############################## # Author: A-NAME-HERE # File: /etc/mail/access # