydomain.com
2016-11-08 09:04:00 DEBUG search base dn: o=domains,dc=ansspc,dc=com
2016-11-08 09:04:00 DEBUG search scope: SUBTREE
2016-11-08 09:04:00 DEBUG search filter: (&(|(mail=user2@mydomain.com)(shadowAddress=user2@mydomain.com))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2016-11-08 09:04:00 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy']
2016-11-08 09:04:00 DEBUG result: [('mail=user2@mydomain.com,ou=Users,domainName=mydomain.com,o=domains,dc=ansspc,dc=com', {'objectClass': ['inetOrgPerson', 'mailUser', 'shadowAccount', 'amavisAccount']})]
2016-11-08 09:04:00 DEBUG --> Apply plugin: ldap_maillist_access_policy
2016-11-08 09:04:00 DEBUG <-- Result: DUNNO (Not a mail list account)
2016-11-08 09:04:00 DEBUG --> Apply plugin: amavisd_wblist
2016-11-08 09:04:00 DEBUG Possible policy senders: ['@.', 'user1@mydomain.com', '@mydomain.com', '@.mydomain.com', '@com', '@.com']
2016-11-08 09:04:00 DEBUG Possible policy recipients: ['@.', 'user2@mydomain.com', '@mydomain.com', '@.mydomain.com', '@com', '@.com']
2016-11-08 09:04:00 DEBUG Apply wblist for outbound message.
2016-11-08 09:04:00 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('@.', 'user1@mydomain.com', '@mydomain.com', '@.mydomain.com', '@com', '@.com')
           ORDER BY priority DESC
2016-11-08 09:04:00 DEBUG Local addresses (in `users`): [(2L, '@.')]
2016-11-08 09:04:00 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('@.', 'user2@mydomain.com', '@mydomain.com', '@.mydomain.com', '@com', '@.com')
           ORDER BY priority DESC
2016-11-08 09:04:00 DEBUG Addresses (in `mailaddr`): [(2L, '@.')]
2016-11-08 09:04:00 DEBUG [SQL] Query outbound wblist:
SELECT rid, sid, wb
               FROM outbound_wblist
              WHERE sid IN (2) AND rid IN (2)
2016-11-08 09:04:00 DEBUG No wblist found.
2016-11-08 09:04:00 DEBUG <-- Result: DUNNO
2016-11-08 09:04:00 DEBUG Session ended
2016-11-08 09:04:00 INFO [127.0.0.1] RCPT, user1@mydomain.com => user2@mydomain.com, DUNNO
2016-11-08 09:04:00 DEBUG Close LDAP connection.
2016-11-08 09:04:00 DEBUG smtp session: request=smtpd_access_policy
2016-11-08 09:04:00 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2016-11-08 09:04:00 DEBUG smtp session: protocol_name=ESMTP
2016-11-08 09:04:00 DEBUG smtp session: client_address=127.0.0.1
2016-11-08 09:04:00 DEBUG smtp session: client_name=mx1.ansspc.com
2016-11-08 09:04:00 DEBUG smtp session: reverse_client_name=mx1.ansspc.com
2016-11-08 09:04:00 DEBUG smtp session: helo_name=_
2016-11-08 09:04:00 DEBUG smtp session: sender=user1@mydomain.com
2016-11-08 09:04:00 DEBUG smtp session: recipient=user2@mydomain.com
2016-11-08 09:04:00 DEBUG smtp session: recipient_count=1
2016-11-08 09:04:00 DEBUG smtp session: queue_id=5566C1E03A3
2016-11-08 09:04:00 DEBUG smtp session: instance=9ee.58220580.46c2c.0
2016-11-08 09:04:00 DEBUG smtp session: size=403
2016-11-08 09:04:00 DEBUG smtp session: etrn_domain=
2016-11-08 09:04:00 DEBUG smtp session: stress=
2016-11-08 09:04:00 DEBUG smtp session: sasl_method=LOGIN
2016-11-08 09:04:00 DEBUG smtp session: sasl_username=user1@mydomain.com
2016-11-08 09:04:00 DEBUG smtp session: sasl_sender=
2016-11-08 09:04:00 DEBUG smtp session: ccert_subject=
2016-11-08 09:04:00 DEBUG smtp session: ccert_issuer=
2016-11-08 09:04:00 DEBUG smtp session: ccert_fingerprint=
2016-11-08 09:04:00 DEBUG smtp session: encryption_protocol=TLSv1
2016-11-08 09:04:00 DEBUG smtp session: encryption_cipher=DHE-RSA-AES256-SHA
2016-11-08 09:04:00 DEBUG smtp session: encryption_keysize=256
2016-11-08 09:04:00 DEBUG LDAP connection initialied success.
2016-11-08 09:04:00 DEBUG LDAP bind success.
2016-11-08 09:04:00 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2016-11-08 09:04:00 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2016-11-08 09:04:00 DEBUG --> Apply plugin: throttle
2016-11-08 09:04:00 DEBUG Sender domain (@mydomain.com) is same as recipient domain, skip throttling.
2016-11-08 09:04:00 DEBUG <-- Result: DUNNO
2016-11-08 09:04:00 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2016-11-08 09:04:00 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2016-11-08 09:04:00 DEBUG Session ended
2016-11-08 09:04:00 INFO [127.0.0.1] END-OF-MESSAGE, user1@mydomain.com => user2@mydomain.com, DUNNO
2016-11-08 09:04:00 DEBUG Close LDAP connection.

4

Re: Whitelist / Blacklist within same domain

*) The log is for 'user1@' => 'user2@', but where's log of "user2@" => "user1@"?
*) Please show us (ALL) output of commands below:

ls -l /opt
cd /opt/iredapd/tools/
python wblist_admin.py --account user1@mydomain.com --list --whitelist
python wblist_admin.py --account user1@mydomain.com --list --blacklist
python wblist_admin.py --account user2@mydomain.com --list --whitelist
python wblist_admin.py --account user2@mydomain.com --list --blacklist

5

Re: Whitelist / Blacklist within same domain

Here is the iredapd log:

