1

Topic: problem with maillist (restriction)

============ Required information ====
- iRedMail version (check /etc/iredmail-release): v0.9.7
- Linux/BSD distribution name and version: Centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
*using iRedAPD-2.1

Hi, I have a problem with maillist.
when I select "Moderators", the status becomes "unrestricted" which should be "Moderators".
the value under LDAP has become "moderatosonly". but the status is still "unrestricted".
the restriction becomes unable to work properly.

is there any way to fix it?

Post's attachments

iredmail-error-mailist.png
iredmail-error-mailist.png 63.36 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: problem with maillist (restriction)

It's a bug of iRedAdmin-Pro, it's fixed in latest development edition.
As a fix, you can change the value "moderatorsonly" to "allowedonly" with LDAP management tool.

3 (edited by t10 2018-02-23 10:25:36)

Re: problem with maillist (restriction)

ZhangHuangbin wrote:

It's a bug of iRedAdmin-Pro, it's fixed in latest development edition.
As a fix, you can change the value "moderatorsonly" to "allowedonly" with LDAP management tool.

Hi Zhang, i've changed it.
but non-Moderators senders still able to send, ( or even the maillist are disabled )
is there any other patches?

4

Re: problem with maillist (restriction)

Try to upgrade iRedAPD to 2.2. You can download it here:
https://dl.iredmail.org/yum/misc/

5

Re: problem with maillist (restriction)

ZhangHuangbin wrote:

Try to upgrade iRedAPD to 2.2. You can download it here:
https://dl.iredmail.org/yum/misc/

I tried to update, but still can not work.
hopefully patch soon release.

6

Re: problem with maillist (restriction)

Could you please turn on debug mode in iRedAPD and try again?
Extract related log from iRedAPD log file and paste here so that others can help troubleshoot.

7

Re: problem with maillist (restriction)

#iRedMail v0.9.7
#iRedAdmin-Pro v3.0 (LDAP)
#iRedAPD-2.2 (Upgraded)

test, using 2 account & 1 maillist:
bawon@mydomain
mamat@mydomain

Maillist_name= grouptest@mydomain (moderators only)
Moderators = mamat@mydomain
Members = bawon@mydomain




with Maillist status: Enabled

log,sending from members (non moderators):
2018-02-27 10:02:42 DEBUG smtp session: request=smtpd_access_policy
2018-02-27 10:02:42 DEBUG smtp session: protocol_state=RCPT
2018-02-27 10:02:42 DEBUG smtp session: protocol_name=ESMTP
2018-02-27 10:02:42 DEBUG smtp session: client_address=127.0.0.1
2018-02-27 10:02:42 DEBUG smtp session: client_name=mx3.mydomain
2018-02-27 10:02:42 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-02-27 10:02:42 DEBUG smtp session: helo_name=_
2018-02-27 10:02:42 DEBUG smtp session: sender=bawon@mydomain
2018-02-27 10:02:42 DEBUG smtp session: recipient=grouptest@mydomain
2018-02-27 10:02:42 DEBUG smtp session: recipient_count=0
2018-02-27 10:02:42 DEBUG smtp session: queue_id=
2018-02-27 10:02:42 DEBUG smtp session: instance=51a6.5a94ca52.98e4.0
2018-02-27 10:02:42 DEBUG smtp session: size=0
2018-02-27 10:02:42 DEBUG smtp session: etrn_domain=
2018-02-27 10:02:42 DEBUG smtp session: stress=
2018-02-27 10:02:42 DEBUG smtp session: sasl_method=LOGIN
2018-02-27 10:02:42 DEBUG smtp session: sasl_username=bawon@mydomain
2018-02-27 10:02:42 DEBUG smtp session: sasl_sender=
2018-02-27 10:02:42 DEBUG smtp session: ccert_subject=
2018-02-27 10:02:42 DEBUG smtp session: ccert_issuer=
2018-02-27 10:02:42 DEBUG smtp session: ccert_fingerprint=
2018-02-27 10:02:42 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-02-27 10:02:42 DEBUG smtp session: encryption_protocol=TLSv1
2018-02-27 10:02:42 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-02-27 10:02:42 DEBUG smtp session: encryption_keysize=256
2018-02-27 10:02:42 DEBUG LDAP connection initialied success.
2018-02-27 10:02:42 DEBUG LDAP bind success.
2018-02-27 10:02:42 DEBUG --> Apply plugin: reject_null_sender
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG --> Apply plugin: wblist_rdns
2018-02-27 10:02:42 DEBUG Found SASL username, bypass rDNS check for outbound.
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG --> Apply plugin: reject_sender_login_mismatch
2018-02-27 10:02:42 DEBUG Sender: bawon@mydomain, SASL username: bawon@mydomain
2018-02-27 10:02:42 DEBUG SKIP: sender == sasl username.
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG --> Apply plugin: greylisting
2018-02-27 10:02:42 DEBUG Found SASL username, bypass greylisting for outbound email.
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG --> Apply plugin: throttle
2018-02-27 10:02:42 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG [+] Getting LDIF data of account: grouptest@mydomain
2018-02-27 10:02:42 DEBUG search base dn: o=domains,dc=mydomain
2018-02-27 10:02:42 DEBUG search scope: SUBTREE
2018-02-27 10:02:42 DEBUG search filter: (&(!(domainStatus=disabled))(|(mail=grouptest@mydomain)(shadowAddress=grouptest@mydomain))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2018-02-27 10:02:42 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy', 'enabledService']
2018-02-27 10:02:42 DEBUG result: [('mail=grouptest@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'objectClass': ['mailList'], 'accessPolicy': ['allowedonly'], 'listAllowedUser': ['mamat@mydomain'], 'enabledService': ['mail', 'deliver']})]
2018-02-27 10:02:42 DEBUG --> Apply plugin: ldap_maillist_access_policy
2018-02-27 10:02:42 DEBUG Access policy of mailing list (grouptest@mydomain): allowedonly
2018-02-27 10:02:42 DEBUG Primary and all alias domain names of recipient domain (mydomain): mydomain
