From iRedMail

Summary & Feature List

• iRedAPD is designed to work in conjunction with Postfix as an Access Policy Delegation daemon, with plugin support.
• Currently, it works with both OpenLDAP and MySQL backend.
• Available plugins:
  • ldap_maillist_access_policy: Used to restrict mail list access with OpenLDAP backend.
  • sql_alias_access_policy: Used to restrict alias access with MySQL backend.

Requirements

• Python >= 2.4, core programming language.
• Python-MySQLdb, is the Python DB API-2.0 interface.
• web.py >= 0.3.0, a web framework for python that is as simple as it is powerful.
• DBUtils, is a suite of tools providing solid, persistent and pooled connections to a database.
• iRedMail: All iRedMail versions should work as expected.

Alter MySQL Table

Plugin sql_alias_access_policy requires two more columns in vmail.alias table, used to store access policy and addresses of moderators.

mysql> USE vmail;
mysql> ALTER TABLE alias ADD COLUMN accesspolicy VARCHAR(30) NOT NULL DEFAULT '';
mysql> ALTER TABLE alias ADD COLUMN moderators TEXT NOT NULL DEFAULT '';

Install required python modules

• on RHEL/CentOS:

# yum install MySQL-python python-setuptools
# easy_install web.py DBUtils

• on Debian/Ubuntu:

$ sudo apt-get install python-setuptools python-mysqldb
$ sudo easy_install web.py DButils

• on FreeBSD:

Download and configure iRedAPD

• Download iRedAPD from download page.
• Copy iRedAPD to /opt/, set correct file permissions, and create symbol link.

# tar xjf iRedAPD-x.y.z.tar.bz2 -C /opt/
# ln -s /opt/iRedAPD-x.y.z /opt/iredapd
# chmod +x /opt/iredapd/src/iredapd.py

• Copy necessary RC script to /etc/init.d/ (Linux) or /usr/local/etc/rc.d/ (FreeBSD):

# cp /opt/iredapd/rc_scripts/iredapd /etc/init.d/iredapd
# chmod +x /etc/init.d/iredapd

• Copy sample setting file:

# cp /opt/iredapd/etc/iredapd.ini.sample /opt/iredapd/etc/iredapd.ini

• Open /opt/iredapd/etc/iredapd.ini and set correct values:

[general]
# Listen address and port.
listen_addr     = 127.0.0.1
listen_port     = 7777

# Background/daemon mode: yes, no.
run_as_daemon   = yes

# Path to pid file.
pid_file        = /var/run/iredapd.pid

# Log type: file.
log_type        = file
log_file        = /var/log/iredapd.log

# Log level: info, warning, error, debug.
# 'info' is recommended for product use.
log_level       = info

# Backend: ldap, mysql.
backend     = mysql

[mysql]
# For MySQL backend only.
server      = 127.0.0.1
db          = vmail
user        = vmail
password    = Psaf68wsuVctYSbj4PJzRqmFsE0rlQ
alias_table = alias

# Enabled plugins.
plugins = sql_alias_access_policy

• Start iRedAPD now.

# /etc/init.d/iredapd start

• Make iRedAPD start when boot your server.
  • on RHEL/CentOS:

# chkconfig --level 345 iredapd on

• • on Debian/Ubuntu:

$ update-rc.d iredapd defaults

• • on FreeBSD, you should append below line to /etc/rc.conf:

iredapd_enable='YES'

Configure postfix

• Modify postfix setting smtpd_recipient_restrictions setting in /etc/postfix/main.cf:

smtpd_recipient_restrictions =
    ...
    check_policy_service inet:127.0.0.1:7777,     # <-- Insert this line
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    ...

• Restart postfix to make it work.

# /etc/init.d/postfix restart

Available access policy levels

There're five default policy rules for mail alias:

Note: Value of column 'accesspolicy' is case-insensitive.

Troubleshooting & Debug

If iRedAPD doesn't work as expected, you can simplily set log_level = debug in /opt/iredapd/etc/iredapd.ini, restart iredapd and monitor its log file /var/log/iredapd.log, create a new forum topic in iRedMail forum and paste log message in forum topic.