2016-11-08 20:55:22 INFO Starting iRedAPD (version: 1.9.0, backend: ldap), listening on 127.0.0.1:7777.
2016-11-08 20:55:22 INFO Log rotate type: time, interval: W6, backup copies: 12.
2016-11-08 20:55:22 INFO Loading plugin: reject_null_sender
2016-11-08 20:55:22 INFO Loading plugin: greylisting
2016-11-08 20:55:22 INFO Loading plugin: throttle
2016-11-08 20:55:22 INFO Loading plugin: ldap_maillist_access_policy
2016-11-08 20:55:22 INFO Loading plugin: amavisd_wblist
2016-11-08 20:56:16 DEBUG Connect from 127.0.0.1, port 37108.
2016-11-08 20:56:16 DEBUG smtp session: request=smtpd_access_policy
2016-11-08 20:56:16 DEBUG smtp session: protocol_state=RCPT
2016-11-08 20:56:16 DEBUG smtp session: protocol_name=ESMTP
2016-11-08 20:56:16 DEBUG smtp session: client_address=127.0.0.1
2016-11-08 20:56:16 DEBUG smtp session: client_name=mx1.ansspc.com
2016-11-08 20:56:16 DEBUG smtp session: reverse_client_name=mx1.ansspc.com
2016-11-08 20:56:16 DEBUG smtp session: helo_name=_
2016-11-08 20:56:16 DEBUG smtp session: sender=user1@mydomain.com
2016-11-08 20:56:16 DEBUG smtp session: recipient=user2@mydomain.com
2016-11-08 20:56:16 DEBUG smtp session: recipient_count=0
2016-11-08 20:56:16 DEBUG smtp session: queue_id=
2016-11-08 20:56:16 DEBUG smtp session: instance=68b5.5822ac70.ad4cc.0
2016-11-08 20:56:16 DEBUG smtp session: size=0
2016-11-08 20:56:16 DEBUG smtp session: etrn_domain=
2016-11-08 20:56:16 DEBUG smtp session: stress=
2016-11-08 20:56:16 DEBUG smtp session: sasl_method=LOGIN
2016-11-08 20:56:16 DEBUG smtp session: sasl_username=user1@mydomain.com
2016-11-08 20:56:16 DEBUG smtp session: sasl_sender=
2016-11-08 20:56:16 DEBUG smtp session: ccert_subject=
2016-11-08 20:56:16 DEBUG smtp session: ccert_issuer=
2016-11-08 20:56:16 DEBUG smtp session: ccert_fingerprint=
2016-11-08 20:56:16 DEBUG smtp session: encryption_protocol=TLSv1
2016-11-08 20:56:16 DEBUG smtp session: encryption_cipher=DHE-RSA-AES256-SHA
2016-11-08 20:56:16 DEBUG smtp session: encryption_keysize=256
2016-11-08 20:56:16 DEBUG LDAP connection initialied success.
2016-11-08 20:56:16 DEBUG LDAP bind success.
2016-11-08 20:56:16 DEBUG --> Apply plugin: reject_null_sender
2016-11-08 20:56:16 DEBUG Local sender.
2016-11-08 20:56:16 DEBUG <-- Result: DUNNO
2016-11-08 20:56:16 DEBUG --> Apply plugin: greylisting
2016-11-08 20:56:16 DEBUG Found SASL username, bypass greylisting for outbound email.
2016-11-08 20:56:16 DEBUG <-- Result: DUNNO
2016-11-08 20:56:16 DEBUG --> Apply plugin: throttle
2016-11-08 20:56:16 DEBUG Sender domain (@mydomain.com) is same as recipient domain, skip throttling.
2016-11-08 20:56:16 DEBUG <-- Result: DUNNO
2016-11-08 20:56:16 DEBUG [+] Getting LDIF data of account: user2@mydomain.com
2016-11-08 20:56:16 DEBUG search base dn: o=domains,dc=ansspc,dc=com
2016-11-08 20:56:16 DEBUG search scope: SUBTREE
2016-11-08 20:56:16 DEBUG search filter: (&(|(mail=user2@mydomain.com)(shadowAddress=user2@mydomain.com))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2016-11-08 20:56:16 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy']
2016-11-08 20:56:16 DEBUG result: [('mail=user2@mydomain.com,ou=Users,domainName=mydomain.com,o=domains,dc=ansspc,dc=com', {'objectClass': ['inetOrgPerson', 'mailUser', 'shadowAccount', 'amavisAccount']})]
2016-11-08 20:56:16 DEBUG --> Apply plugin: ldap_maillist_access_policy
2016-11-08 20:56:16 DEBUG <-- Result: DUNNO (Not a mail list account)
2016-11-08 20:56:16 DEBUG --> Apply plugin: amavisd_wblist
2016-11-08 20:56:16 DEBUG Possible policy senders: ['@.', 'user1@mydomain.com', '@mydomain.com', '@.mydomain.com', '@com', '@.com']
2016-11-08 20:56:16 DEBUG Possible policy recipients: ['@.', 'user2@mydomain.com', '@mydomain.com', '@.mydomain.com', '@com', '@.com']
2016-11-08 20:56:16 DEBUG Apply wblist for outbound message.
2016-11-08 20:56:16 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('@.', 'user1@mydomain.com', '@mydomain.com', '@.mydomain.com', '@com', '@.com')
           ORDER BY priority DESC
2016-11-08 20:56:16 DEBUG Local addresses (in `users`): [(2L, '@.')]
2016-11-08 20:56:16 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('@.', 'user2@mydomain.com', '@mydomain.com', '@.mydomain.com', '@com', '@.com')
           ORDER BY priority DESC
2016-11-08 20:56:16 DEBUG Addresses (in `mailaddr`): [(2L, '@.')]
2016-11-08 20:56:16 DEBUG [SQL] Query outbound wblist:
SELECT rid, sid, wb
               FROM outbound_wblist
              WHERE sid IN (2) AND rid IN (2)
2016-11-08 20:56:16 DEBUG No wblist found.
2016-11-08 20:56:16 DEBUG <-- Result: DUNNO
2016-11-08 20:56:16 DEBUG Session ended
2016-11-08 20:56:16 INFO [127.0.0.1] RCPT, user1@mydomain.com => user2@mydomain.com, DUNNO
2016-11-08 20:56:16 DEBUG Close LDAP connection.
2016-11-08 20:56:16 DEBUG smtp session: request=smtpd_access_policy
2016-11-08 20:56:16 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2016-11-08 20:56:16 DEBUG smtp session: protocol_name=ESMTP
2016-11-08 20:56:16 DEBUG smtp session: client_address=127.0.0.1
2016-11-08 20:56:16 DEBUG smtp session: client_name=mx1.ansspc.com
2016-11-08 20:56:16 DEBUG smtp session: reverse_client_name=mx1.ansspc.com
2016-11-08 20:56:16 DEBUG smtp session: helo_name=_
2016-11-08 20:56:16 DEBUG smtp session: sender=user1@mydomain.com
2016-11-08 20:56:16 DEBUG smtp session: recipient=user2@mydomain.com
2016-11-08 20:56:16 DEBUG smtp session: recipient_count=1
2016-11-08 20:56:16 DEBUG smtp session: queue_id=B8E161E0BF0
2016-11-08 20:56:16 DEBUG smtp session: instance=68b5.5822ac70.ad4cc.0
2016-11-08 20:56:16 DEBUG smtp session: size=369
2016-11-08 20:56:16 DEBUG smtp session: etrn_domain=
2016-11-08 20:56:16 DEBUG smtp session: stress=
2016-11-08 20:56:16 DEBUG smtp session: sasl_method=LOGIN
