It's a bug of iRedAdmin-Pro, it's fixed in latest development edition.
As a fix, you can change the value "moderatorsonly" to "allowedonly" with LDAP management tool.

Try to upgrade iRedAPD to 2.2. You can download it here:
https://dl.iredmail.org/yum/misc/

log,sending from members (non moderators):
2018-02-27 10:02:42 DEBUG smtp session: request=smtpd_access_policy
2018-02-27 10:02:42 DEBUG smtp session: protocol_state=RCPT
2018-02-27 10:02:42 DEBUG smtp session: protocol_name=ESMTP
2018-02-27 10:02:42 DEBUG smtp session: client_address=127.0.0.1
2018-02-27 10:02:42 DEBUG smtp session: client_name=mx3.mydomain
2018-02-27 10:02:42 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-02-27 10:02:42 DEBUG smtp session: helo_name=_
2018-02-27 10:02:42 DEBUG smtp session: sender=bawon@mydomain
2018-02-27 10:02:42 DEBUG smtp session: recipient=grouptest@mydomain
2018-02-27 10:02:42 DEBUG smtp session: recipient_count=0
2018-02-27 10:02:42 DEBUG smtp session: queue_id=
2018-02-27 10:02:42 DEBUG smtp session: instance=51a6.5a94ca52.98e4.0
2018-02-27 10:02:42 DEBUG smtp session: size=0
2018-02-27 10:02:42 DEBUG smtp session: etrn_domain=
2018-02-27 10:02:42 DEBUG smtp session: stress=
2018-02-27 10:02:42 DEBUG smtp session: sasl_method=LOGIN
2018-02-27 10:02:42 DEBUG smtp session: sasl_username=bawon@mydomain
2018-02-27 10:02:42 DEBUG smtp session: sasl_sender=
2018-02-27 10:02:42 DEBUG smtp session: ccert_subject=
2018-02-27 10:02:42 DEBUG smtp session: ccert_issuer=
2018-02-27 10:02:42 DEBUG smtp session: ccert_fingerprint=
2018-02-27 10:02:42 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-02-27 10:02:42 DEBUG smtp session: encryption_protocol=TLSv1
2018-02-27 10:02:42 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-02-27 10:02:42 DEBUG smtp session: encryption_keysize=256
2018-02-27 10:02:42 DEBUG LDAP connection initialied success.
2018-02-27 10:02:42 DEBUG LDAP bind success.
2018-02-27 10:02:42 DEBUG --> Apply plugin: reject_null_sender
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG --> Apply plugin: wblist_rdns
2018-02-27 10:02:42 DEBUG Found SASL username, bypass rDNS check for outbound.
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG --> Apply plugin: reject_sender_login_mismatch
2018-02-27 10:02:42 DEBUG Sender: bawon@mydomain, SASL username: bawon@mydomain
2018-02-27 10:02:42 DEBUG SKIP: sender == sasl username.
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG --> Apply plugin: greylisting
2018-02-27 10:02:42 DEBUG Found SASL username, bypass greylisting for outbound email.
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG --> Apply plugin: throttle
2018-02-27 10:02:42 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG [+] Getting LDIF data of account: grouptest@mydomain
2018-02-27 10:02:42 DEBUG search base dn: o=domains,dc=mydomain
2018-02-27 10:02:42 DEBUG search scope: SUBTREE
2018-02-27 10:02:42 DEBUG search filter: (&(!(domainStatus=disabled))(|(mail=grouptest@mydomain)(shadowAddress=grouptest@mydomain))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2018-02-27 10:02:42 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy', 'enabledService']
2018-02-27 10:02:42 DEBUG result: [('mail=grouptest@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'objectClass': ['mailList'], 'accessPolicy': ['allowedonly'], 'listAllowedUser': ['mamat@mydomain'], 'enabledService': ['mail', 'deliver']})]
2018-02-27 10:02:42 DEBUG --> Apply plugin: ldap_maillist_access_policy
2018-02-27 10:02:42 DEBUG Access policy of mailing list (grouptest@mydomain): allowedonly
2018-02-27 10:02:42 DEBUG Primary and all alias domain names of recipient domain (mydomain): mydomain
2018-02-27 10:02:42 DEBUG Sender domain and sub-domains: mydomain, .mydomain
2018-02-27 10:02:42 DEBUG Sender is not explicitly allowed, perform extra LDAP query to check access.
2018-02-27 10:02:42 DEBUG search base dn: domainName=mydomain,o=domains,dc=mydomain
2018-02-27 10:02:42 DEBUG search scope: SUBTREE
2018-02-27 10:02:42 DEBUG search filter: (|(&(memberOfGroup=grouptest@mydomain)(|(objectClass=mailUser)(objectClass=mailExternalUser)))(&(objectclass=mailList)(mail=grouptest@mydomain)))
2018-02-27 10:02:42 DEBUG search attributes: mail, shadowAddress, listAllowedUser
2018-02-27 10:02:42 DEBUG search result: [('mail=grouptest@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'mail': ['grouptest@mydomain'], 'listAllowedUser': ['mamat@mydomain']}), ('mail=bawon@mydomain,ou=Users,domainName=mydomain,o=domains,dc=mydomain', {'mail': ['bawon@mydomain']})]
2018-02-27 10:02:42 INFO Sender (bawon@mydomain) is allowed by access policy of mailing list: allowedonly.
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG --> Apply plugin: amavisd_wblist
2018-02-27 10:02:42 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-02-27 10:02:42 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-02-27 10:02:42 DEBUG result: []
2018-02-27 10:02:42 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-02-27 10:02:42 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-02-27 10:02:42 DEBUG result: []
2018-02-27 10:02:42 DEBUG Possible policy senders: ['bawon@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1']
2018-02-27 10:02:42 DEBUG Possible policy recipients: ['grouptest@mydomain', '@mydomain', '@.', '@.mydomain']
2018-02-27 10:02:42 DEBUG Apply wblist for outbound message.
2018-02-27 10:02:42 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-02-27 10:02:42 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-02-27 10:02:42 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain')
           ORDER BY priority DESC
2018-02-27 10:02:42 DEBUG No record found in SQL database.
2018-02-27 10:02:42 DEBUG [SQL] Query CIDR network:
SELECT id, email
               FROM mailaddr
              WHERE email LIKE '127.%%'
           ORDER BY priority DESC
2018-02-27 10:02:42 DEBUG No valid sender id or recipient id.
2018-02-27 10:02:42 DEBUG Apply wblist for inbound message.
2018-02-27 10:02:42 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain')
           ORDER BY priority DESC
2018-02-27 10:02:42 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-02-27 10:02:42 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-02-27 10:02:42 DEBUG No record found in SQL database.
2018-02-27 10:02:42 DEBUG No valid sender id or recipient id.
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG Session ended.
