>>> # >>> # Initialize. >>> # >>> #msg_verbose 1 >>> smtpd_delay_reject 0 OK >>> mynetworks 127.0.0.0/8,168.100.3.0/28 OK >>> mydestination porcupine.org OK >>> relay_domains porcupine.org OK >>> helo foobar OK >>> >>> # >>> # DNSWL (by IP address) >>> # >>> >>> # Allowlist overrides reject. >>> client_restrictions permit_dnswl_client,wild.porcupine.org,reject OK >>> client spike.porcupine.org 168.100.3.2 OK >>> >>> # Allowlist does not fire - reject. >>> client_restrictions permit_dnswl_client,porcupine.org,reject OK >>> client spike.porcupine.org 168.100.3.2 ./smtpd_check: <queue id>: reject: CONNECT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <spike.porcupine.org[168.100.3.2]>: Client host rejected: Access denied; proto=SMTP helo=<foobar> 554 5.7.1 <spike.porcupine.org[168.100.3.2]>: Client host rejected: Access denied >>> >>> # Allowlist does not override reject_unauth_destination. >>> client_restrictions permit OK >>> recipient_restrictions permit_dnswl_client,wild.porcupine.org,reject_unauth_destination OK >>> # Unauthorized destination - reject. >>> rcpt rname@rdomain ./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <rname@rdomain>: Relay access denied; to=<rname@rdomain> proto=SMTP helo=<foobar> 554 5.7.1 <rname@rdomain>: Relay access denied >>> # Authorized destination - accept. >>> rcpt wietse@porcupine.org OK >>> >>> # >>> # RHSWL (by domain name) >>> # >>> >>> # Allowlist overrides reject. >>> client_restrictions permit_rhswl_client,dnswl.porcupine.org,reject OK >>> # Non-allowlisted client name - reject. >>> client spike.porcupine.org 168.100.3.2 ./smtpd_check: <queue id>: reject: CONNECT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <spike.porcupine.org[168.100.3.2]>: Client host rejected: Access denied; proto=SMTP helo=<foobar> 554 5.7.1 <spike.porcupine.org[168.100.3.2]>: Client host rejected: Access denied >>> # Allowlisted client name - accept. >>> client example.tld 168.100.3.2 OK >>> >>> # Allowlist does not override reject_unauth_destination. >>> client_restrictions permit OK >>> recipient_restrictions permit_rhswl_client,dnswl.porcupine.org,reject_unauth_destination OK >>> # Non-allowlisted client name. >>> client spike.porcupine.org 168.100.3.2 OK >>> # Unauthorized destination - reject. >>> rcpt rname@rdomain ./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <rname@rdomain>: Relay access denied; to=<rname@rdomain> proto=SMTP helo=<foobar> 554 5.7.1 <rname@rdomain>: Relay access denied >>> # Authorized destination - accept. >>> rcpt wietse@porcupine.org OK >>> # Allowlisted client name. >>> client example.tld 168.100.3.2 OK >>> # Unauthorized destination - reject. >>> rcpt rname@rdomain ./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.3.2]: 554 5.7.1 <rname@rdomain>: Relay access denied; to=<rname@rdomain> proto=SMTP helo=<foobar> 554 5.7.1 <rname@rdomain>: Relay access denied >>> # Authorized destination - accept. >>> rcpt wietse@porcupine.org OK >>> # Numeric TLD - dunno. >>> rcpt wietse@12345 ./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.3.2]: 554 5.7.1 <wietse@12345>: Relay access denied; to=<wietse@12345> proto=SMTP helo=<foobar> 554 5.7.1 <wietse@12345>: Relay access denied >>> rcpt wietse@12345.porcupine.org OK >>> rcpt wietse@porcupine.12345 ./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.3.2]: 554 5.7.1 <wietse@porcupine.12345>: Relay access denied; to=<wietse@porcupine.12345> proto=SMTP helo=<foobar> 554 5.7.1 <wietse@porcupine.12345>: Relay access denied |