2016-11-08 20:56:16 DEBUG smtp session: sasl_username=user1@mydomain.com
2016-11-08 20:56:16 DEBUG smtp session: sasl_sender=
2016-11-08 20:56:16 DEBUG smtp session: ccert_subject=
2016-11-08 20:56:16 DEBUG smtp session: ccert_issuer=
2016-11-08 20:56:16 DEBUG smtp session: ccert_fingerprint=
2016-11-08 20:56:16 DEBUG smtp session: encryption_protocol=TLSv1
2016-11-08 20:56:16 DEBUG smtp session: encryption_cipher=DHE-RSA-AES256-SHA
2016-11-08 20:56:16 DEBUG smtp session: encryption_keysize=256
2016-11-08 20:56:16 DEBUG LDAP connection initialied success.
2016-11-08 20:56:16 DEBUG LDAP bind success.
2016-11-08 20:56:16 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2016-11-08 20:56:16 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2016-11-08 20:56:16 DEBUG --> Apply plugin: throttle
2016-11-08 20:56:16 DEBUG Sender domain (@mydomain.com) is same as recipient domain, skip throttling.
2016-11-08 20:56:16 DEBUG <-- Result: DUNNO
2016-11-08 20:56:16 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2016-11-08 20:56:16 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2016-11-08 20:56:16 DEBUG Session ended
2016-11-08 20:56:16 INFO [127.0.0.1] END-OF-MESSAGE, user1@mydomain.com => user2@mydomain.com, DUNNO
2016-11-08 20:56:16 DEBUG Close LDAP connection.
2016-11-08 20:56:58 DEBUG Connect from 127.0.0.1, port 37170.
2016-11-08 20:56:58 DEBUG smtp session: request=smtpd_access_policy
2016-11-08 20:56:58 DEBUG smtp session: protocol_state=RCPT
2016-11-08 20:56:58 DEBUG smtp session: protocol_name=ESMTP
2016-11-08 20:56:58 DEBUG smtp session: client_address=127.0.0.1
2016-11-08 20:56:58 DEBUG smtp session: client_name=mx1.ansspc.com
2016-11-08 20:56:58 DEBUG smtp session: reverse_client_name=mx1.ansspc.com
2016-11-08 20:56:58 DEBUG smtp session: helo_name=_
2016-11-08 20:56:58 DEBUG smtp session: sender=user2@mydomain.com
2016-11-08 20:56:58 DEBUG smtp session: recipient=user1@mydomain.com
2016-11-08 20:56:58 DEBUG smtp session: recipient_count=0
2016-11-08 20:56:58 DEBUG smtp session: queue_id=
2016-11-08 20:56:58 DEBUG smtp session: instance=68b3.5822ac9a.8b4e.0
2016-11-08 20:56:58 DEBUG smtp session: size=0
2016-11-08 20:56:58 DEBUG smtp session: etrn_domain=
2016-11-08 20:56:58 DEBUG smtp session: stress=
2016-11-08 20:56:58 DEBUG smtp session: sasl_method=LOGIN
2016-11-08 20:56:58 DEBUG smtp session: sasl_username=user2@mydomain.com
2016-11-08 20:56:58 DEBUG smtp session: sasl_sender=
2016-11-08 20:56:58 DEBUG smtp session: ccert_subject=
2016-11-08 20:56:58 DEBUG smtp session: ccert_issuer=
2016-11-08 20:56:58 DEBUG smtp session: ccert_fingerprint=
2016-11-08 20:56:58 DEBUG smtp session: encryption_protocol=TLSv1
2016-11-08 20:56:58 DEBUG smtp session: encryption_cipher=DHE-RSA-AES256-SHA
2016-11-08 20:56:58 DEBUG smtp session: encryption_keysize=256
2016-11-08 20:56:58 DEBUG LDAP connection initialied success.
2016-11-08 20:56:58 DEBUG LDAP bind success.
2016-11-08 20:56:58 DEBUG --> Apply plugin: reject_null_sender
2016-11-08 20:56:58 DEBUG Local sender.
2016-11-08 20:56:58 DEBUG <-- Result: DUNNO
2016-11-08 20:56:58 DEBUG --> Apply plugin: greylisting
2016-11-08 20:56:58 DEBUG Found SASL username, bypass greylisting for outbound email.
2016-11-08 20:56:58 DEBUG <-- Result: DUNNO
2016-11-08 20:56:58 DEBUG --> Apply plugin: throttle
2016-11-08 20:56:58 DEBUG Sender domain (@mydomain.com) is same as recipient domain, skip throttling.
2016-11-08 20:56:58 DEBUG <-- Result: DUNNO
2016-11-08 20:56:58 DEBUG [+] Getting LDIF data of account: user1@mydomain.com
2016-11-08 20:56:58 DEBUG search base dn: o=domains,dc=ansspc,dc=com
2016-11-08 20:56:58 DEBUG search scope: SUBTREE
2016-11-08 20:56:58 DEBUG search filter: (&(|(mail=user1@mydomain.com)(shadowAddress=user1@mydomain.com))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2016-11-08 20:56:58 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy']
2016-11-08 20:56:58 DEBUG result: [('mail=user1@mydomain.com,ou=Users,domainName=mydomain.com,o=domains,dc=ansspc,dc=com', {'objectClass': ['inetOrgPerson', 'mailUser', 'shadowAccount', 'amavisAccount']})]
2016-11-08 20:56:58 DEBUG --> Apply plugin: ldap_maillist_access_policy
2016-11-08 20:56:58 DEBUG <-- Result: DUNNO (Not a mail list account)
2016-11-08 20:56:58 DEBUG --> Apply plugin: amavisd_wblist
2016-11-08 20:56:58 DEBUG Possible policy senders: ['@.', 'user2@mydomain.com', '@mydomain.com', '@.mydomain.com', '@com', '@.com']
2016-11-08 20:56:58 DEBUG Possible policy recipients: ['@.', 'user1@mydomain.com', '@mydomain.com', '@.mydomain.com', '@com', '@.com']
2016-11-08 20:56:58 DEBUG Apply wblist for outbound message.
2016-11-08 20:56:58 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('@.', 'user2@mydomain.com', '@mydomain.com', '@.mydomain.com', '@com', '@.com')
           ORDER BY priority DESC
2016-11-08 20:56:58 DEBUG Local addresses (in `users`): [(19L, 'user2@mydomain.com'), (2L, '@.')]
2016-11-08 20:56:58 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('@.', 'user1@mydomain.com', '@mydomain.com', '@.mydomain.com', '@com', '@.com')
           ORDER BY priority DESC
2016-11-08 20:56:58 DEBUG Addresses (in `mailaddr`): [(2L, '@.')]
2016-11-08 20:56:58 DEBUG [SQL] Query outbound wblist:
SELECT rid, sid, wb
               FROM outbound_wblist
              WHERE sid IN (19, 2) AND rid IN (2)
2016-11-08 20:56:58 DEBUG Found outbound wblist: [(2L, 19L, 'B')]
2016-11-08 20:56:58 INFO Blacklisted: outbound_wblist=(2, 19, 'B')
2016-11-08 20:56:58 DEBUG <-- Result: REJECT Blacklisted
2016-11-08 20:56:58 DEBUG Session ended
2016-11-08 20:56:58 INFO [127.0.0.1] RCPT, user2@mydomain.com => user1@mydomain.com, REJECT Blacklisted
2016-11-08 20:56:58 DEBUG Close LDAP connection.