2018-02-27 10:02:42 DEBUG Sender domain and sub-domains: mydomain, .mydomain
2018-02-27 10:02:42 DEBUG Sender is not explicitly allowed, perform extra LDAP query to check access.
2018-02-27 10:02:42 DEBUG search base dn: domainName=mydomain,o=domains,dc=mydomain
2018-02-27 10:02:42 DEBUG search scope: SUBTREE
2018-02-27 10:02:42 DEBUG search filter: (|(&(memberOfGroup=grouptest@mydomain)(|(objectClass=mailUser)(objectClass=mailExternalUser)))(&(objectclass=mailList)(mail=grouptest@mydomain)))
2018-02-27 10:02:42 DEBUG search attributes: mail, shadowAddress, listAllowedUser
2018-02-27 10:02:42 DEBUG search result: [('mail=grouptest@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'mail': ['grouptest@mydomain'], 'listAllowedUser': ['mamat@mydomain']}), ('mail=bawon@mydomain,ou=Users,domainName=mydomain,o=domains,dc=mydomain', {'mail': ['bawon@mydomain']})]
2018-02-27 10:02:42 INFO Sender (bawon@mydomain) is allowed by access policy of mailing list: allowedonly.
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG --> Apply plugin: amavisd_wblist
2018-02-27 10:02:42 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-02-27 10:02:42 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-02-27 10:02:42 DEBUG result: []
2018-02-27 10:02:42 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-02-27 10:02:42 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-02-27 10:02:42 DEBUG result: []
2018-02-27 10:02:42 DEBUG Possible policy senders: ['bawon@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1']
2018-02-27 10:02:42 DEBUG Possible policy recipients: ['grouptest@mydomain', '@mydomain', '@.', '@.mydomain']
2018-02-27 10:02:42 DEBUG Apply wblist for outbound message.
2018-02-27 10:02:42 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-02-27 10:02:42 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-02-27 10:02:42 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain')
           ORDER BY priority DESC
2018-02-27 10:02:42 DEBUG No record found in SQL database.
2018-02-27 10:02:42 DEBUG [SQL] Query CIDR network:
SELECT id, email
               FROM mailaddr
              WHERE email LIKE '127.%%'
           ORDER BY priority DESC
2018-02-27 10:02:42 DEBUG No valid sender id or recipient id.
2018-02-27 10:02:42 DEBUG Apply wblist for inbound message.
2018-02-27 10:02:42 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain')
           ORDER BY priority DESC
2018-02-27 10:02:42 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-02-27 10:02:42 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-02-27 10:02:42 DEBUG No record found in SQL database.
2018-02-27 10:02:42 DEBUG No valid sender id or recipient id.
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG Session ended.
2018-02-27 10:02:42 INFO [127.0.0.1] RCPT, bawon@mydomain => grouptest@mydomain, DUNNO [sasl_username=bawon@mydomain, sender=bawon@mydomain, client_name=mx3.mydomain, reverse_client_name=mx3.mydomain, helo=_, encryption_protocol=TLSv1, process_time=0.0143s]
2018-02-27 10:02:42 DEBUG Close LDAP connection.
2018-02-27 10:02:42 DEBUG smtp session: request=smtpd_access_policy
2018-02-27 10:02:42 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2018-02-27 10:02:42 DEBUG smtp session: protocol_name=ESMTP
2018-02-27 10:02:42 DEBUG smtp session: client_address=127.0.0.1
2018-02-27 10:02:42 DEBUG smtp session: client_name=mx3.mydomain
2018-02-27 10:02:42 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-02-27 10:02:42 DEBUG smtp session: helo_name=_
2018-02-27 10:02:42 DEBUG smtp session: sender=bawon@mydomain
2018-02-27 10:02:42 DEBUG smtp session: recipient=grouptest@mydomain
2018-02-27 10:02:42 DEBUG smtp session: recipient_count=1
2018-02-27 10:02:42 DEBUG smtp session: queue_id=0E786D74AD
2018-02-27 10:02:42 DEBUG smtp session: instance=51a6.5a94ca52.98e4.0
2018-02-27 10:02:42 DEBUG smtp session: size=351
2018-02-27 10:02:42 DEBUG smtp session: etrn_domain=
2018-02-27 10:02:42 DEBUG smtp session: stress=
2018-02-27 10:02:42 DEBUG smtp session: sasl_method=LOGIN
2018-02-27 10:02:42 DEBUG smtp session: sasl_username=bawon@mydomain
2018-02-27 10:02:42 DEBUG smtp session: sasl_sender=
2018-02-27 10:02:42 DEBUG smtp session: ccert_subject=
2018-02-27 10:02:42 DEBUG smtp session: ccert_issuer=
2018-02-27 10:02:42 DEBUG smtp session: ccert_fingerprint=
2018-02-27 10:02:42 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-02-27 10:02:42 DEBUG smtp session: encryption_protocol=TLSv1
2018-02-27 10:02:42 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-02-27 10:02:42 DEBUG smtp session: encryption_keysize=256
2018-02-27 10:02:42 DEBUG LDAP connection initialied success.
2018-02-27 10:02:42 DEBUG LDAP bind success.
2018-02-27 10:02:42 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2018-02-27 10:02:42 DEBUG Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
2018-02-27 10:02:42 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2018-02-27 10:02:42 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2018-02-27 10:02:42 DEBUG --> Apply plugin: throttle
2018-02-27 10:02:42 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-02-27 10:02:42 DEBUG <-- Result: DUNNO
2018-02-27 10:02:42 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2018-02-27 10:02:42 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2018-02-27 10:02:42 DEBUG Session ended.
2018-02-27 10:02:42 INFO [127.0.0.1] END-OF-MESSAGE, bawon@mydomain => grouptest@mydomain, DUNNO [recipient_count=1, size=351, process_time=0.0029s]
2018-02-27 10:02:42 DEBUG Close LDAP connection.


