1# 2# Initialize. 3# 4#! ../bin/postmap smtpd_check_access 5#msg_verbose 1 6smtpd_delay_reject 0 7mynetworks 127.0.0.0/8,168.100.189.0/28 8relay_domains porcupine.org 9maps_rbl_domains dnsbltest.porcupine.org 10# 11# Test the client restrictions. 12# 13client_restrictions permit_mynetworks,reject_unknown_client,hash:./smtpd_check_access 14client unknown 131.155.210.17 15client unknown 168.100.189.13 16client random.bad.domain 123.123.123.123 17client friend.bad.domain 123.123.123.123 18client bad.domain 123.123.123.123 19client wzv.win.tue.nl 131.155.210.17 20client aa.win.tue.nl 131.155.210.18 21client_restrictions permit_mynetworks 22# 23# Test the helo restrictions 24# 25helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,reject_unknown_hostname,hash:./smtpd_check_access 26client unknown 131.155.210.17 27helo foo. 28client foo 123.123.123.123 29helo foo. 30helo foo 31helo spike.porcupine.org 32helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,hash:./smtpd_check_access 33helo random.bad.domain 34helo friend.bad.domain 35helo_restrictions reject_invalid_hostname,reject_unknown_hostname 36helo 123.123.123.123 37helo [123.123.123.123] 38helo [::] 39helo [ipv6:::] 40helo [ipv6::::] 41helo_restrictions permit_naked_ip_address,reject_invalid_hostname,reject_unknown_hostname 42helo 123.123.123.123 43# 44# Test the sender restrictions 45# 46sender_restrictions permit_mynetworks,reject_unknown_client 47client unknown 131.155.210.17 48mail foo@watson.ibm.com 49client unknown 168.100.189.13 50mail foo@watson.ibm.com 51client foo 123.123.123.123 52mail foo@watson.ibm.com 53sender_restrictions reject_unknown_address 54mail foo@watson.ibm.com 55mail foo@bad.domain 56sender_restrictions hash:./smtpd_check_access 57mail bad-sender@any.domain 58mail bad-sender@good.domain 59mail reject@this.address 60mail Reject@this.address 61mail foo@bad.domain 62mail foo@Bad.domain 63mail foo@random.bad.domain 64mail foo@friend.bad.domain 65# 66# Test the recipient restrictions 67# 68recipient_restrictions permit_mynetworks,reject_unknown_client,check_relay_domains 69client unknown 131.155.210.17 70rcpt foo@watson.ibm.com 71client unknown 168.100.189.13 72rcpt foo@watson.ibm.com 73client foo 123.123.123.123 74rcpt foo@watson.ibm.com 75rcpt foo@porcupine.org 76recipient_restrictions check_relay_domains 77client foo.porcupine.org 168.100.189.13 78rcpt foo@watson.ibm.com 79rcpt foo@porcupine.org 80client foo 123.123.123.123 81rcpt foo@watson.ibm.com 82rcpt foo@porcupine.org 83recipient_restrictions hash:./smtpd_check_access 84mail bad-sender@any.domain 85mail bad-sender@good.domain 86mail reject@this.address 87mail foo@bad.domain 88mail foo@random.bad.domain 89mail foo@friend.bad.domain 90# 91# RBL 92# 93client_restrictions reject_maps_rbl 94client spike.porcupine.org 168.100.189.2 95client foo 127.0.0.2 96# 97# Hybrids 98# 99recipient_restrictions check_relay_domains 100client foo 131.155.210.17 101rcpt foo@watson.ibm.com 102recipient_restrictions check_client_access,hash:./smtpd_check_access,check_relay_domains 103client foo 131.155.210.17 104rcpt foo@porcupine.org 105helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,hash:./smtpd_check_access 106recipient_restrictions check_helo_access,hash:./smtpd_check_access,check_relay_domains 107helo bad.domain 108rcpt foo@porcupine.org 109helo 131.155.210.17 110rcpt foo@porcupine.org 111recipient_restrictions check_sender_access,hash:./smtpd_check_access,check_relay_domains 112mail foo@bad.domain 113rcpt foo@porcupine.org 114mail foo@friend.bad.domain 115rcpt foo@porcupine.org 116# 117# MX backup 118# 119#mydestination spike.porcupine.org,localhost.porcupine.org 120#inet_interfaces 168.100.189.2,127.0.0.1 121#recipient_restrictions permit_mx_backup,reject 122#rcpt wietse@wzv.win.tue.nl 123#rcpt wietse@trouble.org 124#rcpt wietse@porcupine.org 125# 126# Deferred restrictions 127# 128client_restrictions permit 129helo_restrictions permit 130sender_restrictions permit 131recipient_restrictions check_helo_access,hash:./smtpd_check_access,check_sender_access,hash:./smtpd_check_access 132helo bad.domain 133mail foo@good.domain 134rcpt foo@porcupine.org 135helo good.domain 136mail foo@bad.domain 137rcpt foo@porcupine.org 138# 139# FQDN restrictions 140# 141helo_restrictions reject_non_fqdn_hostname 142sender_restrictions reject_non_fqdn_sender 143recipient_restrictions reject_non_fqdn_recipient 144helo foo.bar. 145helo foo.bar 146helo foo 147mail foo@foo.bar. 148mail foo@foo.bar 149mail foo@foo 150mail foo 151rcpt foo@foo.bar. 152rcpt foo@foo.bar 153rcpt foo@foo 154rcpt foo 155# 156# Numerical HELO checks 157# 158helo_restrictions permit_naked_ip_address,reject_non_fqdn_hostname 159helo [1.2.3.4] 160helo [321.255.255.255] 161helo [0.255.255.255] 162helo [1.2.3.321] 163helo [1.2.3] 164helo [1.2.3.4.5] 165helo [1..2.3.4] 166helo [.1.2.3.4] 167helo [1.2.3.4.5.] 168helo 1.2.3.4 169helo 321.255.255.255 170helo 0.255.255.255 171helo 1.2.3.321 172helo 1.2.3 173helo 1.2.3.4.5 174helo 1..2.3.4 175helo .1.2.3.4 176helo 1.2.3.4.5. 177# 178# The defer restriction 179# 180defer_code 444 181helo_restrictions defer 182helo foobar 183