update html/manage.iredapd.html with more details.

2016-01-22 23:16:02 +08:00 · 2016-01-22 23:16:02 +08:00 · 4b5691b95d
parent 40b4d6bf95
commit 4b5691b95d
2 changed files with 109 additions and 16 deletions
--- a/en_US/howto/manage.iredapd.md
+++ b/en_US/howto/manage.iredapd.md
@ -14,13 +14,13 @@ user `iredapd`.
 ## Manage white/blacklists

 > * White/blacklisting is available in iRedAPD-1.4.4 and later releases.
-> * Script `wblist_admin.py` is available in iRedAPD-1.7.0 and later releases.
+> * Script `tools/wblist_admin.py` is available in iRedAPD-1.7.0 and later releases.

 White/blacklisting is controlled by plugin `amavisd_wblist` (file
 `/opt/iredapd/plugins/amavisd_wblist.py`), you can manage it with script
 `/opt/iredapd/tools/wblist_admin.py`.

-Available arguments:
+### Available arguments

 ```
    --outbound
@ -63,7 +63,7 @@ Available arguments:
        Don't ask to confirm.
 ```

-Sample usage:
+### Sample usages

 * Show and add server-wide whitelists or blacklists:

@ -88,14 +88,14 @@ Sample usage:
 ## Manage greylisting settings

 > * Greylisting is available in iRedAPD-1.7.0 and later releases.
-> * Script `/opt/iredapd/tools/greylisting_admin.py` is available in
->   iRedAPD-1.8.0 and later releases.
+> * Script `tools/greylisting_admin.py` is available in iRedAPD-1.8.0 and
+>   later releases.

 Greylisting is controlled by plugin `greylisting` (file
 `/opt/iredapd/plugins/greylisting.py`), you can manage it with script
 `/opt/iredapd/tools/greylisting_admin.py`.

-Available arguments:
+### Available arguments

 ```
    --list
@ -125,7 +125,7 @@ Available arguments:
        Delete specified greylisting setting.
 ```

-Sample usages:
+### Sample usages

 * List all existing greylisting settings

@ -157,3 +157,50 @@ Sample usages:
 ```
 # python greylisting_admin.py --delete --to '@test.com'
 ```
+
+### Additional greylisting whitelist support
+
+Seems many companies setup their mail servers to re-deliver returned email
+immediately from another server, this causes trouble with greylisting.
+
+Possible solutions:
+
+1. Disable greylisting on your server completely.
+2. Whitelist IP addresses/networks of their mail servers.
+
+For solution #2, you can whitelist those mail servers with script
+`/opt/iredapd/tools/spf_to_greylit_whitelists.py`.
+
+> Note: script `tools/spf_to_greylit_whitelists.py` is available in iRedAPD-1.8.0 and later releases.
+
+It queries SPF and MX records of specified mail domain names, then store all
+converted IP addresses/networks defined in SPF/MX records in SQL table
+`iredapd.greylisting_whitelists`.
+
+To whitelist IP addresses/networks of some mail domain, for example,
+`outlook.com`, `microsoft.com`, please run command like below:
+
+```
+# cd /opt/iredapd/tools/
+# python spf_to_greylit_whitelists.py outlook.com microsoft.com
+```
+
+If you want to whitelist more mail domains, just run the command with the
+domain names like above sample.
+
+Since iRedAPD-1.8.0, we have SQL table `iredapd.greylisting_whitelist_domains`
+to store these mail domain names. if you run `spf_to_greylit_whitelists.py`
+without any argument, it will fetch all mail domains stored in sql table 
+`greylisting_whitelist_domains` instead of fetching from command line arguments.
+
+```
+# python spf_to_greylit_whitelists.py
+```
+
+You should setup a cron job to run this script, so that it can keep the IP
+addresses/networks up to date. iRedMail sets up the cron job to run every 10
+minutes, like below:
+
+```
+*/10   *   *   *   *   /usr/bin/python /opt/iredapd/tools/spf_to_greylisting_whitelists.py &>/dev/null
+```
--- a/html/manage.iredapd.html
+++ b/html/manage.iredapd.html
@ -15,8 +15,17 @@
 <ul>
 <li><a href="#manage-iredapd-whiteblacklists-greylisting">Manage iRedAPD (white/blacklists, greylisting)</a><ul>
 <li><a href="#introduce-iredapd">Introduce iRedAPD</a></li>
-<li><a href="#manage-whiteblacklists">Manage white/blacklists</a></li>
-<li><a href="#manage-greylisting-settings">Manage greylisting settings</a></li>
+<li><a href="#manage-whiteblacklists">Manage white/blacklists</a><ul>
+<li><a href="#available-arguments">Available arguments</a></li>
+<li><a href="#sample-usages">Sample usages</a></li>
+</ul>
+</li>
+<li><a href="#manage-greylisting-settings">Manage greylisting settings</a><ul>
+<li><a href="#available-arguments_1">Available arguments</a></li>
+<li><a href="#sample-usages_1">Sample usages</a></li>
+<li><a href="#additional-greylisting-whitelist-support">Additional greylisting whitelist support</a></li>
+</ul>
+</li>
 </ul>
 </li>
 </ul>
@ -33,13 +42,13 @@ user <code>iredapd</code>.</p>
 <blockquote>
 <ul>
 <li>White/blacklisting is available in iRedAPD-1.4.4 and later releases.</li>
-<li>Script <code>wblist_admin.py</code> is available in iRedAPD-1.7.0 and later releases.</li>
+<li>Script <code>tools/wblist_admin.py</code> is available in iRedAPD-1.7.0 and later releases.</li>
 </ul>
 </blockquote>
 <p>White/blacklisting is controlled by plugin <code>amavisd_wblist</code> (file
 <code>/opt/iredapd/plugins/amavisd_wblist.py</code>), you can manage it with script
 <code>/opt/iredapd/tools/wblist_admin.py</code>.</p>
-<p>Available arguments:</p>
+<h3 id="available-arguments">Available arguments</h3>
 <pre><code>    --outbound
        Manage white/blacklist for outbound messages.