with Maillist status: Disabled

log,sending from members (non moderators):
2018-02-27 10:04:04 DEBUG smtp session: request=smtpd_access_policy
2018-02-27 10:04:04 DEBUG smtp session: protocol_state=RCPT
2018-02-27 10:04:04 DEBUG smtp session: protocol_name=ESMTP
2018-02-27 10:04:04 DEBUG smtp session: client_address=127.0.0.1
2018-02-27 10:04:04 DEBUG smtp session: client_name=mx3.mydomain
2018-02-27 10:04:04 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-02-27 10:04:04 DEBUG smtp session: helo_name=_
2018-02-27 10:04:04 DEBUG smtp session: sender=bawon@mydomain
2018-02-27 10:04:04 DEBUG smtp session: recipient=grouptest@mydomain
2018-02-27 10:04:04 DEBUG smtp session: recipient_count=0
2018-02-27 10:04:04 DEBUG smtp session: queue_id=
2018-02-27 10:04:04 DEBUG smtp session: instance=51a6.5a94caa4.5fa6b.0
2018-02-27 10:04:04 DEBUG smtp session: size=0
2018-02-27 10:04:04 DEBUG smtp session: etrn_domain=
2018-02-27 10:04:04 DEBUG smtp session: stress=
2018-02-27 10:04:04 DEBUG smtp session: sasl_method=LOGIN
2018-02-27 10:04:04 DEBUG smtp session: sasl_username=bawon@mydomain
2018-02-27 10:04:04 DEBUG smtp session: sasl_sender=
2018-02-27 10:04:04 DEBUG smtp session: ccert_subject=
2018-02-27 10:04:04 DEBUG smtp session: ccert_issuer=
2018-02-27 10:04:04 DEBUG smtp session: ccert_fingerprint=
2018-02-27 10:04:04 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-02-27 10:04:04 DEBUG smtp session: encryption_protocol=TLSv1
2018-02-27 10:04:04 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-02-27 10:04:04 DEBUG smtp session: encryption_keysize=256
2018-02-27 10:04:04 DEBUG LDAP connection initialied success.
2018-02-27 10:04:04 DEBUG LDAP bind success.
2018-02-27 10:04:04 DEBUG --> Apply plugin: reject_null_sender
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG --> Apply plugin: wblist_rdns
2018-02-27 10:04:04 DEBUG Found SASL username, bypass rDNS check for outbound.
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG --> Apply plugin: reject_sender_login_mismatch
2018-02-27 10:04:04 DEBUG Sender: bawon@mydomain, SASL username: bawon@mydomain
2018-02-27 10:04:04 DEBUG SKIP: sender == sasl username.
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG --> Apply plugin: greylisting
2018-02-27 10:04:04 DEBUG Found SASL username, bypass greylisting for outbound email.
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG --> Apply plugin: throttle
2018-02-27 10:04:04 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG [+] Getting LDIF data of account: grouptest@mydomain
2018-02-27 10:04:04 DEBUG search base dn: o=domains,dc=mydomain
2018-02-27 10:04:04 DEBUG search scope: SUBTREE
2018-02-27 10:04:04 DEBUG search filter: (&(!(domainStatus=disabled))(|(mail=grouptest@mydomain)(shadowAddress=grouptest@mydomain))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2018-02-27 10:04:04 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy', 'enabledService']
2018-02-27 10:04:04 DEBUG result: [('mail=grouptest@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'objectClass': ['mailList'], 'accessPolicy': ['allowedonly'], 'listAllowedUser': ['mamat@mydomain'], 'enabledService': ['mail', 'deliver']})]
2018-02-27 10:04:04 DEBUG --> Apply plugin: ldap_maillist_access_policy
2018-02-27 10:04:04 DEBUG Access policy of mailing list (grouptest@mydomain): allowedonly
2018-02-27 10:04:04 DEBUG Primary and all alias domain names of recipient domain (mydomain): mydomain
2018-02-27 10:04:04 DEBUG Sender domain and sub-domains: mydomain, .mydomain
2018-02-27 10:04:04 DEBUG Sender is not explicitly allowed, perform extra LDAP query to check access.
2018-02-27 10:04:04 DEBUG search base dn: domainName=mydomain,o=domains,dc=mydomain
2018-02-27 10:04:04 DEBUG search scope: SUBTREE
2018-02-27 10:04:04 DEBUG search filter: (|(&(memberOfGroup=grouptest@mydomain)(|(objectClass=mailUser)(objectClass=mailExternalUser)))(&(objectclass=mailList)(mail=grouptest@mydomain)))
2018-02-27 10:04:04 DEBUG search attributes: mail, shadowAddress, listAllowedUser
2018-02-27 10:04:04 DEBUG search result: [('mail=grouptest@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'mail': ['grouptest@mydomain'], 'listAllowedUser': ['mamat@mydomain']}), ('mail=bawon@mydomain,ou=Users,domainName=mydomain,o=domains,dc=mydomain', {'mail': ['bawon@mydomain']})]
2018-02-27 10:04:04 INFO Sender (bawon@mydomain) is allowed by access policy of mailing list: allowedonly.
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG --> Apply plugin: amavisd_wblist
2018-02-27 10:04:04 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-02-27 10:04:04 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-02-27 10:04:04 DEBUG result: []
2018-02-27 10:04:04 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-02-27 10:04:04 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-02-27 10:04:04 DEBUG result: []
2018-02-27 10:04:04 DEBUG Possible policy senders: ['bawon@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1']
2018-02-27 10:04:04 DEBUG Possible policy recipients: ['grouptest@mydomain', '@mydomain', '@.', '@.mydomain']
2018-02-27 10:04:04 DEBUG Apply wblist for outbound message.
2018-02-27 10:04:04 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-02-27 10:04:04 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-02-27 10:04:04 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain')
           ORDER BY priority DESC
2018-02-27 10:04:04 DEBUG No record found in SQL database.
2018-02-27 10:04:04 DEBUG [SQL] Query CIDR network:
SELECT id, email
               FROM mailaddr
              WHERE email LIKE '127.%%'
           ORDER BY priority DESC
2018-02-27 10:04:04 DEBUG No valid sender id or recipient id.
2018-02-27 10:04:04 DEBUG Apply wblist for inbound message.
2018-02-27 10:04:04 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain')
           ORDER BY priority DESC
2018-02-27 10:04:04 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-02-27 10:04:04 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-02-27 10:04:04 DEBUG No record found in SQL database.
2018-02-27 10:04:04 DEBUG No valid sender id or recipient id.
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG Session ended.
2018-02-27 10:04:04 INFO [127.0.0.1] RCPT, bawon@mydomain => grouptest@mydomain, DUNNO [sasl_username=bawon@mydomain, sender=bawon@mydomain, client_name=mx3.mydomain, reverse_client_name=mx3.mydomain, helo=_, encryption_protocol=TLSv1, process_time=0.0177s]
2018-02-27 10:04:04 DEBUG Close LDAP connection.
2018-02-27 10:04:04 DEBUG smtp session: request=smtpd_access_policy
2018-02-27 10:04:04 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2018-02-27 10:04:04 DEBUG smtp session: protocol_name=ESMTP
2018-02-27 10:04:04 DEBUG smtp session: client_address=127.0.0.1
2018-02-27 10:04:04 DEBUG smtp session: client_name=mx3.mydomain
2018-02-27 10:04:04 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-02-27 10:04:04 DEBUG smtp session: helo_name=_
2018-02-27 10:04:04 DEBUG smtp session: sender=bawon@mydomain
2018-02-27 10:04:04 DEBUG smtp session: recipient=grouptest@mydomain
2018-02-27 10:04:04 DEBUG smtp session: recipient_count=1
2018-02-27 10:04:04 DEBUG smtp session: queue_id=6555FD74AD
2018-02-27 10:04:04 DEBUG smtp session: instance=51a6.5a94caa4.5fa6b.0
2018-02-27 10:04:04 DEBUG smtp session: size=355
2018-02-27 10:04:04 DEBUG smtp session: etrn_domain=
2018-02-27 10:04:04 DEBUG smtp session: stress=
2018-02-27 10:04:04 DEBUG smtp session: sasl_method=LOGIN
2018-02-27 10:04:04 DEBUG smtp session: sasl_username=bawon@mydomain
2018-02-27 10:04:04 DEBUG smtp session: sasl_sender=
2018-02-27 10:04:04 DEBUG smtp session: ccert_subject=
2018-02-27 10:04:04 DEBUG smtp session: ccert_issuer=
2018-02-27 10:04:04 DEBUG smtp session: ccert_fingerprint=
2018-02-27 10:04:04 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-02-27 10:04:04 DEBUG smtp session: encryption_protocol=TLSv1
2018-02-27 10:04:04 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-02-27 10:04:04 DEBUG smtp session: encryption_keysize=256
2018-02-27 10:04:04 DEBUG LDAP connection initialied success.
2018-02-27 10:04:04 DEBUG LDAP bind success.
2018-02-27 10:04:04 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2018-02-27 10:04:04 DEBUG Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
2018-02-27 10:04:04 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2018-02-27 10:04:04 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2018-02-27 10:04:04 DEBUG --> Apply plugin: throttle
2018-02-27 10:04:04 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-02-27 10:04:04 DEBUG <-- Result: DUNNO
2018-02-27 10:04:04 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2018-02-27 10:04:04 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2018-02-27 10:04:04 DEBUG Session ended.
2018-02-27 10:04:04 INFO [127.0.0.1] END-OF-MESSAGE, bawon@mydomain => grouptest@mydomain, DUNNO [recipient_count=1, size=355, process_time=0.0027s]
2018-02-27 10:04:04 DEBUG Close LDAP connection.

8

Re: problem with maillist (restriction)

Bug of iRedAPD-2.2 and earlier releases. Could you please try patch below for iRedAPD-2.2? Or download this file directly and replace file /opt/iredapd/plugins/ldap_maillist_access_policy.py, then restart iredapd service.

diff -r 739cd3ad9349 plugins/ldap_maillist_access_policy.py
--- a/plugins/ldap_maillist_access_policy.py    Mon Feb 26 22:11:10 2018 +0800
+++ b/plugins/ldap_maillist_access_policy.py    Thu Mar 01 18:08:41 2018 +0800
@@ -43,6 +43,9 @@
 
     if policy == MAILLIST_POLICY_PUBLIC:
         return SMTP_ACTIONS['default'] + ' (Access policy: %s, no restriction)' % MAILLIST_POLICY_PUBLIC
+    elif policy == 'allowedonly':
+        # 'allowedonly' is policy name used by old iRedAPD releases.
+        policy = MAILLIST_POLICY_MODERATORS
 
     if 'mlmmj' in recipient_ldif.get('enabledService', []):
         if policy in [MAILLIST_POLICY_MEMBERSONLY, MAILLIST_POLICY_MODERATORS]:
@@ -131,8 +134,7 @@
 
         return SMTP_ACTIONS['reject_not_authorized']
 
-    elif policy in ['allowedonly', MAILLIST_POLICY_MEMBERSANDMODERATORSONLY]:
-        # 'allowedonly' is policy name used by old iRedAPD.
+    elif policy == MAILLIST_POLICY_MEMBERSANDMODERATORSONLY:
         # Get both members and moderators.
         _f = '(|' + \
              '(&(memberOfGroup=%s)(|(objectClass=mailUser)(objectClass=mailExternalUser)))' % recipient + \

9

Re: problem with maillist (restriction)