And the command outputs:

[root@mx1 ~]# ls -l /opt
total 4
lrwxrwxrwx. 1 root root   18 Oct 29 14:12 iredapd -> /opt/iRedAPD-1.9.1
dr-x------. 7 root root 4096 Nov  8 20:55 iRedAPD-1.9.1
[root@mx1 ~]# cd /opt/iredapd/tools/
[root@mx1 tools]# python wblist_admin.py --account user1@mydomain.com --list --whitelist
* Establishing SQL connection.
* List all inbound whitelist for account: user1@mydomain.com
* No whitelist.
[root@mx1 tools]# python wblist_admin.py --account user1@mydomain.com --list --blacklist
* Establishing SQL connection.
* List all inbound blacklist for account: user1@mydomain.com
* No blacklist.
[root@mx1 tools]# python wblist_admin.py --account user2@mydomain.com --list --whitelist
* Establishing SQL connection.
* List all inbound whitelist for account: user2@mydomain.com
* No whitelist.
[root@mx1 tools]# python wblist_admin.py --account user2@mydomain.com --list --blacklist
* Establishing SQL connection.
* List all inbound blacklist for account: user2@mydomain.com
@.

6

Re: Whitelist / Blacklist within same domain

Sorry, my mistake, i forgot extra commands. Please show us output of all commands:

cd /opt/iredapd/tools/
python wblist_admin.py --account user1@mydomain.com --list --whitelist
python wblist_admin.py --account user1@mydomain.com --list --blacklist
python wblist_admin.py --account user2@mydomain.com --list --whitelist
python wblist_admin.py --account user2@mydomain.com --list --blacklist

python wblist_admin.py --outbound --account user1@mydomain.com --list --whitelist
python wblist_admin.py --outbound --account user1@mydomain.com --list --blacklist
python wblist_admin.py --outbound --account user2@mydomain.com --list --whitelist
python wblist_admin.py --outbound --account user2@mydomain.com --list --blacklist

And, to help me understand your issue clearly, please tell me what the expected results are:

*) When user1@ sends to user2@
*) When user2@ sends to user1@

7

Re: Whitelist / Blacklist within same domain

Here is the output of these commands:

[root@mx1 ~]# cd /opt/iredapd/tools/
[root@mx1 tools]# python wblist_admin.py --account user1@mydomain.com --list --whitelist
* Establishing SQL connection.
* List all inbound whitelist for account: user1@mydomain.com
* No whitelist.
[root@mx1 tools]# python wblist_admin.py --account user1@mydomain.com --list --blacklist
* Establishing SQL connection.
* List all inbound blacklist for account: user1@mydomain.com
* No blacklist.
[root@mx1 tools]# python wblist_admin.py --account user2@mydomain.com --list --whitelist
* Establishing SQL connection.
* List all inbound whitelist for account: user2@mydomain.com
* No whitelist.
[root@mx1 tools]# python wblist_admin.py --account user2@mydomain.com --list --blacklist
* Establishing SQL connection.
* List all inbound blacklist for account: user2@mydomain.com
@.
[root@mx1 tools]#
[root@mx1 tools]# python wblist_admin.py --outbound --account user1@mydomain.com --list --whitelist
* Establishing SQL connection.
* List all outbound whitelist for account: user1@mydomain.com
* No whitelist.
[root@mx1 tools]# python wblist_admin.py --outbound --account user1@mydomain.com --list --blacklist
* Establishing SQL connection.
* List all outbound blacklist for account: user1@mydomain.com
* No blacklist.
[root@mx1 tools]# python wblist_admin.py --outbound --account user2@mydomain.com --list --whitelist
* Establishing SQL connection.
* List all outbound whitelist for account: user2@mydomain.com
* No whitelist.
[root@mx1 tools]# python wblist_admin.py --outbound --account user2@mydomain.com --list --blacklist
* Establishing SQL connection.
* List all outbound blacklist for account: user2@mydomain.com
@.

*) When user1@ sends to user2@
    The expected result is that user1 cannot send to user2 because the @. is in the blacklist for inbound
*) When user2@ sends to user1@
    The expected result is that user2 cannot send to user1 because the @. is in the blacklist for outbound

This clearly is a testing setup to validate that the blacklist actually works. I set this up when I observed mail delivery behavior that was unexpected in the production environment. Once I have verified the blacklist portion is working, then I will test the whitelist side of the system.

Thanks for working diligently on this issue.

8

Re: Whitelist / Blacklist within same domain

I can reproduce this issue, will come back to you later with a fix.

9

Re: Whitelist / Blacklist within same domain

Fixed: https://bitbucket.org/zhb/iredapd/commi … 6b6c27537f

10

Re: Whitelist / Blacklist within same domain

Hi
What I neet to do for update amavisd_wblist.py from "binducket.org" in my environment?

11

Re: Whitelist / Blacklist within same domain

Try to download the new plugin and override existing one:

cd /opt/iredapd/plugins/
mv amavisd_wblist.py amavisd_wblist.py.bak
wget 'https://bitbucket.org/zhb/iredapd/raw/5faff4f1f630a73a70cadadeca5b4599da496c2a/plugins/amavisd_wblist.py'
service iredapd restart

12

Re: Whitelist / Blacklist within same domain

Before restarting the service I had to "chmod 0500 amavisd_wblist.py"

Thank You!!

13

Re: Whitelist / Blacklist within same domain

I updated the plugin according to your instructions and now the blacklist applied to user2 does have effect in either direction.

