1>>> # 2>>> # Initialize. 3>>> # 4>>> #! ../bin/postmap smtpd_check_access 5>>> #msg_verbose 1 6>>> smtpd_delay_reject 0 7OK 8>>> mynetworks 127.0.0.0/8,168.100.3.0/28 9OK 10>>> relay_domains porcupine.org 11OK 12>>> maps_rbl_domains dnsbltest.porcupine.org 13OK 14>>> # 15>>> # Test the client restrictions. 16>>> # 17>>> client_restrictions permit_mynetworks,reject_unknown_client,check_client_access,hash:./smtpd_check_access 18OK 19>>> client unknown 131.155.210.17 20./smtpd_check: <queue id>: reject: CONNECT from unknown[131.155.210.17]: 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]; proto=SMTP 21450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17] 22>>> client unknown 168.100.3.13 23OK 24>>> client random.bad.domain 123.123.123.123 25./smtpd_check: <queue id>: reject: CONNECT from random.bad.domain[123.123.123.123]: 554 5.7.1 <random.bad.domain[123.123.123.123]>: Client host rejected: match bad.domain; proto=SMTP 26554 5.7.1 <random.bad.domain[123.123.123.123]>: Client host rejected: match bad.domain 27>>> client friend.bad.domain 123.123.123.123 28OK 29>>> client bad.domain 123.123.123.123 30./smtpd_check: <queue id>: reject: CONNECT from bad.domain[123.123.123.123]: 554 5.7.1 <bad.domain[123.123.123.123]>: Client host rejected: match bad.domain; proto=SMTP 31554 5.7.1 <bad.domain[123.123.123.123]>: Client host rejected: match bad.domain 32>>> client wzv.win.tue.nl 131.155.210.17 33OK 34>>> client aa.win.tue.nl 131.155.210.18 35./smtpd_check: <queue id>: reject: CONNECT from aa.win.tue.nl[131.155.210.18]: 554 5.7.1 <aa.win.tue.nl[131.155.210.18]>: Client host rejected: match 131.155.210; proto=SMTP 36554 5.7.1 <aa.win.tue.nl[131.155.210.18]>: Client host rejected: match 131.155.210 37>>> client_restrictions permit_mynetworks 38OK 39>>> # 40>>> # Test the helo restrictions 41>>> # 42>>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,reject_unknown_hostname,check_helo_access,hash:./smtpd_check_access 43OK 44>>> client unknown 131.155.210.17 45OK 46>>> helo foo. 47./smtpd_check: <queue id>: reject: HELO from unknown[131.155.210.17]: 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]; proto=SMTP helo=<foo.> 48450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17] 49>>> client foo 123.123.123.123 50OK 51>>> helo foo. 52./smtpd_check: <queue id>: reject: HELO from foo[123.123.123.123]: 450 4.7.1 <foo.>: Helo command rejected: Host not found; proto=SMTP helo=<foo.> 53450 4.7.1 <foo.>: Helo command rejected: Host not found 54>>> helo foo 55./smtpd_check: <queue id>: reject: HELO from foo[123.123.123.123]: 450 4.7.1 <foo>: Helo command rejected: Host not found; proto=SMTP helo=<foo> 56450 4.7.1 <foo>: Helo command rejected: Host not found 57>>> helo spike.porcupine.org 58./smtpd_check: <queue id>: reject: HELO from foo[123.123.123.123]: 554 5.7.1 <spike.porcupine.org>: Helo command rejected: name server spike.porcupine.org; proto=SMTP helo=<spike.porcupine.org> 59554 5.7.1 <spike.porcupine.org>: Helo command rejected: name server spike.porcupine.org 60>>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,check_helo_access,hash:./smtpd_check_access 61OK 62>>> helo random.bad.domain 63./smtpd_check: <queue id>: reject: HELO from foo[123.123.123.123]: 554 5.7.1 <random.bad.domain>: Helo command rejected: match bad.domain; proto=SMTP helo=<random.bad.domain> 64554 5.7.1 <random.bad.domain>: Helo command rejected: match bad.domain 65>>> helo friend.bad.domain 66OK 67>>> # 68>>> # Test the sender restrictions 69>>> # 70>>> sender_restrictions permit_mynetworks,reject_unknown_client 71OK 72>>> client unknown 131.155.210.17 73OK 74>>> mail foo@ibm.com 75./smtpd_check: <queue id>: reject: MAIL from unknown[131.155.210.17]: 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]; from=<foo@ibm.com> proto=SMTP helo=<friend.bad.domain> 76450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17] 77>>> client unknown 168.100.3.13 78OK 79>>> mail foo@ibm.com 80OK 81>>> client foo 123.123.123.123 82OK 83>>> mail foo@ibm.com 84OK 85>>> sender_restrictions reject_unknown_address 86OK 87>>> mail foo@ibm.com 88OK 89>>> mail foo@bad.domain 90./smtpd_check: <queue id>: reject: MAIL from foo[123.123.123.123]: 450 4.1.8 <foo@bad.domain>: Sender address rejected: Domain