This tutorial is applicable to all SQL backends: MySQL, MariaDB, PostgreSQL.
There's another way to achieve per-user inbound/outbound restriction, it's called per-user white/blacklists (stored in SQL table
amavisd.wblist
, implemented by iRedAPD pluginamavisd_wblist
), but per-user white/blacklists are manageable by user themselves.
iRedAPD (a simple Postfix policy server developed by iRedMail team) provides
for per-user plugin sql_user_restrictions
for per-user inbound/outbound
restrictions.
Please make sure plugin sql_user_restrictions
is enabled in iRedAPD config
file /opt/iredapd/settings.py
like below:
# Part of file: /opt/iredapd/settings.py
plugins = [..., 'sql_user_restrictions']
Restarting iRedAPD service is required if you modified /opt/iredapd/settings.py
.
You can store allowed or disallowed senders in 4 SQL columns in vmail
database:
mailbox.rejectedsenders
: disallowed to receive email from listed senders.mailbox.allowedsenders
: allowed to receive email from listed senders.mailbox.rejectedrecipients
: disallow user to send email to listed recipients.mailbox.allowedrecipients
: allow user to send email to listed recipients.Valid sender/recipient formats are:
@.
: all addresses (user, domain, sub-domain). Be careful: There's a dot after @
.@domain.com
: entire domain.@.domain.com
: entire domain and all its sub-domains. Be careful: There's a dot after @
.user@domain.com
: single email addressNOTES:
,
).mailbox.allowedsenders
has higher priority than mailbox.rejectedsenders
.mailbox.allowedrecipients
has higher priority than mailbox.rejectedrecipients
.Sample usage:
user@example.com
to send to and receive from the same
domain (example.com
) and gmail.com
, but not others.sql> USE vmail;
sql> UPDATE mailbox \
SET \
rejectedsenders='@.', \
allowedsenders='@example.com,@gmail.com', \
rejectedrecipients='' \
allowedrecipients='@example.com,@gmail.com', \
WHERE \
username='user@example.com';
OpenLDAP backend requires iRedAPD plugin ldap_amavisd_block_blacklisted_senders
.
If you have iRedAdmin-Pro, you can manage this restriction in user profile page.
If you don't have iRedAdmin-Pro, you can manage it with phpLDAPadmin or other LDAP management tools. Related LDAP attributes are:
mailWhitelistRecipient
: same as SQL mailbox.allowedrecipients
mailBlacklistRecipient
: same as mailbox.rejectedrecipients
amavisWhitelistSender
: same as mailbox.allowedsenders
amavisBlacklistSender
: same as mailbox.rejectedsenders
Values for these LDAP attributes use the same format as mentioned above.
Document published under a CC BY-ND 3.0 license. If you found something wrong, please do contact us to fix it.