The expected results were:

*) When user1@ sends to user2@
    The expected result is that user1 cannot send to user2 because the @. is in the blacklist for inbound
 
    Current result is the user1 CAN send to user2

*) When user2@ sends to user1@
    The expected result is that user2 cannot send to user1 because the @. is in the blacklist for outbound

    Current result is the user2 CAN send to user1

This is not corrected by what I did according to these instructions.

cd /opt/iredapd/plugins/
mv amavisd_wblist.py amavisd_wblist.py.bak
wget 'https://bitbucket.org/zhb/iredapd/raw/5 … _wblist.py'
service iredapd restart

current contents of /opt/iredapd/plugins/

[root@mx1 ~]# cd /opt/iredapd/plugins/
[root@mx1 plugins]# ll
total 160
-r-x------  1 root root 10677 Nov 10 02:19 amavisd_wblist.py
-r-x------. 1 root root  9059 May  9  2016 amavisd_wblist.py.bak
-r--------  1 root root  6426 Nov 10 08:00 amavisd_wblist.pyc
-r-x------. 1 root root 14441 May  9  2016 greylisting.py
-r--------  1 root root 10323 Oct 29 14:33 greylisting.pyc
-r-x------. 1 root root     0 May  9  2016 __init__.py
-r-x------. 1 root root  2843 May  9  2016 ldap_force_change_password_in_days.py
-r-x------. 1 root root  4512 May  9  2016 ldap_maillist_access_policy.py
-r--------  1 root root  3270 Oct 29 14:33 ldap_maillist_access_policy.pyc
-r-x------. 1 root root  1134 May  9  2016 reject_null_sender.py
-r--------  1 root root   743 Oct 29 14:33 reject_null_sender.pyc
-r-x------. 1 root root 13014 May  9  2016 reject_sender_login_mismatch.py
-r--------  1 root root  5807 Oct 29 14:33 reject_sender_login_mismatch.pyc
-r-x------. 1 root root   574 May  9  2016 reject_to_hostname.py
-r-x------. 1 root root  7680 May  9  2016 sql_alias_access_policy.py
-r-x------. 1 root root  2963 May  9  2016 sql_force_change_password_in_days.py
-r-x------. 1 root root 21876 May  9  2016 throttle.py
-r--------  1 root root  8865 Oct 29 14:33 throttle.pyc

14

Re: Whitelist / Blacklist within same domain

I updated the plugin according to your instructions and now the blacklist applied to user2 does have effect in either direction.

The expected results were:

*) When user1@ sends to user2@
    The expected result is that user1 cannot send to user2 because the @. is in the blacklist for inbound
 
    Current result is the user1 CAN send to user2

*) When user2@ sends to user1@
    The expected result is that user2 cannot send to user1 because the @. is in the blacklist for outbound

    Current result is the user2 CAN send to user1

This is not corrected by what I did according to these instructions.

cd /opt/iredapd/plugins/
mv amavisd_wblist.py amavisd_wblist.py.bak
wget 'https://bitbucket.org/zhb/iredapd/raw/5 … _wblist.py'
service iredapd restart

current contents of /opt/iredapd/plugins/

[root@mx1 ~]# cd /opt/iredapd/plugins/
[root@mx1 plugins]# ll
total 160
-r-x------  1 root root 10677 Nov 10 02:19 amavisd_wblist.py
-r-x------. 1 root root  9059 May  9  2016 amavisd_wblist.py.bak
-r--------  1 root root  6426 Nov 10 08:00 amavisd_wblist.pyc
-r-x------. 1 root root 14441 May  9  2016 greylisting.py
-r--------  1 root root 10323 Oct 29 14:33 greylisting.pyc
-r-x------. 1 root root     0 May  9  2016 __init__.py
-r-x------. 1 root root  2843 May  9  2016 ldap_force_change_password_in_days.py
-r-x------. 1 root root  4512 May  9  2016 ldap_maillist_access_policy.py
-r--------  1 root root  3270 Oct 29 14:33 ldap_maillist_access_policy.pyc
-r-x------. 1 root root  1134 May  9  2016 reject_null_sender.py
-r--------  1 root root   743 Oct 29 14:33 reject_null_sender.pyc
-r-x------. 1 root root 13014 May  9  2016 reject_sender_login_mismatch.py
-r--------  1 root root  5807 Oct 29 14:33 reject_sender_login_mismatch.pyc
-r-x------. 1 root root   574 May  9  2016 reject_to_hostname.py
-r-x------. 1 root root  7680 May  9  2016 sql_alias_access_policy.py
-r-x------. 1 root root  2963 May  9  2016 sql_force_change_password_in_days.py
-r-x------. 1 root root 21876 May  9  2016 throttle.py
-r--------  1 root root  8865 Oct 29 14:33 throttle.pyc

15

Re: Whitelist / Blacklist within same domain

Could you please show me output of debug log in iRedAPD log file?

