IRedMail/FAQ/LDAP/Per-user.Whitelist.Blacklist
From iRedMail
Revision as of 03:33, 12 September 2011 by ZhangHuangbin (Talk | contribs)
Question
How to achieve below restrictions in iRedMail with OpenLDAP backend?
- User B can send emails only to given domains and its sub domains (eg. example.com, test.com), can receive emails from any domain.
- User C can send and receive emails only to & from given domains and its sub doamins (eg. example.com, test.com)
- User D can send and receive emails only to & from given email addresses. (eg. admin@example.com, user@test.com)
Solution
Note: You can easily manage per-user whitelist/blacklist with iRedAdmin-Pro admin panel. Screenshot: [1]
This is per-user black/whitelist, implemented in iRedAPD - a postfix policy server.
- ) Make sure you have iRedAPD enabled in Postfix. It's enabled by default since iRedMail-0.7.0.
| File: /etc/postfix/main.cf |
smtpd_recipient_restrictions = ..., check_policy_server inet:127.0.0.1:7777, permit_mynetworks, ... |
- ) Make sure you have plugin 'block_amavisd_blacklisted_senders' enabled in /opt/iredapd/etc/iredapd.ini:
| File: /opt/iredapd/etc/iredapd.ini |
[ldap] ... plugins = block_amavisd_blacklisted_senders, ... |
It's now ready to configure per-user blacklist/whitelist.
- Question: User B can send emails only to given domains and its sub domains (eg. example.com, test.com), can receive emails from any domain.
Add below LDAP attributes/values in LDAP server for user B:
mailBlacklistRecipient: @. # <-- Reject mails sent to all accounts. mailWhitelistRecipient: @.example.com # <-- Bypass mails sent to domain "example.com" and its sub-domains. mailWhitelistRecipient: @.test.com
- Question: User C can send and receive emails only to & from given domains and its sub doamins (eg. example.com, test.com)
Add below LDAP attributes/values in LDAP server for user C:
amavisBlacklistSender: @. # <-- Reject mails sent FROM all accounts. amavisWhitelistSender: @.example.com # <-- Bypass mails sent FROM domain 'example.com' and its sub-domains. amavisWhitelistSender: @.test.com mailBlacklistRecipient: @. # <-- Reject mails sent to all accounts. mailWhitelistRecipient: @.example.com # <-- Bypass mails sent to domain "example.com" and its sub-domains. mailWhitelistRecipient: @.test.com
- User D can send and receive emails only to & from given email addresses. (eg. admin@example.com, user@test.com)
Add below LDAP attributes/values in LDAP server for user C:
amavisBlacklistSender: @. # <-- Reject mails sent FROM all accounts. amavisWhitelistSender: admin@example.com # <-- Bypass mails sent FROM user 'admin@example.com' amavisWhitelistSender: user@test.com mailBlacklistRecipient: @. # <-- Reject mails sent to all accounts. mailWhitelistRecipient: admin@example.com # <-- Bypass mails sent to user 'admin@example.com' mailWhitelistRecipient: user@test.com
![[1]](http://screenshots.iredmail.googlecode.com/hg/iredadmin/user_profile_restrictions.png){kind=link}