Still not working,

cd /opt/iRedAPD-2.2/plugins/
wget https://bitbucket.org/zhb/iredapd/raw/8 … _policy.py
chmod +x ldap_maillist_access_policy.py
systemctl restart iredapd

log:
2018-03-02 17:41:16 DEBUG smtp session: request=smtpd_access_policy
2018-03-02 17:41:16 DEBUG smtp session: protocol_state=RCPT
2018-03-02 17:41:16 DEBUG smtp session: protocol_name=ESMTP
2018-03-02 17:41:16 DEBUG smtp session: client_address=127.0.0.1
2018-03-02 17:41:16 DEBUG smtp session: client_name=mx3.mydomain
2018-03-02 17:41:16 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-03-02 17:41:16 DEBUG smtp session: helo_name=_
2018-03-02 17:41:16 DEBUG smtp session: sender=bawon@mydomain
2018-03-02 17:41:16 DEBUG smtp session: recipient=tes@mydomain
2018-03-02 17:41:16 DEBUG smtp session: recipient_count=0
2018-03-02 17:41:16 DEBUG smtp session: queue_id=
2018-03-02 17:41:16 DEBUG smtp session: instance=a67.5a992a4c.d6b80.0
2018-03-02 17:41:16 DEBUG smtp session: size=0
2018-03-02 17:41:16 DEBUG smtp session: etrn_domain=
2018-03-02 17:41:16 DEBUG smtp session: stress=
2018-03-02 17:41:16 DEBUG smtp session: sasl_method=LOGIN
2018-03-02 17:41:16 DEBUG smtp session: sasl_username=bawon@mydomain
2018-03-02 17:41:16 DEBUG smtp session: sasl_sender=
2018-03-02 17:41:16 DEBUG smtp session: ccert_subject=
2018-03-02 17:41:16 DEBUG smtp session: ccert_issuer=
2018-03-02 17:41:16 DEBUG smtp session: ccert_fingerprint=
2018-03-02 17:41:16 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-03-02 17:41:16 DEBUG smtp session: encryption_protocol=TLSv1
2018-03-02 17:41:16 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-03-02 17:41:16 DEBUG smtp session: encryption_keysize=256
2018-03-02 17:41:16 DEBUG LDAP connection initialied success.
2018-03-02 17:41:16 DEBUG LDAP bind success.
2018-03-02 17:41:16 DEBUG --> Apply plugin: reject_null_sender
2018-03-02 17:41:16 DEBUG <-- Result: DUNNO
2018-03-02 17:41:16 DEBUG --> Apply plugin: wblist_rdns
2018-03-02 17:41:16 DEBUG Found SASL username, bypass rDNS check for outbound.
2018-03-02 17:41:16 DEBUG <-- Result: DUNNO
2018-03-02 17:41:16 DEBUG --> Apply plugin: reject_sender_login_mismatch
2018-03-02 17:41:16 DEBUG Sender: bawon@mydomain, SASL username: bawon@mydomain
2018-03-02 17:41:16 DEBUG SKIP: sender == sasl username.
2018-03-02 17:41:16 DEBUG <-- Result: DUNNO
2018-03-02 17:41:16 DEBUG --> Apply plugin: greylisting
2018-03-02 17:41:16 DEBUG Found SASL username, bypass greylisting for outbound email.
2018-03-02 17:41:16 DEBUG <-- Result: DUNNO
2018-03-02 17:41:16 DEBUG --> Apply plugin: throttle
2018-03-02 17:41:16 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-03-02 17:41:16 DEBUG <-- Result: DUNNO
2018-03-02 17:41:16 DEBUG [+] Getting LDIF data of account: tes@mydomain
2018-03-02 17:41:16 DEBUG search base dn: o=domains,dc=mydomain
2018-03-02 17:41:16 DEBUG search scope: SUBTREE
2018-03-02 17:41:16 DEBUG search filter: (&(!(domainStatus=disabled))(|(mail=tes@mydomain)(shadowAddress=tes@mydomain))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2018-03-02 17:41:16 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy', 'enabledService']
2018-03-02 17:41:16 DEBUG result: [('mail=tes@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'objectClass': ['mailList'], 'accessPolicy': ['allowedonly'], 'listAllowedUser': ['mamat@mydomain'], 'enabledService': ['mail', 'deliver', 'displayedInGlobalAddressBook']})]
2018-03-02 17:41:16 DEBUG --> Apply plugin: ldap_maillist_access_policy
2018-03-02 17:41:16 DEBUG Access policy of mailing list (tes@mydomain): allowedonly
2018-03-02 17:41:16 DEBUG Primary and all alias domain names of recipient domain (mydomain): mydomain
2018-03-02 17:41:16 DEBUG Sender domain and sub-domains: mydomain, .mydomain, .co.id
2018-03-02 17:41:16 DEBUG Sender is not explicitly allowed, perform extra LDAP query to check access.
2018-03-02 17:41:16 DEBUG Allowed users: mamat@mydomain
2018-03-02 17:41:16 DEBUG Allowed domains:
2018-03-02 17:41:16 DEBUG [+] Getting per-account alias addresses of allowed senders.
2018-03-02 17:41:16 DEBUG base dn: ou=Users,domainName=mydomain,o=domains,dc=mydomain
2018-03-02 17:41:16 DEBUG search scope: ONELEVEL
2018-03-02 17:41:16 DEBUG search filter: (&(objectClass=mailUser)(enabledService=shadowaddress)(|(mail=mamat@mydomain)(shadowAddress=mamat@mydomain)))
2018-03-02 17:41:16 ERROR <!> Error while applying plugin "ldap_maillist_access_policy": ['Traceback (most recent call last):\n', '  File "/opt/iRedAPD-2.2/libs/utils.py", line 105, in apply_plugin\n', '  File "/opt/iredapd/plugins/ldap_maillist_access_policy.py", line 220, in restriction\n', "UnboundLocalError: local variable 'search_attrs' referenced before assignment\n"]
2018-03-02 17:41:16 DEBUG --> Apply plugin: amavisd_wblist
2018-03-02 17:41:16 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-03-02 17:41:16 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-03-02 17:41:16 DEBUG result: []
2018-03-02 17:41:16 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-03-02 17:41:16 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-03-02 17:41:16 DEBUG result: []
2018-03-02 17:41:16 DEBUG Possible policy senders: ['bawon@mydomain', '@mydomain', '@.', '@.mydomain', '@.co.id', '@.id', '127.0.0.1', '127.0.0.*', '127.0.*.1']
2018-03-02 17:41:16 DEBUG Possible policy recipients: ['tes@mydomain', '@mydomain', '@.', '@.mydomain', '@.co.id', '@.id']
2018-03-02 17:41:16 DEBUG Apply wblist for outbound message.
2018-03-02 17:41:16 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '@.co.id', '@.id', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-03-02 17:41:16 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-03-02 17:41:16 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('tes@mydomain', '@mydomain', '@.', '@.mydomain', '@.co.id', '@.id')
           ORDER BY priority DESC
2018-03-02 17:41:16 DEBUG No record found in SQL database.
2018-03-02 17:41:16 DEBUG [SQL] Query CIDR network:
SELECT id, email
               FROM mailaddr
              WHERE email LIKE '127.%%'
           ORDER BY priority DESC
2018-03-02 17:41:16 DEBUG No valid sender id or recipient id.
2018-03-02 17:41:16 DEBUG Apply wblist for inbound message.
2018-03-02 17:41:16 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('tes@mydomain', '@mydomain', '@.', '@.mydomain', '@.co.id', '@.id')
           ORDER BY priority DESC
2018-03-02 17:41:16 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-03-02 17:41:16 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '@.co.id', '@.id', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-03-02 17:41:16 DEBUG No record found in SQL database.
2018-03-02 17:41:16 DEBUG No valid sender id or recipient id.
2018-03-02 17:41:16 DEBUG <-- Result: DUNNO
2018-03-02 17:41:16 DEBUG Session ended.
2018-03-02 17:41:16 INFO [127.0.0.1] RCPT, bawon@mydomain => tes@mydomain, DUNNO [sasl_username=bawon@mydomain, sender=bawon@mydomain, client_name=mx3.mydomain, reverse_client_name=mx3.mydomain, helo=_, encryption_protocol=TLSv1, process_time=0.0153s]
2018-03-02 17:41:16 DEBUG Close LDAP connection.
2018-03-02 17:41:16 DEBUG smtp session: request=smtpd_access_policy
2018-03-02 17:41:16 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2018-03-02 17:41:16 DEBUG smtp session: protocol_name=ESMTP
2018-03-02 17:41:16 DEBUG smtp session: client_address=127.0.0.1
2018-03-02 17:41:16 DEBUG smtp session: client_name=mx3.mydomain
2018-03-02 17:41:16 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-03-02 17:41:16 DEBUG smtp session: helo_name=_
2018-03-02 17:41:16 DEBUG smtp session: sender=bawon@mydomain
2018-03-02 17:41:16 DEBUG smtp session: recipient=tes@mydomain
2018-03-02 17:41:16 DEBUG smtp session: recipient_count=1
2018-03-02 17:41:16 DEBUG smtp session: queue_id=DC195D7483
2018-03-02 17:41:16 DEBUG smtp session: instance=a67.5a992a4c.d6b80.0
2018-03-02 17:41:16 DEBUG smtp session: size=355
2018-03-02 17:41:16 DEBUG smtp session: etrn_domain=
2018-03-02 17:41:16 DEBUG smtp session: stress=
2018-03-02 17:41:16 DEBUG smtp session: sasl_method=LOGIN
2018-03-02 17:41:16 DEBUG smtp session: sasl_username=bawon@mydomain
2018-03-02 17:41:16 DEBUG smtp session: sasl_sender=
2018-03-02 17:41:16 DEBUG smtp session: ccert_subject=
2018-03-02 17:41:16 DEBUG smtp session: ccert_issuer=
2018-03-02 17:41:16 DEBUG smtp session: ccert_fingerprint=
2018-03-02 17:41:16 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-03-02 17:41:16 DEBUG smtp session: encryption_protocol=TLSv1
2018-03-02 17:41:16 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-03-02 17:41:16 DEBUG smtp session: encryption_keysize=256
2018-03-02 17:41:16 DEBUG LDAP connection initialied success.
2018-03-02 17:41:16 DEBUG LDAP bind success.
2018-03-02 17:41:16 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2018-03-02 17:41:16 DEBUG Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
2018-03-02 17:41:16 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2018-03-02 17:41:16 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2018-03-02 17:41:16 DEBUG --> Apply plugin: throttle
2018-03-02 17:41:16 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-03-02 17:41:16 DEBUG <-- Result: DUNNO
2018-03-02 17:41:16 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2018-03-02 17:41:16 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2018-03-02 17:41:16 DEBUG Session ended.
2018-03-02 17:41:16 INFO [127.0.0.1] END-OF-MESSAGE, bawon@mydomain => tes@mydomain, DUNNO [recipient_count=1, size=355, process_time=0.0031s]
2018-03-02 17:41:16 DEBUG Close LDAP connection.

