Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Postfix Documentation
Previous Page Home Next Page

Getting selective with SMTP access restriction lists

Postfix allows you to specify lists of access restrictions for each stage of the SMTP conversation. Individual restrictions are described in the postconf(5) manual page.

Examples of simple restriction lists are: 

/etc/postfix/
main.cf:
    # Allow connections from trusted networks only.
    
smtpd_client_restrictions = 
permit_mynetworks, reject

    # Don't talk to mail systems that don't know their own hostname.
    # With Postfix < 2.3, specify 
reject_unknown_hostname.
    
smtpd_helo_restrictions = 
reject_unknown_helo_hostname

    # Don't accept mail from domains that don't exist.
    
smtpd_sender_restrictions = 
reject_unknown_sender_domain

    # Whitelisting: local clients may specify any destination. Others may not.
    
smtpd_recipient_restrictions = 
permit_mynetworks, 
reject_unauth_destination

    # Block clients that speak too early.
    
smtpd_data_restrictions = 
reject_unauth_pipelining

    # Enforce mail volume quota via policy service callouts.
    
smtpd_end_of_data_restrictions = 
check_policy_service unix:private/policy

Each restriction list is evaluated from left to right until some restriction produces a result of PERMIT, REJECT or DEFER (try again later). The end of the list is equivalent to a PERMIT result. By placing a PERMIT restriction before a REJECT restriction you can make exceptions for specific clients or users. This is called whitelisting; the last example above allows mail from local networks but otherwise rejects mail to arbitrary destinations.

The table below summarizes the purpose of each SMTP access restriction list. All lists use the exact same syntax; they differ only in the time of evaluation and in the effect of a REJECT or DEFER result.

Restriction list name Status Effect of REJECT or DEFER result
smtpd_client_restrictions Optional Reject all client commands
smtpd_helo_restrictions Optional Reject HELO/EHLO information
smtpd_sender_restrictions Optional Reject MAIL FROM information
smtpd_recipient_restrictions Required Reject RCPT TO information
smtpd_data_restrictions Optional Reject DATA command
smtpd_end_of_data_restrictions Optional Reject END-OF-DATA command
smtpd_etrn_restrictions Optional Reject ETRN command
Postfix Documentation
Previous Page Home Next Page