>>> # >>> # Initialize. >>> # >>> #! ../bin/postmap smtpd_check_access >>> #msg_verbose 1 >>> smtpd_delay_reject 0 OK >>> mynetworks 127.0.0.0/8,168.100.189.0/28 OK >>> relay_domains porcupine.org OK >>> # >>> # Test the client restrictions. >>> # >>> client_restrictions permit_mynetworks,reject_unknown_client,hash:./smtpd_check_access OK >>> client unknown 131.155.210.17 ./smtpd_check: reject: CONNECT from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17] 450 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client unknown 168.100.189.13 OK >>> client random.bad.domain 123.123.123.123 ./smtpd_check: reject: CONNECT from random.bad.domain[123.123.123.123]: 554 : Client host rejected: match bad.domain 554 : Client host rejected: match bad.domain >>> client friend.bad.domain 123.123.123.123 OK >>> client bad.domain 123.123.123.123 ./smtpd_check: reject: CONNECT from bad.domain[123.123.123.123]: 554 : Client host rejected: match bad.domain 554 : Client host rejected: match bad.domain >>> client wzv.win.tue.nl 131.155.210.17 OK >>> client aa.win.tue.nl 131.155.210.18 ./smtpd_check: reject: CONNECT from aa.win.tue.nl[131.155.210.18]: 554 : Client host rejected: match 131.155.210 554 : Client host rejected: match 131.155.210 >>> client_restrictions permit_mynetworks OK >>> # >>> # Test the helo restrictions >>> # >>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,reject_unknown_hostname,hash:./smtpd_check_access OK >>> client unknown 131.155.210.17 OK >>> helo foo. ./smtpd_check: reject: HELO from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17] 450 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client foo 123.123.123.123 OK >>> helo foo. ./smtpd_check: reject: HELO from foo[123.123.123.123]: 450 : Helo command rejected: Host not found 450 : Helo command rejected: Host not found >>> helo foo ./smtpd_check: reject: HELO from foo[123.123.123.123]: 450 : Helo command rejected: Host not found 450 : Helo command rejected: Host not found >>> helo spike.porcupine.org OK >>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,hash:./smtpd_check_access OK >>> helo random.bad.domain ./smtpd_check: reject: HELO from foo[123.123.123.123]: 554 : Helo command rejected: match bad.domain 554 : Helo command rejected: match bad.domain >>> helo friend.bad.domain OK >>> helo_restrictions reject_invalid_hostname,reject_unknown_hostname OK >>> helo 123.123.123.123 ./smtpd_check: warning: valid_hostname: numeric hostname: 123.123.123.123 ./smtpd_check: reject: HELO from foo[123.123.123.123]: 450 <123.123.123.123>: Helo command rejected: Host not found 450 <123.123.123.123>: Helo command rejected: Host not found >>> helo_restrictions permit_naked_ip_address,reject_invalid_hostname,reject_unknown_hostname OK >>> helo 123.123.123.123 OK >>> # >>> # Test the sender restrictions >>> # >>> sender_restrictions permit_mynetworks,reject_unknown_client OK >>> client unknown 131.155.210.17 OK >>> mail foo@watson.ibm.com ./smtpd_check: reject: MAIL from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17]; from= 450 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client unknown 168.100.189.13 OK >>> mail foo@watson.ibm.com OK >>> client foo 123.123.123.123 OK >>> mail foo@watson.ibm.com OK >>> sender_restrictions reject_unknown_address OK >>> mail foo@watson.ibm.com OK >>> mail foo@bad.domain ./smtpd_check: reject: MAIL from foo[123.123.123.123]: 450 : Sender address rejected: Domain not found; from= 450 : Sender address rejected: Domain not found >>> sender_restrictions hash:./smtpd_check_access OK >>> mail bad-sender@any.domain ./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad-sender@; from= 554 : Sender address rejected: match bad-sender@ >>> mail bad-sender@good.domain OK >>> mail