16

Re: Whitelist / Blacklist within same domain

Contents of iredapd.log

2016-11-10 22:08:35 INFO Starting iRedAPD (version: 1.9.0, backend: ldap), listening on 127.0.0.1:7777.
2016-11-10 22:08:35 INFO Log rotate type: time, interval: W6, backup copies: 12.
2016-11-10 22:08:35 INFO Loading plugin: reject_null_sender
2016-11-10 22:08:35 INFO Loading plugin: greylisting
2016-11-10 22:08:35 INFO Loading plugin: throttle
2016-11-10 22:08:35 INFO Loading plugin: ldap_maillist_access_policy
2016-11-10 22:08:35 ERROR Error while loading plugin (amavisd_wblist): cannot import name is_local_domain
2016-11-10 22:09:14 DEBUG Connect from 127.0.0.1, port 37556.
2016-11-10 22:09:14 DEBUG smtp session: request=smtpd_access_policy
2016-11-10 22:09:14 DEBUG smtp session: protocol_state=RCPT
2016-11-10 22:09:14 DEBUG smtp session: protocol_name=ESMTP
2016-11-10 22:09:14 DEBUG smtp session: client_address=127.0.0.1
2016-11-10 22:09:14 DEBUG smtp session: client_name=mx1.ansspc.com
2016-11-10 22:09:14 DEBUG smtp session: reverse_client_name=mx1.ansspc.com
2016-11-10 22:09:14 DEBUG smtp session: helo_name=_
2016-11-10 22:09:14 DEBUG smtp session: sender=user1@mydomain.com
2016-11-10 22:09:14 DEBUG smtp session: recipient=user2@mydomain.com
2016-11-10 22:09:14 DEBUG smtp session: recipient_count=0
2016-11-10 22:09:14 DEBUG smtp session: queue_id=
2016-11-10 22:09:14 DEBUG smtp session: instance=7329.5825608a.7bcb8.0
2016-11-10 22:09:14 DEBUG smtp session: size=0
2016-11-10 22:09:14 DEBUG smtp session: etrn_domain=
2016-11-10 22:09:14 DEBUG smtp session: stress=
2016-11-10 22:09:14 DEBUG smtp session: sasl_method=LOGIN
2016-11-10 22:09:14 DEBUG smtp session: sasl_username=user1@mydomain.com
2016-11-10 22:09:14 DEBUG smtp session: sasl_sender=
2016-11-10 22:09:14 DEBUG smtp session: ccert_subject=
2016-11-10 22:09:14 DEBUG smtp session: ccert_issuer=
2016-11-10 22:09:14 DEBUG smtp session: ccert_fingerprint=
2016-11-10 22:09:14 DEBUG smtp session: encryption_protocol=TLSv1
2016-11-10 22:09:14 DEBUG smtp session: encryption_cipher=DHE-RSA-AES256-SHA
2016-11-10 22:09:14 DEBUG smtp session: encryption_keysize=256
2016-11-10 22:09:14 DEBUG LDAP connection initialied success.
2016-11-10 22:09:14 DEBUG LDAP bind success.
2016-11-10 22:09:14 DEBUG --> Apply plugin: reject_null_sender
2016-11-10 22:09:14 DEBUG Local sender.
2016-11-10 22:09:14 DEBUG <-- Result: DUNNO
2016-11-10 22:09:14 DEBUG --> Apply plugin: greylisting
2016-11-10 22:09:14 DEBUG Found SASL username, bypass greylisting for outbound email.
2016-11-10 22:09:14 DEBUG <-- Result: DUNNO
2016-11-10 22:09:14 DEBUG --> Apply plugin: throttle
2016-11-10 22:09:14 DEBUG Sender domain (@mydomain.com) is same as recipient domain, skip throttling.
2016-11-10 22:09:14 DEBUG <-- Result: DUNNO
2016-11-10 22:09:14 DEBUG [+] Getting LDIF data of account: user2@mydomain.com
2016-11-10 22:09:14 DEBUG search base dn: o=domains,dc=ansspc,dc=com
2016-11-10 22:09:14 DEBUG search scope: SUBTREE
2016-11-10 22:09:14 DEBUG search filter: (&(|(mail=user2@mydomain.com)(shadowAddress=user2@mydomain.com))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2016-11-10 22:09:14 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy']
2016-11-10 22:09:14 DEBUG result: [('mail=user2@mydomain.com,ou=Users,domainName=mydomain.com,o=domains,dc=ansspc,dc=com', {'objectClass': ['inetOrgPerson', 'mailUser', 'shadowAccount', 'amavisAccount']})]
2016-11-10 22:09:14 DEBUG --> Apply plugin: ldap_maillist_access_policy
2016-11-10 22:09:14 DEBUG <-- Result: DUNNO (Not a mail list account)
2016-11-10 22:09:14 DEBUG Session ended
2016-11-10 22:09:14 INFO [127.0.0.1] RCPT, user1@mydomain.com => user2@mydomain.com, DUNNO
2016-11-10 22:09:14 DEBUG Close LDAP connection.
2016-11-10 22:09:14 DEBUG smtp session: request=smtpd_access_policy
2016-11-10 22:09:14 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2016-11-10 22:09:14 DEBUG smtp session: protocol_name=ESMTP
2016-11-10 22:09:14 DEBUG smtp session: client_address=127.0.0.1
2016-11-10 22:09:14 DEBUG smtp session: client_name=mx1.ansspc.com
2016-11-10 22:09:14 DEBUG smtp session: reverse_client_name=mx1.ansspc.com
2016-11-10 22:09:14 DEBUG smtp session: helo_name=_
2016-11-10 22:09:14 DEBUG smtp session: sender=user1@mydomain.com
2016-11-10 22:09:14 DEBUG smtp session: recipient=user2@mydomain.com
2016-11-10 22:09:14 DEBUG smtp session: recipient_count=1
2016-11-10 22:09:14 DEBUG smtp session: queue_id=861821E03A1
2016-11-10 22:09:14 DEBUG smtp session: instance=7329.5825608a.7bcb8.0
2016-11-10 22:09:14 DEBUG smtp session: size=372
2016-11-10 22:09:14 DEBUG smtp session: etrn_domain=
2016-11-10 22:09:14 DEBUG smtp session: stress=
2016-11-10 22:09:14 DEBUG smtp session: sasl_method=LOGIN
2016-11-10 22:09:14 DEBUG smtp session: sasl_username=user1@mydomain.com
2016-11-10 22:09:14 DEBUG smtp session: sasl_sender=
2016-11-10 22:09:14 DEBUG smtp session: ccert_subject=
2016-11-10 22:09:14 DEBUG smtp session: ccert_issuer=
2016-11-10 22:09:14 DEBUG smtp session: ccert_fingerprint=
2016-11-10 22:09:14 DEBUG smtp session: encryption_protocol=TLSv1
2016-11-10 22:09:14 DEBUG smtp session: encryption_cipher=DHE-RSA-AES256-SHA
2016-11-10 22:09:14 DEBUG smtp session: encryption_keysize=256
2016-11-10 22:09:14 DEBUG LDAP connection initialied success.
2016-11-10 22:09:14 DEBUG LDAP bind success.
2016-11-10 22:09:14 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2016-11-10 22:09:14 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2016-11-10 22:09:14 DEBUG --> Apply plugin: throttle
2016-11-10 22:09:14 DEBUG Sender domain (@mydomain.com) is same as recipient domain, skip throttling.
