From b03a46eb433118180fdf5c28caa7325197572949 Mon Sep 17 00:00:00 2001
From: Zhang Huangbin
Date: Wed, 13 Apr 2016 21:19:33 +0800
Subject: [PATCH] Mention how to add custom iredapd settings.
---
en_US/howto/manage.iredapd.md | 33 ++++++++++++++++++++++++++++++++-
html/manage.iredapd.html | 34 ++++++++++++++++++++++++++++++++--
2 files changed, 64 insertions(+), 3 deletions(-)
diff --git a/en_US/howto/manage.iredapd.md b/en_US/howto/manage.iredapd.md
index ecca1d28..327e8c1f 100644
--- a/en_US/howto/manage.iredapd.md
+++ b/en_US/howto/manage.iredapd.md
@@ -46,6 +46,16 @@ plugin name in `plugins =` doesn't matter.
To disable a plugin, just remove the plugin name and restart iRedAPD service.
+## How to add custom settings
+
+iRedAPD has some default settings in file
+`/opt/iredapd/libs/default_settings.py`, but you should never modify it.
+Instead, you should copy the settings you want to modify from
+`/opt/iredapd/libs/default_settings.py` to `/opt/iredapd/settings.py`, then
+update it with new values. This way you will keep custom settings after
+upgrading iRedAPD -- because iRedAPD upgrade tool will copy
+`/opt/iredapd/settings.py` to new iRedAPD release during upgrading.
+
## White/Blacklisting
### How to disable white/blacklists completely
@@ -133,6 +143,10 @@ White/blacklisting is controlled by plugin `amavisd_wblist` (file
## Greylisting
+!!! note
+
+ Greylisting is available in iRedAPD-1.7.0 and later releases.
+
For technical details about greylisting, please visit
### How to disable greylisting completely
@@ -146,9 +160,26 @@ plugins = [..., 'greylisting', ...]
Restarting iRedAPD service is required.
+### General settings
+
+There're several settings for greylisting behaviour, default values are defined
+in `/opt/iredapd/libs/default_settings.py`. If you want to modify them, please
+add the settings with custom values in `/opt/iredapd/settings.py`.
+
+* `GREYLISTING_MESSAGE`: the rejection message which will be sent to sender
+ server. Default is `Intentional policy rejection, please try again later`.
+* `GREYLISTING_BLOCK_EXPIRE`: Time (in MINUTES) to wait before client retrying,
+ client will be rejected if retires too soon (in less than specified minutes).
+ Defaults to `15` minutes.
+* `GREYLISTING_AUTH_TRIPLET_EXPIRE`: Disable greylisting for how long (in DAYS)
+ for clients which passed greylisting (retried and delivered). It's also used
+ to clean up old greylisting tracking records. Defaults to `30` days.
+* `GREYLISTING_UNAUTH_TRIPLET_EXPIRE`: Time (in DAYS) to keep tracking records
+ if client didn't pass the greylisting, and no further deliver attempts.
+ Defaults to `2` days.
+
### Manage greylisting settings
-> * Greylisting is available in iRedAPD-1.7.0 and later releases.
> * Script `tools/greylisting_admin.py` is available in iRedAPD-1.8.0 and
> later releases.
diff --git a/html/manage.iredapd.html b/html/manage.iredapd.html
index 0756ec30..714ac157 100644
--- a/html/manage.iredapd.html
+++ b/html/manage.iredapd.html
@@ -15,6 +15,7 @@
Introduce iRedAPD
How to disable iRedAPD service
How to enable or disable iRedAPD plugins
+How to add custom settings
White/Blacklisting
The priorities of plugins shipped in iRedAPD are hard-coded, so the order of
plugin name in plugins =
doesn't matter.
To disable a plugin, just remove the plugin name and restart iRedAPD service.
+How to add custom settings
+iRedAPD has some default settings in file
+/opt/iredapd/libs/default_settings.py
, but you should never modify it.
+Instead, you should copy the settings you want to modify from
+/opt/iredapd/libs/default_settings.py
to /opt/iredapd/settings.py
, then
+update it with new values. This way you will keep custom settings after
+upgrading iRedAPD -- because iRedAPD upgrade tool will copy
+/opt/iredapd/settings.py
to new iRedAPD release during upgrading.
White/Blacklisting
How to disable white/blacklists completely
To disable white/blacklists completely, please remove plugin name
@@ -151,6 +161,10 @@ parameter plugins =
:
Greylisting
+
+
Note
+
Greylisting is available in iRedAPD-1.7.0 and later releases.
+
For technical details about greylisting, please visit http://greylisting.org/
How to disable greylisting completely
To disable greylisting completely, please remove plugin name greylisting
@@ -159,10 +173,26 @@ in iRedAPD config file /opt/iredapd/settings.py
, parameter pl
Restarting iRedAPD service is required.
+General settings
+There're several settings for greylisting behaviour, default values are defined
+in /opt/iredapd/libs/default_settings.py
. If you want to modify them, please
+add the settings with custom values in /opt/iredapd/settings.py
.
+
+GREYLISTING_MESSAGE
: the rejection message which will be sent to sender
+ server. Default is Intentional policy rejection, please try again later
.
+GREYLISTING_BLOCK_EXPIRE
: Time (in MINUTES) to wait before client retrying,
+ client will be rejected if retires too soon (in less than specified minutes).
+ Defaults to 15
minutes.
+GREYLISTING_AUTH_TRIPLET_EXPIRE
: Disable greylisting for how long (in DAYS)
+ for clients which passed greylisting (retried and delivered). It's also used
+ to clean up old greylisting tracking records. Defaults to 30
days.
+GREYLISTING_UNAUTH_TRIPLET_EXPIRE
: Time (in DAYS) to keep tracking records
+ if client didn't pass the greylisting, and no further deliver attempts.
+ Defaults to 2
days.
+
Manage greylisting settings
-- Greylisting is available in iRedAPD-1.7.0 and later releases.
- Script
tools/greylisting_admin.py
is available in iRedAPD-1.8.0 and
later releases.
@@ -264,7 +294,7 @@ without any argument, it will fetch all mail domains stored in sql table
You should setup a cron job to run this script, so that it can keep the IP
addresses/networks up to date. iRedMail sets up the cron job to run every 10
minutes, like below:
-*/10 * * * * /usr/bin/python /opt/iredapd/tools/spf_to_greylisting_whitelists.py &>/dev/null
+*/10 * * * * /usr/bin/python /opt/iredapd/tools/spf_to_greylist_whitelists.py &>/dev/null
All documents are available in BitBucket repository, and published under Creative Commons license. If you found something wrong, please do contact us to fix it.