10

Re: problem with maillist (restriction)

t10 wrote:

cd /opt/iRedAPD-2.2/plugins/
wget https://bitbucket.org/zhb/iredapd/raw/8 … _policy.py
chmod +x ldap_maillist_access_policy.py
systemctl restart iredapd

I suppose this 'wget' command created file "ldap_maillist_access_policy.py.1", it didn't override existing file. Could you please double check?

11 (edited by t10 2018-03-07 16:29:29)

Re: problem with maillist (restriction)

reinstalling (OS+iredmail) to make sure this works or not.
this is what i have done:

[root@mx3 plugins]# mv ldap_maillist_access_policy.py ldap_maillist_access_policy.py_DEFAULT
[root@mx3 plugins]# wget https://bitbucket.org/zhb/iredapd/raw/8 … _policy.py
[root@mx3 plugins]# chmod +x ldap_maillist_access_policy.py
[root@mx3 plugins]# systemctl restart iredapd
[root@mx3 plugins]# ls -la

still not working properly,

Logs :
2018-03-07 11:46:06 DEBUG smtp session: request=smtpd_access_policy
2018-03-07 11:46:06 DEBUG smtp session: protocol_state=RCPT
2018-03-07 11:46:06 DEBUG smtp session: protocol_name=ESMTP
2018-03-07 11:46:06 DEBUG smtp session: client_address=127.0.0.1
2018-03-07 11:46:06 DEBUG smtp session: client_name=mx3.mydomain
2018-03-07 11:46:06 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-03-07 11:46:06 DEBUG smtp session: helo_name=_
2018-03-07 11:46:06 DEBUG smtp session: sender=bawon@mydomain
2018-03-07 11:46:06 DEBUG smtp session: recipient=grouptest@mydomain
2018-03-07 11:46:06 DEBUG smtp session: recipient_count=0
2018-03-07 11:46:06 DEBUG smtp session: queue_id=
2018-03-07 11:46:06 DEBUG smtp session: instance=646a.5a9f6e8e.7a499.0
2018-03-07 11:46:06 DEBUG smtp session: size=0
2018-03-07 11:46:06 DEBUG smtp session: etrn_domain=
2018-03-07 11:46:06 DEBUG smtp session: stress=
2018-03-07 11:46:06 DEBUG smtp session: sasl_method=LOGIN
2018-03-07 11:46:06 DEBUG smtp session: sasl_username=bawon@mydomain
2018-03-07 11:46:06 DEBUG smtp session: sasl_sender=
2018-03-07 11:46:06 DEBUG smtp session: ccert_subject=
2018-03-07 11:46:06 DEBUG smtp session: ccert_issuer=
2018-03-07 11:46:06 DEBUG smtp session: ccert_fingerprint=
2018-03-07 11:46:06 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-03-07 11:46:06 DEBUG smtp session: encryption_protocol=TLSv1
2018-03-07 11:46:06 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-03-07 11:46:06 DEBUG smtp session: encryption_keysize=256
2018-03-07 11:46:06 DEBUG LDAP connection initialied success.
2018-03-07 11:46:06 DEBUG LDAP bind success.
2018-03-07 11:46:06 DEBUG --> Apply plugin: reject_null_sender
2018-03-07 11:46:06 DEBUG <-- Result: DUNNO
2018-03-07 11:46:06 DEBUG --> Apply plugin: wblist_rdns
2018-03-07 11:46:06 DEBUG Found SASL username, bypass rDNS check for outbound.
2018-03-07 11:46:06 DEBUG <-- Result: DUNNO
2018-03-07 11:46:06 DEBUG --> Apply plugin: reject_sender_login_mismatch
2018-03-07 11:46:06 DEBUG Sender: bawon@mydomain, SASL username: bawon@mydomain
2018-03-07 11:46:06 DEBUG SKIP: sender == sasl username.
2018-03-07 11:46:06 DEBUG <-- Result: DUNNO
2018-03-07 11:46:06 DEBUG --> Apply plugin: greylisting
2018-03-07 11:46:06 DEBUG Found SASL username, bypass greylisting for outbound email.
2018-03-07 11:46:06 DEBUG <-- Result: DUNNO
2018-03-07 11:46:06 DEBUG --> Apply plugin: throttle
2018-03-07 11:46:06 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-03-07 11:46:06 DEBUG <-- Result: DUNNO
2018-03-07 11:46:06 DEBUG [+] Getting LDIF data of account: grouptest@mydomain
2018-03-07 11:46:06 DEBUG search base dn: o=domains,dc=mydomain
2018-03-07 11:46:06 DEBUG search scope: SUBTREE
2018-03-07 11:46:06 DEBUG search filter: (&(!(domainStatus=disabled))(|(mail=grouptest@mydomain)(shadowAddress=grouptest@mydomain))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2018-03-07 11:46:06 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy', 'enabledService']
2018-03-07 11:46:06 DEBUG result: [('mail=grouptest@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'objectClass': ['mailList'], 'accessPolicy': ['allowedonly'], 'listAllowedUser': ['mamat@mydomain'], 'enabledService': ['mail', 'deliver', 'displayedInGlobalAddressBook']})]
2018-03-07 11:46:06 DEBUG --> Apply plugin: ldap_maillist_access_policy
2018-03-07 11:46:06 DEBUG Access policy of mailing list (grouptest@mydomain): allowedonly
2018-03-07 11:46:06 DEBUG Primary and all alias domain names of recipient domain (mydomain): mydomain
2018-03-07 11:46:06 DEBUG Sender domain and sub-domains: mydomain, .mydomain, .co.id
2018-03-07 11:46:06 DEBUG Sender is not explicitly allowed, perform extra LDAP query to check access.
2018-03-07 11:46:06 DEBUG Allowed users: mamat@mydomain
2018-03-07 11:46:06 DEBUG Allowed domains:
2018-03-07 11:46:06 DEBUG [+] Getting per-account alias addresses of allowed senders.
2018-03-07 11:46:06 DEBUG base dn: ou=Users,domainName=mydomain,o=domains,dc=mydomain
2018-03-07 11:46:06 DEBUG search scope: ONELEVEL
2018-03-07 11:46:06 DEBUG search filter: (&(objectClass=mailUser)(enabledService=shadowaddress)(|(mail=mamat@mydomain)(shadowAddress=mamat@mydomain)))
