check_ Examples by William Mee

From: William Mee <will@is.co.za>

# Connections made from this list of domains/IP addresses get 
# an error response and are logged
# The second field is a comment and is not used.
# Entries have an implicit wildcard for matching, i.e.
# [*.]domain.name and netblock[.*]
207.87.209      originates within mlmman.com netblock
cyberpromo.com  spam domain

-------------------------- cut here --------------------------
# List of spam or unwanted domains and/or netblocks
Kblacklist hash -a<> /etc/mail/blacklist
# Netblocks which will we will relay mail from
# only netblocks/addresses listed here can use us as a smart host
Krelaynb hash -a<> /etc/mail/relaynb
# Local domains, obtained from the mailertable
Klocaldomains hash -a<> /etc/mail/mailertable
# Domains which will be delivered to despite the sender being unkown
# only domains listed here can point an MX record to us!
Kdeliverdomains hash -a<> /etc/mail/deliverdomains



# check_relay is called for every SMTP connection. The work space format
# is host_name $| ip_address
Scheck_relay
# Lookup domain. A <> token is appended if the lookup is succesful
# recursively check host name against the blacklist
R$-.$* $| $*	$(blacklist $1.$2 $: $2 $) $| $3	
R$*<> $| $*	$#error $: Blacklisted
# If this fails, recursively check the IP address
R$* $| $*	$: $2		
R$*.$-		$(blacklist $1.$2 $: $1 $)
R$*<>		$#error $: Blacklisted
R$*		$@ ok

# get_domain returns the domain part of an email adress
Sget_domain
R$*		$: $>3 $1
R$-		$@ NULL			# return 'NULL' if no domain
R<@>		$@ NULL			# return 'NULL' if address is empty 
R$* <@ $*> $*	$: $2			# extract domain from focus
R$*.		$1			# strip off trailing dots

Scheck_rcpt
# first, check if the connection is made from a known netblock
R$+		$: $1 $| $(dequote "" $&{client_addr} $) # get client name
R$* $| 0	$@ okay				# no addr - directly invoked
R$* $| $*.$-	$1 $| $(relaynb $2.$3 $: $2 $)	# recursively match client against relaynb
R$* $| $*<>	$@ okay				# okay - valid netblock
# not a known netblock, so look at the recipient address
R$* $| $*	$: $>get_domain $1		# look at domain of RCPT address
RNULL		$@ okay				# okay if blank (for scripts)
R$*		$: $1 $| $1			# split, to preserve for later check
R$* $| $-.$*	$1 $| $(localdomains $2.$3 $: $3 $)	# recursively match recipient against localdomains
R$* $| $*<>	$@ okay				# return okay - recipient local
R$* $| $*	$: $1				# get rid of second part
R$-.$*		$(deliverdomains $1.$2 $: $2 $)	# recursively match original RCPT address against deliverdomains
R$*<>		$@ okay				# return okay
# if non of these is valid, return an error - unauthorized relay
R$*		$# error $: Relay denied from $&_	

Stranslate
# used for -bt checking of check_relay ruleset
R$* $$| $*	$: $1 $| $2

--------------------------------------------------------------

:: William Mee      	          		  will@is.co.za ::