1

Topic: Moderation not working

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 1.3.1 OPENLDAP edition..
- Linux/BSD distribution name and version: CentOS Linux release 7.6.1810 (Core)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I am facing challenges with iredadmin -Pro 4.5 Moderation,is not working for mailing lists,when you set restriction to allow only moderators to send to the list,the condition does not work instead every member of the list is able to send to the list,please assist.

2

Re: Moderation not working

I will try to reproduce it locally, stay tuned.

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee

3

Re: Moderation not working

ZhangHuangbin wrote:

I will try to reproduce it locally, stay tuned.

Thanks Zhang.

4

Re: Moderation not working

Btw, is this a subscribeable mailing list?

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee

5

Re: Moderation not working

ZhangHuangbin wrote:

Btw, is this a subscribeable mailing list?

No its not,its a normal mailing list

6

Re: Moderation not working

- Please turn on debug mode in iRedAPD, restart "iredapd" service, then send a testing mail to reproduce your issue.
- Extract all log lines of this testing email and paste here for troubleshooting.

FYI: https://docs.iredmail.org/debug.iredapd.html

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee

7

Re: Moderation not working

Aug 15 20:22:39 email postfix/submission/smtpd[8407]: 387FAF00088: client=unknown[IP], sasl_method=LOGIN, sasl_username=user@domain.com
Aug 15 20:22:39 email postfix/cleanup[4960]: 387FAF00088: message-id=<172001d67328$3ac28140$b04783c0$@domain.com>
Aug 15 20:22:39 email postfix/qmgr[26538]: 387FAF00088: from=<bozra@domain.com>, size=2673, nrcpt=12 (queue active)
Aug 15 20:22:39 email postfix/pipe[10130]: 387FAF00088: to=<user1@domain.com>, relay=dovecot, delay=0.5, delays=0.15/0.07/0/0.28, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10132]: 387FAF00088: to=<user2@domain.com>, relay=dovecot, delay=0.55, delays=0.15/0.08/0/0.32, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[8369]: 387FAF00088: to=<user3@domain.com>, relay=dovecot, delay=0.55, delays=0.15/0.06/0/0.34, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10135]: 387FAF00088: to=<user4@domain.com>, relay=dovecot, delay=0.6, delays=0.15/0.09/0/0.36, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10140]: 387FAF00088: to=<user5@domain.com>, relay=dovecot, delay=0.63, delays=0.15/0.13/0/0.36, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10144]: 387FAF00088: to=<user6@domain.com>, relay=dovecot, delay=0.63, delays=0.15/0.14/0/0.34, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10138]: 387FAF00088: to=<user7@domain.com>, relay=dovecot, delay=0.63, delays=0.15/0.11/0/0.37, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10146]: 387FAF00088: to=<user8@domain.com>, relay=dovecot, delay=0.65, delays=0.15/0.15/0/0.35, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10150]: 387FAF00088: to=<user9@domain.com>, relay=dovecot, delay=0.65, delays=0.15/0.17/0/0.33, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10142]: 387FAF00088: to=<user10@domain.com>, relay=dovecot, delay=0.66, delays=0.15/0.13/0/0.37, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10136]: 387FAF00088: to=<user11@domain.com>, relay=dovecot, delay=0.68, delays=0.15/0.1/0/0.43, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10148]: 387FAF00088: to=<user12@domain.com>, relay=dovecot, delay=0.72, delays=0.15/0.16/0/0.4, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/qmgr[26538]: 387FAF00088: removed

8

Re: Moderation not working

Did you manage to check on this issue?

Bozra wrote:

Aug 15 20:22:39 email postfix/submission/smtpd[8407]: 387FAF00088: client=unknown[IP], sasl_method=LOGIN, sasl_username=user@domain.com
Aug 15 20:22:39 email postfix/cleanup[4960]: 387FAF00088: message-id=<172001d67328$3ac28140$b04783c0$@domain.com>
Aug 15 20:22:39 email postfix/qmgr[26538]: 387FAF00088: from=<bozra@domain.com>, size=2673, nrcpt=12 (queue active)
Aug 15 20:22:39 email postfix/pipe[10130]: 387FAF00088: to=<user1@domain.com>, relay=dovecot, delay=0.5, delays=0.15/0.07/0/0.28, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10132]: 387FAF00088: to=<user2@domain.com>, relay=dovecot, delay=0.55, delays=0.15/0.08/0/0.32, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[8369]: 387FAF00088: to=<user3@domain.com>, relay=dovecot, delay=0.55, delays=0.15/0.06/0/0.34, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10135]: 387FAF00088: to=<user4@domain.com>, relay=dovecot, delay=0.6, delays=0.15/0.09/0/0.36, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10140]: 387FAF00088: to=<user5@domain.com>, relay=dovecot, delay=0.63, delays=0.15/0.13/0/0.36, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10144]: 387FAF00088: to=<user6@domain.com>, relay=dovecot, delay=0.63, delays=0.15/0.14/0/0.34, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10138]: 387FAF00088: to=<user7@domain.com>, relay=dovecot, delay=0.63, delays=0.15/0.11/0/0.37, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10146]: 387FAF00088: to=<user8@domain.com>, relay=dovecot, delay=0.65, delays=0.15/0.15/0/0.35, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10150]: 387FAF00088: to=<user9@domain.com>, relay=dovecot, delay=0.65, delays=0.15/0.17/0/0.33, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10142]: 387FAF00088: to=<user10@domain.com>, relay=dovecot, delay=0.66, delays=0.15/0.13/0/0.37, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10136]: 387FAF00088: to=<user11@domain.com>, relay=dovecot, delay=0.68, delays=0.15/0.1/0/0.43, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/pipe[10148]: 387FAF00088: to=<user12@domain.com>, relay=dovecot, delay=0.72, delays=0.15/0.16/0/0.4, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 15 20:22:39 email postfix/qmgr[26538]: 387FAF00088: removed

9

Re: Moderation not working

I need related log lines in /var/log/iredapd/iredapd.log.

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee

10

Re: Moderation not working

ZhangHuangbin wrote:

I need related log lines in /var/log/iredapd/iredapd.log.

Hi Zhang,

Please find the logs below

where the moderated list =list@domain.com
                moderator  id= moderator@domain.com
                sender id = user@domain.com


Oct  8 14:15:26 email journal: iredapd [srs][recipient]  input: get list@domain.com
Oct  8 14:15:26 email journal: iredapd [policy] recipient=list@domain.com
Oct  8 14:15:26 email journal: iredapd [+] Getting LDIF data of account: list@domain.com
Oct  8 14:15:26 email journal: iredapd search base dn: o=domains,dc=domain,dc=co,dc=tz#012search scope: SUBTREE #012search filter: (&(!(domainStatus=disabled))(|(mail=list@domain.com)(shadowAddress=list@domain.com))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))#012search attributes: ['objectClass', 'accountStatus', 'listAllowedUser', 'accessPolicy', 'enabledService']
Oct  8 14:15:26 email journal: iredapd result: [('mail=list@domain.com,ou=Groups,domainName=domain.com,o=domains,dc=domain,dc=co,dc=tz', {'objectClass': [b'mailList'], 'accountStatus': [b'active'], 'enabledService': [b'mail', b'deliver'], 'accessPolicy': [b'moderatorsonly'], 'listAllowedUser': [b'moderator@domain.com']})]
Oct  8 14:15:26 email journal: iredapd Possible policy recipients: ['list@domain.com', '@domain.com', '@.', '@.domain.com', '@.co.tz', '@.tz']
Oct  8 14:15:26 email journal: iredapd [SQL] Query external addresses: #012SELECT id, email#012               FROM mailaddr#012              WHERE email IN ('list@domain.com', '@domain.com', '@.', '@.domain.com', '@.co.tz', '@.tz')#012           ORDER BY priority DESC
Oct  8 14:15:26 email journal: iredapd [SQL] Query local addresses: #012SELECT id, email#012               FROM users#012              WHERE email IN ('list@domain.com', '@domain.com', '@.', '@.domain.com', '@.co.tz', '@.tz')#012           ORDER BY priority DESC
Oct  8 14:15:26 email journal: iredapd [IP] RCPT, user@domain.com => list@domain.com, OK [sasl_username=user@domain.com, sender=user@domain.com, client_name=unknown, reverse_client_name=unknown, helo=PCNAME, encryption_protocol=TLSv1.2, encryption_cipher=ECDHE-RSA-AES256-SHA384, server_port=, process_time=0.0580s]
Oct  8 14:15:26 email journal: iredapd [SQL] Insert into smtp_sessions: #012        INSERT INTO smtp_sessions (#012            time, time_num,#012            action, reason, instance,#012            client_address, client_name, reverse_client_name, helo_name,#012            encryption_protocol, encryption_cipher,#012            server_address, server_port,#012            sender, sender_domain,#012            sasl_username, sasl_domain,#012            recipient, recipient_domain)#012        VALUES (#012            '2020-10-08 11:15:26', 1602155726,#012            'OK', '', '5ba.5f7ef4ce.dd1a9.0',#012            'IP', 'unknown', 'unknown', 'PCNAME',#012            'TLSv1.2', 'ECDHE-RSA-AES256-SHA384',#012            '', '',#012            'user@domain.com', 'domain.com',#012            'user@domain.com', 'domain.com',#012            'list@domain.com', 'domain.com')
Oct  8 14:15:27 email journal: iredapd [policy] recipient=list@domain.com
Oct  8 14:15:27 email journal: iredapd [IP] END-OF-MESSAGE, user@domain.com => list@domain.com, DUNNO [recipient_count=1, size=2545, process_time=0.0057s]
Oct  8 14:15:27 email journal: iredapd [SQL] Insert into smtp_sessions: #012        INSERT INTO smtp_sessions (#012            time, time_num,#012            action, reason, instance,#012            client_address, client_name, reverse_client_name, helo_name,#012            encryption_protocol, encryption_cipher,#012            server_address, server_port,#012            sender, sender_domain,#012            sasl_username, sasl_domain,#012            recipient, recipient_domain)#012        VALUES (#012            '2020-10-08 11:15:27', 1602155727,#012            'DUNNO', '', '5ba.5f7ef4ce.dd1a9.0',#012            'IP', 'unknown', 'unknown', 'PCNAME',#012            'TLSv1.2', 'ECDHE-RSA-AES256-SHA384',#012            '', '',#012            'user@domain.com', 'domain.com',#012            'user@domain.com', 'domain.com',#012            'list@domain.com', 'domain.com')
Oct  8 14:15:27 email journal: iredapd [srs][recipient]  input: get list@domain.com