2018-02-27 10:02:42 INFO [127.0.0.1] RCPT, bawon@mydomain => grouptest@mydomain, DUNNO [sasl_username=bawon@mydomain, sender=bawon@mydomain, client_name=mx3.mydomain, reverse_client_name=mx3.mydomain, helo=_, encryption_protocol=TLSv1, process_time=0.0143s]
2018-02-27 10:02:42 DEBUG Close LDAP connection.
2018-02-27 10:02:42 DEBUG smtp session: request=smtpd_access_policy
2018-02-27 10:02:42 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2018-02-27 10:02:42 DEBUG smtp session: protocol_name=ESMTP
2018-02-27 10:02:42 DEBUG smtp session: client_address=127.0.0.1
2018-02-27 10:02:42 DEBUG smtp session: client_name=mx3.mydomain
2018-02-27 10:02:42 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-02-27 10:02:42 DEBUG smtp session: helo_name=_
2018-02-27 10:02:42 DEBUG smtp session: sender=bawon@mydomain
2018-02-27 10:02:42 DEBUG smtp session: recipient=grouptest@mydomain
2018-02-27 10:02:42 DEBUG smtp session: recipient_count=1
2018-02-27 10:02:42 DEBUG smtp session: queue_id=0E786D74AD
2018-02-27 10:02:42 DEBUG smtp session: instance=51a6.5a94ca52.98e4.0
2018-02-27 10:02:42 DEBUG smtp session: size=351
2018-02-27 10:02:42 DEBUG smtp session: etrn_domain=
2018-02-27 10:02:42 DEBUG smtp session: stress=
2018-02-27 10:02:42 DEBUG smtp session: sasl_method=LOGIN
2018-02-27 10:02:42 DEBUG smtp session: sasl_username=bawon@mydomain
2018-02-27 10:02:42 DEBUG smtp session: sasl_sender=
2018-02-27 10:02:42 DEBUG smtp session: ccert_subject=
2018-02-27 10:02:42 DEBUG smtp session: ccert_issuer=
2018-02-27 10:02:42 DEBUG smtp session: ccert_fingerprint=
2018-02-27 10:02:42 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-02-27 10:02:42 DEBUG smtp session: encryption_protocol=TLSv1
2018-02-27 10:02:42 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-02-27 10:02:42 DEBUG smtp session: encryption_keysize=256
2018-02-27 10:02:42 DEBUG LDAP connection initialied success.
2018-02-27 10:02:42 DEBUG LDAP bind success.
2018-02-27 10:02:42 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2018-02-27 10:02:42 DEBUG Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
2018-02-27 10:02:42 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2018-02-27 10:02:42 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2018-02-27 10:02:42 DEBUG --> Apply plugin: throttle
2018-02-27 10:02:42 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2018-02-27 10:02:42 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2018-02-27 10:02:42 DEBUG Session ended.
2018-02-27 10:02:42 INFO [127.0.0.1] END-OF-MESSAGE, bawon@mydomain => grouptest@mydomain, DUNNO [recipient_count=1, size=351, process_time=0.0029s]
2018-02-27 10:02:42 DEBUG Close LDAP connection.

log,sending from members (non moderators):
2018-02-27 10:04:04 DEBUG smtp session: request=smtpd_access_policy
2018-02-27 10:04:04 DEBUG smtp session: protocol_state=RCPT
2018-02-27 10:04:04 DEBUG smtp session: protocol_name=ESMTP
2018-02-27 10:04:04 DEBUG smtp session: client_address=127.0.0.1
2018-02-27 10:04:04 DEBUG smtp session: client_name=mx3.mydomain
2018-02-27 10:04:04 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-02-27 10:04:04 DEBUG smtp session: helo_name=_
2018-02-27 10:04:04 DEBUG smtp session: sender=bawon@mydomain
2018-02-27 10:04:04 DEBUG smtp session: recipient=grouptest@mydomain
2018-02-27 10:04:04 DEBUG smtp session: recipient_count=0
2018-02-27 10:04:04 DEBUG smtp session: queue_id=
2018-02-27 10:04:04 DEBUG smtp session: instance=51a6.5a94caa4.5fa6b.0
2018-02-27 10:04:04 DEBUG smtp session: size=0
2018-02-27 10:04:04 DEBUG smtp session: etrn_domain=
2018-02-27 10:04:04 DEBUG smtp session: stress=
2018-02-27 10:04:04 DEBUG smtp session: sasl_method=LOGIN
2018-02-27 10:04:04 DEBUG smtp session: sasl_username=bawon@mydomain
2018-02-27 10:04:04 DEBUG smtp session: sasl_sender=
2018-02-27 10:04:04 DEBUG smtp session: ccert_subject=
2018-02-27 10:04:04 DEBUG smtp session: ccert_issuer=
2018-02-27 10:04:04 DEBUG smtp session: ccert_fingerprint=
2018-02-27 10:04:04 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-02-27 10:04:04 DEBUG smtp session: encryption_protocol=TLSv1
2018-02-27 10:04:04 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-02-27 10:04:04 DEBUG smtp session: encryption_keysize=256
2018-02-27 10:04:04 DEBUG LDAP connection initialied success.
2018-02-27 10:04:04 DEBUG LDAP bind success.
2018-02-27 10:04:04 DEBUG --> Apply plugin: reject_null_sender
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG --> Apply plugin: wblist_rdns
2018-02-27 10:04:04 DEBUG Found SASL username, bypass rDNS check for outbound.
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG --> Apply plugin: reject_sender_login_mismatch
2018-02-27 10:04:04 DEBUG Sender: bawon@mydomain, SASL username: bawon@mydomain
2018-02-27 10:04:04 DEBUG SKIP: sender == sasl username.
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG --> Apply plugin: greylisting
2018-02-27 10:04:04 DEBUG Found SASL username, bypass greylisting for outbound email.
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG --> Apply plugin: throttle
2018-02-27 10:04:04 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG [+] Getting LDIF data of account: grouptest@mydomain
2018-02-27 10:04:04 DEBUG search base dn: o=domains,dc=mydomain
2018-02-27 10:04:04 DEBUG search scope: SUBTREE
2018-02-27 10:04:04 DEBUG search filter: (&(!(domainStatus=disabled))(|(mail=grouptest@mydomain)(shadowAddress=grouptest@mydomain))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2018-02-27 10:04:04 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy', 'enabledService']
2018-02-27 10:04:04 DEBUG result: [('mail=grouptest@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'objectClass': ['mailList'], 'accessPolicy': ['allowedonly'], 'listAllowedUser': ['mamat@mydomain'], 'enabledService': ['mail', 'deliver']})]
2018-02-27 10:04:04 DEBUG --> Apply plugin: ldap_maillist_access_policy
2018-02-27 10:04:04 DEBUG Access policy of mailing list (grouptest@mydomain): allowedonly
2018-02-27 10:04:04 DEBUG Primary and all alias domain names of recipient domain (mydomain): mydomain
2018-02-27 10:04:04 DEBUG Sender domain and sub-domains: mydomain, .mydomain
2018-02-27 10:04:04 DEBUG Sender is not explicitly allowed, perform extra LDAP query to check access.
