From b03a46eb433118180fdf5c28caa7325197572949 Mon Sep 17 00:00:00 2001 From: Zhang Huangbin Date: Wed, 13 Apr 2016 21:19:33 +0800 Subject: [PATCH] Mention how to add custom iredapd settings. --- en_US/howto/manage.iredapd.md | 33 ++++++++++++++++++++++++++++++++- html/manage.iredapd.html | 34 ++++++++++++++++++++++++++++++++-- 2 files changed, 64 insertions(+), 3 deletions(-) diff --git a/en_US/howto/manage.iredapd.md b/en_US/howto/manage.iredapd.md index ecca1d28..327e8c1f 100644 --- a/en_US/howto/manage.iredapd.md +++ b/en_US/howto/manage.iredapd.md @@ -46,6 +46,16 @@ plugin name in `plugins =` doesn't matter. To disable a plugin, just remove the plugin name and restart iRedAPD service. +## How to add custom settings + +iRedAPD has some default settings in file +`/opt/iredapd/libs/default_settings.py`, but you should never modify it. +Instead, you should copy the settings you want to modify from +`/opt/iredapd/libs/default_settings.py` to `/opt/iredapd/settings.py`, then +update it with new values. This way you will keep custom settings after +upgrading iRedAPD -- because iRedAPD upgrade tool will copy +`/opt/iredapd/settings.py` to new iRedAPD release during upgrading. + ## White/Blacklisting ### How to disable white/blacklists completely @@ -133,6 +143,10 @@ White/blacklisting is controlled by plugin `amavisd_wblist` (file ## Greylisting +!!! note + + Greylisting is available in iRedAPD-1.7.0 and later releases. + For technical details about greylisting, please visit ### How to disable greylisting completely @@ -146,9 +160,26 @@ plugins = [..., 'greylisting', ...] Restarting iRedAPD service is required. +### General settings + +There're several settings for greylisting behaviour, default values are defined +in `/opt/iredapd/libs/default_settings.py`. If you want to modify them, please +add the settings with custom values in `/opt/iredapd/settings.py`. + +* `GREYLISTING_MESSAGE`: the rejection message which will be sent to sender + server. Default is `Intentional policy rejection, please try again later`. +* `GREYLISTING_BLOCK_EXPIRE`: Time (in MINUTES) to wait before client retrying, + client will be rejected if retires too soon (in less than specified minutes). + Defaults to `15` minutes. +* `GREYLISTING_AUTH_TRIPLET_EXPIRE`: Disable greylisting for how long (in DAYS) + for clients which passed greylisting (retried and delivered). It's also used + to clean up old greylisting tracking records. Defaults to `30` days. +* `GREYLISTING_UNAUTH_TRIPLET_EXPIRE`: Time (in DAYS) to keep tracking records + if client didn't pass the greylisting, and no further deliver attempts. + Defaults to `2` days. + ### Manage greylisting settings -> * Greylisting is available in iRedAPD-1.7.0 and later releases. > * Script `tools/greylisting_admin.py` is available in iRedAPD-1.8.0 and > later releases. diff --git a/html/manage.iredapd.html b/html/manage.iredapd.html index 0756ec30..714ac157 100644 --- a/html/manage.iredapd.html +++ b/html/manage.iredapd.html @@ -15,6 +15,7 @@
  • Introduce iRedAPD
  • How to disable iRedAPD service
  • How to enable or disable iRedAPD plugins
    • +
  • How to add custom settings
  • White/Blacklisting
    • How to disable white/blacklists completely
    • Manage white/blacklists
        @@ -26,6 +27,7 @@
      • Greylisting
        • How to disable greylisting completely
          • +
        • General settings
        • Manage greylisting settings
          • Available arguments
          • Sample usages
            • @@ -72,6 +74,14 @@ name in plugins = like below, and restart iRedAPD service:

            The priorities of plugins shipped in iRedAPD are hard-coded, so the order of plugin name in plugins = doesn't matter.

            To disable a plugin, just remove the plugin name and restart iRedAPD service.

            +

            How to add custom settings

            +

            iRedAPD has some default settings in file +/opt/iredapd/libs/default_settings.py, but you should never modify it. +Instead, you should copy the settings you want to modify from +/opt/iredapd/libs/default_settings.py to /opt/iredapd/settings.py, then +update it with new values. This way you will keep custom settings after +upgrading iRedAPD -- because iRedAPD upgrade tool will copy +/opt/iredapd/settings.py to new iRedAPD release during upgrading.

            White/Blacklisting

            How to disable white/blacklists completely

            To disable white/blacklists completely, please remove plugin name @@ -151,6 +161,10 @@ parameter plugins =:

            Greylisting

            +
            +

            Note

            +

            Greylisting is available in iRedAPD-1.7.0 and later releases.

            +

            For technical details about greylisting, please visit http://greylisting.org/

            How to disable greylisting completely

            To disable greylisting completely, please remove plugin name greylisting @@ -159,10 +173,26 @@ in iRedAPD config file /opt/iredapd/settings.py, parameter pl

            Restarting iRedAPD service is required.

            +

            General settings

            +

            There're several settings for greylisting behaviour, default values are defined +in /opt/iredapd/libs/default_settings.py. If you want to modify them, please +add the settings with custom values in /opt/iredapd/settings.py.

            +
              +
            • GREYLISTING_MESSAGE: the rejection message which will be sent to sender + server. Default is Intentional policy rejection, please try again later.
              • +
            • GREYLISTING_BLOCK_EXPIRE: Time (in MINUTES) to wait before client retrying, + client will be rejected if retires too soon (in less than specified minutes). + Defaults to 15 minutes.
              • +
            • GREYLISTING_AUTH_TRIPLET_EXPIRE: Disable greylisting for how long (in DAYS) + for clients which passed greylisting (retried and delivered). It's also used + to clean up old greylisting tracking records. Defaults to 30 days.
              • +
            • GREYLISTING_UNAUTH_TRIPLET_EXPIRE: Time (in DAYS) to keep tracking records + if client didn't pass the greylisting, and no further deliver attempts. + Defaults to 2 days.
              • +

            Manage greylisting settings

              -
            • Greylisting is available in iRedAPD-1.7.0 and later releases.
            • Script tools/greylisting_admin.py is available in iRedAPD-1.8.0 and later releases.
            @@ -264,7 +294,7 @@ without any argument, it will fetch all mail domains stored in sql table

            You should setup a cron job to run this script, so that it can keep the IP addresses/networks up to date. iRedMail sets up the cron job to run every 10 minutes, like below:

            -
            */10   *   *   *   *   /usr/bin/python /opt/iredapd/tools/spf_to_greylisting_whitelists.py &>/dev/null
+
            */10   *   *   *   *   /usr/bin/python /opt/iredapd/tools/spf_to_greylist_whitelists.py &>/dev/null
 
            All documents are available in BitBucket repository, and published under Creative Commons license. If you found something wrong, please do contact us to fix it.