1>>> # 2>>> # Initialize. 3>>> # 4>>> #! ../bin/postmap smtpd_check_access 5>>> #msg_verbose 1 6>>> smtpd_delay_reject 0 7OK 8>>> mynetworks 127.0.0.0/8,168.100.189.0/28 9OK 10>>> relay_domains porcupine.org 11OK 12>>> maps_rbl_domains dnsbltest.porcupine.org 13OK 14>>> rbl_reply_maps hash:smtpd_check_access 15OK 16>>> helo foobar 17OK 18>>> # 19>>> # RBL 20>>> # 21>>> mail sname@sdomain 22OK 23>>> recipient_restrictions reject_maps_rbl 24OK 25>>> client spike.porcupine.org 168.100.189.2 26OK 27>>> rcpt rname@rdomain 28./smtpd_check: warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead 29OK 30>>> client foo 127.0.0.2 31OK 32>>> rcpt rname@rdomain 33./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar> 34554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org 35>>> # 36>>> recipient_restrictions reject_rbl_client,dnsbltest.porcupine.org 37OK 38>>> client spike.porcupine.org 168.100.189.2 39OK 40>>> rcpt rname@rdomain 41OK 42>>> client foo 127.0.0.2 43OK 44>>> rcpt rname@rdomain 45./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar> 46554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org 47>>> recipient_restrictions reject_rbl_client,dnsbltest.porcupine.org=127.0.0.2 48OK 49>>> client foo 127.0.0.2 50OK 51>>> rcpt rname@rdomain 52./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org=127.0.0.2; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar> 53554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org=127.0.0.2 54>>> client foo 127.0.0.1 55OK 56>>> rcpt rname@rdomain 57OK 58>>> # 59>>> # RHSBL sender domain name 60>>> # 61>>> recipient_restrictions reject_rhsbl_sender,dsn.rfc-ignorant.org 62OK 63>>> client spike.porcupine.org 168.100.189.2 64OK 65>>> mail sname@example.tld 66OK 67>>> rcpt rname@rdomain 68./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 client=spike.porcupine.org[168.100.189.2] client_address=168.100.189.2 client_name=spike.porcupine.org helo_name=foobar sender=sname@example.tld sender_name=sname sender_domain=example.tld recipient=rname@rdomain recipient_name=rname recipient_domain=rdomain rbl_code=554 rbl_domain=dsn.rfc-ignorant.org rbl_txt=Not supporting null originator (DSN) rbl_what=sname@example.tld rbl_class=Sender address; from=<sname@example.tld> to=<rname@rdomain> proto=SMTP helo=<foobar> 69554 5.7.1 client=spike.porcupine.org[168.100.189.2] client_address=168.100.189.2 client_name=spike.porcupine.org helo_name=foobar sender=sname@example.tld sender_name=sname sender_domain=example.tld recipient=rname@rdomain recipient_name=rname recipient_domain=rdomain rbl_code=554 rbl_domain=dsn.rfc-ignorant.org rbl_txt=Not supporting null originator (DSN) rbl_what=sname@example.tld rbl_class=Sender address 70>>> mail sname@sdomain 71OK 72>>> rcpt rname@rdomain 73OK 74>>> # 75>>> # RHSBL client domain name 76>>> # 77>>> recipient_restrictions reject_rhsbl_client,dsn.rfc-ignorant.org 78OK 79>>> client example.tld 1.2.3.4 80OK 81>>> mail sname@sdomain 82OK 83>>> rcpt rname@rdomain 84./smtpd_check: <queue id>: reject: RCPT from example.tld[1.2.3.4]: 554 5.7.1 client=example.tld[1.2.3.4] client_address=1.2.3.4 client_name=example.tld helo_name=foobar sender=sname@sdomain sender_name=sname sender_domain=sdomain recipient=rname@rdomain recipient_name=rname recipient_domain=rdomain rbl_code=554 rbl_domain=dsn.rfc-ignorant.org rbl_txt=Not supporting null originator (DSN) rbl_what=example.tld rbl_class=Client host; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar> 85554 5.7.1 client=example.tld[1.2.3.4] client_address=1.2.3.4 client_name=example.tld helo_name=foobar sender=sname@sdomain sender_name=sname sender_domain=sdomain recipient=rname@rdomain recipient_name=rname recipient_domain=rdomain rbl_code=554 rbl_domain=dsn.rfc-ignorant.org rbl_txt=Not supporting null originator (DSN) rbl_what=example.tld rbl_class=Client host 86>>> # 87>>> # RHSBL recipient domain name 88>>> # 89>>> recipient_restrictions reject_rhsbl_recipient,dsn.rfc-ignorant.org 90OK 91>>> client spike.porcupine.org 168.100.189.2 92OK 93>>> mail sname@sdomain 94OK 95>>> rcpt rname@rdomain 96OK 97>>> rcpt rname@example.tld 98./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 client=spike.porcupine.org[168.100.189.2] client_address=168.100.189.2 client_name=spike.porcupine.org helo_name=foobar sender=sname@sdomain sender_name=sname sender_domain=sdomain recipient=rname@example.tld recipient_name=rname recipient_domain=example.tld rbl_code=554 rbl_domain=dsn.rfc-ignorant.org rbl_txt=Not supporting null originator (DSN) rbl_what=rname@example.tld rbl_class=Recipient