2018-02-27 10:04:04 DEBUG search base dn: domainName=mydomain,o=domains,dc=mydomain
2018-02-27 10:04:04 DEBUG search scope: SUBTREE
2018-02-27 10:04:04 DEBUG search filter: (|(&(memberOfGroup=grouptest@mydomain)(|(objectClass=mailUser)(objectClass=mailExternalUser)))(&(objectclass=mailList)(mail=grouptest@mydomain)))
2018-02-27 10:04:04 DEBUG search attributes: mail, shadowAddress, listAllowedUser
2018-02-27 10:04:04 DEBUG search result: [('mail=grouptest@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'mail': ['grouptest@mydomain'], 'listAllowedUser': ['mamat@mydomain']}), ('mail=bawon@mydomain,ou=Users,domainName=mydomain,o=domains,dc=mydomain', {'mail': ['bawon@mydomain']})]
2018-02-27 10:04:04 INFO Sender (bawon@mydomain) is allowed by access policy of mailing list: allowedonly.
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG --> Apply plugin: amavisd_wblist
2018-02-27 10:04:04 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-02-27 10:04:04 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-02-27 10:04:04 DEBUG result: []
2018-02-27 10:04:04 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-02-27 10:04:04 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-02-27 10:04:04 DEBUG result: []
2018-02-27 10:04:04 DEBUG Possible policy senders: ['bawon@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1']
2018-02-27 10:04:04 DEBUG Possible policy recipients: ['grouptest@mydomain', '@mydomain', '@.', '@.mydomain']
2018-02-27 10:04:04 DEBUG Apply wblist for outbound message.
2018-02-27 10:04:04 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-02-27 10:04:04 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-02-27 10:04:04 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain')
           ORDER BY priority DESC
2018-02-27 10:04:04 DEBUG No record found in SQL database.
2018-02-27 10:04:04 DEBUG [SQL] Query CIDR network:
SELECT id, email
               FROM mailaddr
              WHERE email LIKE '127.%%'
           ORDER BY priority DESC
2018-02-27 10:04:04 DEBUG No valid sender id or recipient id.
2018-02-27 10:04:04 DEBUG Apply wblist for inbound message.
2018-02-27 10:04:04 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain')
           ORDER BY priority DESC
2018-02-27 10:04:04 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-02-27 10:04:04 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-02-27 10:04:04 DEBUG No record found in SQL database.
2018-02-27 10:04:04 DEBUG No valid sender id or recipient id.
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG Session ended.
2018-02-27 10:04:04 INFO [127.0.0.1] RCPT, bawon@mydomain => grouptest@mydomain, DUNNO [sasl_username=bawon@mydomain, sender=bawon@mydomain, client_name=mx3.mydomain, reverse_client_name=mx3.mydomain, helo=_, encryption_protocol=TLSv1, process_time=0.0177s]
2018-02-27 10:04:04 DEBUG Close LDAP connection.
2018-02-27 10:04:04 DEBUG smtp session: request=smtpd_access_policy
2018-02-27 10:04:04 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2018-02-27 10:04:04 DEBUG smtp session: protocol_name=ESMTP
2018-02-27 10:04:04 DEBUG smtp session: client_address=127.0.0.1
2018-02-27 10:04:04 DEBUG smtp session: client_name=mx3.mydomain
2018-02-27 10:04:04 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-02-27 10:04:04 DEBUG smtp session: helo_name=_
2018-02-27 10:04:04 DEBUG smtp session: sender=bawon@mydomain
2018-02-27 10:04:04 DEBUG smtp session: recipient=grouptest@mydomain
2018-02-27 10:04:04 DEBUG smtp session: recipient_count=1
2018-02-27 10:04:04 DEBUG smtp session: queue_id=6555FD74AD
2018-02-27 10:04:04 DEBUG smtp session: instance=51a6.5a94caa4.5fa6b.0
2018-02-27 10:04:04 DEBUG smtp session: size=355
2018-02-27 10:04:04 DEBUG smtp session: etrn_domain=
2018-02-27 10:04:04 DEBUG smtp session: stress=
2018-02-27 10:04:04 DEBUG smtp session: sasl_method=LOGIN
2018-02-27 10:04:04 DEBUG smtp session: sasl_username=bawon@mydomain
2018-02-27 10:04:04 DEBUG smtp session: sasl_sender=
2018-02-27 10:04:04 DEBUG smtp session: ccert_subject=
2018-02-27 10:04:04 DEBUG smtp session: ccert_issuer=
2018-02-27 10:04:04 DEBUG smtp session: ccert_fingerprint=
2018-02-27 10:04:04 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-02-27 10:04:04 DEBUG smtp session: encryption_protocol=TLSv1
2018-02-27 10:04:04 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-02-27 10:04:04 DEBUG smtp session: encryption_keysize=256
2018-02-27 10:04:04 DEBUG LDAP connection initialied success.
2018-02-27 10:04:04 DEBUG LDAP bind success.
2018-02-27 10:04:04 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2018-02-27 10:04:04 DEBUG Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
2018-02-27 10:04:04 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2018-02-27 10:04:04 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2018-02-27 10:04:04 DEBUG --> Apply plugin: throttle
2018-02-27 10:04:04 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2018-02-27 10:04:04 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2018-02-27 10:04:04 DEBUG Session ended.
2018-02-27 10:04:04 INFO [127.0.0.1] END-OF-MESSAGE, bawon@mydomain => grouptest@mydomain, DUNNO [recipient_count=1, size=355, process_time=0.0027s]
2018-02-27 10:04:04 DEBUG Close LDAP connection.

cd /opt/iRedAPD-2.2/plugins/
wget https://bitbucket.org/zhb/iredapd/raw/8 … _policy.py
chmod +x ldap_maillist_access_policy.py
systemctl restart iredapd

log:
2018-03-02 17:41:16 DEBUG smtp session: request=smtpd_access_policy
2018-03-02 17:41:16 DEBUG smtp session: protocol_state=RCPT
2018-03-02 17:41:16 DEBUG smtp session: protocol_name=ESMTP
2018-03-02 17:41:16 DEBUG smtp session: client_address=127.0.0.1
2018-03-02 17:41:16 DEBUG smtp session: client_name=mx3.mydomain
2018-03-02 17:41:16 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-03-02 17:41:16 DEBUG smtp session: helo_name=_
2018-03-02 17:41:16 DEBUG smtp session: sender=bawon@mydomain
2018-03-02 17:41:16 DEBUG smtp session: recipient=tes@mydomain
2018-03-02 17:41:16 DEBUG smtp session: recipient_count=0
2018-03-02 17:41:16 DEBUG smtp session: queue_id=
2018-03-02 17:41:16 DEBUG smtp session: instance=a67.5a992a4c.d6b80.0
2018-03-02 17:41:16 DEBUG smtp session: size=0
2018-03-02 17:41:16 DEBUG smtp session: etrn_domain=
2018-03-02 17:41:16 DEBUG smtp session: stress=
2018-03-02 17:41:16 DEBUG smtp session: sasl_method=LOGIN
2018-03-02 17:41:16 DEBUG smtp session: sasl_username=bawon@mydomain
2018-03-02 17:41:16 DEBUG smtp session: sasl_sender=
2018-03-02 17:41:16 DEBUG smtp session: ccert_subject=
2018-03-02 17:41:16 DEBUG smtp session: ccert_issuer=
2018-03-02 17:41:16 DEBUG smtp session: ccert_fingerprint=
2018-03-02 17:41:16 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-03-02 17:41:16 DEBUG smtp session: encryption_protocol=TLSv1
2018-03-02 17:41:16 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-03-02 17:41:16 DEBUG smtp session: encryption_keysize=256
2018-03-02 17:41:16 DEBUG LDAP connection initialied success.