not found; from=<foo@bad.domain> proto=SMTP helo=<friend.bad.domain> 91450 4.1.8 <foo@bad.domain>: Sender address rejected: Domain not found 92>>> sender_restrictions check_sender_access,hash:./smtpd_check_access 93OK 94>>> mail bad-sender@any.domain 95./smtpd_check: <queue id>: reject: MAIL from foo[123.123.123.123]: 554 5.7.1 <bad-sender@any.domain>: Sender address rejected: match bad-sender@; from=<bad-sender@any.domain> proto=SMTP helo=<friend.bad.domain> 96554 5.7.1 <bad-sender@any.domain>: Sender address rejected: match bad-sender@ 97>>> mail bad-sender@good.domain 98OK 99>>> mail reject@this.address 100./smtpd_check: <queue id>: reject: MAIL from foo[123.123.123.123]: 554 5.7.1 <reject@this.address>: Sender address rejected: match reject@this.address; from=<reject@this.address> proto=SMTP helo=<friend.bad.domain> 101554 5.7.1 <reject@this.address>: Sender address rejected: match reject@this.address 102>>> mail Reject@this.address 103./smtpd_check: <queue id>: reject: MAIL from foo[123.123.123.123]: 554 5.7.1 <Reject@this.address>: Sender address rejected: match reject@this.address; from=<Reject@this.address> proto=SMTP helo=<friend.bad.domain> 104554 5.7.1 <Reject@this.address>: Sender address rejected: match reject@this.address 105>>> mail foo@bad.domain 106./smtpd_check: <queue id>: reject: MAIL from foo[123.123.123.123]: 554 5.7.1 <foo@bad.domain>: Sender address rejected: match bad.domain; from=<foo@bad.domain> proto=SMTP helo=<friend.bad.domain> 107554 5.7.1 <foo@bad.domain>: Sender address rejected: match bad.domain 108>>> mail foo@Bad.domain 109./smtpd_check: <queue id>: reject: MAIL from foo[123.123.123.123]: 554 5.7.1 <foo@Bad.domain>: Sender address rejected: match bad.domain; from=<foo@Bad.domain> proto=SMTP helo=<friend.bad.domain> 110554 5.7.1 <foo@Bad.domain>: Sender address rejected: match bad.domain 111>>> mail foo@random.bad.domain 112./smtpd_check: <queue id>: reject: MAIL from foo[123.123.123.123]: 554 5.7.1 <foo@random.bad.domain>: Sender address rejected: match bad.domain; from=<foo@random.bad.domain> proto=SMTP helo=<friend.bad.domain> 113554 5.7.1 <foo@random.bad.domain>: Sender address rejected: match bad.domain 114>>> mail foo@friend.bad.domain 115OK 116>>> # 117>>> # Test the recipient restrictions 118>>> # 119>>> recipient_restrictions permit_mynetworks,reject_unknown_client,check_relay_domains 120OK 121>>> client unknown 131.155.210.17 122OK 123>>> rcpt foo@ibm.com 124./smtpd_check: <queue id>: reject: RCPT from unknown[131.155.210.17]: 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]; from=<foo@friend.bad.domain> to=<foo@ibm.com> proto=SMTP helo=<friend.bad.domain> 125450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17] 126>>> client unknown 168.100.3.13 127OK 128>>> rcpt foo@ibm.com 129OK 130>>> client foo 123.123.123.123 131OK 132>>> rcpt foo@ibm.com 133./smtpd_check: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead 134./smtpd_check: <queue id>: reject: RCPT from foo[123.123.123.123]: 554 5.7.1 <foo@ibm.com>: Recipient address rejected: Relay access denied; from=<foo@friend.bad.domain> to=<foo@ibm.com> proto=SMTP helo=<friend.bad.domain> 135554 5.7.1 <foo@ibm.com>: Recipient address rejected: Relay access denied 136>>> rcpt foo@porcupine.org 137OK 138>>> recipient_restrictions check_relay_domains 139OK 140>>> client foo.porcupine.org 168.100.3.13 141OK 142>>> rcpt foo@ibm.com 143OK 144>>> rcpt foo@porcupine.org 145OK 146>>> client foo 123.123.123.123 147OK 148>>> rcpt foo@ibm.com 149./smtpd_check: <queue id>: reject: RCPT from foo[123.123.123.123]: 554 5.7.1 <foo@ibm.com>: Recipient address rejected: Relay access denied; from=<foo@friend.bad.domain> to=<foo@ibm.com> proto=SMTP helo=<friend.bad.domain> 150554 5.7.1 <foo@ibm.com>: Recipient address rejected: Relay access denied 151>>> rcpt foo@porcupine.org 152OK 153>>> recipient_restrictions check_recipient_access,hash:./smtpd_check_access 154OK 155>>> mail bad-sender@any.domain 156./smtpd_check: <queue id>: reject: MAIL from foo[123.123.123.123]: 554 5.7.1 <bad-sender@any.domain>: Sender address rejected: match bad-sender@; from=<bad-sender@any.domain> proto=SMTP helo=<friend.bad.domain> 157554 5.7.1 <bad-sender@any.domain>: Sender address rejected: match