address; from=<sname@sdomain> to=<rname@example.tld> proto=SMTP helo=<foobar> 99554 5.7.1 client=spike.porcupine.org[168.100.189.2] client_address=168.100.189.2 client_name=spike.porcupine.org helo_name=foobar sender=sname@sdomain sender_name=sname sender_domain=sdomain recipient=rname@example.tld recipient_name=rname recipient_domain=example.tld rbl_code=554 rbl_domain=dsn.rfc-ignorant.org rbl_txt=Not supporting null originator (DSN) rbl_what=rname@example.tld rbl_class=Recipient address 100>>> # 101>>> # RHSBL helo domain name 102>>> # 103>>> recipient_restrictions reject_rhsbl_helo,abuse.rfc-ignorant.org 104OK 105>>> helo example.tld 106OK 107>>> mail sname@sdomain 108OK 109>>> rcpt rname@rdomain 110./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@domain; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<example.tld> 111554 5.7.1 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@domain 112>>> # 113>>> # Check MX access 114>>> # 115>>> helo_restrictions check_helo_mx_access,hash:smtpd_check_access 116OK 117>>> #helo verisign-wildcard.com 118>>> helo verisign.com 119OK 120>>> helo example.tld 121./smtpd_check: warning: Unable to look up MX host example.tld for Helo command example.tld: hostname nor servname provided, or not known 122OK 123>>> sender_restrictions check_sender_mx_access,hash:smtpd_check_access 124OK 125>>> mail foo@pls.net.au 126OK 127>>> #mail foo@verisign-wildcard.com 128>>> mail foo@verisign.com 129OK 130>>> recipient_restrictions check_recipient_mx_access,hash:smtpd_check_access 131OK 132>>> #rcpt foo@verisign-wildcard.com 133>>> rcpt foo@verisign.com 134OK 135>>> rcpt foo@1.2.3.porcupine.org 136./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@1.2.3.porcupine.org>: Recipient address rejected: mail server 10.10.10.10; from=<foo@verisign.com> to=<foo@1.2.3.porcupine.org> proto=SMTP helo=<example.tld> 137554 5.7.1 <foo@1.2.3.porcupine.org>: Recipient address rejected: mail server 10.10.10.10 138>>> # 139>>> # Check NS access 140>>> # 141>>> helo_restrictions check_helo_ns_access,hash:smtpd_check_access 142OK 143>>> helo email-publisher.com 144./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <email-publisher.com>: Helo command rejected: Access denied; from=<foo@verisign.com> proto=SMTP helo=<email-publisher.com> 145554 5.7.1 <email-publisher.com>: Helo command rejected: Access denied 146>>> helo ns1.topica.com 147./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <ns1.topica.com>: Helo command rejected: Access denied; from=<foo@verisign.com> proto=SMTP helo=<ns1.topica.com> 148554 5.7.1 <ns1.topica.com>: Helo command rejected: Access denied 149>>> #helo verisign-wildcard.com 150>>> helo example.tld 151./smtpd_check: warning: Unable to look up NS host for example.tld: Host not found 152OK 153>>> sender_restrictions check_sender_ns_access,hash:smtpd_check_access 154OK 155>>> mail foo@email-publisher.com 156./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@email-publisher.com>: Sender address rejected: Access denied; from=<foo@email-publisher.com> proto=SMTP helo=<example.tld> 157554 5.7.1 <foo@email-publisher.com>: Sender address rejected: Access denied 158>>> mail foo@ns1.topica.com 159./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@ns1.topica.com>: Sender address rejected: Access denied; from=<foo@ns1.topica.com> proto=SMTP helo=<example.tld> 160554 5.7.1 <foo@ns1.topica.com>: Sender address rejected: Access denied 161>>> #mail foo@verisign-wildcard.com 162>>> recipient_restrictions check_recipient_ns_access,hash:smtpd_check_access 163OK 164>>> rcpt foo@email-publisher.com 165./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@email-publisher.com>: Recipient address rejected: Access denied; from=<foo@ns1.topica.com> to=<foo@email-publisher.com> proto=SMTP helo=<example.tld> 166554 5.7.1 <foo@email-publisher.com>: Recipient address rejected: Access denied 167>>> rcpt foo@ns1.topica.com 168./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@ns1.topica.com>: Recipient address rejected: Access denied; from=<foo@ns1.topica.com> to=<foo@ns1.topica.com> proto=SMTP helo=<example.tld> 169554 5.7.1 <foo@ns1.topica.com>: Recipient address rejected: Access denied 170>>> #rcpt foo@verisign-wildcard.com 171>>> rcpt foo@1.2.3.porcupine.org 172./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@1.2.3.porcupine.org>: Recipient address rejected: name server spike.porcupine.org; from=<foo@ns1.topica.com> to=<foo@1.2.3.porcupine.org> proto=SMTP helo=<example.tld> 173554 5.7.1 <foo@1.2.3.porcupine.org>: Recipient address rejected: name server spike.porcupine.org 174