2018-03-07 11:46:06 ERROR <!> Error while applying plugin "ldap_maillist_access_policy": ['Traceback (most recent call last):\n', '  File "/opt/iRedAPD-2.2/libs/utils.py", line 105, in apply_plugin\n', '  File "/opt/iredapd/plugins/ldap_maillist_access_policy.py", line 220, in restriction\n', "UnboundLocalError: local variable 'search_attrs' referenced before assignment\n"]
2018-03-07 11:46:06 DEBUG --> Apply plugin: amavisd_wblist
2018-03-07 11:46:06 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-03-07 11:46:06 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-03-07 11:46:06 DEBUG result: []
2018-03-07 11:46:06 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-03-07 11:46:06 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-03-07 11:46:06 DEBUG result: []
2018-03-07 11:46:06 DEBUG Possible policy senders: ['bawon@mydomain', '@mydomain', '@.', '@.mydomain', '@.id', '127.0.0.1', '127.0.0.*', '127.0.*.1']
2018-03-07 11:46:06 DEBUG Possible policy recipients: ['grouptest@mydomain', '@mydomain', '@.', '@.mydomain', '@.id']
2018-03-07 11:46:06 DEBUG Apply wblist for outbound message.
2018-03-07 11:46:06 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '@.id', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-03-07 11:46:06 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-03-07 11:46:06 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain', '@.id')
           ORDER BY priority DESC
2018-03-07 11:46:06 DEBUG No record found in SQL database.
2018-03-07 11:46:06 DEBUG [SQL] Query CIDR network:
SELECT id, email
               FROM mailaddr
              WHERE email LIKE '127.%%'
           ORDER BY priority DESC
2018-03-07 11:46:06 DEBUG No valid sender id or recipient id.
2018-03-07 11:46:06 DEBUG Apply wblist for inbound message.
2018-03-07 11:46:06 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain', '@.id')
           ORDER BY priority DESC
2018-03-07 11:46:06 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-03-07 11:46:06 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('bawon@mydomain', '@mydomain', '@.', '@.mydomain', '@.id', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-03-07 11:46:06 DEBUG No record found in SQL database.
2018-03-07 11:46:06 DEBUG No valid sender id or recipient id.
2018-03-07 11:46:06 DEBUG <-- Result: DUNNO
2018-03-07 11:46:06 DEBUG Session ended.
2018-03-07 11:46:06 INFO [127.0.0.1] RCPT, bawon@mydomain => grouptest@mydomain, DUNNO [sasl_username=bawon@mydomain, sender=bawon@mydomain, client_name=mx3.mydomain, reverse_client_name=mx3.mydomain, helo=_, encryption_protocol=TLSv1, process_time=0.0190s]
2018-03-07 11:46:06 DEBUG Close LDAP connection.
2018-03-07 11:46:06 DEBUG smtp session: request=smtpd_access_policy
2018-03-07 11:46:06 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2018-03-07 11:46:06 DEBUG smtp session: protocol_name=ESMTP
2018-03-07 11:46:06 DEBUG smtp session: client_address=127.0.0.1
2018-03-07 11:46:06 DEBUG smtp session: client_name=mx3.mydomain
2018-03-07 11:46:06 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-03-07 11:46:06 DEBUG smtp session: helo_name=_
2018-03-07 11:46:06 DEBUG smtp session: sender=bawon@mydomain
2018-03-07 11:46:06 DEBUG smtp session: recipient=grouptest@mydomain
2018-03-07 11:46:06 DEBUG smtp session: recipient_count=1
2018-03-07 11:46:06 DEBUG smtp session: queue_id=8126490159
2018-03-07 11:46:06 DEBUG smtp session: instance=646a.5a9f6e8e.7a499.0
2018-03-07 11:46:06 DEBUG smtp session: size=371
2018-03-07 11:46:06 DEBUG smtp session: etrn_domain=
2018-03-07 11:46:06 DEBUG smtp session: stress=
2018-03-07 11:46:06 DEBUG smtp session: sasl_method=LOGIN
2018-03-07 11:46:06 DEBUG smtp session: sasl_username=bawon@mydomain
2018-03-07 11:46:06 DEBUG smtp session: sasl_sender=
2018-03-07 11:46:06 DEBUG smtp session: ccert_subject=
2018-03-07 11:46:06 DEBUG smtp session: ccert_issuer=
2018-03-07 11:46:06 DEBUG smtp session: ccert_fingerprint=
2018-03-07 11:46:06 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-03-07 11:46:06 DEBUG smtp session: encryption_protocol=TLSv1
2018-03-07 11:46:06 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-03-07 11:46:06 DEBUG smtp session: encryption_keysize=256
2018-03-07 11:46:06 DEBUG LDAP connection initialied success.
2018-03-07 11:46:06 DEBUG LDAP bind success.
2018-03-07 11:46:06 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2018-03-07 11:46:06 DEBUG Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
2018-03-07 11:46:06 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2018-03-07 11:46:06 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2018-03-07 11:46:06 DEBUG --> Apply plugin: throttle
2018-03-07 11:46:06 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-03-07 11:46:06 DEBUG <-- Result: DUNNO
2018-03-07 11:46:06 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2018-03-07 11:46:06 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2018-03-07 11:46:06 DEBUG Session ended.
2018-03-07 11:46:06 INFO [127.0.0.1] END-OF-MESSAGE, bawon@mydomain => grouptest@mydomain, DUNNO [recipient_count=1, size=371, process_time=0.0041s]
2018-03-07 11:46:06 DEBUG Close LDAP connection.

Post's attachments

iredmail-error-mailist2.png 63.09 kb, file has never been downloaded. 

ldap_maillist_access_policy.py 10.95 kb, 3 downloads since 2018-03-07 

You don't have the permssions to download the attachments of this post.

