File: smtpd_check_rules.example

package info (click to toggle)
smtpd 2.0-1
  • links: PTS
  • area: main
  • in suites: potato
  • size: 412 kB
  • ctags: 297
  • sloc: ansic: 4,162; makefile: 119; sh: 89
file content (63 lines) | stat: -rw-r--r-- 2,536 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
#
# example smtpd_check_rules file.  If you compiled smtpd with
# CHECK_ADDRESS=1, this file goes in etc/smtpd_check_rules in your
# smtpd chroot directory. This DOES NOT GET USED unless you compile
# with CHECK_ADDRESS=1. 
#
# Also note, this isn't real. It's chosen for illustrative purposes.
# not for practicality.
#
# Rule syntax [allow|deny]:SourceList:FromList:ToList
#

# allow the users on the freenet host to send mail from their username
# (obtained by ident query to the box) and no other, except for
# "root" and "uucp", which MTA's on the machine may run as.
allow:root@freenet.my.domain uucp@freenet.my.domain:ALL:ALL
allow:ALL@freenet.my.domain:USER@freenet.my.domain:ALL
deny:freenet.my.domain:ALL:ALL

# I'm in front of some other people's mail. Allow their mailhost
# to send mail out coming from themselves, but not from other addresses. 
allow:mailhost.other1.org:ALL@other1.org ALL@mailhost.other1.org:ALL
deny:mailhost.other1.org:ALL:ALL
allow:mailhost.other2.org:ALL@other2.org ALL@mailhost.other2.org:ALL
deny:mailhost.other2.org:ALL:ALL
# Allow everything else inbound to them
allow:ALL:ALL:ALL@other2.org ALL@mailhost.other2.org 
allow:ALL:ALL:ALL@other1.org ALL@mailhost.other1.org 


# we had a problem with internal people subscribing to lists on 
# xxx.com. As such we got a directive from on high that
# we really don't need our people to send any mail to that site.
deny:*.my.domain:ALL:ALL@xxx.com ALL@*.xxx.com 

# don't allow my users to subscribe to majordomo mailinglists except from
# certain machines, and then, only as themselves according to ident. 
# except for "luser" who got caught trying to subscribe me to a bunch of
# mailing lists about therapy for control freaks.
allow:ALL@loginhost.my.domain ALL@otherhost.my.domain EXCEPT luser@*.my.domain:USER@my.domain:majordomo@ALL
deny:*.my.domain:ALL:majordomo@ALL




# allow sources in my domain to mail out with from addresses looking like they 
# are from my domain's two allowed forms of email address. 

# If I'm running a Juniper firewall, (and have compiled with JUNIPER_SUPPORT)
# I'll probably do it like this:
allow:TRUSTED:ALL@my_domain ALL@mailhost.my.domain:ALL
# if not something like this:
allow:*.my.domain 192.168.20.* 192.168.30.*:ALL@my_domain ALL@mailhost.my.domain:ALL

# relay incoming mail to my domain.
# with JUNIPER_SUPPORT
allow:UNTRUSTED:ALL:*my.domain
# without JUNIPER_SUPPORT
allow:ALL:ALL:*my.domain

# don't relay anything else out (bogus FROM:, external spammer using us as a
# relay, etc).
deny:ALL:ALL:ALL