>>> # >>> # Initialize. >>> # >>> #! ../bin/postmap smtpd_check_access >>> #msg_verbose 1 >>> smtpd_delay_reject 0 OK >>> mynetworks 127.0.0.0/8,168.100.189.0/28 OK >>> relay_domains porcupine.org OK >>> maps_rbl_domains dnsbltest.porcupine.org OK >>> # >>> # Test the client restrictions. >>> # >>> client_restrictions permit_mynetworks,reject_unknown_client,check_client_access,hash:./smtpd_check_access OK >>> client unknown 131.155.210.17 ./smtpd_check: : reject: CONNECT from unknown[131.155.210.17]: 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]; proto=SMTP 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client unknown 168.100.189.13 OK >>> client random.bad.domain 123.123.123.123 ./smtpd_check: : reject: CONNECT from random.bad.domain[123.123.123.123]: 554 5.7.1 : Client host rejected: match bad.domain; proto=SMTP 554 5.7.1 : Client host rejected: match bad.domain >>> client friend.bad.domain 123.123.123.123 OK >>> client bad.domain 123.123.123.123 ./smtpd_check: : reject: CONNECT from bad.domain[123.123.123.123]: 554 5.7.1 : Client host rejected: match bad.domain; proto=SMTP 554 5.7.1 : Client host rejected: match bad.domain >>> client wzv.win.tue.nl 131.155.210.17 OK >>> client aa.win.tue.nl 131.155.210.18 ./smtpd_check: : reject: CONNECT from aa.win.tue.nl[131.155.210.18]: 554 5.7.1 : Client host rejected: match 131.155.210; proto=SMTP 554 5.7.1 : Client host rejected: match 131.155.210 >>> client_restrictions permit_mynetworks OK >>> # >>> # Test the helo restrictions >>> # >>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,reject_unknown_hostname,check_helo_access,hash:./smtpd_check_access OK >>> client unknown 131.155.210.17 OK >>> helo foo. ./smtpd_check: : reject: HELO from unknown[131.155.210.17]: 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]; proto=SMTP helo= 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client foo 123.123.123.123 OK >>> helo foo. ./smtpd_check: : reject: HELO from foo[123.123.123.123]: 450 4.7.1 : Helo command rejected: Host not found; proto=SMTP helo= 450 4.7.1 : Helo command rejected: Host not found >>> helo foo ./smtpd_check: : reject: HELO from foo[123.123.123.123]: 450 4.7.1 : Helo command rejected: Host not found; proto=SMTP helo= 450 4.7.1 : Helo command rejected: Host not found >>> helo spike.porcupine.org ./smtpd_check: : reject: HELO from foo[123.123.123.123]: 554 5.7.1 : Helo command rejected: name server spike.porcupine.org; proto=SMTP helo= 554 5.7.1 : Helo command rejected: name server spike.porcupine.org >>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,check_helo_access,hash:./smtpd_check_access OK >>> helo random.bad.domain ./smtpd_check: : reject: HELO from foo[123.123.123.123]: 554 5.7.1 : Helo command rejected: match bad.domain; proto=SMTP helo= 554 5.7.1 : Helo command rejected: match bad.domain >>> helo friend.bad.domain OK >>> # >>> # Test the sender restrictions >>> # >>> sender_restrictions permit_mynetworks,reject_unknown_client OK >>> client unknown 131.155.210.17 OK >>> mail foo@ibm.com ./smtpd_check: : reject: MAIL from unknown[131.155.210.17]: 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]; from= proto=SMTP helo= 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client unknown 168.100.189.13 OK >>> mail foo@ibm.com OK >>> client foo 123.123.123.123 OK >>> mail foo@ibm.com OK >>> sender_restrictions reject_unknown_address OK >>> mail foo@ibm.com OK >>> mail foo@bad.domain ./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 450 4.1.8 : Sender address rejected: Domain not found; from= proto=SMTP helo= 450 4.1.8 : Sender address rejected: Domain not found >>> sender_restrictions check_sender_access,hash:./smtpd_check_access OK >>> mail bad-sender@any.domain ./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad-sender@; from= proto=SMTP helo= 554 5.7.1 : Sender address rejected: match bad-sender@ >>> mail bad-sender@good.domain OK >>> mail reject@this.address ./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match reject@this.address; from= proto=SMTP helo= 554 5.7.1 : Sender address rejected: match reject@this.address >>> mail Reject@this.address ./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match reject@this.address; from= proto=SMTP helo= 554 5.7.1 : Sender address rejected: match reject@this.address >>> mail foo@bad.domain ./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo= 554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@Bad.domain ./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo= 554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@random.bad.domain ./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo= 