11

Re: Moderation not working

Could you apply this patch for iRedAPD-4.4 and try again?
https://github.com/iredmail/iRedAPD/com … 5c2922e7f2

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee

12

Re: Moderation not working

Hello Team,
I am facing the same issue as detailed below, please help to the solution to resolve the issue.
I have a problem with iredmail maillist restriction. After migrating to a new server with latest OS and iredmail services, all configurations are working fine except maillist restriction. If i set mail list to only moderator can send, it doesnt work as anybody can send to that group. I have enabled ldap_malist_policy_access in iredpad/settings plugins as: plugins = ["reject_null_sender", "wblist_rdns", "greylisting", "throttle", "amavisd_wblist", "ldap_maillist_access_policy"]
and also connect from postfix as:

# Recipient restrictions
smtpd_recipient_restrictions =
    reject_unknown_sender_domain
    reject_non_fqdn_sender
    reject_unknown_recipient_domain
    reject_non_fqdn_recipient
    reject_unlisted_recipient
    check_policy_service inet:10.1.2.100:7777
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination
   # check_policy_service inet:127.0.0.1:12340

# END-OF-MESSAGE restrictions
smtpd_end_of_data_restrictions =
    check_policy_service inet:10.1.2.100:7777

The maillist ldif are as follows:-

dn: mail=mtest@demo.egov.go.tz,ou=Groups,domainName=demo.egov.go.tz,o=domains,dc=gov,dc=go,dc=tz
accessPolicy: allowedOnly
accountStatus: active
cn: moderator testing
enabledService: mail
enabledService: deliver
listAllowedUser: test1.demo@demo.egov.go.tz
mail: mtest@demo.egov.go.tz
objectClass: mailList


The logs in iredapd is set in debug mode and below are the logs showing when a user (non moderator)  test3.demo@demo.egov.go.tz sent an email to a group mtest@demo.egov.go.tz  but it get delivered to its members.

