# # Initialize. # #! ../bin/postmap smtpd_check_access #msg_verbose 1 smtpd_delay_reject 0 mynetworks 127.0.0.0/8,168.100.189.0/28 relay_domains porcupine.org maps_rbl_domains dnsbltest.porcupine.org # # Test the client restrictions. # client_restrictions permit_mynetworks,reject_unknown_client,hash:./smtpd_check_access client unknown 131.155.210.17 client unknown 168.100.189.13 client random.bad.domain 123.123.123.123 client friend.bad.domain 123.123.123.123 client bad.domain 123.123.123.123 client wzv.win.tue.nl 131.155.210.17 client aa.win.tue.nl 131.155.210.18 client_restrictions permit_mynetworks # # Test the helo restrictions # helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,reject_unknown_hostname,hash:./smtpd_check_access client unknown 131.155.210.17 helo foo. client foo 123.123.123.123 helo foo. helo foo helo spike.porcupine.org helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,hash:./smtpd_check_access helo random.bad.domain helo friend.bad.domain helo_restrictions reject_invalid_hostname,reject_unknown_hostname helo 123.123.123.123 helo [123.123.123.123] helo [::] helo [ipv6:::] helo [ipv6::::] helo_restrictions permit_naked_ip_address,reject_invalid_hostname,reject_unknown_hostname helo 123.123.123.123 # # Test the sender restrictions # sender_restrictions permit_mynetworks,reject_unknown_client client unknown 131.155.210.17 mail foo@ibm.com client unknown 168.100.189.13 mail foo@ibm.com client foo 123.123.123.123 mail foo@ibm.com sender_restrictions reject_unknown_address mail foo@ibm.com mail foo@bad.domain sender_restrictions hash:./smtpd_check_access mail bad-sender@any.domain mail bad-sender@good.domain mail reject@this.address mail Reject@this.address mail foo@bad.domain mail foo@Bad.domain mail foo@random.bad.domain mail foo@friend.bad.domain # # Test the recipient restrictions # recipient_restrictions permit_mynetworks,reject_unknown_client,check_relay_domains client unknown 131.155.210.17 rcpt foo@ibm.com client unknown 168.100.189.13 rcpt foo@ibm.com client foo 123.123.123.123 rcpt foo@ibm.com rcpt foo@porcupine.org recipient_restrictions check_relay_domains client foo.porcupine.org 168.100.189.13 rcpt foo@ibm.com rcpt foo@porcupine.org client foo 123.123.123.123 rcpt foo@ibm.com rcpt foo@porcupine.org recipient_restrictions hash:./smtpd_check_access mail bad-sender@any.domain mail bad-sender@good.domain mail reject@this.address mail foo@bad.domain mail foo@random.bad.domain mail foo@friend.bad.domain # # RBL # client_restrictions reject_maps_rbl client spike.porcupine.org 168.100.189.2 client foo 127.0.0.2 # # Hybrids # recipient_restrictions check_relay_domains client foo 131.155.210.17 rcpt foo@ibm.com recipient_restrictions check_client_access,hash:./smtpd_check_access,check_relay_domains client foo 131.155.210.17 rcpt foo@porcupine.org helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,hash:./smtpd_check_access recipient_restrictions check_helo_access,hash:./smtpd_check_access,check_relay_domains helo bad.domain rcpt foo@porcupine.org helo 131.155.210.17 rcpt foo@porcupine.org recipient_restrictions check_sender_access,hash:./smtpd_check_access,check_relay_domains mail foo@bad.domain rcpt foo@porcupine.org mail foo@friend.bad.domain rcpt foo@porcupine.org # # MX backup # #mydestination spike.porcupine.org,localhost.porcupine.org #inet_interfaces 168.100.189.2,127.0.0.1 #recipient_restrictions permit_mx_backup,reject #rcpt wietse@wzv.win.tue.nl #rcpt wietse@trouble.org #rcpt wietse@porcupine.org # # Deferred restrictions # client_restrictions permit helo_restrictions permit sender_restrictions permit recipient_restrictions check_helo_access,hash:./smtpd_check_access,check_sender_access,hash:./smtpd_check_access helo bad.domain mail foo@good.domain rcpt foo@porcupine.org helo good.domain mail foo@bad.domain rcpt foo@porcupine.org # # FQDN restrictions # helo_restrictions reject_non_fqdn_hostname sender_restrictions reject_non_fqdn_sender recipient_restrictions reject_non_fqdn_recipient helo foo.bar. helo foo.bar helo foo mail foo@foo.bar. mail foo@foo.bar mail foo@foo mail foo rcpt foo@foo.bar. rcpt foo@foo.bar rcpt foo@foo rcpt foo # # Numerical HELO checks # helo_restrictions permit_naked_ip_address,reject_non_fqdn_hostname helo [1.2.3.4] helo [321.255.255.255] helo [0.255.255.255] helo [1.2.3.321] helo [1.2.3] helo [1.2.3.4.5] helo [1..2.3.4] helo [.1.2.3.4] helo [1.2.3.4.5.] helo 1.2.3.4 helo 321.255.255.255 helo 0.255.255.255 helo 1.2.3.321 helo 1.2.3 helo 1.2.3.4.5 helo 1..2.3.4 helo .1.2.3.4 helo 1.2.3.4.5. # # The defer restriction # defer_code 444 helo_restrictions defer helo foobar