check_ Examples by William Mee
Last Update 1997-06-30
From: William Mee <will@is.co.za>
# Connections made from this list of domains/IP addresses get
# an error response and are logged
# The second field is a comment and is not used.
# Entries have an implicit wildcard for matching, i.e.
# [*.]domain.name and netblock[.*]
207.87.209 originates within mlmman.com netblock
cyberpromo.com spam domain
-------------------------- cut here --------------------------
# List of spam or unwanted domains and/or netblocks
Kblacklist hash -a<> /etc/mail/blacklist
# Netblocks which will we will relay mail from
# only netblocks/addresses listed here can use us as a smart host
Krelaynb hash -a<> /etc/mail/relaynb
# Local domains, obtained from the mailertable
Klocaldomains hash -a<> /etc/mail/mailertable
# Domains which will be delivered to despite the sender being unkown
# only domains listed here can point an MX record to us!
Kdeliverdomains hash -a<> /etc/mail/deliverdomains
# check_relay is called for every SMTP connection. The work space format
# is host_name $| ip_address
Scheck_relay
# Lookup domain. A <> token is appended if the lookup is succesful
# recursively check host name against the blacklist
R$-.$* $| $* $(blacklist $1.$2 $: $2 $) $| $3
R$*<> $| $* $#error $: Blacklisted
# If this fails, recursively check the IP address
R$* $| $* $: $2
R$*.$- $(blacklist $1.$2 $: $1 $)
R$*<> $#error $: Blacklisted
R$* $@ ok
# get_domain returns the domain part of an email adress
Sget_domain
R$* $: $>3 $1
R$- $@ NULL # return 'NULL' if no domain
R<@> $@ NULL # return 'NULL' if address is empty
R$* <@ $*> $* $: $2 # extract domain from focus
R$*. $1 # strip off trailing dots
Scheck_rcpt
# first, check if the connection is made from a known netblock
R$+ $: $1 $| $(dequote "" $&{client_addr} $) # get client name
R$* $| 0 $@ okay # no addr - directly invoked
R$* $| $*.$- $1 $| $(relaynb $2.$3 $: $2 $) # recursively match client against relaynb
R$* $| $*<> $@ okay # okay - valid netblock
# not a known netblock, so look at the recipient address
R$* $| $* $: $>get_domain $1 # look at domain of RCPT address
RNULL $@ okay # okay if blank (for scripts)
R$* $: $1 $| $1 # split, to preserve for later check
R$* $| $-.$* $1 $| $(localdomains $2.$3 $: $3 $) # recursively match recipient against localdomains
R$* $| $*<> $@ okay # return okay - recipient local
R$* $| $* $: $1 # get rid of second part
R$-.$* $(deliverdomains $1.$2 $: $2 $) # recursively match original RCPT address against deliverdomains
R$*<> $@ okay # return okay
# if non of these is valid, return an error - unauthorized relay
R$* $# error $: Relay denied from $&_
Stranslate
# used for -bt checking of check_relay ruleset
R$* $$| $* $: $1 $| $2
--------------------------------------------------------------
:: William Mee will@is.co.za ::
[(links)]
[Hints]
[Avoiding Spam]
[New]
Claus Aßmann
Please send comments to:
<ca@informatik.uni-kiel.de>