2016-11-10 22:09:14 DEBUG <-- Result: DUNNO
2016-11-10 22:09:14 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2016-11-10 22:09:14 DEBUG Session ended
2016-11-10 22:09:14 INFO [127.0.0.1] END-OF-MESSAGE, user1@mydomain.com => user2@mydomain.com, DUNNO
2016-11-10 22:09:14 DEBUG Close LDAP connection.
2016-11-10 22:09:56 DEBUG Connect from 127.0.0.1, port 37622.
2016-11-10 22:09:56 DEBUG smtp session: request=smtpd_access_policy
2016-11-10 22:09:56 DEBUG smtp session: protocol_state=RCPT
2016-11-10 22:09:56 DEBUG smtp session: protocol_name=ESMTP
2016-11-10 22:09:56 DEBUG smtp session: client_address=127.0.0.1
2016-11-10 22:09:56 DEBUG smtp session: client_name=mx1.ansspc.com
2016-11-10 22:09:56 DEBUG smtp session: reverse_client_name=mx1.ansspc.com
2016-11-10 22:09:56 DEBUG smtp session: helo_name=_
2016-11-10 22:09:56 DEBUG smtp session: sender=user2@mydomain.com
2016-11-10 22:09:56 DEBUG smtp session: recipient=user1@mydomain.com
2016-11-10 22:09:56 DEBUG smtp session: recipient_count=0
2016-11-10 22:09:56 DEBUG smtp session: queue_id=
2016-11-10 22:09:56 DEBUG smtp session: instance=7248.582560b4.93497.0
2016-11-10 22:09:56 DEBUG smtp session: size=0
2016-11-10 22:09:56 DEBUG smtp session: etrn_domain=
2016-11-10 22:09:56 DEBUG smtp session: stress=
2016-11-10 22:09:56 DEBUG smtp session: sasl_method=LOGIN
2016-11-10 22:09:56 DEBUG smtp session: sasl_username=user2@mydomain.com
2016-11-10 22:09:56 DEBUG smtp session: sasl_sender=
2016-11-10 22:09:56 DEBUG smtp session: ccert_subject=
2016-11-10 22:09:56 DEBUG smtp session: ccert_issuer=
2016-11-10 22:09:56 DEBUG smtp session: ccert_fingerprint=
2016-11-10 22:09:56 DEBUG smtp session: encryption_protocol=TLSv1
2016-11-10 22:09:56 DEBUG smtp session: encryption_cipher=DHE-RSA-AES256-SHA
2016-11-10 22:09:56 DEBUG smtp session: encryption_keysize=256
2016-11-10 22:09:56 DEBUG LDAP connection initialied success.
2016-11-10 22:09:56 DEBUG LDAP bind success.
2016-11-10 22:09:56 DEBUG --> Apply plugin: reject_null_sender
2016-11-10 22:09:56 DEBUG Local sender.
2016-11-10 22:09:56 DEBUG <-- Result: DUNNO
2016-11-10 22:09:56 DEBUG --> Apply plugin: greylisting
2016-11-10 22:09:56 DEBUG Found SASL username, bypass greylisting for outbound email.
2016-11-10 22:09:56 DEBUG <-- Result: DUNNO
2016-11-10 22:09:56 DEBUG --> Apply plugin: throttle
2016-11-10 22:09:56 DEBUG Sender domain (@mydomain.com) is same as recipient domain, skip throttling.
2016-11-10 22:09:56 DEBUG <-- Result: DUNNO
2016-11-10 22:09:56 DEBUG [+] Getting LDIF data of account: user1@mydomain.com
2016-11-10 22:09:56 DEBUG search base dn: o=domains,dc=ansspc,dc=com
2016-11-10 22:09:56 DEBUG search scope: SUBTREE
2016-11-10 22:09:56 DEBUG search filter: (&(|(mail=user1@mydomain.com)(shadowAddress=user1@mydomain.com))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2016-11-10 22:09:56 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy']
2016-11-10 22:09:56 DEBUG result: [('mail=user1@mydomain.com,ou=Users,domainName=mydomain.com,o=domains,dc=ansspc,dc=com', {'objectClass': ['inetOrgPerson', 'mailUser', 'shadowAccount', 'amavisAccount']})]
2016-11-10 22:09:56 DEBUG --> Apply plugin: ldap_maillist_access_policy
2016-11-10 22:09:56 DEBUG <-- Result: DUNNO (Not a mail list account)
2016-11-10 22:09:56 DEBUG Session ended
2016-11-10 22:09:56 INFO [127.0.0.1] RCPT, user2@mydomain.com => user1@mydomain.com, DUNNO
2016-11-10 22:09:56 DEBUG Close LDAP connection.
2016-11-10 22:09:56 DEBUG smtp session: request=smtpd_access_policy
2016-11-10 22:09:56 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2016-11-10 22:09:56 DEBUG smtp session: protocol_name=ESMTP
2016-11-10 22:09:56 DEBUG smtp session: client_address=127.0.0.1
2016-11-10 22:09:56 DEBUG smtp session: client_name=mx1.ansspc.com
2016-11-10 22:09:56 DEBUG smtp session: reverse_client_name=mx1.ansspc.com
2016-11-10 22:09:56 DEBUG smtp session: helo_name=_
2016-11-10 22:09:56 DEBUG smtp session: sender=user2@mydomain.com
2016-11-10 22:09:56 DEBUG smtp session: recipient=user1@mydomain.com
2016-11-10 22:09:56 DEBUG smtp session: recipient_count=1
2016-11-10 22:09:56 DEBUG smtp session: queue_id=97FC31E03A1
2016-11-10 22:09:56 DEBUG smtp session: instance=7248.582560b4.93497.0
2016-11-10 22:09:56 DEBUG smtp session: size=378
2016-11-10 22:09:56 DEBUG smtp session: etrn_domain=
2016-11-10 22:09:56 DEBUG smtp session: stress=
2016-11-10 22:09:56 DEBUG smtp session: sasl_method=LOGIN
2016-11-10 22:09:56 DEBUG smtp session: sasl_username=user2@mydomain.com
2016-11-10 22:09:56 DEBUG smtp session: sasl_sender=
2016-11-10 22:09:56 DEBUG smtp session: ccert_subject=
2016-11-10 22:09:56 DEBUG smtp session: ccert_issuer=
2016-11-10 22:09:56 DEBUG smtp session: ccert_fingerprint=
2016-11-10 22:09:56 DEBUG smtp session: encryption_protocol=TLSv1
2016-11-10 22:09:56 DEBUG smtp session: encryption_cipher=DHE-RSA-AES256-SHA
2016-11-10 22:09:56 DEBUG smtp session: encryption_keysize=256
2016-11-10 22:09:56 DEBUG LDAP connection initialied success.
2016-11-10 22:09:56 DEBUG LDAP bind success.
2016-11-10 22:09:56 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2016-11-10 22:09:56 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2016-11-10 22:09:56 DEBUG --> Apply plugin: throttle
2016-11-10 22:09:56 DEBUG Sender domain (@mydomain.com) is same as recipient domain, skip throttling.
2016-11-10 22:09:56 DEBUG <-- Result: DUNNO
2016-11-10 22:09:56 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2016-11-10 22:09:56 DEBUG Session ended
2016-11-10 22:09:56 INFO [127.0.0.1] END-OF-MESSAGE, user2@mydomain.com => user1@mydomain.com, DUNNO
2016-11-10 22:09:56 DEBUG Close LDAP connection.

