需要添加 amavisWhitelistSender 需要先添加 amavisAccount 的 object class。是否有方法可以批量添加amavisAccount属性?
支持 Red Hat Enterprise Linux, CentOS, Scientific Linux, Debian, Ubuntu, FreeBSD, OpenBSD
您尚未登陆。 请选择登陆或是注册一个新账号。
iRedMail 开源邮件服务解决方案 » 由 satan 发表的文章
需要添加 amavisWhitelistSender 需要先添加 amavisAccount 的 object class。是否有方法可以批量添加amavisAccount属性?
好像无法添加mailBlacklistSender 类似的属性
是添加mailWhitelistRecipient 以及mailBlacklistRecipient 的属性吗?
iredmail版本是0.7.0 iredadmin-pro版本是1.5.0 的
/etc/openldap/slapd.conf中已设置为
include /etc/openldap/schema/amavisd-new.schema
我想屏蔽一个垃圾邮箱,所以我在 Bypass mails from below senders 里添加内容时提示 Error: attribute 'amavisWhitelistSender' not allowed Object class violation
但是我在 Bypass mails sent to below recipients 添加时一切正常。可以正常起到限制作用。所以想请教张站长是什么原因?
请教张站长,LDAP环境可以设置用户第一次登陆强制修改密码吗?我看到有MYSQL环境的,不知LDAP下可否实现?
我的环境是centos+iredmail+ldap 请问可以设置第一次登陆必须修改密码吗?
[root@mail ~]# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = XXXX
myhostname =XXXX
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin =XXXX
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.5.9/README_FILES
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_user.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:ldap:/etc/postfix/ldap/relay_domains.cf
sample_directory = /usr/share/doc/postfix-2.5.9/samples
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7778, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
transport_maps = proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf, proxy:ldap:/etc/postfix/ldap/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap/virtual_alias_maps.cf, proxy:ldap:/etc/postfix/ldap/virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap/sender_login_maps.cf, proxy:ldap:/etc/postfix/ldap/catchall_maps.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf
virtual_minimum_uid = 500
virtual_transport = dovecot
virtual_uid_maps = static:500
iredapd.ini
[root@mail ~]# cat /opt/iredapd/etc/iredapd.ini
[general]
# Listen address and port.
listen_addr = 127.0.0.1
listen_port = 7777
bypass_mynetworks = yes
# Run as a low privileged user.
# If you don't want to create one, you can try 'nobody'.
run_as_user = iredapd
# Background/daemon mode: yes, no.
# Run iRedAPD as daemon, detach iredapd from terminal.
run_as_daemon = yes
# Path to pid file.
pid_file = /var/run/iredapd.pid
# Log type: file.
# Set 'log_file = /dev/null' if you don't want to keep the log.
log_type = file
log_file = /var/log/iredapd.log
# Log level: info, warning, error, debug.
# 'info' is recommended for product use. sample log entry:
# INFO user@domain.ltd -> list@domain.ltd, DUNNO
log_level = info
# Backend: ldap, mysql.
backend = ldap
[ldap]
# For ldap backend only.
# LDAP server setting.
# Uri must starts with ldap:// or ldaps:// (TLS/SSL).
#
# Tip: You can get binddn, bindpw from /etc/postfix/ldap_*.cf.
#
uri = ldap://127.0.0.1:389
binddn = cn=vmail,dc=infoservice,dc=com.cn
bindpw =
basedn = o=domains,dc=infoservice,dc=com.cn
# Enabled plugins.
# - Plugin name is file name which placed under 'src/plugins/' directory.
# - Plugin names MUST be seperated by comma.
#
# Available plugins:
# * ldap_domain_wblist: per-domain white/blacklist support.
# Note: If you want to enable this plugin, it's better to make it the
# first one in enabled plugin list.
# * ldap_maillist_access_policy: mail list deliver restrictions.
# * block_amavisd_blacklisted_senders: per-user white/blacklist support.
plugins = ldap_maillist_access_policy,block_amavisd_blacklisted_senders
[mysql]