2018-03-02 17:41:16 DEBUG LDAP bind success.
2018-03-02 17:41:16 DEBUG --> Apply plugin: reject_null_sender
2018-03-02 17:41:16 DEBUG <-- Result: DUNNO
2018-03-02 17:41:16 DEBUG --> Apply plugin: wblist_rdns
2018-03-02 17:41:16 DEBUG Found SASL username, bypass rDNS check for outbound.
2018-03-02 17:41:16 DEBUG <-- Result: DUNNO
2018-03-02 17:41:16 DEBUG --> Apply plugin: reject_sender_login_mismatch
2018-03-02 17:41:16 DEBUG Sender: bawon@mydomain, SASL username: bawon@mydomain
2018-03-02 17:41:16 DEBUG SKIP: sender == sasl username.
2018-03-02 17:41:16 DEBUG <-- Result: DUNNO
2018-03-02 17:41:16 DEBUG --> Apply plugin: greylisting
2018-03-02 17:41:16 DEBUG Found SASL username, bypass greylisting for outbound email.
2018-03-02 17:41:16 DEBUG <-- Result: DUNNO
2018-03-02 17:41:16 DEBUG --> Apply plugin: throttle
2018-03-02 17:41:16 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-03-02 17:41:16 DEBUG <-- Result: DUNNO
2018-03-02 17:41:16 DEBUG [+] Getting LDIF data of account: tes@mydomain
2018-03-02 17:41:16 DEBUG search base dn: o=domains,dc=mydomain
2018-03-02 17:41:16 DEBUG search scope: SUBTREE
2018-03-02 17:41:16 DEBUG search filter: (&(!(domainStatus=disabled))(|(mail=tes@mydomain)(shadowAddress=tes@mydomain))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2018-03-02 17:41:16 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy', 'enabledService']
2018-03-02 17:41:16 DEBUG result: [('mail=tes@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'objectClass': ['mailList'], 'accessPolicy': ['allowedonly'], 'listAllowedUser': ['mamat@mydomain'], 'enabledService': ['mail', 'deliver', 'displayedInGlobalAddressBook']})]
2018-03-02 17:41:16 DEBUG --> Apply plugin: ldap_maillist_access_policy
2018-03-02 17:41:16 DEBUG Access policy of mailing list (tes@mydomain): allowedonly
2018-03-02 17:41:16 DEBUG Primary and all alias domain names of recipient domain (mydomain): mydomain
2018-03-02 17:41:16 DEBUG Sender domain and sub-domains: mydomain, .mydomain, .co.id
2018-03-02 17:41:16 DEBUG Sender is not explicitly allowed, perform extra LDAP query to check access.
2018-03-02 17:41:16 DEBUG Allowed users: mamat@mydomain
2018-03-02 17:41:16 DEBUG Allowed domains:
2018-03-02 17:41:16 DEBUG [+] Getting per-account alias addresses of allowed senders.
2018-03-02 17:41:16 DEBUG base dn: ou=Users,domainName=mydomain,o=domains,dc=mydomain
2018-03-02 17:41:16 DEBUG search scope: ONELEVEL
2018-03-02 17:41:16 DEBUG search filter: (&(objectClass=mailUser)(enabledService=shadowaddress)(|(mail=mamat@mydomain)(shadowAddress=mamat@mydomain)))
2018-03-02 17:41:16 ERROR <!> Error while applying plugin "ldap_maillist_access_policy": ['Traceback (most recent call last):\n', '  File "/opt/iRedAPD-2.2/libs/utils.py", line 105, in apply_plugin\n', '  File "/opt/iredapd/plugins/ldap_maillist_access_policy.py", line 220, in restriction\n', "UnboundLocalError: local variable 'search_attrs' referenced before assignment\n"]
2018-03-02 17:41:16 DEBUG --> Apply plugin: amavisd_wblist
2018-03-02 17:41:16 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-03-02 17:41:16 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-03-02 17:41:16 DEBUG result: []
2018-03-02 17:41:16 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-03-02 17:41:16 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-03-02 17:41:16 DEBUG result: []
2018-03-02 17:41:16 DEBUG Possible policy senders: ['bawon@mydomain', '@mydomain', '@.', '@.mydomain', '@.co.id', '@.id', '127.0.0.1', '127.0.0.*', '127.0.*.1']
2018-03-02 17:41:16 DEBUG Possible policy recipients: ['tes@mydomain', '@mydomain', '@.', '@.mydomain', '@.co.id', '@.id']
2018-03-02 17:41:16 DEBUG Apply wblist for outbound message.
2018-03-02 17:41:16 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '@.co.id', '@.id', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-03-02 17:41:16 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-03-02 17:41:16 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('tes@mydomain', '@mydomain', '@.', '@.mydomain', '@.co.id', '@.id')
           ORDER BY priority DESC
2018-03-02 17:41:16 DEBUG No record found in SQL database.
2018-03-02 17:41:16 DEBUG [SQL] Query CIDR network:
SELECT id, email
               FROM mailaddr
              WHERE email LIKE '127.%%'
           ORDER BY priority DESC
2018-03-02 17:41:16 DEBUG No valid sender id or recipient id.
2018-03-02 17:41:16 DEBUG Apply wblist for inbound message.
2018-03-02 17:41:16 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('tes@mydomain', '@mydomain', '@.', '@.mydomain', '@.co.id', '@.id')
           ORDER BY priority DESC
2018-03-02 17:41:16 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-03-02 17:41:16 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '@.co.id', '@.id', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-03-02 17:41:16 DEBUG No record found in SQL database.
2018-03-02 17:41:16 DEBUG No valid sender id or recipient id.
2018-03-02 17:41:16 DEBUG <-- Result: DUNNO
2018-03-02 17:41:16 DEBUG Session ended.
2018-03-02 17:41:16 INFO [127.0.0.1] RCPT, bawon@mydomain => tes@mydomain, DUNNO [sasl_username=bawon@mydomain, sender=bawon@mydomain, client_name=mx3.mydomain, reverse_client_name=mx3.mydomain, helo=_, encryption_protocol=TLSv1, process_time=0.0153s]
2018-03-02 17:41:16 DEBUG Close LDAP connection.