554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@friend.bad.domain OK >>> # >>> # Test the recipient restrictions >>> # >>> recipient_restrictions permit_mynetworks,reject_unknown_client,check_relay_domains OK >>> client unknown 131.155.210.17 OK >>> rcpt foo@ibm.com ./smtpd_check: : reject: RCPT from unknown[131.155.210.17]: 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]; from= to= proto=SMTP helo= 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client unknown 168.100.189.13 OK >>> rcpt foo@ibm.com OK >>> client foo 123.123.123.123 OK >>> rcpt foo@ibm.com ./smtpd_check: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead ./smtpd_check: : reject: RCPT from foo[123.123.123.123]: 554 5.7.1 : Recipient address rejected: Relay access denied; from= to= proto=SMTP helo= 554 5.7.1 : Recipient address rejected: Relay access denied >>> rcpt foo@porcupine.org OK >>> recipient_restrictions check_relay_domains OK >>> client foo.porcupine.org 168.100.189.13 OK >>> rcpt foo@ibm.com OK >>> rcpt foo@porcupine.org OK >>> client foo 123.123.123.123 OK >>> rcpt foo@ibm.com ./smtpd_check: : reject: RCPT from foo[123.123.123.123]: 554 5.7.1 : Recipient address rejected: Relay access denied; from= to= proto=SMTP helo= 554 5.7.1 : Recipient address rejected: Relay access denied >>> rcpt foo@porcupine.org OK >>> recipient_restrictions check_recipient_access,hash:./smtpd_check_access OK >>> mail bad-sender@any.domain ./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad-sender@; from= proto=SMTP helo= 554 5.7.1 : Sender address rejected: match bad-sender@ >>> mail bad-sender@good.domain OK >>> mail reject@this.address ./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match reject@this.address; from= proto=SMTP helo= 554 5.7.1 : Sender address rejected: match reject@this.address >>> mail foo@bad.domain ./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo= 554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@random.bad.domain ./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 5.7.1 : Sender address rejected: match bad.domain; from= proto=SMTP helo= 554 5.7.1 : Sender address rejected: match bad.domain >>> mail foo@friend.bad.domain OK >>> # >>> # RBL >>> # >>> client_restrictions reject_maps_rbl OK >>> client spike.porcupine.org 168.100.189.2 ./smtpd_check: warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead OK >>> client foo 127.0.0.2 ./smtpd_check: : reject: CONNECT from foo[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; from= proto=SMTP helo= 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org >>> # >>> # unknown sender/recipient domain >>> # >>> unknown_address_reject_code 554 OK >>> recipient_restrictions reject_unknown_recipient_domain,reject_unknown_sender_domain OK >>> mail wietse@porcupine.org OK >>> rcpt wietse@porcupine.org OK >>> rcpt wietse@no.recipient.domain ./smtpd_check: : reject: RCPT from foo[127.0.0.2]: 554 5.1.2 : Recipient address rejected: Domain not found; from= to= proto=SMTP helo= 554 5.1.2 : Recipient address rejected: Domain not found >>> mail wietse@no.sender.domain OK >>> rcpt wietse@porcupine.org ./smtpd_check: : reject: RCPT from foo[127.0.0.2]: 554 5.1.8 : Sender address rejected: Domain not found; from= to= proto=SMTP helo= 554 5.1.8 : Sender address rejected: Domain not found >>> # >>> # {permit_auth,reject_unauth}_destination >>> # >>> relay_domains foo.com,bar.com OK >>> mail user@some.where OK >>> recipient_restrictions permit_auth_destination,reject OK >>> rcpt user@foo.org ./smtpd_check: : reject: RCPT from foo[127.0.0.2]: 554 5.7.1 : Recipient address rejected: Access denied; from= to= proto=SMTP helo= 554 5.7.1 : Recipient address rejected: Access denied >>> rcpt user@foo.com OK >>> recipient_restrictions reject_unauth_destination,permit OK >>> rcpt user@foo.org ./smtpd_check: : reject: RCPT from foo[127.0.0.2]: 554 5.7.1 : Relay access denied; from= to= proto=SMTP helo= 554 5.7.1 : Relay access denied >>> rcpt user@foo.com OK >>> # >>> # unknown client tests >>> # >>> unknown_client_reject_code 550 OK >>> client_restrictions reject_unknown_client OK >>> client spike.porcupine.org 160.100.189.2 2 OK >>> client unknown 1.1.1.1 4 ./smtpd_check: : reject: CONNECT from unknown[1.1.1.1]: 450 4.7.1 Client host rejected: cannot find your hostname, [1.1.1.1]; from= proto=SMTP helo= 450 4.7.1 Client host rejected: cannot find your hostname, [1.1.1.1] >>> client unknown 1.1.1.1 5 ./smtpd_check: : reject: CONNECT from unknown[1.1.1.1]: 550 5.7.1 Client host rejected: cannot find your hostname, [1.1.1.1]; from= proto=SMTP helo= 550 5.7.1 Client host rejected: cannot find your hostname, [1.1.1.1]