# For MySQL backend only.
server = 127.0.0.1
db = vmail
user = vmail
password =
# Enabled plugins.
# - Plugin name is file name which placed under 'src/plugins/' directory.
# - Plugin names MUST be seperated by comma.
plugins = sql_alias_access_policy
我重新看了debug信息如下
2011-05-28 19:17:56 DEBUG Connect from 127.0.0.1
2011-05-28 19:17:56 DEBUG smtp session: request=smtpd_access_policy
2011-05-28 19:17:56 DEBUG smtp session: protocol_state=RCPT
2011-05-28 19:17:56 DEBUG smtp session: protocol_name=ESMTP
2011-05-28 19:17:56 DEBUG smtp session: client_address=114.92.219.97
2011-05-28 19:17:56 DEBUG smtp session: client_name=unknown
2011-05-28 19:17:56 DEBUG smtp session: reverse_client_name=unknown
2011-05-28 19:17:56 DEBUG smtp session: helo_name=INUI-PC
2011-05-28 19:17:56 DEBUG smtp session: sender=chenwenbin@infoservice.com.cn
2011-05-28 19:17:56 DEBUG smtp session: recipient=test@infoservice.com.cn
2011-05-28 19:17:56 DEBUG smtp session: recipient_count=0
2011-05-28 19:17:56 DEBUG smtp session: queue_id=
2011-05-28 19:17:56 DEBUG smtp session: instance=457f.4de0d9e4.5bc8f.0
2011-05-28 19:17:56 DEBUG smtp session: size=9612
2011-05-28 19:17:56 DEBUG smtp session: etrn_domain=
2011-05-28 19:17:56 DEBUG smtp session: stress=
2011-05-28 19:17:56 DEBUG smtp session: sasl_method=LOGIN
2011-05-28 19:17:56 DEBUG smtp session: sasl_username=chenwenbin@infoservice.com.cn
2011-05-28 19:17:56 DEBUG smtp session: sasl_sender=
2011-05-28 19:17:56 DEBUG smtp session: ccert_subject=
2011-05-28 19:17:56 DEBUG smtp session: ccert_issuer=
2011-05-28 19:17:56 DEBUG smtp session: ccert_fingerprint=
2011-05-28 19:17:56 DEBUG smtp session: encryption_protocol=TLSv1
2011-05-28 19:17:56 DEBUG smtp session: encryption_cipher=EDH-RSA-DES-CBC3-SHA
2011-05-28 19:17:56 DEBUG smtp session: encryption_keysize=168
2011-05-28 19:17:56 DEBUG LDAP connection initialied success.
2011-05-28 19:17:56 DEBUG LDAP bind success.
2011-05-28 19:17:56 DEBUG __get_sender_dn_ldif (sender): chenwenbin@infoservice.com.cn
2011-05-28 19:17:56 DEBUG __get_sender_dn_ldif: Quering LDAP
2011-05-28 19:17:56 DEBUG __get_sender_dn_ldif (result): [('mail=chenwenbin@infoservice.com.cn,ou=Users,domainName=infoservice.com.cn,o=domains,dc=infoservice,dc=com.cn', {'memberOfGroup': ['staff@infoservice.com.cn', 'yy1@infoservice.com.cn', 'test@infoservice.com.cn'], 'uid': ['chenwenbin'], 'mailQuota': ['209715200'], 'objectClass': ['inetOrgPerson', 'mailUser', 'shadowAccount', 'top'], 'userPassword': ['{MD5}lueSGJZetyySpUndWjMBEg=='], 'accountStatus': ['active'], 'mtaTransport': ['dovecot'], 'sn': ['chenwenbin'], 'homeDirectory': ['/var/vmail/vmail01/infoservice.com.cn/c/ch/che/chenwenbin-2010.12.07.12.07.51/'], 'mail': ['chenwenbin@infoservice.com.cn'], 'storageBaseDirectory': ['/var/vmail/vmail01'], 'mailMessageStore': ['infoservice.com.cn/c/ch/che/chenwenbin-2010.12.07.12.07.51/'], 'enabledService': ['mail', 'smtp', 'pop3', 'pop3secured', 'imap', 'imapsecured', 'deliver', 'forward', 'senderbcc', 'recipientbcc', 'managesieve', 'managesievesecured', 'shadowaddress', 'displayedInGlobalAddressBook'], 'cn': ['\xe9\x99\x88\xe6\x96\x87\xe6\x96\x8c']})]
2011-05-28 19:17:56 DEBUG Apply plugin (ldap_recipient_restrictions).