2018-03-02 17:41:16 DEBUG smtp session: request=smtpd_access_policy
2018-03-02 17:41:16 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2018-03-02 17:41:16 DEBUG smtp session: protocol_name=ESMTP
2018-03-02 17:41:16 DEBUG smtp session: client_address=127.0.0.1
2018-03-02 17:41:16 DEBUG smtp session: client_name=mx3.mydomain
2018-03-02 17:41:16 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-03-02 17:41:16 DEBUG smtp session: helo_name=_
2018-03-02 17:41:16 DEBUG smtp session: sender=bawon@mydomain
2018-03-02 17:41:16 DEBUG smtp session: recipient=tes@mydomain
2018-03-02 17:41:16 DEBUG smtp session: recipient_count=1
2018-03-02 17:41:16 DEBUG smtp session: queue_id=DC195D7483
2018-03-02 17:41:16 DEBUG smtp session: instance=a67.5a992a4c.d6b80.0
2018-03-02 17:41:16 DEBUG smtp session: size=355
2018-03-02 17:41:16 DEBUG smtp session: etrn_domain=
2018-03-02 17:41:16 DEBUG smtp session: stress=
2018-03-02 17:41:16 DEBUG smtp session: sasl_method=LOGIN
2018-03-02 17:41:16 DEBUG smtp session: sasl_username=bawon@mydomain
2018-03-02 17:41:16 DEBUG smtp session: sasl_sender=
2018-03-02 17:41:16 DEBUG smtp session: ccert_subject=
2018-03-02 17:41:16 DEBUG smtp session: ccert_issuer=
2018-03-02 17:41:16 DEBUG smtp session: ccert_fingerprint=
2018-03-02 17:41:16 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-03-02 17:41:16 DEBUG smtp session: encryption_protocol=TLSv1
2018-03-02 17:41:16 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-03-02 17:41:16 DEBUG smtp session: encryption_keysize=256
2018-03-02 17:41:16 DEBUG LDAP connection initialied success.
2018-03-02 17:41:16 DEBUG LDAP bind success.
2018-03-02 17:41:16 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2018-03-02 17:41:16 DEBUG Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
2018-03-02 17:41:16 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2018-03-02 17:41:16 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2018-03-02 17:41:16 DEBUG --> Apply plugin: throttle
2018-03-02 17:41:16 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-03-02 17:41:16 DEBUG <-- Result: DUNNO
2018-03-02 17:41:16 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2018-03-02 17:41:16 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2018-03-02 17:41:16 DEBUG Session ended.
2018-03-02 17:41:16 INFO [127.0.0.1] END-OF-MESSAGE, bawon@mydomain => tes@mydomain, DUNNO [recipient_count=1, size=355, process_time=0.0031s]
2018-03-02 17:41:16 DEBUG Close LDAP connection.

[root@mx3 plugins]# mv ldap_maillist_access_policy.py ldap_maillist_access_policy.py_DEFAULT
[root@mx3 plugins]# wget https://bitbucket.org/zhb/iredapd/raw/8 … _policy.py
[root@mx3 plugins]# chmod +x ldap_maillist_access_policy.py
[root@mx3 plugins]# systemctl restart iredapd
[root@mx3 plugins]# ls -la

Logs :
2018-03-07 11:46:06 DEBUG smtp session: request=smtpd_access_policy
2018-03-07 11:46:06 DEBUG smtp session: protocol_state=RCPT
2018-03-07 11:46:06 DEBUG smtp session: protocol_name=ESMTP
2018-03-07 11:46:06 DEBUG smtp session: client_address=127.0.0.1
2018-03-07 11:46:06 DEBUG smtp session: client_name=mx3.mydomain
2018-03-07 11:46:06 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-03-07 11:46:06 DEBUG smtp session: helo_name=_
2018-03-07 11:46:06 DEBUG smtp session: sender=bawon@mydomain
2018-03-07 11:46:06 DEBUG smtp session: recipient=grouptest@mydomain
2018-03-07 11:46:06 DEBUG smtp session: recipient_count=0
2018-03-07 11:46:06 DEBUG smtp session: queue_id=
2018-03-07 11:46:06 DEBUG smtp session: instance=646a.5a9f6e8e.7a499.0
2018-03-07 11:46:06 DEBUG smtp session: size=0
2018-03-07 11:46:06 DEBUG smtp session: etrn_domain=
2018-03-07 11:46:06 DEBUG smtp session: stress=
2018-03-07 11:46:06 DEBUG smtp session: sasl_method=LOGIN
2018-03-07 11:46:06 DEBUG smtp session: sasl_username=bawon@mydomain
2018-03-07 11:46:06 DEBUG smtp session: sasl_sender=
2018-03-07 11:46:06 DEBUG smtp session: ccert_subject=
2018-03-07 11:46:06 DEBUG smtp session: ccert_issuer=
2018-03-07 11:46:06 DEBUG smtp session: ccert_fingerprint=
2018-03-07 11:46:06 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-03-07 11:46:06 DEBUG smtp session: encryption_protocol=TLSv1
2018-03-07 11:46:06 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-03-07 11:46:06 DEBUG smtp session: encryption_keysize=256
2018-03-07 11:46:06 DEBUG LDAP connection initialied success.
2018-03-07 11:46:06 DEBUG LDAP bind success.
2018-03-07 11:46:06 DEBUG --> Apply plugin: reject_null_sender
2018-03-07 11:46:06 DEBUG <-- Result: DUNNO
2018-03-07 11:46:06 DEBUG --> Apply plugin: wblist_rdns
2018-03-07 11:46:06 DEBUG Found SASL username, bypass rDNS check for outbound.
2018-03-07 11:46:06 DEBUG <-- Result: DUNNO
2018-03-07 11:46:06 DEBUG --> Apply plugin: reject_sender_login_mismatch
2018-03-07 11:46:06 DEBUG Sender: bawon@mydomain, SASL username: bawon@mydomain
2018-03-07 11:46:06 DEBUG SKIP: sender == sasl username.
2018-03-07 11:46:06 DEBUG <-- Result: DUNNO
2018-03-07 11:46:06 DEBUG --> Apply plugin: greylisting
2018-03-07 11:46:06 DEBUG Found SASL username, bypass greylisting for outbound email.
2018-03-07 11:46:06 DEBUG <-- Result: DUNNO
2018-03-07 11:46:06 DEBUG --> Apply plugin: throttle
2018-03-07 11:46:06 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-03-07 11:46:06 DEBUG <-- Result: DUNNO
2018-03-07 11:46:06 DEBUG [+] Getting LDIF data of account: grouptest@mydomain
2018-03-07 11:46:06 DEBUG search base dn: o=domains,dc=mydomain
2018-03-07 11:46:06 DEBUG search scope: SUBTREE
2018-03-07 11:46:06 DEBUG search filter: (&(!(domainStatus=disabled))(|(mail=grouptest@mydomain)(shadowAddress=grouptest@mydomain))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2018-03-07 11:46:06 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy', 'enabledService']
2018-03-07 11:46:06 DEBUG result: [('mail=grouptest@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'objectClass': ['mailList'], 'accessPolicy': ['allowedonly'], 'listAllowedUser': ['mamat@mydomain'], 'enabledService': ['mail', 'deliver', 'displayedInGlobalAddressBook']})]
2018-03-07 11:46:06 DEBUG --> Apply plugin: ldap_maillist_access_policy
2018-03-07 11:46:06 DEBUG Access policy of mailing list (grouptest@mydomain): allowedonly
2018-03-07 11:46:06 DEBUG Primary and all alias domain names of recipient domain (mydomain): mydomain
2018-03-07 11:46:06 DEBUG Sender domain and sub-domains: mydomain, .mydomain, .co.id
2018-03-07 11:46:06 DEBUG Sender is not explicitly allowed, perform extra LDAP query to check access.
2018-03-07 11:46:06 DEBUG Allowed users: mamat@mydomain
2018-03-07 11:46:06 DEBUG Allowed domains:
2018-03-07 11:46:06 DEBUG [+] Getting per-account alias addresses of allowed senders.
2018-03-07 11:46:06 DEBUG base dn: ou=Users,domainName=mydomain,o=domains,dc=mydomain
2018-03-07 11:46:06 DEBUG search scope: ONELEVEL
2018-03-07 11:46:06 DEBUG search filter: (&(objectClass=mailUser)(enabledService=shadowaddress)(|(mail=mamat@mydomain)(shadowAddress=mamat@mydomain)))
2018-03-07 11:46:06 ERROR <!> Error while applying plugin "ldap_maillist_access_policy": ['Traceback (most recent call last):\n', '  File "/opt/iRedAPD-2.2/libs/utils.py", line 105, in apply_plugin\n', '  File "/opt/iredapd/plugins/ldap_maillist_access_policy.py", line 220, in restriction\n', "UnboundLocalError: local variable 'search_attrs' referenced before assignment\n"]
2018-03-07 11:46:06 DEBUG --> Apply plugin: amavisd_wblist
2018-03-07 11:46:06 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-03-07 11:46:06 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-03-07 11:46:06 DEBUG result: []
2018-03-07 11:46:06 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-03-07 11:46:06 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-03-07 11:46:06 DEBUG result: []
2018-03-07 11:46:06 DEBUG Possible policy senders: ['bawon@mydomain', '@mydomain', '@.', '@.mydomain', '@.id', '127.0.0.1', '127.0.0.*', '127.0.*.1']
2018-03-07 11:46:06 DEBUG Possible policy recipients: ['grouptest@mydomain', '@mydomain', '@.', '@.mydomain', '@.id']
2018-03-07 11:46:06 DEBUG Apply wblist for outbound message.
2018-03-07 11:46:06 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '@.id', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-03-07 11:46:06 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-03-07 11:46:06 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain', '@.id')
           ORDER BY priority DESC
2018-03-07 11:46:06 DEBUG No record found in SQL database.
2018-03-07 11:46:06 DEBUG [SQL] Query CIDR network:
SELECT id, email
               FROM mailaddr
              WHERE email LIKE '127.%%'
           ORDER BY priority DESC
2018-03-07 11:46:06 DEBUG No valid sender id or recipient id.
2018-03-07 11:46:06 DEBUG Apply wblist for inbound message.
2018-03-07 11:46:06 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain', '@.id')
           ORDER BY priority DESC
2018-03-07 11:46:06 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-03-07 11:46:06 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '@.id', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-03-07 11:46:06 DEBUG No record found in SQL database.
2018-03-07 11:46:06 DEBUG No valid sender id or recipient id.
2018-03-07 11:46:06 DEBUG <-- Result: DUNNO
2018-03-07 11:46:06 DEBUG Session ended.
2018-03-07 11:46:06 INFO [127.0.0.1] RCPT, bawon@mydomain => grouptest@mydomain, DUNNO [sasl_username=bawon@mydomain, sender=bawon@mydomain, client_name=mx3.mydomain, reverse_client_name=mx3.mydomain, helo=_, encryption_protocol=TLSv1, process_time=0.0190s]
2018-03-07 11:46:06 DEBUG Close LDAP connection.
2018-03-07 11:46:06 DEBUG smtp session: request=smtpd_access_policy
2018-03-07 11:46:06 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2018-03-07 11:46:06 DEBUG smtp session: protocol_name=ESMTP
2018-03-07 11:46:06 DEBUG smtp session: client_address=127.0.0.1
2018-03-07 11:46:06 DEBUG smtp session: client_name=mx3.mydomain
2018-03-07 11:46:06 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-03-07 11:46:06 DEBUG smtp session: helo_name=_
2018-03-07 11:46:06 DEBUG smtp session: sender=bawon@mydomain
2018-03-07 11:46:06 DEBUG smtp session: recipient=grouptest@mydomain
2018-03-07 11:46:06 DEBUG smtp session: recipient_count=1
2018-03-07 11:46:06 DEBUG smtp session: queue_id=8126490159
2018-03-07 11:46:06 DEBUG smtp session: instance=646a.5a9f6e8e.7a499.0
2018-03-07 11:46:06 DEBUG smtp session: size=371
2018-03-07 11:46:06 DEBUG smtp session: etrn_domain=
2018-03-07 11:46:06 DEBUG smtp session: stress=
2018-03-07 11:46:06 DEBUG smtp session: sasl_method=LOGIN
2018-03-07 11:46:06 DEBUG smtp session: sasl_username=bawon@mydomain
2018-03-07 11:46:06 DEBUG smtp session: sasl_sender=
2018-03-07 11:46:06 DEBUG smtp session: ccert_subject=
2018-03-07 11:46:06 DEBUG smtp session: ccert_issuer=
2018-03-07 11:46:06 DEBUG smtp session: ccert_fingerprint=
2018-03-07 11:46:06 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-03-07 11:46:06 DEBUG smtp session: encryption_protocol=TLSv1
2018-03-07 11:46:06 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-03-07 11:46:06 DEBUG smtp session: encryption_keysize=256
2018-03-07 11:46:06 DEBUG LDAP connection initialied success.
2018-03-07 11:46:06 DEBUG LDAP bind success.
2018-03-07 11:46:06 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2018-03-07 11:46:06 DEBUG Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
2018-03-07 11:46:06 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2018-03-07 11:46:06 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2018-03-07 11:46:06 DEBUG --> Apply plugin: throttle
2018-03-07 11:46:06 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-03-07 11:46:06 DEBUG <-- Result: DUNNO
2018-03-07 11:46:06 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2018-03-07 11:46:06 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2018-03-07 11:46:06 DEBUG Session ended.
2018-03-07 11:46:06 INFO [127.0.0.1] END-OF-MESSAGE, bawon@mydomain => grouptest@mydomain, DUNNO [recipient_count=1, size=371, process_time=0.0041s]
2018-03-07 11:46:06 DEBUG Close LDAP connection.

