From iRedMail
TO BE CONTINUED
Summary & Feature List
- iRedAPD is designed to work in conjunction with Postfix as an Access Policy Delegation daemon, with plugin support.
- Currently, it works with only OpenLDAP, but is easy to make it support MySQL with plugins.
- Plugin: check user's rights to post messages to LDAP buildin mail list.
How to manage it
- iRedAdmin-Pro (full-featured edition) users can manage mail deliver restrictions in mail list and user profile page.
- If you didn't purchased iRedAdmin-Pro, you can also manage them with phpLDAPadmin.
Requirements
- Python >= 2.4, core programming language.
- Python-LDAP >= 2.3.7. An object-oriented API to access LDAP directory servers from Python programs.
- iRedMail >= 0.5.0
Install iRedAPD
Install required python modules
TIP: You can skip this step if you already have iRedAdmin installed.
| Terminal:
|
#
# ---- on RHEL/CentOS ----
#
# yum install python-ldap
#
# ---- on Debian/Ubuntu ----
#
$ sudo apt-get install python-ldap
#
# ---- on FreeBSD ----
#
# cd /usr/ports/net/py-ldap2 && make install clean
|
Download and configure iRedAPD
| Terminal:
|
# tar xjf iRedAPD-x.y.z.tar.bz2 -C /opt/
# ln -s /opt/iRedAPD-x.y.z /opt/iredapd
# chmod +x /opt/iredapd/src/iredapd.py
# ---- Copy necessary RC script to /etc/init.d/ (Linux) or /usr/local/etc/rc.d/ (FreeBSD) ----
# cp /opt/iredapd/rc_scripts/iredapd /etc/init.d/iredapd
# chmod +x /etc/init.d/iredapd
# ---- Copy sample setting file ----
# cp /opt/iredapd/etc/iredapd.ini.sample /opt/iredapd/etc/iredapd.ini
|
- Open /opt/iredapd/etc/iredapd.ini and set correct values.
| File: /opt/iredapd/etc/iredapd.ini
|
[general]
# Listen address and port.
listen_addr = 127.0.0.1
listen_port = 7777
# Background/daemon mode: yes, no.
run_as_daemon = yes
# Path to pid file.
pid_file = /var/run/iredapd.pid
# Log type: file.
log_type = file
log_file = /var/log/iredapd.log
# Log level: info, warning, error, debug.
# 'info' is recommended for product use.
log_level = info
[ldap]
# LDAP server setting.
# Uri must starts with ldap:// or ldaps:// (TLS/SSL).
#
# Tip: You can get binddn, bindpw from /etc/postfix/ldap_*.cf.
#
uri = ldap://127.0.0.1:389
binddn = cn=vmail,dc=iredmail,dc=org
bindpw = 5NC4VyRJdws3ounpcKJw9zXu0B8ou6
basedn = o=domains,dc=iredmail,dc=org
# Enabled plugins.
plugins = ldap_maillist_access_policy
|
- Make iRedAPD start when boot your server.
| Terminal:
|
#
# ---- on RHEL/CentOS ----
#
# chkconfig --level 345 iredapd on
#
# ---- on Debian/Ubuntu ----
#
$ update-rc.d iredapd defaults
#
# ---- on FreeBSD, please edit /etc/rc.conf, append below line ----
#
iredapd_enable='YES'
|
| Terminal:
|
#
# ---- On RHEL/CentOS/Debian/Ubuntu ----
#
# /etc/init.d/iredapd start
#
# ---- On FreeBSD ----
#
# /usr/local/etc/rc.d/iredapd start
|
Configure postfix
In postfix main.cf, modify smtpd_recipient_restrictions setting:
| File: /etc/postfix/main.cf
|
smtpd_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:7777,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
...
|
- Restart postfix to make it work.
| Terminal:
|
#
# ---- On RHEL/CentOS/Debian/Ubuntu ----
#
# /etc/init.d/postfix restart
#
# ---- On FreeBSD ----
#
# /usr/local/etc/rc.d/postfix restart
|
Available access policy levels
There're four default policy rules for mail list:
| Restriction |
Comment |
Value of attribute 'accessPolicy' in LDAP |
| Unrestricted |
Email is unrestricted, which means everyone can mail to this address. |
public |
| Domain Wide |
Only users under same domain can send mail to this address. |
domain |
| Members Only |
Only members can send mail to this address |
membersOnly |
| Moderators Only |
Only moderators can send mail to this address |
allowedOnly |
Troubleshooting & Debug
If iRedAPD doesn't work as expected, you can simplily set 'log_level = debug' in /opt/iredapd/etc/iredapd.ini, restart iredapd and monitor its log file /var/log/iredapd.log, create a new forum topic and paste log message in forum topic.