2011-05-28 19:17:56 DEBUG Response from plugin (ldap_recipient_restrictions): DUNNO
2011-05-28 19:17:56 DEBUG Final action: DUNNO.
2011-05-28 19:17:56 INFO chenwenbin@infoservice.com.cn -> test@infoservice.com.cn, DUNNO
test邮件组的ldap信息:
# LDIF Export for mail=test@infoservice.com.cn,ou=Groups,domainName=infoservice.com.cn,o=domains,dc=infoservice,dc=com.cn
# 服务器: My LDAP Server (127.0.0.1)
# 搜索范围: base
# 搜索过滤器: (objectClass=*)
# 条目总数: 1
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on May 28, 2011 11:25 am
# Version: 1.2.0.5
version: 1
# 条目 1: mail=test@infoservice.com.cn,ou=Groups,domainName=infoservice...
dn: mail=test@infoservice.com.cn,ou=Groups,domainName=infoservice.com.cn,o=d
omains,dc=infoservice,dc=com.cn
accesspolicy: allowedOnly
accountstatus: active
cn: test
enabledservice: mail
enabledservice: deliver
enabledservice: displayedInGlobalAddressBook
hasmember: yes
listalloweduser: heyan@infoservice.com.cn
mail: test@infoservice.com.cn
objectclass: mailList
张站长:请帮忙分析下,为什么可以收到非管理员发到这个邮件组。非常感谢
刚在论坛看到iredadmin-pro有更新版,张站长麻烦发一个给我,我也正好升级一下,我们公司已经购买了admin 的组件。非常感谢!!
张站长,我设置为debug后 信息如下,我的账号 chenwenbin@infoservice.com.cn 发送到 test@infoservice.com.cn 这个邮件列表 在 iredadmin 里设置为只有管理员可以发送到这个邮件列表,我自己(chenwenbin@infoservice.com.cn)不是管理员。
iredapd.log 没有任何log信息。
/var/log/iredapd-rr.log
DEBUG信息如下:
2011-05-26 14:16:29 DEBUG Connect from 127.0.0.1
2011-05-26 14:16:29 DEBUG smtp session: request=smtpd_access_policy
2011-05-26 14:16:29 DEBUG smtp session: protocol_state=RCPT
2011-05-26 14:16:29 DEBUG smtp session: protocol_name=ESMTP
2011-05-26 14:16:29 DEBUG smtp session: client_address=210.13.111.28
2011-05-26 14:16:29 DEBUG smtp session: client_name=unknown
2011-05-26 14:16:29 DEBUG smtp session: reverse_client_name=unknown
2011-05-26 14:16:29 DEBUG smtp session: helo_name=INUI-PC
2011-05-26 14:16:29 DEBUG smtp session: sender=chenwenbin@infoservice.com.cn
2011-05-26 14:16:29 DEBUG smtp session: recipient=chenwenbin@infoservice.com.cn
2011-05-26 14:16:29 DEBUG smtp session: recipient_count=0
2011-05-26 14:16:29 DEBUG smtp session: queue_id=
2011-05-26 14:16:29 DEBUG smtp session: instance=234.4dddf03d.6b6bf.0
2011-05-26 14:16:29 DEBUG smtp session: size=565
2011-05-26 14:16:29 DEBUG smtp session: etrn_domain=
2011-05-26 14:16:29 DEBUG smtp session: stress=
2011-05-26 14:16:29 DEBUG smtp session: sasl_method=LOGIN
2011-05-26 14:16:29 DEBUG smtp session: sasl_username=chenwenbin@infoservice.com.cn
2011-05-26 14:16:29 DEBUG smtp session: sasl_sender=
2011-05-26 14:16:29 DEBUG smtp session: ccert_subject=
2011-05-26 14:16:29 DEBUG smtp session: ccert_issuer=
2011-05-26 14:16:29 DEBUG smtp session: ccert_fingerprint=
2011-05-26 14:16:29 DEBUG smtp session: encryption_protocol=TLSv1
2011-05-26 14:16:29 DEBUG smtp session: encryption_cipher=EDH-RSA-DES-CBC3-SHA
2011-05-26 14:16:29 DEBUG smtp session: encryption_keysize=168
2011-05-26 14:16:29 DEBUG LDAP connection initialied success.