Logs:
2018-03-07 16:32:23 DEBUG smtp session: request=smtpd_access_policy
2018-03-07 16:32:23 DEBUG smtp session: protocol_state=RCPT
2018-03-07 16:32:23 DEBUG smtp session: protocol_name=ESMTP
2018-03-07 16:32:23 DEBUG smtp session: client_address=127.0.0.1
2018-03-07 16:32:23 DEBUG smtp session: client_name=mx3.mydomain
2018-03-07 16:32:23 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-03-07 16:32:23 DEBUG smtp session: helo_name=_
2018-03-07 16:32:23 DEBUG smtp session: sender=mamat@mydomain
2018-03-07 16:32:23 DEBUG smtp session: recipient=grouptest@mydomain
2018-03-07 16:32:23 DEBUG smtp session: recipient_count=0
2018-03-07 16:32:23 DEBUG smtp session: queue_id=
2018-03-07 16:32:23 DEBUG smtp session: instance=6a09.5a9fb1a7.1eb76.0
2018-03-07 16:32:23 DEBUG smtp session: size=0
2018-03-07 16:32:23 DEBUG smtp session: etrn_domain=
2018-03-07 16:32:23 DEBUG smtp session: stress=
2018-03-07 16:32:23 DEBUG smtp session: sasl_method=LOGIN
2018-03-07 16:32:23 DEBUG smtp session: sasl_username=mamat@mydomain
2018-03-07 16:32:23 DEBUG smtp session: sasl_sender=
2018-03-07 16:32:23 DEBUG smtp session: ccert_subject=
2018-03-07 16:32:23 DEBUG smtp session: ccert_issuer=
2018-03-07 16:32:23 DEBUG smtp session: ccert_fingerprint=
2018-03-07 16:32:23 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-03-07 16:32:23 DEBUG smtp session: encryption_protocol=TLSv1
2018-03-07 16:32:23 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-03-07 16:32:23 DEBUG smtp session: encryption_keysize=256
2018-03-07 16:32:23 DEBUG LDAP connection initialied success.
2018-03-07 16:32:23 DEBUG LDAP bind success.
2018-03-07 16:32:23 DEBUG --> Apply plugin: reject_null_sender
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO
2018-03-07 16:32:23 DEBUG --> Apply plugin: wblist_rdns
2018-03-07 16:32:23 DEBUG Found SASL username, bypass rDNS check for outbound.
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO
2018-03-07 16:32:23 DEBUG --> Apply plugin: reject_sender_login_mismatch
2018-03-07 16:32:23 DEBUG Sender: mamat@mydomain, SASL username: mamat@mydomain
2018-03-07 16:32:23 DEBUG SKIP: sender == sasl username.
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO
2018-03-07 16:32:23 DEBUG --> Apply plugin: greylisting
2018-03-07 16:32:23 DEBUG Found SASL username, bypass greylisting for outbound email.
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO
2018-03-07 16:32:23 DEBUG --> Apply plugin: throttle
2018-03-07 16:32:23 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO
2018-03-07 16:32:23 DEBUG [+] Getting LDIF data of account: grouptest@mydomain
2018-03-07 16:32:23 DEBUG search base dn: o=domains,dc=mydomain
2018-03-07 16:32:23 DEBUG search scope: SUBTREE
2018-03-07 16:32:23 DEBUG search filter: (&(!(domainStatus=disabled))(|(mail=grouptest@mydomain)(shadowAddress=grouptest@mydomain))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2018-03-07 16:32:23 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy', 'enabledService']
2018-03-07 16:32:23 DEBUG result: [('mail=grouptest@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'objectClass': ['mailList'], 'accessPolicy': ['allowedonly'], 'listAllowedUser': ['mamat@mydomain'], 'enabledService': ['mail', 'deliver', 'displayedInGlobalAddressBook']})]
2018-03-07 16:32:23 DEBUG --> Apply plugin: ldap_maillist_access_policy
2018-03-07 16:32:23 DEBUG Access policy of mailing list (grouptest@mydomain): allowedonly
2018-03-07 16:32:23 DEBUG Primary and all alias domain names of recipient domain (mydomain): mydomain
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO  (Sender is allowed explicitly: mamat@mydomain)
2018-03-07 16:32:23 DEBUG --> Apply plugin: amavisd_wblist
2018-03-07 16:32:23 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-03-07 16:32:23 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-03-07 16:32:23 DEBUG result: []
2018-03-07 16:32:23 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-03-07 16:32:23 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-03-07 16:32:23 DEBUG result: []
2018-03-07 16:32:23 DEBUG Possible policy senders: ['mamat@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1']
2018-03-07 16:32:23 DEBUG Possible policy recipients: ['grouptest@mydomain', '@mydomain', '@.', '@.mydomain']
2018-03-07 16:32:23 DEBUG Apply wblist for outbound message.
2018-03-07 16:32:23 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('mamat@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-03-07 16:32:23 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-03-07 16:32:23 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain')
           ORDER BY priority DESC
2018-03-07 16:32:23 DEBUG No record found in SQL database.
2018-03-07 16:32:23 DEBUG [SQL] Query CIDR network:
SELECT id, email
               FROM mailaddr
              WHERE email LIKE '127.%%'
           ORDER BY priority DESC
2018-03-07 16:32:23 DEBUG No valid sender id or recipient id.
2018-03-07 16:32:23 DEBUG Apply wblist for inbound message.
2018-03-07 16:32:23 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain')
           ORDER BY priority DESC
2018-03-07 16:32:23 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-03-07 16:32:23 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('mamat@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-03-07 16:32:23 DEBUG No record found in SQL database.
2018-03-07 16:32:23 DEBUG No valid sender id or recipient id.
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO
2018-03-07 16:32:23 DEBUG Session ended.
2018-03-07 16:32:23 INFO [127.0.0.1] RCPT, mamat@mydomain => grouptest@mydomain, DUNNO [sasl_username=mamat@mydomain, sender=mamat@mydomain, client_name=mx3.mydomain, reverse_client_name=mx3.mydomain, helo=_, encryption_protocol=TLSv1, process_time=0.0191s]
2018-03-07 16:32:23 DEBUG Close LDAP connection.
2018-03-07 16:32:23 DEBUG smtp session: request=smtpd_access_policy
2018-03-07 16:32:23 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2018-03-07 16:32:23 DEBUG smtp session: protocol_name=ESMTP
2018-03-07 16:32:23 DEBUG smtp session: client_address=127.0.0.1
2018-03-07 16:32:23 DEBUG smtp session: client_name=mx3.mydomain
2018-03-07 16:32:23 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-03-07 16:32:23 DEBUG smtp session: helo_name=_
2018-03-07 16:32:23 DEBUG smtp session: sender=mamat@mydomain
2018-03-07 16:32:23 DEBUG smtp session: recipient=grouptest@mydomain
2018-03-07 16:32:23 DEBUG smtp session: recipient_count=1
2018-03-07 16:32:23 DEBUG smtp session: queue_id=3112190160
2018-03-07 16:32:23 DEBUG smtp session: instance=6a09.5a9fb1a7.1eb76.0
2018-03-07 16:32:23 DEBUG smtp session: size=373
2018-03-07 16:32:23 DEBUG smtp session: etrn_domain=
2018-03-07 16:32:23 DEBUG smtp session: stress=
2018-03-07 16:32:23 DEBUG smtp session: sasl_method=LOGIN
2018-03-07 16:32:23 DEBUG smtp session: sasl_username=mamat@mydomain
2018-03-07 16:32:23 DEBUG smtp session: sasl_sender=
2018-03-07 16:32:23 DEBUG smtp session: ccert_subject=
2018-03-07 16:32:23 DEBUG smtp session: ccert_issuer=
2018-03-07 16:32:23 DEBUG smtp session: ccert_fingerprint=
2018-03-07 16:32:23 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-03-07 16:32:23 DEBUG smtp session: encryption_protocol=TLSv1
2018-03-07 16:32:23 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-03-07 16:32:23 DEBUG smtp session: encryption_keysize=256
2018-03-07 16:32:23 DEBUG LDAP connection initialied success.
2018-03-07 16:32:23 DEBUG LDAP bind success.
2018-03-07 16:32:23 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2018-03-07 16:32:23 DEBUG Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
2018-03-07 16:32:23 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2018-03-07 16:32:23 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2018-03-07 16:32:23 DEBUG --> Apply plugin: throttle
2018-03-07 16:32:23 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO
2018-03-07 16:32:23 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2018-03-07 16:32:23 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2018-03-07 16:32:23 DEBUG Session ended.
2018-03-07 16:32:23 INFO [127.0.0.1] END-OF-MESSAGE, mamat@mydomain => grouptest@mydomain, DUNNO [recipient_count=1, size=373, process_time=0.0042s]
2018-03-07 16:32:23 DEBUG Close LDAP connection.

Logs:
2018-03-07 17:01:03 DEBUG smtp session: request=smtpd_access_policy
2018-03-07 17:01:03 DEBUG smtp session: protocol_state=RCPT
2018-03-07 17:01:03 DEBUG smtp session: protocol_name=ESMTP
2018-03-07 17:01:03 DEBUG smtp session: client_address=127.0.0.1
2018-03-07 17:01:03 DEBUG smtp session: client_name=mx3.mydomain
2018-03-07 17:01:03 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-03-07 17:01:03 DEBUG smtp session: helo_name=_
2018-03-07 17:01:03 DEBUG smtp session: sender=mamat@mydomain
2018-03-07 17:01:03 DEBUG smtp session: recipient=grouptest@mydomain
2018-03-07 17:01:03 DEBUG smtp session: recipient_count=0
2018-03-07 17:01:03 DEBUG smtp session: queue_id=
2018-03-07 17:01:03 DEBUG smtp session: instance=6a9b.5a9fb85f.29dce.0
2018-03-07 17:01:03 DEBUG smtp session: size=0
2018-03-07 17:01:03 DEBUG smtp session: etrn_domain=
2018-03-07 17:01:03 DEBUG smtp session: stress=
2018-03-07 17:01:03 DEBUG smtp session: sasl_method=LOGIN
2018-03-07 17:01:03 DEBUG smtp session: sasl_username=mamat@mydomain
2018-03-07 17:01:03 DEBUG smtp session: sasl_sender=
2018-03-07 17:01:03 DEBUG smtp session: ccert_subject=
2018-03-07 17:01:03 DEBUG smtp session: ccert_issuer=
2018-03-07 17:01:03 DEBUG smtp session: ccert_fingerprint=
2018-03-07 17:01:03 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-03-07 17:01:03 DEBUG smtp session: encryption_protocol=TLSv1
2018-03-07 17:01:03 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-03-07 17:01:03 DEBUG smtp session: encryption_keysize=256
2018-03-07 17:01:03 DEBUG LDAP connection initialied success.
2018-03-07 17:01:03 DEBUG LDAP bind success.
2018-03-07 17:01:03 DEBUG --> Apply plugin: reject_null_sender
2018-03-07 17:01:03 DEBUG <-- Result: DUNNO
2018-03-07 17:01:03 DEBUG --> Apply plugin: wblist_rdns
2018-03-07 17:01:03 DEBUG Found SASL username, bypass rDNS check for outbound.
2018-03-07 17:01:03 DEBUG <-- Result: DUNNO
2018-03-07 17:01:03 DEBUG --> Apply plugin: reject_sender_login_mismatch
2018-03-07 17:01:03 DEBUG Sender: mamat@mydomain, SASL username: mamat@mydomain
2018-03-07 17:01:03 DEBUG SKIP: sender == sasl username.
2018-03-07 17:01:03 DEBUG <-- Result: DUNNO
2018-03-07 17:01:03 DEBUG --> Apply plugin: greylisting
2018-03-07 17:01:03 DEBUG Found SASL username, bypass greylisting for outbound email.
2018-03-07 17:01:03 DEBUG <-- Result: DUNNO
2018-03-07 17:01:03 DEBUG --> Apply plugin: throttle
2018-03-07 17:01:03 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-03-07 17:01:03 DEBUG <-- Result: DUNNO
2018-03-07 17:01:03 DEBUG [+] Getting LDIF data of account: grouptest@mydomain
2018-03-07 17:01:03 DEBUG search base dn: o=domains,dc=mydomain
2018-03-07 17:01:03 DEBUG search scope: SUBTREE
2018-03-07 17:01:03 DEBUG search filter: (&(!(domainStatus=disabled))(|(mail=grouptest@mydomain)(shadowAddress=grouptest@mydomain))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2018-03-07 17:01:03 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy', 'enabledService']
2018-03-07 17:01:03 DEBUG result: [('mail=grouptest@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'objectClass': ['mailList'], 'accessPolicy': ['allowedonly'], 'listAllowedUser': ['mamat@mydomain'], 'enabledService': ['mail', 'deliver', 'displayedInGlobalAddressBook']})]
2018-03-07 17:01:03 DEBUG --> Apply plugin: ldap_maillist_access_policy
2018-03-07 17:01:03 DEBUG Recipient (mailing list) is disabled, message rejected.
2018-03-07 17:01:03 DEBUG <-- Result: REJECT Policy rejection
2018-03-07 17:01:03 DEBUG Session ended.
2018-03-07 17:01:03 INFO [127.0.0.1] RCPT, mamat@mydomain => grouptest@mydomain, REJECT Policy rejection [sasl_username=mamat@mydomain, sender=mamat@mydomain, client_name=mx3.mydomain, reverse_client_name=mx3.mydomain, helo=_, encryption_protocol=TLSv1, process_time=0.0400s]
2018-03-07 17:01:03 DEBUG Close LDAP connection.