172 lines
4.5 KiB
Plaintext
172 lines
4.5 KiB
Plaintext
#
|
|
# Initialize.
|
|
#
|
|
#! ../bin/postmap smtpd_check_access
|
|
#msg_verbose 1
|
|
smtpd_delay_reject 0
|
|
mynetworks 127.0.0.0/8,168.100.189.0/28
|
|
relay_domains porcupine.org
|
|
#
|
|
# Test the client restrictions.
|
|
#
|
|
client_restrictions permit_mynetworks,reject_unknown_client,hash:./smtpd_check_access
|
|
client unknown 131.155.210.17
|
|
client unknown 168.100.189.13
|
|
client random.bad.domain 123.123.123.123
|
|
client friend.bad.domain 123.123.123.123
|
|
client bad.domain 123.123.123.123
|
|
client wzv.win.tue.nl 131.155.210.17
|
|
client aa.win.tue.nl 131.155.210.18
|
|
client_restrictions permit_mynetworks
|
|
#
|
|
# Test the helo restrictions
|
|
#
|
|
helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,reject_unknown_hostname,hash:./smtpd_check_access
|
|
client unknown 131.155.210.17
|
|
helo foo.
|
|
client foo 123.123.123.123
|
|
helo foo.
|
|
helo foo
|
|
helo spike.porcupine.org
|
|
helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,hash:./smtpd_check_access
|
|
helo random.bad.domain
|
|
helo friend.bad.domain
|
|
helo_restrictions reject_invalid_hostname,reject_unknown_hostname
|
|
helo 123.123.123.123
|
|
helo_restrictions permit_naked_ip_address,reject_invalid_hostname,reject_unknown_hostname
|
|
helo 123.123.123.123
|
|
#
|
|
# Test the sender restrictions
|
|
#
|
|
sender_restrictions permit_mynetworks,reject_unknown_client
|
|
client unknown 131.155.210.17
|
|
mail foo@watson.ibm.com
|
|
client unknown 168.100.189.13
|
|
mail foo@watson.ibm.com
|
|
client foo 123.123.123.123
|
|
mail foo@watson.ibm.com
|
|
sender_restrictions reject_unknown_address
|
|
mail foo@watson.ibm.com
|
|
mail foo@bad.domain
|
|
sender_restrictions hash:./smtpd_check_access
|
|
mail bad-sender@any.domain
|
|
mail bad-sender@good.domain
|
|
mail reject@this.address
|
|
mail Reject@this.address
|
|
mail foo@bad.domain
|
|
mail foo@Bad.domain
|
|
mail foo@random.bad.domain
|
|
mail foo@friend.bad.domain
|
|
#
|
|
# Test the recipient restrictions
|
|
#
|
|
recipient_restrictions permit_mynetworks,reject_unknown_client,check_relay_domains
|
|
client unknown 131.155.210.17
|
|
rcpt foo@watson.ibm.com
|
|
client unknown 168.100.189.13
|
|
rcpt foo@watson.ibm.com
|
|
client foo 123.123.123.123
|
|
rcpt foo@watson.ibm.com
|
|
rcpt foo@porcupine.org
|
|
recipient_restrictions check_relay_domains
|
|
client foo.porcupine.org 168.100.189.13
|
|
rcpt foo@watson.ibm.com
|
|
rcpt foo@porcupine.org
|
|
client foo 123.123.123.123
|
|
rcpt foo@watson.ibm.com
|
|
rcpt foo@porcupine.org
|
|
recipient_restrictions hash:./smtpd_check_access
|
|
mail bad-sender@any.domain
|
|
mail bad-sender@good.domain
|
|
mail reject@this.address
|
|
mail foo@bad.domain
|
|
mail foo@random.bad.domain
|
|
mail foo@friend.bad.domain
|
|
#
|
|
# RBL
|
|
#
|
|
client_restrictions reject_maps_rbl
|
|
client spike.porcupine.org 168.100.189.2
|
|
client foo 127.0.0.2
|
|
#
|
|
# Hybrids
|
|
#
|
|
recipient_restrictions check_relay_domains
|
|
client foo 131.155.210.17
|
|
rcpt foo@watson.ibm.com
|
|
recipient_restrictions check_client_access,hash:./smtpd_check_access,check_relay_domains
|
|
client foo 131.155.210.17
|
|
rcpt foo@porcupine.org
|
|
helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,hash:./smtpd_check_access
|
|
recipient_restrictions check_helo_access,hash:./smtpd_check_access,check_relay_domains
|
|
helo bad.domain
|
|
rcpt foo@porcupine.org
|
|
helo 131.155.210.17
|
|
rcpt foo@porcupine.org
|
|
recipient_restrictions check_sender_access,hash:./smtpd_check_access,check_relay_domains
|
|
mail foo@bad.domain
|
|
rcpt foo@porcupine.org
|
|
mail foo@friend.bad.domain
|
|
rcpt foo@porcupine.org
|
|
#
|
|
# MX backup
|
|
#
|
|
mydestination spike.porcupine.org,localhost.porcupine.org
|
|
inet_interfaces 168.100.189.2,127.0.0.1
|
|
recipient_restrictions permit_mx_backup,reject
|
|
rcpt wietse@wzv.win.tue.nl
|
|
rcpt wietse@trouble.org
|
|
rcpt wietse@porcupine.org
|
|
#
|
|
# Deferred restrictions
|
|
#
|
|
client_restrictions permit
|
|
helo_restrictions permit
|
|
sender_restrictions permit
|
|
recipient_restrictions check_helo_access,hash:./smtpd_check_access,check_sender_access,hash:./smtpd_check_access
|
|
helo bad.domain
|
|
mail foo@good.domain
|
|
rcpt foo@porcupine.org
|
|
helo good.domain
|
|
mail foo@bad.domain
|
|
rcpt foo@porcupine.org
|
|
#
|
|
# FQDN restrictions
|
|
#
|
|
helo_restrictions reject_non_fqdn_hostname
|
|
sender_restrictions reject_non_fqdn_sender
|
|
recipient_restrictions reject_non_fqdn_recipient
|
|
helo foo.bar.
|
|
helo foo.bar
|
|
helo foo
|
|
mail foo@foo.bar.
|
|
mail foo@foo.bar
|
|
mail foo@foo
|
|
mail foo
|
|
rcpt foo@foo.bar.
|
|
rcpt foo@foo.bar
|
|
rcpt foo@foo
|
|
rcpt foo
|
|
#
|
|
# Numerical HELO checks
|
|
#
|
|
helo_restrictions permit_naked_ip_address,reject_non_fqdn_hostname
|
|
helo [1.2.3.4]
|
|
helo [321.255.255.255]
|
|
helo [0.255.255.255]
|
|
helo [1.2.3.321]
|
|
helo [1.2.3]
|
|
helo [1.2.3.4.5]
|
|
helo [1..2.3.4]
|
|
helo [.1.2.3.4]
|
|
helo [1.2.3.4.5.]
|
|
helo 1.2.3.4
|
|
helo 321.255.255.255
|
|
helo 0.255.255.255
|
|
helo 1.2.3.321
|
|
helo 1.2.3
|
|
helo 1.2.3.4.5
|
|
helo 1..2.3.4
|
|
helo .1.2.3.4
|
|
helo 1.2.3.4.5.
|