reject@this.address ./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match reject@this.address; from= 554 : Sender address rejected: match reject@this.address >>> mail Reject@this.address ./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match reject@this.address; from= 554 : Sender address rejected: match reject@this.address >>> mail foo@bad.domain ./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> mail foo@Bad.domain ./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> mail foo@random.bad.domain ./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> mail foo@friend.bad.domain OK >>> # >>> # Test the recipient restrictions >>> # >>> recipient_restrictions permit_mynetworks,reject_unknown_client,check_relay_domains OK >>> client unknown 131.155.210.17 OK >>> rcpt foo@watson.ibm.com ./smtpd_check: reject: RCPT from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17]; from= to= 450 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client unknown 168.100.189.13 OK >>> rcpt foo@watson.ibm.com OK >>> client foo 123.123.123.123 OK >>> rcpt foo@watson.ibm.com ./smtpd_check: reject: RCPT from foo[123.123.123.123]: 554 : Recipient address rejected: Relay access denied; from= to= 554 : Recipient address rejected: Relay access denied >>> rcpt foo@porcupine.org OK >>> recipient_restrictions check_relay_domains OK >>> client foo.porcupine.org 168.100.189.13 OK >>> rcpt foo@watson.ibm.com OK >>> rcpt foo@porcupine.org OK >>> client foo 123.123.123.123 OK >>> rcpt foo@watson.ibm.com ./smtpd_check: reject: RCPT from foo[123.123.123.123]: 554 : Recipient address rejected: Relay access denied; from= to= 554 : Recipient address rejected: Relay access denied >>> rcpt foo@porcupine.org OK >>> recipient_restrictions hash:./smtpd_check_access OK >>> mail bad-sender@any.domain ./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad-sender@; from= 554 : Sender address rejected: match bad-sender@ >>> mail bad-sender@good.domain OK >>> mail reject@this.address ./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match reject@this.address; from= 554 : Sender address rejected: match reject@this.address >>> mail foo@bad.domain ./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> mail foo@random.bad.domain ./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> mail foo@friend.bad.domain OK >>> # >>> # RBL >>> # >>> client_restrictions reject_maps_rbl OK >>> client spike.porcupine.org 168.100.189.2 OK >>> client foo 127.0.0.2 ./smtpd_check: reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; [127.0.0.2] blocked using rbl.maps.vix.com, reason: Blackholed - see ; from= 554 Service unavailable; [127.0.0.2] blocked using rbl.maps.vix.com, reason: Blackholed - see >>> # >>> # Hybrids >>> # >>> recipient_restrictions check_relay_domains OK >>> client foo 131.155.210.17 OK >>> rcpt foo@watson.ibm.com ./smtpd_check: reject: RCPT from foo[131.155.210.17]: 554 : Recipient address rejected: Relay access denied; from= to= 554 : Recipient address rejected: Relay access denied >>> recipient_restrictions check_client_access,hash:./smtpd_check_access,check_relay_domains OK >>> client foo 131.155.210.17 OK >>> rcpt foo@porcupine.org OK >>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,hash:./smtpd_check_access OK >>> recipient_restrictions check_helo_access,hash:./smtpd_check_access,check_relay_domains OK >>> helo bad.domain ./smtpd_check: reject: HELO from foo[131.155.210.17]: 554 : Helo command rejected: match bad.domain; from= 554 : Helo command rejected: match bad.domain >>> rcpt foo@porcupine.org ./smtpd_check: reject: RCPT from foo[131.155.210.17]: 554 : Helo command rejected: match bad.domain; from= to= 554 : Helo command rejected: match bad.domain >>> helo 131.155.210.17 ./smtpd_check: warning: valid_hostname: numeric hostname: 131.155.210.17 OK >>> rcpt foo@porcupine.org OK >>> recipient_restrictions check_sender_access,hash:./smtpd_check_access,check_relay_domains OK >>> mail foo@bad.domain ./smtpd_check: reject: MAIL from foo[131.155.210.17]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> rcpt foo@porcupine.org ./smtpd_check: reject: RCPT from foo[131.155.210.17]: 554 : Sender address rejected: match bad.domain; from= to= 554 : Sender address rejected: match bad.domain >>> mail foo@friend.bad.domain OK >>> rcpt foo@porcupine.org OK >>> # >>> # MX backup >>> # >>> mydestination spike.porcupine.org,localhost.porcupine.org OK >>> inet_interfaces 168.100.189.2,127.0.0.1 OK >>> recipient_restrictions permit_mx_backup,reject OK >>> rcpt wietse@wzv.win.tue.nl OK >>> rcpt wietse@trouble.org ./smtpd_check: reject: RCPT from foo[131.155.210.17]: 554 : Recipient address rejected: Access denied; from= to= 554 : Recipient address rejected: Access denied >>> rcpt wietse@porcupine.org OK >>> # >>> # Deferred restrictions >>> # >>> client_restrictions permit OK >>> helo_restrictions permit OK >>> sender_restrictions permit OK >>> recipient_restrictions check_helo_access,hash:./smtpd_check_access,check_sender_access,hash:./smtpd_check_access OK >>> helo bad.domain OK >>> mail foo@good.domain OK >>> rcpt foo@porcupine.org ./smtpd_check: reject: RCPT from foo[131.155.210.17]: 554 : Helo command rejected: match bad.domain; from= to= 554 : Helo command rejected: match bad.domain >>> helo good.domain OK >>> mail foo@bad.domain OK >>> rcpt foo@porcupine.org ./smtpd_check: reject: RCPT from foo[131.155.210.17]: 554 : Sender address rejected: match bad.domain; from= to= 554 : Sender address rejected: match bad.domain >>> # >>> # FQDN restrictions >>> # >>> helo_restrictions reject_non_fqdn_hostname OK >>> sender_restrictions reject_non_fqdn_sender OK >>> recipient_restrictions reject_non_fqdn_recipient OK >>> helo foo.bar. OK >>> helo foo.bar OK >>> helo foo ./smtpd_check: reject: HELO from foo[131.155.210.17]: 504 : Helo command rejected: need fully-qualified hostname; from= 504 : Helo command rejected: need fully-qualified hostname >>> mail foo@foo.bar. OK >>> mail foo@foo.bar OK >>> mail foo@foo ./smtpd_check: reject: MAIL from foo[131.155.210.17]: 504 : Sender address rejected: need fully-qualified address; from= 504 : Sender address rejected: need fully-qualified address >>> mail foo ./smtpd_check: reject: MAIL from foo[131.155.210.17]: 504 : Sender address rejected: need fully-qualified address; from= 504 : Sender address rejected: need fully-qualified address >>> rcpt foo@foo.bar. OK >>> rcpt foo@foo.bar OK >>> rcpt foo@foo ./smtpd_check: reject: RCPT from foo[131.155.210.17]: 504 : Recipient address rejected: need fully-qualified address; from= to= 504 : Recipient address rejected: need fully-qualified address >>> rcpt foo ./smtpd_check: reject: RCPT from foo[131.155.210.17]: 504 : Recipient address rejected: need fully-qualified address; from= to= 504 : Recipient address rejected: need fully-qualified address >>> # >>> # Numerical HELO checks >>> # >>> helo_restrictions permit_naked_ip_address,reject_non_fqdn_hostname OK >>> helo [1.2.3.4] OK >>> helo [321.255.255.255] ./smtpd_check: warning: valid_hostaddr: invalid octet value: 321.255.255.255 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[321.255.255.255]>: Helo command rejected: invalid ip address; from= 501 <[321.255.255.255]>: Helo command rejected: invalid ip address >>> helo [0.255.255.255] ./smtpd_check: warning: valid_hostaddr: bad initial octet value: 0.255.255.255 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[0.255.255.255]>: Helo command rejected: invalid ip address; from= 501 <[0.255.255.255]>: Helo command rejected: invalid ip address >>> helo [1.2.3.321] ./smtpd_check: warning: valid_hostaddr: invalid octet value: 1.2.3.321 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[1.2.3.321]>: Helo command rejected: invalid ip address; from= 501 <[1.2.3.321]>: Helo command rejected: invalid ip address >>> helo [1.2.3] ./smtpd_check: warning: valid_hostaddr: invalid octet count: 1.2.3 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[1.2.3]>: Helo command rejected: invalid ip address; from= 501 <[1.2.3]>: Helo command rejected: invalid ip address >>> helo [1.2.3.4.5] ./smtpd_check: warning: valid_hostaddr: invalid octet count: 1.2.3.4.5 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[1.2.3.4.5]>: Helo command rejected: invalid ip address; from= 501 <[1.2.3.4.5]>: Helo command rejected: invalid ip address >>> helo [1..2.3.4] ./smtpd_check: warning: valid_hostaddr: misplaced dot: 1..2.3.4 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[1..2.3.4]>: Helo command rejected: invalid ip address; from= 501 <[1..2.3.4]>: Helo command rejected: invalid ip address >>> helo [.1.2.3.4] ./smtpd_check: warning: valid_hostaddr: misplaced dot: .1.2.3.4 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[.1.2.3.4]>: Helo command rejected: invalid ip address; from= 501 <[.1.2.3.4]>: Helo command rejected: invalid ip address >>> helo [1.2.3.4.5.] ./smtpd_check: warning: valid_hostaddr: misplaced dot: 1.2.3.4.5. ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[1.2.3.4.5.]>: Helo command rejected: invalid ip address; from= 501 <[1.2.3.4.5.]>: Helo command rejected: invalid ip address >>> helo 1.2.3.4 OK >>> helo 321.255.255.255 ./smtpd_check: warning: valid_hostaddr: invalid octet value: 321.255.255.255 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <321.255.255.255>: Helo command rejected: invalid ip address; from= 501 <321.255.255.255>: Helo command rejected: invalid ip address >>> helo 0.255.255.255 ./smtpd_check: warning: valid_hostaddr: bad initial octet value: 0.255.255.255 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <0.255.255.255>: Helo command rejected: invalid ip address; from= 501 <0.255.255.255>: Helo command rejected: invalid ip address >>> helo 1.2.3.321 ./smtpd_check: warning: valid_hostaddr: invalid octet value: 1.2.3.321 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <1.2.3.321>: Helo command rejected: invalid ip address; from= 501 <1.2.3.321>: Helo command rejected: invalid ip address >>> helo 1.2.3 ./smtpd_check: warning: valid_hostaddr: invalid octet count: 1.2.3 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <1.2.3>: Helo command rejected: invalid ip address; from= 501 <1.2.3>: Helo command rejected: invalid ip address >>> helo 1.2.3.4.5 ./smtpd_check: warning: valid_hostaddr: invalid octet count: 1.2.3.4.5 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <1.2.3.4.5>: Helo command rejected: invalid ip address; from= 501 <1.2.3.4.5>: Helo command rejected: invalid ip address >>> helo 1..2.3.4 ./smtpd_check: warning: valid_hostaddr: misplaced dot: 1..2.3.4 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <1..2.3.4>: Helo command rejected: invalid ip address; from= 501 <1..2.3.4>: Helo command rejected: invalid ip address >>> helo .1.2.3.4 ./smtpd_check: warning: valid_hostaddr: misplaced dot: .1.2.3.4 ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <.1.2.3.4>: Helo command rejected: invalid ip address; from= 501 <.1.2.3.4>: Helo command rejected: invalid ip address >>> helo 1.2.3.4.5. ./smtpd_check: warning: valid_hostaddr: misplaced dot: 1.2.3.4.5. ./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <1.2.3.4.5.>: Helo command rejected: invalid ip address; from= 501 <1.2.3.4.5.>: Helo command rejected: invalid ip address