12

Re: problem with maillist (restriction)

t10 wrote:

2018-03-07 11:46:06 ERROR <!> Error while applying plugin "ldap_maillist_access_policy": ['Traceback (most recent call last):\n', '  File "/opt/iRedAPD-2.2/libs/utils.py", line 105, in apply_plugin\n', '  File "/opt/iredapd/plugins/ldap_maillist_access_policy.py", line 220, in restriction\n', "UnboundLocalError: local variable 'search_attrs' referenced before assignment\n"]

There's a programming error in the plugin. Please download this fixed one and override "/opt/iredapd/plugins/ldap_maillist_access_policy.py" again:
https://bitbucket.org/zhb/iredapd/raw/c … _policy.py

13 (edited by t10 2018-03-07 17:35:19)

Re: problem with maillist (restriction)

ok, it works
but, maillist with status "disabled" still delivered. (sent by moderators)

Logs:
2018-03-07 16:32:23 DEBUG smtp session: request=smtpd_access_policy
2018-03-07 16:32:23 DEBUG smtp session: protocol_state=RCPT
2018-03-07 16:32:23 DEBUG smtp session: protocol_name=ESMTP
2018-03-07 16:32:23 DEBUG smtp session: client_address=127.0.0.1
2018-03-07 16:32:23 DEBUG smtp session: client_name=mx3.mydomain
2018-03-07 16:32:23 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-03-07 16:32:23 DEBUG smtp session: helo_name=_
2018-03-07 16:32:23 DEBUG smtp session: sender=mamat@mydomain
2018-03-07 16:32:23 DEBUG smtp session: recipient=grouptest@mydomain
2018-03-07 16:32:23 DEBUG smtp session: recipient_count=0
2018-03-07 16:32:23 DEBUG smtp session: queue_id=
2018-03-07 16:32:23 DEBUG smtp session: instance=6a09.5a9fb1a7.1eb76.0
2018-03-07 16:32:23 DEBUG smtp session: size=0
2018-03-07 16:32:23 DEBUG smtp session: etrn_domain=
2018-03-07 16:32:23 DEBUG smtp session: stress=
2018-03-07 16:32:23 DEBUG smtp session: sasl_method=LOGIN
2018-03-07 16:32:23 DEBUG smtp session: sasl_username=mamat@mydomain
2018-03-07 16:32:23 DEBUG smtp session: sasl_sender=
2018-03-07 16:32:23 DEBUG smtp session: ccert_subject=
2018-03-07 16:32:23 DEBUG smtp session: ccert_issuer=
2018-03-07 16:32:23 DEBUG smtp session: ccert_fingerprint=
2018-03-07 16:32:23 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-03-07 16:32:23 DEBUG smtp session: encryption_protocol=TLSv1
2018-03-07 16:32:23 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-03-07 16:32:23 DEBUG smtp session: encryption_keysize=256
2018-03-07 16:32:23 DEBUG LDAP connection initialied success.
2018-03-07 16:32:23 DEBUG LDAP bind success.
2018-03-07 16:32:23 DEBUG --> Apply plugin: reject_null_sender
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO
2018-03-07 16:32:23 DEBUG --> Apply plugin: wblist_rdns
2018-03-07 16:32:23 DEBUG Found SASL username, bypass rDNS check for outbound.
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO
2018-03-07 16:32:23 DEBUG --> Apply plugin: reject_sender_login_mismatch
2018-03-07 16:32:23 DEBUG Sender: mamat@mydomain, SASL username: mamat@mydomain
2018-03-07 16:32:23 DEBUG SKIP: sender == sasl username.
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO
2018-03-07 16:32:23 DEBUG --> Apply plugin: greylisting
2018-03-07 16:32:23 DEBUG Found SASL username, bypass greylisting for outbound email.
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO
2018-03-07 16:32:23 DEBUG --> Apply plugin: throttle
2018-03-07 16:32:23 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO
2018-03-07 16:32:23 DEBUG [+] Getting LDIF data of account: grouptest@mydomain
2018-03-07 16:32:23 DEBUG search base dn: o=domains,dc=mydomain
2018-03-07 16:32:23 DEBUG search scope: SUBTREE
2018-03-07 16:32:23 DEBUG search filter: (&(!(domainStatus=disabled))(|(mail=grouptest@mydomain)(shadowAddress=grouptest@mydomain))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2018-03-07 16:32:23 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy', 'enabledService']
2018-03-07 16:32:23 DEBUG result: [('mail=grouptest@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'objectClass': ['mailList'], 'accessPolicy': ['allowedonly'], 'listAllowedUser': ['mamat@mydomain'], 'enabledService': ['mail', 'deliver', 'displayedInGlobalAddressBook']})]
2018-03-07 16:32:23 DEBUG --> Apply plugin: ldap_maillist_access_policy
2018-03-07 16:32:23 DEBUG Access policy of mailing list (grouptest@mydomain): allowedonly
2018-03-07 16:32:23 DEBUG Primary and all alias domain names of recipient domain (mydomain): mydomain
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO  (Sender is allowed explicitly: mamat@mydomain)
2018-03-07 16:32:23 DEBUG --> Apply plugin: amavisd_wblist
2018-03-07 16:32:23 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-03-07 16:32:23 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-03-07 16:32:23 DEBUG result: []
2018-03-07 16:32:23 DEBUG [LDAP] query target domain of given alias domain (mydomain).
2018-03-07 16:32:23 DEBUG [LDAP] query filter: ((&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=mydomain)))
2018-03-07 16:32:23 DEBUG result: []
2018-03-07 16:32:23 DEBUG Possible policy senders: ['mamat@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1']
2018-03-07 16:32:23 DEBUG Possible policy recipients: ['grouptest@mydomain', '@mydomain', '@.', '@.mydomain']
2018-03-07 16:32:23 DEBUG Apply wblist for outbound message.
2018-03-07 16:32:23 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('mamat@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-03-07 16:32:23 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-03-07 16:32:23 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain')
           ORDER BY priority DESC
2018-03-07 16:32:23 DEBUG No record found in SQL database.
2018-03-07 16:32:23 DEBUG [SQL] Query CIDR network:
SELECT id, email
               FROM mailaddr
              WHERE email LIKE '127.%%'
           ORDER BY priority DESC
2018-03-07 16:32:23 DEBUG No valid sender id or recipient id.
2018-03-07 16:32:23 DEBUG Apply wblist for inbound message.
2018-03-07 16:32:23 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('grouptest@mydomain', '@mydomain', '@.', '@.mydomain')
           ORDER BY priority DESC
2018-03-07 16:32:23 DEBUG Local addresses (in `users`): [(1L, '@.')]
2018-03-07 16:32:23 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('mamat@mydomain', '@mydomain', '@.', '@.mydomain', '127.0.0.1', '127.0.0.*', '127.0.*.1')
           ORDER BY priority DESC
2018-03-07 16:32:23 DEBUG No record found in SQL database.
2018-03-07 16:32:23 DEBUG No valid sender id or recipient id.
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO
2018-03-07 16:32:23 DEBUG Session ended.
2018-03-07 16:32:23 INFO [127.0.0.1] RCPT, mamat@mydomain => grouptest@mydomain, DUNNO [sasl_username=mamat@mydomain, sender=mamat@mydomain, client_name=mx3.mydomain, reverse_client_name=mx3.mydomain, helo=_, encryption_protocol=TLSv1, process_time=0.0191s]
2018-03-07 16:32:23 DEBUG Close LDAP connection.
2018-03-07 16:32:23 DEBUG smtp session: request=smtpd_access_policy
2018-03-07 16:32:23 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2018-03-07 16:32:23 DEBUG smtp session: protocol_name=ESMTP
2018-03-07 16:32:23 DEBUG smtp session: client_address=127.0.0.1
2018-03-07 16:32:23 DEBUG smtp session: client_name=mx3.mydomain
2018-03-07 16:32:23 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-03-07 16:32:23 DEBUG smtp session: helo_name=_
2018-03-07 16:32:23 DEBUG smtp session: sender=mamat@mydomain
2018-03-07 16:32:23 DEBUG smtp session: recipient=grouptest@mydomain
2018-03-07 16:32:23 DEBUG smtp session: recipient_count=1
2018-03-07 16:32:23 DEBUG smtp session: queue_id=3112190160
2018-03-07 16:32:23 DEBUG smtp session: instance=6a09.5a9fb1a7.1eb76.0
2018-03-07 16:32:23 DEBUG smtp session: size=373
2018-03-07 16:32:23 DEBUG smtp session: etrn_domain=
2018-03-07 16:32:23 DEBUG smtp session: stress=
2018-03-07 16:32:23 DEBUG smtp session: sasl_method=LOGIN
2018-03-07 16:32:23 DEBUG smtp session: sasl_username=mamat@mydomain
2018-03-07 16:32:23 DEBUG smtp session: sasl_sender=
2018-03-07 16:32:23 DEBUG smtp session: ccert_subject=
2018-03-07 16:32:23 DEBUG smtp session: ccert_issuer=
2018-03-07 16:32:23 DEBUG smtp session: ccert_fingerprint=
2018-03-07 16:32:23 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-03-07 16:32:23 DEBUG smtp session: encryption_protocol=TLSv1
2018-03-07 16:32:23 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-03-07 16:32:23 DEBUG smtp session: encryption_keysize=256
2018-03-07 16:32:23 DEBUG LDAP connection initialied success.
2018-03-07 16:32:23 DEBUG LDAP bind success.
2018-03-07 16:32:23 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2018-03-07 16:32:23 DEBUG Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
2018-03-07 16:32:23 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2018-03-07 16:32:23 DEBUG Skip plugin: greylisting (protocol_state != END-OF-MESSAGE)
2018-03-07 16:32:23 DEBUG --> Apply plugin: throttle
2018-03-07 16:32:23 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-03-07 16:32:23 DEBUG <-- Result: DUNNO
2018-03-07 16:32:23 DEBUG Skip plugin: ldap_maillist_access_policy (protocol_state != END-OF-MESSAGE)
2018-03-07 16:32:23 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2018-03-07 16:32:23 DEBUG Session ended.
2018-03-07 16:32:23 INFO [127.0.0.1] END-OF-MESSAGE, mamat@mydomain => grouptest@mydomain, DUNNO [recipient_count=1, size=373, process_time=0.0042s]
2018-03-07 16:32:23 DEBUG Close LDAP connection.