@ -80,7 +89,7 @@ user <code>iredapd</code>.</p>
        Don't ask to confirm.
 </code></pre>

-<p>Sample usage:</p>
+<h3 id="sample-usages">Sample usages</h3>
 <ul>
 <li>Show and add server-wide whitelists or blacklists:</li>
 </ul>
@ -105,14 +114,14 @@ user <code>iredapd</code>.</p>
 <blockquote>
 <ul>
 <li>Greylisting is available in iRedAPD-1.7.0 and later releases.</li>
-<li>Script <code>/opt/iredapd/tools/greylisting_admin.py</code> is available in
-  iRedAPD-1.8.0 and later releases.</li>
+<li>Script <code>tools/greylisting_admin.py</code> is available in iRedAPD-1.8.0 and
+  later releases.</li>
 </ul>
 </blockquote>
 <p>Greylisting is controlled by plugin <code>greylisting</code> (file
 <code>/opt/iredapd/plugins/greylisting.py</code>), you can manage it with script
 <code>/opt/iredapd/tools/greylisting_admin.py</code>.</p>
-<p>Available arguments:</p>
+<h3 id="available-arguments_1">Available arguments</h3>
 <pre><code>    --list
        Show ALL existing greylisting settings.

@ -140,7 +149,7 @@ user <code>iredapd</code>.</p>
        Delete specified greylisting setting.
 </code></pre>

-<p>Sample usages:</p>
+<h3 id="sample-usages_1">Sample usages</h3>
 <ul>
 <li>List all existing greylisting settings</li>
 </ul>
@ -170,6 +179,43 @@ user <code>iredapd</code>.</p>
 <li>Delete greylisting setting for emails which are sent from anyone to local domain <code>test.com</code></li>
 </ul>
 <pre><code># python greylisting_admin.py --delete --to '@test.com'
+</code></pre>
+
+<h3 id="additional-greylisting-whitelist-support">Additional greylisting whitelist support</h3>
+<p>Seems many companies setup their mail servers to re-deliver returned email
+immediately from another server, this causes trouble with greylisting.</p>
+<p>Possible solutions:</p>
+<ol>
+<li>Disable greylisting on your server completely.</li>
+<li>Whitelist IP addresses/networks of their mail servers.</li>
+</ol>
+<p>For solution #2, you can whitelist those mail servers with script
+<code>/opt/iredapd/tools/spf_to_greylit_whitelists.py</code>.</p>
+<blockquote>
+<p>Note: script <code>tools/spf_to_greylit_whitelists.py</code> is available in iRedAPD-1.8.0 and later releases.</p>
+</blockquote>
+<p>It queries SPF and MX records of specified mail domain names, then store all
+converted IP addresses/networks defined in SPF/MX records in SQL table
+<code>iredapd.greylisting_whitelists</code>.</p>
+<p>To whitelist IP addresses/networks of some mail domain, for example,
+<code>outlook.com</code>, <code>microsoft.com</code>, please run command like below:</p>
+<pre><code># cd /opt/iredapd/tools/
+# python spf_to_greylit_whitelists.py outlook.com microsoft.com
+</code></pre>
+
+<p>If you want to whitelist more mail domains, just run the command with the
+domain names like above sample.</p>
+<p>Since iRedAPD-1.8.0, we have SQL table <code>iredapd.greylisting_whitelist_domains</code>
+to store these mail domain names. if you run <code>spf_to_greylit_whitelists.py</code>
+without any argument, it will fetch all mail domains stored in sql table 
+<code>greylisting_whitelist_domains</code> instead of fetching from command line arguments.</p>
+<pre><code># python spf_to_greylit_whitelists.py
+</code></pre>
+
+<p>You should setup a cron job to run this script, so that it can keep the IP
+addresses/networks up to date. iRedMail sets up the cron job to run every 10
+minutes, like below:</p>
+<pre><code>*/10   *   *   *   *   /usr/bin/python /opt/iredapd/tools/spf_to_greylisting_whitelists.py &amp;&gt;/dev/null
 </code></pre><p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),