主题: 请教张工:plugins = ldap_recipient_restrictions 这个没有生效,可能是什么问题.
==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本:0.6.0
- 使用的 Linux/BSD 发行版名称及版本号:CentOS 5.5
- 与您的问题相关的日志信息:
-iredapd: 1.3.8 用ldap 方式
安装了iredapd后,plugins中block_amavisd_blacklisted_senders和ldap_maillist_access_policy两个是生效的,ldap_recipient_restrictions没有生效,在ldap里面用户添加了mailBlacklistRecipient=@.后,该用户还是可以发邮件外出,没有生效,可能是什么问题呢?
相应的设置如下
# netstat -antp |grep 777
tcp 0 0 127.0.0.1:7777 0.0.0.0:* LISTEN 2900/python
tcp 0 0 127.0.0.1:7778 0.0.0.0:* LISTEN 2904/python
[root@mail1 plugins]# tail -f /var/log/iredapd.log
2012-12-17 23:21:51 INFO [192.168.1.105] test1@silence.com -> test11@hua.com, DUNNO
2012-12-17 23:25:27 INFO Starting iredapd (v1.3.8, ldap). Enabled plugin(s): ldap_maillist_access_policy, block_amavisd_blacklisted_senders. Listening on 127.0.0.1:7777.
2012-12-17 23:29:17 INFO [192.168.1.105] test1@silence.com -> 282490326@qq.com, DUNNO
2012-12-17 23:35:47 INFO [192.168.1.105] test1@silence.com -> 282490326@qq.com, DUNNO
2012-12-17 23:48:53 INFO [192.168.1.105] test1@silence.com -> 282490326@qq.com, DUNNO
2012-12-17 23:51:35 INFO Starting iredapd (v1.3.8, ldap). Enabled plugin(s): ldap_maillist_access_policy, block_amavisd_blacklisted_senders. Listening on 127.0.0.1:7777.
2012-12-17 23:52:22 INFO [192.168.1.105] test1@silence.com -> 282490326@qq.com, DUNNO
2012-12-18 00:04:16 INFO [192.168.1.105] test1@silence.com -> 282490326@qq.com, DUNNO
2012-12-18 00:06:51 INFO Starting iredapd (v1.3.8, ldap). Enabled plugin(s): ldap_maillist_access_policy, block_amavisd_blacklisted_senders. Listening on 127.0.0.1:7777.
2012-12-18 00:19:07 INFO Starting iredapd (v1.3.8, ldap). Enabled plugin(s): ldap_maillist_access_policy, block_amavisd_blacklisted_senders. Listening on 127.0.0.1:7777.
[root@mail1 plugins]# tail -f /var/log/iredapd-rr.log
2012-12-17 23:21:51 INFO [192.168.1.105] test1@silence.com -> test11@hua.com, DUNNO
2012-12-17 23:25:27 INFO Starting iredapd (v1.3.8, pid: 2738), listening on 127.0.0.1:7778.
2012-12-17 23:29:17 INFO [192.168.1.105] test1@silence.com -> 282490326@qq.com, DUNNO
2012-12-17 23:35:47 INFO [192.168.1.105] test1@silence.com -> 282490326@qq.com, DUNNO
2012-12-17 23:48:53 INFO [192.168.1.105] test1@silence.com -> 282490326@qq.com, DUNNO
2012-12-17 23:51:35 INFO Starting iredapd (v1.3.8, pid: 2741), listening on 127.0.0.1:7778.
2012-12-17 23:52:21 INFO [192.168.1.105] test1@silence.com -> 282490326@qq.com, DUNNO
2012-12-18 00:04:16 INFO [192.168.1.105] test1@silence.com -> 282490326@qq.com, DUNNO
2012-12-18 00:06:52 INFO Starting iredapd (v1.3.8, pid: 2751), listening on 127.0.0.1:7778.
2012-12-18 00:19:12 INFO Starting iredapd (v1.3.8, pid: 2902), listening on 127.0.0.1:7778.
[root@mail1 etc]# more iredapd-rr.ini
[general]
# Listen address and port.
listen_addr = 127.0.0.1
listen_port = 7778
# Run as a low privileged user.
# If you don't want to create one, you can try 'nobody'.
run_as_user = iredapd
# Background/daemon mode: yes, no.
# Detach iredapd from terminal. It's recommended to always running as daemon.
run_as_daemon = yes
# Path to pid file.
pid_file = /var/run/iredapd-rr.pid
# Log type: file.
# Note:
# - Currently, only 'file' type is supported.
# - If log_type is 'file', log_file is required.
# - If log_type is 'mysql', sql related info are required.
log_type = file
log_file = /var/log/iredapd-rr.log
# Log level: info, error, debug.
log_level = info
# Backend: ldap, mysql, pgsql.
backend = ldap
# Bypass clients listed in postfix 'mynetworks': yes, no.
bypass_mynetworks = no
[ldap]
# For ldap backend only.
# LDAP server setting.
# Uri must starts with ldap:// or ldaps:// (TLS/SSL).
#
# Tip: You can get binddn, bindpw from /etc/postfix/ldap_*.cf.
#
uri = ldap://127.0.0.1:389
binddn = cn=vmail,dc=silence,dc=com
bindpw = 75072494414164817048626814
basedn = o=domains,dc=silence,dc=com
# Enabled plugins.
# - Plugin name is file name which placed under 'src/plugins/' directory.
# - Plugin names MUST be seperated by comma.
plugins = ldap_recipient_restrictions
main.cf的相关设置:
...
...
smtpd_sender_restrictions = check_policy_service inet:127.0.0.1:7778, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
...
...
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlis
ted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostna
me, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
master.cf的设置:
[root@mail1 plugins]# more /etc/postfix/master.cf |grep -v "#"
smtp inet n - - - - smtpd
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
pickup fifo n - n 60 1 pickup
-o content_filter=
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${domain}
procmail unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/bin/procmail -r -t SENDER=${sender} RECIPIENT=${recipient} DOMAIN=${nexthop} -m USER=${user} EXTENSION=${extension} /etc/procmailrc
smtp-amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings