1

Topic: Deliver restrictions for lists ignored

Hi

I'm running iRedmail 0.8.2 and iRedadmin Pro 1.8.1 (LDAP) on Ubuntu 10.04.4 LTS.

I'm having trouble with deliver restrictions on mail lists being ignored. Even if I set it to "members only" everyone can send mail to the lists. I know that it worked a while ago so I guess something have happend in when upgrading, not sure when though. Any suggestions?

Thanks // Tomas

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Deliver restrictions for lists ignored

Hi Tomas,

Sorry about this trouble.
Could you please set 'loglevel = debug' in /opt/iredapd/etc/iredapd.ini, restart iRedAPD service and test deliver restriction again? Paste related log in /var/log/iredapd.log here to help troubleshoot.

3

Re: Deliver restrictions for lists ignored

Hi thanks for a quick reply, here is the log output when sending a mail that should not get through to the list.

This line looks interesting:
"2012-12-07 15:43:10 INFO Error: plugin ldap_maillist_access_policy.py not exist."

Log output:
2012-12-07 15:43:10 DEBUG Connect from 127.0.0.1, port 43668.
2012-12-07 15:43:10 DEBUG smtp session: request=smtpd_access_policy
2012-12-07 15:43:10 DEBUG smtp session: protocol_state=RCPT
2012-12-07 15:43:10 DEBUG smtp session: protocol_name=ESMTP
2012-12-07 15:43:10 DEBUG smtp session: client_address=127.0.0.1
2012-12-07 15:43:10 DEBUG smtp session: client_name=localhost
2012-12-07 15:43:10 DEBUG smtp session: reverse_client_name=localhost
2012-12-07 15:43:10 DEBUG smtp session: helo_name=mail.jarlmagnussonab.se
2012-12-07 15:43:10 DEBUG smtp session: sender=tomas.spangberg@jarlmagnussonab.se
2012-12-07 15:43:10 DEBUG smtp session: recipient=alla@spangberg.eu
2012-12-07 15:43:10 DEBUG smtp session: recipient_count=0
2012-12-07 15:43:10 DEBUG smtp session: queue_id=
2012-12-07 15:43:10 DEBUG smtp session: instance=4f07.50c2007e.6a1a3.0
2012-12-07 15:43:10 DEBUG smtp session: size=0
2012-12-07 15:43:10 DEBUG smtp session: etrn_domain=
2012-12-07 15:43:10 DEBUG smtp session: stress=
2012-12-07 15:43:10 DEBUG smtp session: sasl_method=LOGIN
2012-12-07 15:43:10 DEBUG smtp session: sasl_username=tomas.spangberg@jarlmagnussonab.se
2012-12-07 15:43:10 DEBUG smtp session: sasl_sender=
2012-12-07 15:43:10 DEBUG smtp session: ccert_subject=
2012-12-07 15:43:10 DEBUG smtp session: ccert_issuer=
2012-12-07 15:43:10 DEBUG smtp session: ccert_fingerprint=
2012-12-07 15:43:10 DEBUG smtp session: encryption_protocol=
2012-12-07 15:43:10 DEBUG smtp session: encryption_cipher=
2012-12-07 15:43:10 DEBUG smtp session: encryption_keysize=0
2012-12-07 15:43:10 DEBUG LDAP connection initialied success.
2012-12-07 15:43:10 DEBUG LDAP bind success.
2012-12-07 15:43:10 DEBUG __get_recipient_dn_ldif (recipient): alla@spangberg.eu
2012-12-07 15:43:10 DEBUG __get_recipient_dn_ldif (ldap query filter): (&(|(mail=alla@spangberg.eu)(shadowAddress=alla@spangberg.eu))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2012-12-07 15:43:10 DEBUG __get_recipient_dn_ldif (ldap query result): [('mail=alla@spangberg.eu,ou=Groups,domainName=spangberg.eu,o=domains,dc=jalle,dc=local', {'cn': ['alla'], 'objectClass': ['mailList'], 'accountStatus': ['active'], 'accessPolicy': ['membersOnly'], 'mail': ['alla@spangberg.eu'], 'enabledService': ['mail', 'deliver']})]
2012-12-07 15:43:10 INFO Error: plugin ldap_maillist_access_policy.py not exist.
2012-12-07 15:43:10 DEBUG Final action: None.
2012-12-07 15:43:10 INFO [127.0.0.1] tomas.spangberg@jarlmagnussonab.se -> alla@spangberg.eu, DUNNO
2012-12-07 15:43:10 DEBUG Connection closed
2012-12-07 15:43:10 DEBUG Close LDAP connection.

Cheers!
// Tomas

4

Re: Deliver restrictions for lists ignored

Spångberg wrote:

2012-12-07 15:43:10 INFO Error: plugin ldap_maillist_access_policy.py not exist.

What's the file owner and permission of this file? Please show me output of below command:

# ls -l /opt/iredapd/src/plugins/

All files under /opt/iredapd/ should be owned by "iredapd:iredapd", file permission 0755, but config file /opt/iredapd/etc/*.ini MUST be set to 0500 so that others cannot read username/password in it.

5

Re: Deliver restrictions for lists ignored

Great! That was it, thanks!
// Tomas