bad-sender@ 158>>> mail bad-sender@good.domain 159OK 160>>> mail reject@this.address 161./smtpd_check: <queue id>: reject: MAIL from foo[123.123.123.123]: 554 5.7.1 <reject@this.address>: Sender address rejected: match reject@this.address; from=<reject@this.address> proto=SMTP helo=<friend.bad.domain> 162554 5.7.1 <reject@this.address>: Sender address rejected: match reject@this.address 163>>> mail foo@bad.domain 164./smtpd_check: <queue id>: reject: MAIL from foo[123.123.123.123]: 554 5.7.1 <foo@bad.domain>: Sender address rejected: match bad.domain; from=<foo@bad.domain> proto=SMTP helo=<friend.bad.domain> 165554 5.7.1 <foo@bad.domain>: Sender address rejected: match bad.domain 166>>> mail foo@random.bad.domain 167./smtpd_check: <queue id>: reject: MAIL from foo[123.123.123.123]: 554 5.7.1 <foo@random.bad.domain>: Sender address rejected: match bad.domain; from=<foo@random.bad.domain> proto=SMTP helo=<friend.bad.domain> 168554 5.7.1 <foo@random.bad.domain>: Sender address rejected: match bad.domain 169>>> mail foo@friend.bad.domain 170OK 171>>> # 172>>> # RBL 173>>> # 174>>> client_restrictions reject_maps_rbl 175OK 176>>> client spike.porcupine.org 168.100.3.2 177./smtpd_check: warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead 178OK 179>>> client foo 127.0.0.2 180./smtpd_check: <queue id>: reject: CONNECT from foo[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; from=<foo@friend.bad.domain> proto=SMTP helo=<friend.bad.domain> 181554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org 182>>> # 183>>> # unknown sender/recipient domain 184>>> # 185>>> unknown_address_reject_code 554 186OK 187>>> recipient_restrictions reject_unknown_recipient_domain,reject_unknown_sender_domain 188OK 189>>> mail wietse@porcupine.org 190OK 191>>> rcpt wietse@porcupine.org 192OK 193>>> rcpt wietse@no.recipient.domain 194./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.1.2 <wietse@no.recipient.domain>: Recipient address rejected: Domain not found; from=<wietse@porcupine.org> to=<wietse@no.recipient.domain> proto=SMTP helo=<friend.bad.domain> 195554 5.1.2 <wietse@no.recipient.domain>: Recipient address rejected: Domain not found 196>>> mail wietse@no.sender.domain 197OK 198>>> rcpt wietse@porcupine.org 199./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.1.8 <wietse@no.sender.domain>: Sender address rejected: Domain not found; from=<wietse@no.sender.domain> to=<wietse@porcupine.org> proto=SMTP helo=<friend.bad.domain> 200554 5.1.8 <wietse@no.sender.domain>: Sender address rejected: Domain not found 201>>> # 202>>> # {permit_auth,reject_unauth}_destination 203>>> # 204>>> relay_domains foo.com,bar.com 205OK 206>>> mail user@some.where 207OK 208>>> recipient_restrictions permit_auth_destination,reject 209OK 210>>> rcpt user@foo.org 211./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.7.1 <user@foo.org>: Recipient address rejected: Access denied; from=<user@some.where> to=<user@foo.org> proto=SMTP helo=<friend.bad.domain> 212554 5.7.1 <user@foo.org>: Recipient address rejected: Access denied 213>>> rcpt user@foo.com 214OK 215>>> recipient_restrictions reject_unauth_destination,permit 216OK 217>>> rcpt user@foo.org 218./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.7.1 <user@foo.org>: Relay access denied; from=<user@some.where> to=<user@foo.org> proto=SMTP helo=<friend.bad.domain> 219554 5.7.1 <user@foo.org>: Relay access denied 220>>> rcpt user@foo.com 221OK 222>>> # 223>>> # unknown client tests 224>>> # 225>>> unknown_client_reject_code 550 226OK 227>>> client_restrictions reject_unknown_client 228OK 229>>> client spike.porcupine.org 160.100.189.2 2 230OK 231>>> client unknown 1.1.1.1 4 232./smtpd_check: <queue id>: reject: CONNECT from unknown[1.1.1.1]: 450 4.7.1 Client host rejected: cannot find your hostname, [1.1.1.1]; from=<user@some.where> proto=SMTP helo=<friend.bad.domain> 233450 4.7.1 Client host rejected: cannot find your hostname, [1.1.1.1] 234>>> client unknown 1.1.1.1 5 235./smtpd_check: <queue id>: reject: CONNECT from unknown[1.1.1.1]: 550 5.7.1 Client host rejected: cannot find your hostname, [1.1.1.1]; from=<user@some.where> proto=SMTP helo=<friend.bad.domain> 236550 5.7.1 Client host rejected: cannot find your hostname, [1.1.1.1] 237