2011-05-26 14:16:29 DEBUG LDAP bind success.
2011-05-26 14:16:29 DEBUG __get_sender_dn_ldif (sender): chenwenbin@infoservice.com.cn
2011-05-26 14:16:29 DEBUG __get_sender_dn_ldif: Quering LDAP
2011-05-26 14:16:29 DEBUG __get_sender_dn_ldif (result): [('mail=chenwenbin@infoservice.com.cn,ou=Users,domainName=infoservice.com.cn,o=domains,dc=infoservice,dc=com.cn', {'memberOfGroup': ['staff@infoservice.com.cn', 'yy1@infoservice.com.cn', 'test@infoservice.com.cn'], 'uid': ['chenwenbin'], 'mailQuota': ['209715200'], 'objectClass': ['inetOrgPerson', 'mailUser', 'shadowAccount', 'top'], 'userPassword': ['{MD5}lueSGJZetyySpUndWjMBEg=='], 'accountStatus': ['active'], 'mtaTransport': ['dovecot'], 'sn': ['chenwenbin'], 'homeDirectory': ['/var/vmail/vmail01/infoservice.com.cn/c/ch/che/chenwenbin-2010.12.07.12.07.51/'], 'mail': ['chenwenbin@infoservice.com.cn'], 'storageBaseDirectory': ['/var/vmail/vmail01'], 'mailMessageStore': ['infoservice.com.cn/c/ch/che/chenwenbin-2010.12.07.12.07.51/'], 'enabledService': ['mail', 'smtp', 'pop3', 'pop3secured', 'imap', 'imapsecured', 'deliver', 'forward', 'senderbcc', 'recipientbcc', 'managesieve', 'managesievesecured', 'shadowaddress', 'displayedInGlobalAddressBook'], 'cn': ['\xe9\x99\x88\xe6\x96\x87\xe6\x96\x8c']})]
2011-05-26 14:16:29 DEBUG Apply plugin (ldap_recipient_restrictions).
2011-05-26 14:16:29 DEBUG Response from plugin (ldap_recipient_restrictions): DUNNO
2011-05-26 14:16:29 DEBUG Final action: DUNNO.
2011-05-26 14:16:29 INFO chenwenbin@infoservice.com.cn -> chenwenbin@infoservice.com.cn, DUNNO
2011-05-26 14:16:29 DEBUG Connection closed
iRedAPD已经可以正常使用,黑白名单也起作用。就是邮件列表这里有些问题。请帮忙分析一下原因。谢谢
另 : 邮件列表是否有数量限制 ,我的邮件列表已经超出50个列表。是否会导致什么问题。非常感谢
现在有一个邮件列表,我在IRedadmin-PRO设置了只有管理员可以发邮件到这个邮件列表,但其他用户还是可以发进去。。求助张站长还需要如何设置。
请问留空值是这样吗?
任意位置插入 bypass_mynetworks 后面留空就行吗?
设置完iredapd后启动服务正常。但黑白名单没有起作用。
DEBUG信息:/var/log/iredapd-rr.log
2011-05-22 22:31:18 DEBUG Error: No option 'bypass_mynetworks' in section: 'general'. Use default action instead: DUNNO
非常感谢
使用KS安装流程安装完后,收发邮件都正常,可是连接速度很慢,只有几K。。。请问张站长有何解决方法?
support@ iredmail.org
顺便赞一下新的安装方式,我在CentOS5.6上面用了linux ks来安装非常快就装好了iRedmail 0.7。同事们觉得很神奇。现在在线等待adminpro的安装包回复啊。
我买了台新的服务器,iRedMail已经装好了,现在等着部署admin,没有安装包。
邮件系统正在带病工作中,请给予协助谢谢。
infoservice
Fail2ban
概念类似于windows里面一个机制一个IP输错三次密码就禁止登陆30分钟,让他每三次或数次就换地址去吧。
站长似乎要抽时间改一下for FreeBSD的脚本,主要是PostFix和LDAP的Ports安装参数,LDAP手动能解决,PostFix似乎缺了点东西,尤其是SASL2的配置。
iRedMail 开源邮件服务解决方案 » 由 satan 发表的文章
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 3 official extensions. Copyright © 2003–2010 PunBB.
页面生成时间 0.009 秒, 共执行查询 53 条