14

Re: problem with maillist (restriction)

t10 wrote:

but, maillist with status "disabled" still delivered.

Fixed. Please download this fixed version and override it:
https://bitbucket.org/zhb/iredapd/raw/a … _policy.py

15

Re: problem with maillist (restriction)

ok, it work
but i found new problem, become rejected too when i change it(enabled) again

Logs:
2018-03-07 17:01:03 DEBUG smtp session: request=smtpd_access_policy
2018-03-07 17:01:03 DEBUG smtp session: protocol_state=RCPT
2018-03-07 17:01:03 DEBUG smtp session: protocol_name=ESMTP
2018-03-07 17:01:03 DEBUG smtp session: client_address=127.0.0.1
2018-03-07 17:01:03 DEBUG smtp session: client_name=mx3.mydomain
2018-03-07 17:01:03 DEBUG smtp session: reverse_client_name=mx3.mydomain
2018-03-07 17:01:03 DEBUG smtp session: helo_name=_
2018-03-07 17:01:03 DEBUG smtp session: sender=mamat@mydomain
2018-03-07 17:01:03 DEBUG smtp session: recipient=grouptest@mydomain
2018-03-07 17:01:03 DEBUG smtp session: recipient_count=0
2018-03-07 17:01:03 DEBUG smtp session: queue_id=
2018-03-07 17:01:03 DEBUG smtp session: instance=6a9b.5a9fb85f.29dce.0
2018-03-07 17:01:03 DEBUG smtp session: size=0
2018-03-07 17:01:03 DEBUG smtp session: etrn_domain=
2018-03-07 17:01:03 DEBUG smtp session: stress=
2018-03-07 17:01:03 DEBUG smtp session: sasl_method=LOGIN
2018-03-07 17:01:03 DEBUG smtp session: sasl_username=mamat@mydomain
2018-03-07 17:01:03 DEBUG smtp session: sasl_sender=
2018-03-07 17:01:03 DEBUG smtp session: ccert_subject=
2018-03-07 17:01:03 DEBUG smtp session: ccert_issuer=
2018-03-07 17:01:03 DEBUG smtp session: ccert_fingerprint=
2018-03-07 17:01:03 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-03-07 17:01:03 DEBUG smtp session: encryption_protocol=TLSv1
2018-03-07 17:01:03 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES256-SHA
2018-03-07 17:01:03 DEBUG smtp session: encryption_keysize=256
2018-03-07 17:01:03 DEBUG LDAP connection initialied success.
2018-03-07 17:01:03 DEBUG LDAP bind success.
2018-03-07 17:01:03 DEBUG --> Apply plugin: reject_null_sender
2018-03-07 17:01:03 DEBUG <-- Result: DUNNO
2018-03-07 17:01:03 DEBUG --> Apply plugin: wblist_rdns
2018-03-07 17:01:03 DEBUG Found SASL username, bypass rDNS check for outbound.
2018-03-07 17:01:03 DEBUG <-- Result: DUNNO
2018-03-07 17:01:03 DEBUG --> Apply plugin: reject_sender_login_mismatch
2018-03-07 17:01:03 DEBUG Sender: mamat@mydomain, SASL username: mamat@mydomain
2018-03-07 17:01:03 DEBUG SKIP: sender == sasl username.
2018-03-07 17:01:03 DEBUG <-- Result: DUNNO
2018-03-07 17:01:03 DEBUG --> Apply plugin: greylisting
2018-03-07 17:01:03 DEBUG Found SASL username, bypass greylisting for outbound email.
2018-03-07 17:01:03 DEBUG <-- Result: DUNNO
2018-03-07 17:01:03 DEBUG --> Apply plugin: throttle
2018-03-07 17:01:03 DEBUG SKIP: Sender domain (@mydomain) is same as recipient domain.
2018-03-07 17:01:03 DEBUG <-- Result: DUNNO
2018-03-07 17:01:03 DEBUG [+] Getting LDIF data of account: grouptest@mydomain
2018-03-07 17:01:03 DEBUG search base dn: o=domains,dc=mydomain
2018-03-07 17:01:03 DEBUG search scope: SUBTREE
2018-03-07 17:01:03 DEBUG search filter: (&(!(domainStatus=disabled))(|(mail=grouptest@mydomain)(shadowAddress=grouptest@mydomain))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2018-03-07 17:01:03 DEBUG search attributes: ['objectClass', 'listAllowedUser', 'accessPolicy', 'enabledService']
2018-03-07 17:01:03 DEBUG result: [('mail=grouptest@mydomain,ou=Groups,domainName=mydomain,o=domains,dc=mydomain', {'objectClass': ['mailList'], 'accessPolicy': ['allowedonly'], 'listAllowedUser': ['mamat@mydomain'], 'enabledService': ['mail', 'deliver', 'displayedInGlobalAddressBook']})]
2018-03-07 17:01:03 DEBUG --> Apply plugin: ldap_maillist_access_policy
2018-03-07 17:01:03 DEBUG Recipient (mailing list) is disabled, message rejected.
2018-03-07 17:01:03 DEBUG <-- Result: REJECT Policy rejection
2018-03-07 17:01:03 DEBUG Session ended.
2018-03-07 17:01:03 INFO [127.0.0.1] RCPT, mamat@mydomain => grouptest@mydomain, REJECT Policy rejection [sasl_username=mamat@mydomain, sender=mamat@mydomain, client_name=mx3.mydomain, reverse_client_name=mx3.mydomain, helo=_, encryption_protocol=TLSv1, process_time=0.0400s]
2018-03-07 17:01:03 DEBUG Close LDAP connection.

16

Re: problem with maillist (restriction)

Stupid me...

Fixed. Please download this fixed version and override it:
https://bitbucket.org/zhb/iredapd/raw/d … _policy.py

17

Re: problem with maillist (restriction)

Ok...Solved big_smile

18

Re: problem with maillist (restriction)

Thanks for the feedback and help. smile