17

Re: Whitelist / Blacklist within same domain

tom cotton wrote:

2016-11-10 22:08:35 ERROR Error while loading plugin (amavisd_wblist): cannot import name is_local_domain

This plugin was not loaded/enabled at all.

Could you please try our beta version instead? it contains bug fixes and new features:
http://www.iredmail.org/yum/misc/iRedAPD-beta.tar.bz2

Download it, then follow our tutorial to upgrade it:
http://www.iredmail.org/docs/upgrade.iredapd.html

18

Re: Whitelist / Blacklist within same domain

I put on the beta, and received the following messages.

Traceback (most recent call last):
  File "/opt/iredapd/iredapd.py", line 35, in <module>
    from libs.ldaplib.modeler import Modeler
  File "/opt/iRedAPD-beta/libs/ldaplib/modeler.py", line 8, in <module>
    from libs.ldaplib import conn_utils
  File "/opt/iRedAPD-beta/libs/ldaplib/conn_utils.py", line 8, in <module>
    from libs import POLICY_MEMBERSONLY, POLICY_ALLOWEDONLY
ImportError: cannot import name POLICY_MEMBERSONLY
* Upgrade completed.

Then tested sending messages. Got these messages regardless of recipient or Whitelist/Blacklist settings.

User1 to user2
Error MSG:

SMTP Error (451): Failed to add recipient "user2@mydomain.com" (4.3.5 Server configuration problem).

user2 to user 1

SMTP Error (451): Failed to add recipient "user1@mydomain.com" (4.3.5 Server configuration problem).

user1 to user3 (user3 has no blacklist restrictions)

SMTP Error (451): Failed to add recipient "user3@mydomain.com" (4.3.5 Server configuration problem).

19

Re: Whitelist / Blacklist within same domain

This iRedmail server cannot receive any email. Here is the cli output of the install:

[root@mx1 ~]# tar xjf iRedAPD-beta.tar.bz2
[root@mx1 ~]# cd iRedAPD-beta
[root@mx1 iRedAPD-beta]# ll
total 92
-rw-r--r-- 1 501 staff 19089 Nov  9 17:48 ChangeLog
-rw-r--r-- 1 501 staff  9532 Nov  9 17:48 INSTALL.md
-rw-r--r-- 1 501 staff  9081 Nov  9 17:48 iredapd-gevent.py
-rw-r--r-- 1 501 staff  9888 Nov  9 17:48 iredapd.py
drwxr-xr-x 5 501 staff  4096 Nov 11 07:54 libs
drwxr-xr-x 2 501 staff  4096 Nov 11 07:54 plugins
drwxr-xr-x 2 501 staff  4096 Nov 11 07:54 rc_scripts
-rwxr-xr-x 1 501 staff  3319 Nov  9 17:48 README.md
-rw-r--r-- 1 501 staff  2179 Nov  9 17:48 README_PLUGINS.md
-rw-r--r-- 1 501 staff  1733 Nov  9 17:48 settings.py.sample
drwxr-xr-x 2 501 staff  4096 Nov 11 07:54 SQL
drwxr-xr-x 2 501 staff  4096 Nov 11 07:54 tools
-rw-r--r-- 1 501 staff    99 Nov  9 17:48 UPGRADE.md
[root@mx1 iRedAPD-beta]# cd tools
[root@mx1 tools]# ll
total 88
-rw-r--r-- 1 501 staff  1751 Nov  9 17:48 cleanup_db.py
-rw-r--r-- 1 501 staff  9273 Nov  9 17:48 greylisting_admin.py
-rw-r--r-- 1 501 staff  2278 Nov  9 17:48 __init__.py
-rw-r--r-- 1 501 staff  4597 Nov  9 17:48 migrate_cluebringer_greylisting.py
-rw-r--r-- 1 501 staff  4691 Nov  9 17:48 migrate_cluebringer_throttle.py
-rw-r--r-- 1 501 staff 12419 Nov  9 17:48 spf_to_greylist_whitelists.py
-rw-r--r-- 1 501 staff 22819 Nov  9 17:48 upgrade_iredapd.sh
-rw-r--r-- 1 501 staff  8516 Nov  9 17:48 wblist_admin.py
[root@mx1 tools]# bash upgrade_iredapd.sh
* Detected Linux/BSD distribution: RHEL
* Found iRedAPD directory: /opt/iredapd, symbol link of /opt/iRedAPD-1.9.1
* Found iRedAPD config file: /opt/iredapd/settings.py
* Checking dependent Python modules:
  + [required] python-sqlalchemy
  + [required] dnspython
* Create directory /opt/iRedAPD-beta.
* Copying new version to /opt/iRedAPD-beta
* Copy old config file: settings.py: /opt/iredapd/settings.py -> /opt/iRedAPD-beta/settings.py
* Set correct owner and permission for /opt/iRedAPD-beta: root:root, 0500.
* Set permission for iRedAPD config file: /opt/iRedAPD-beta/settings.py -> 0400.
* Re-create symbol link: /opt/iredapd -> /opt/iRedAPD-beta
* Copy new SysV init script.
* Remove deprecated plugins.
* Rename old plugins.
* Remove all *.pyc files.
* Restarting iRedAPD service.
Stopping iredapd ...
Starting iredapd ...
Traceback (most recent call last):
  File "/opt/iredapd/iredapd.py", line 35, in <module>
    from libs.ldaplib.modeler import Modeler
  File "/opt/iRedAPD-beta/libs/ldaplib/modeler.py", line 8, in <module>
    from libs.ldaplib import conn_utils
  File "/opt/iRedAPD-beta/libs/ldaplib/conn_utils.py", line 8, in <module>
    from libs import POLICY_MEMBERSONLY, POLICY_ALLOWEDONLY
ImportError: cannot import name POLICY_MEMBERSONLY
* Upgrade completed.

20

Re: Whitelist / Blacklist within same domain

So sorry about this mistake. Fixed moment ago, please re-download it and upgrade again:
http://www.iredmail.org/yum/misc/iRedAPD-beta.tar.bz2

21

Re: Whitelist / Blacklist within same domain

Excellent, this is now working as expected!!

Much thanks to you for addressing this right away.

Where do I submit feature requests / enhancements?

22

Re: Whitelist / Blacklist within same domain

Either post in this forum or iRedAPD issue tracker: https://bitbucket.org/zhb/iredapd/issue … tatus=open

23 (edited by smshev 2016-11-14 21:45:12)

Re: Whitelist / Blacklist within same domain

ZhangHuangbin wrote:

So sorry about this mistake. Fixed moment ago, please re-download it and upgrade again:
http://www.iredmail.org/yum/misc/iRedAPD-beta.tar.bz2

Hi
Can you publish here new link to download latest version of "amavisd_wblist"-plugin?
Or you fix not only this plugin and we need to do full upgrade of iRedAPD to this beta-version?

24

Re: Whitelist / Blacklist within same domain

Hi smshev,

It's recommended to do a full upgrade.

The code between iRedAPD versions may have some changes, so plugin file may not work by simply copy new plugin version and run with an old iRedAPD.

25

Re: Whitelist / Blacklist within same domain

I would not want to upgrade to the beta release. I'll wait, "stable".