blob: dacda6ccfb92e205a1b6f74385921e0475f9547e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
>>> #
>>> # Initialize.
>>> #
>>> #msg_verbose 1
>>> smtpd_delay_reject 0
OK
>>> mynetworks 127.0.0.0/8,168.100.3.0/28
OK
>>> mydestination porcupine.org
OK
>>> relay_domains porcupine.org
OK
>>> helo foobar
OK
>>>
>>> #
>>> # DNSWL (by IP address)
>>> #
>>>
>>> # Allowlist overrides reject.
>>> client_restrictions permit_dnswl_client,wild.porcupine.org,reject
OK
>>> client spike.porcupine.org 168.100.3.2
OK
>>>
>>> # Allowlist does not fire - reject.
>>> client_restrictions permit_dnswl_client,porcupine.org,reject
OK
>>> client spike.porcupine.org 168.100.3.2
./smtpd_check: <queue id>: reject: CONNECT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <spike.porcupine.org[168.100.3.2]>: Client host rejected: Access denied; proto=SMTP helo=<foobar>
554 5.7.1 <spike.porcupine.org[168.100.3.2]>: Client host rejected: Access denied
>>>
>>> # Allowlist does not override reject_unauth_destination.
>>> client_restrictions permit
OK
>>> recipient_restrictions permit_dnswl_client,wild.porcupine.org,reject_unauth_destination
OK
>>> # Unauthorized destination - reject.
>>> rcpt rname@rdomain
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <rname@rdomain>: Relay access denied; to=<rname@rdomain> proto=SMTP helo=<foobar>
554 5.7.1 <rname@rdomain>: Relay access denied
>>> # Authorized destination - accept.
>>> rcpt wietse@porcupine.org
OK
>>>
>>> #
>>> # RHSWL (by domain name)
>>> #
>>>
>>> # Allowlist overrides reject.
>>> client_restrictions permit_rhswl_client,dnswl.porcupine.org,reject
OK
>>> # Non-allowlisted client name - reject.
>>> client spike.porcupine.org 168.100.3.2
./smtpd_check: <queue id>: reject: CONNECT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <spike.porcupine.org[168.100.3.2]>: Client host rejected: Access denied; proto=SMTP helo=<foobar>
554 5.7.1 <spike.porcupine.org[168.100.3.2]>: Client host rejected: Access denied
>>> # Allowlisted client name - accept.
>>> client example.tld 168.100.3.2
OK
>>>
>>> # Allowlist does not override reject_unauth_destination.
>>> client_restrictions permit
OK
>>> recipient_restrictions permit_rhswl_client,dnswl.porcupine.org,reject_unauth_destination
OK
>>> # Non-allowlisted client name.
>>> client spike.porcupine.org 168.100.3.2
OK
>>> # Unauthorized destination - reject.
>>> rcpt rname@rdomain
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <rname@rdomain>: Relay access denied; to=<rname@rdomain> proto=SMTP helo=<foobar>
554 5.7.1 <rname@rdomain>: Relay access denied
>>> # Authorized destination - accept.
>>> rcpt wietse@porcupine.org
OK
>>> # Allowlisted client name.
>>> client example.tld 168.100.3.2
OK
>>> # Unauthorized destination - reject.
>>> rcpt rname@rdomain
./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.3.2]: 554 5.7.1 <rname@rdomain>: Relay access denied; to=<rname@rdomain> proto=SMTP helo=<foobar>
554 5.7.1 <rname@rdomain>: Relay access denied
>>> # Authorized destination - accept.
>>> rcpt wietse@porcupine.org
OK
>>> # Numeric TLD - dunno.
>>> rcpt wietse@12345
./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.3.2]: 554 5.7.1 <wietse@12345>: Relay access denied; to=<wietse@12345> proto=SMTP helo=<foobar>
554 5.7.1 <wietse@12345>: Relay access denied
>>> rcpt wietse@12345.porcupine.org
OK
>>> rcpt wietse@porcupine.12345
./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.3.2]: 554 5.7.1 <wietse@porcupine.12345>: Relay access denied; to=<wietse@porcupine.12345> proto=SMTP helo=<foobar>
554 5.7.1 <wietse@porcupine.12345>: Relay access denied
|