Jan 20 15:33:36 imap journal: iredapd [policy] sender=test3.demo@demo.egov.go.tz
Jan 20 15:33:36 imap journal: iredapd [policy] recipient=mtest@demo.egov.go.tz
Jan 20 15:33:36 imap journal: iredapd [policy] sasl_username=test3.demo@demo.egov.go.tz
Jan 20 15:33:36 imap journal: iredapd Sender: test3.demo@demo.egov.go.tz, SASL username: test3.demo@demo.egov.go.tz
Jan 20 15:33:36 imap journal: iredapd [+] Getting LDIF data of account: mtest@demo.egov.go.tz
Jan 20 15:33:36 imap journal: iredapd search base dn: o=domains,dc=gov,dc=go,dc=tz#012search scope: SUBTREE #012search filter: (&(!(domainStatus=disabled))(|(mail=mtest@demo.egov.go.tz)(shadowAddress=mtest@demo.egov.go.tz))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))#012search attributes: ['objectClass', 'accountStatus', 'listAllowedUser', 'accessPolicy', 'enabledService']
Jan 20 15:33:36 imap journal: iredapd [LDAP] query target domain of given alias domain: demo.egov.go.tz#012[LDAP] query filter: (&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=demo.egov.go.tz))
Jan 20 15:33:36 imap journal: iredapd [LDAP] query target domain of given alias domain: demo.egov.go.tz#012[LDAP] query filter: (&(objectClass=mailDomain)(accountStatus=active)(domainAliasName=demo.egov.go.tz))
Jan 20 15:33:36 imap journal: iredapd Possible policy senders: ['test3.demo@demo.egov.go.tz', '@demo.egov.go.tz', '@.', '@.demo.egov.go.tz', '@.egov.go.tz', '@.go.tz', '@.tz', '10.1.2.55', '10.1.2.*', '10.1.*.55']
Jan 20 15:33:36 imap journal: iredapd Possible policy recipients: ['mtest@demo.egov.go.tz', '@demo.egov.go.tz', '@.', '@.demo.egov.go.tz', '@.egov.go.tz', '@.go.tz', '@.tz']
Jan 20 15:33:36 imap journal: iredapd [SQL] Query local addresses: #012SELECT id, email#012               FROM users#012              WHERE email IN ('test3.demo@demo.egov.go.tz', '@demo.egov.go.tz', '@.', '@.demo.egov.go.tz', '@.egov.go.tz', '@.go.tz', '@.tz', '10.1.2.55', '10.1.2.*', '10.1.*.55')#012           ORDER BY priority DESC
Jan 20 15:33:36 imap journal: iredapd [SQL] Query external addresses: #012SELECT id, email#012               FROM mailaddr#012              WHERE email IN ('mtest@demo.egov.go.tz', '@demo.egov.go.tz', '@.', '@.demo.egov.go.tz', '@.egov.go.tz', '@.go.tz', '@.tz')#012           ORDER BY priority DESC
Jan 20 15:33:36 imap journal: iredapd [SQL] Query local addresses: #012SELECT id, email#012               FROM users#012              WHERE email IN ('mtest@demo.egov.go.tz', '@demo.egov.go.tz', '@.', '@.demo.egov.go.tz', '@.egov.go.tz', '@.go.tz', '@.tz')#012           ORDER BY priority DESC
Jan 20 15:33:36 imap journal: iredapd [SQL] Query external addresses: #012SELECT id, email#012               FROM mailaddr#012              WHERE email IN ('test3.demo@demo.egov.go.tz', '@demo.egov.go.tz', '@.', '@.demo.egov.go.tz', '@.egov.go.tz', '@.go.tz', '@.tz', '10.1.2.55', '10.1.2.*', '10.1.*.55')#012           ORDER BY priority DESC
Jan 20 15:33:36 imap journal: iredapd [10.1.2.55] RCPT, test3.demo@demo.egov.go.tz => mtest@demo.egov.go.tz, OK [sasl_username=test3.demo@demo.egov.go.tz, sender=test3.demo@demo.egov.go.tz, client_name=unknown, reverse_client_name=unknown, helo=10.1.2.54, encryption_protocol=TLSv1.2, encryption_cipher=ECDHE-RSA-AES256-GCM-SHA384, server_port=, process_time=0.0156s]
Jan 20 15:33:36 imap journal: iredapd [SQL] Insert into smtp_sessions: #012        INSERT INTO smtp_sessions (#012            time, time_num,#012            action, reason, instance,#012            client_address, client_name, reverse_client_name, helo_name,#012            encryption_protocol, encryption_cipher,#012            server_address, server_port,#012            sender, sender_domain,#012            sasl_username, sasl_domain,#012            recipient, recipient_domain)#012        VALUES (#012            '2021-01-20 12:33:36', 1611146016,#012            'OK', '', '12ba4.60082320.2f034.0',#012            '10.1.2.55', 'unknown', 'unknown', '10.1.2.54',#012            'TLSv1.2', 'ECDHE-RSA-AES256-GCM-SHA384',#012            '', '',#012            'test3.demo@demo.egov.go.tz', 'demo.egov.go.tz',#012            'test3.demo@demo.egov.go.tz', 'demo.egov.go.tz',#012            'mtest@demo.egov.go.tz', 'demo.egov.go.tz')
Jan 20 15:33:36 imap journal: iredapd [policy] sender=test3.demo@demo.egov.go.tz
Jan 20 15:33:36 imap journal: iredapd [policy] recipient=mtest@demo.egov.go.tz
Jan 20 15:33:36 imap journal: iredapd [policy] sasl_username=test3.demo@demo.egov.go.tz
Jan 20 15:33:36 imap journal: iredapd [10.1.2.55] END-OF-MESSAGE, test3.demo@demo.egov.go.tz => mtest@demo.egov.go.tz, DUNNO [recipient_count=1, size=2374, process_time=0.0020s]
Jan 20 15:33:36 imap journal: iredapd [SQL] Insert into smtp_sessions: #012        INSERT INTO smtp_sessions (#012            time, time_num,#012            action, reason, instance,#012            client_address, client_name, reverse_client_name, helo_name,#012            encryption_protocol, encryption_cipher,#012            server_address, server_port,#012            sender, sender_domain,#012            sasl_username, sasl_domain,#012            recipient, recipient_domain)#012        VALUES (#012            '2021-01-20 12:33:36', 1611146016,#012            'DUNNO', '', '12ba4.60082320.2f034.0',#012            '10.1.2.55', 'unknown', 'unknown', '10.1.2.54',#012            'TLSv1.2', 'ECDHE-RSA-AES256-GCM-SHA384',#012            '', '',#012            'test3.demo@demo.egov.go.tz', 'demo.egov.go.tz',#012            'test3.demo@demo.egov.go.tz', 'demo.egov.go.tz',#012            'mtest@demo.egov.go.tz', 'demo.egov.go.tz')
Jan 20 15:33:36 imap journal: iredapd [policy] sender=test3.demo@demo.egov.go.tz
Jan 20 15:33:36 imap journal: iredapd [10.1.2.54] RCPT, test3.demo@demo.egov.go.tz -> arch2@gmsarch.gov.go.tz, OK [sasl_username=, sender=test3.demo@demo.egov.go.tz, client_name=unknown, reverse_client_name=unknown, helo=imap-ngoro.eganet.go.tz, encryption_protocol=TLSv1.2, encryption_cipher=ECDHE-RSA-AES256-GCM-SHA384, server_port=25, process_time=0.0195s]
Jan 20 15:33:36 imap journal: iredapd [10.1.2.54] END-OF-MESSAGE, test3.demo@demo.egov.go.tz -> arch2@gmsarch.gov.go.tz, DUNNO [recipient_count=1, size=4020, process_time=0.0106s]
Jan 20 15:33:36 imap journal: iredapd [10.1.2.54] RCPT, test3.demo@demo.egov.go.tz -> ramadhani.mdachi@ega.go.tz, OK [sasl_username=, sender=test3.demo@demo.egov.go.tz, client_name=unknown, reverse_client_name=unknown, helo=imap-ngoro.eganet.go.tz, encryption_protocol=TLSv1.2, encryption_cipher=ECDHE-RSA-AES256-GCM-SHA384, server_port=25, process_time=0.0190s]
Jan 20 15:33:36 imap journal: iredapd [10.1.2.54] END-OF-MESSAGE, test3.demo@demo.egov.go.tz -> ramadhani.mdachi@ega.go.tz, DUNNO [recipient_count=1, size=4026, process_time=0.0101s]

Output of postconf smtpd_recipient_restrictions

postconf smtpd_recipient_restrictions
smtpd_recipient_restrictions = reject_unknown_sender_domain reject_non_fqdn_sender reject_unknown_recipient_domain reject_non_fqdn_recipient reject_unlisted_recipient check_policy_service inet:10.1.2.54:7777 permit_mynetworks permit_sasl_authenticated reject_unauth_destination


postconf smtpd_end_of_data_restrictions
smtpd_end_of_data_restrictions = check_policy_service inet:10.1.2.54:7777