Revision as of 07:12, 30 October 2013
This tutorial is applicable to MySQL and PostgreSQL backends.
iRedMail ships iRedAPD (a Postfix policy server) for per-user send/receive restrictions, it's provided by plugin sql_user_restrictions. Please make sure it's enabled in iRedAPD config file: /opt/iredapd/settings.py:
plugins = [..., 'sql_user_restrictions']
Sample usage: allow local mail user 'email@example.com' to send to and receive from the same domain (example.com) and 'gmail.com', but not others.
sql> USE vmail; sql> UPDATE mailbox \ SET \ rejectedsenders='@.', \ firstname.lastname@example.org,@gmail.com', \ rejectedrecipients='@.' \ email@example.com,@gmail.com', \ WHERE \ firstname.lastname@example.org';
Valid sender/recipient formats are:
- @.: all addresses (user, domain, sub-domain). NOTE: There's a dot after '@'.
- @domain.com: single domain.
- @.domain.com: single domain and its all sub-domains. NOTE: There's a dot after '@'.
- email@example.com: single email address
- Multiple senders/recipients must be separated by comma (,).
- allowedsenders has higher priority than rejectedsenders.
- allowedrecipients has higher priority than rejectedrecipients.
There's a bug in iRedAPD-1.4.1 (the one shipped in iRedMail-0.8.5), you have to download fixed version and override existing one, then restart iRedAPD service:
# cd /tmp/ # wget https://bitbucket.org/zhb/iredapd/raw/312521c215c3d3bb057fdd5adcaa475a267461ad/plugins/sql_user_restrictions.py # cp /tmp/sql_user_restrictions.py /opt/iredapd/plugins/ # /etc/init.d/iredapd restart
- With OpenLDAP backend, if you have iRedAdmin-Pro, you can manage this restriction in user profile page, under tab "White/Blacklist".
- If you don't have iRedAdmin-Pro, you can manage it with phpLDAPadmin (or other LDAP tools). Related LDAP attributes are:
- mailWhitelistRecipient (same as mailbox.allowedrecipients in SQL backend)
- mailBlacklistRecipient (same as mailbox.rejectedrecipients)
- amavisWhitelistSender (same as mailbox.allowedsenders)
- amavisBlacklistSender (same as mailbox.rejectedsenders)
Values for these LDAP attributes are the same as the ones used in SQL backends ('@.', '@domain.com', ...)