WARNING: THIS DOCUMENT IS DEPRECATED, PLEASE use per-user white/blacklists instead, doc here.
iRedAPD (a simple Postfix policy server developed by iRedMail team) provides
sql_user_restrictions for per-user inbound/outbound restrictions.
Please make sure plugin
sql_user_restrictions is enabled in iRedAPD config
/opt/iredapd/settings.py like below:
# Part of file: /opt/iredapd/settings.py plugins = [..., 'sql_user_restrictions']
Restarting iRedAPD service is required if you modified
You can store allowed or disallowed recipient in 2 SQL columns in
mailbox.rejectedrecipients: disallow user to send email to listed recipients.
mailbox.allowedrecipients: allow user to send email to listed recipients.
Valid sender/recipient formats are:
@.: all addresses (user, domain, sub-domain). Be careful: There's a dot after
@domain.com: entire domain.
@.domain.com: entire domain and all its sub-domains. Be careful: There's a dot after
email@example.com: single email address
NOTE: Multiple recipients must be separated by comma (
firstname.lastname@example.org send to domain (
gmail.com, but not others.
sql> USE vmail; sql> UPDATE mailbox SET rejectedrecipients='@.', email@example.com,@gmail.com' WHERE firstname.lastname@example.org';
OpenLDAP backend requires iRedAPD plugin
If you have iRedAdmin-Pro, you can manage this restriction in user profile page.
If you don't have iRedAdmin-Pro, you can manage it with phpLDAPadmin or other LDAP management tools. Related LDAP attributes are:
mailWhitelistRecipient: same as SQL
mailBlacklistRecipient: same as
Values for these LDAP attributes use the same format as mentioned above.
Note: multiple recipients must be stored in multiple attributes like below:
mailWhitelistRecipient: @example.com mailWhitelistRecipient: @gmail.com mailWhitelistRecipient: @iredmail.org