From iRedMail
Revision as of 08:12, 30 October 2013 by ZhangHuangbin (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This tutorial is applicable to MySQL and PostgreSQL backends.

iRedMail ships iRedAPD (a Postfix policy server) for per-user send/receive restrictions, it's provided by plugin sql_user_restrictions. Please make sure it's enabled in iRedAPD config file: /opt/iredapd/

File: /opt/iredapd/
plugins = [..., 'sql_user_restrictions']

Sample usage: allow local mail user '' to send to and receive from the same domain ( and '', but not others.

sql> USE vmail;
sql> UPDATE mailbox \
     SET \
         rejectedsenders='@.', \
         allowedsenders=',', \
         rejectedrecipients='@.' \
         allowedrecipients=',', \
     WHERE \

Valid sender/recipient formats are:

  • @.: all addresses (user, domain, sub-domain). NOTE: There's a dot after '@'.
  • single domain.
  • single domain and its all sub-domains. NOTE: There's a dot after '@'.
  • single email address


  • Multiple senders/recipients must be separated by comma (,).
  • allowedsenders has higher priority than rejectedsenders.
  • allowedrecipients has higher priority than rejectedrecipients.


There's a bug in iRedAPD-1.4.1 (the one shipped in iRedMail-0.8.5), you have to download fixed version and override existing one, then restart iRedAPD service:

# cd /tmp/
# wget
# cp /tmp/ /opt/iredapd/plugins/
# /etc/init.d/iredapd restart

OpenLDAP backend

  • With OpenLDAP backend, if you have iRedAdmin-Pro, you can manage this restriction in user profile page, under tab "White/Blacklist".
  • If you don't have iRedAdmin-Pro, you can manage it with phpLDAPadmin (or other LDAP tools). Related LDAP attributes are:
    • mailWhitelistRecipient (same as mailbox.allowedrecipients in SQL backend)
    • mailBlacklistRecipient (same as mailbox.rejectedrecipients)
    • amavisWhitelistSender (same as mailbox.allowedsenders)
    • amavisBlacklistSender (same as mailbox.rejectedsenders)

Values for these LDAP attributes are the same as the ones used in SQL backends ('@.', '', ...)

Personal tools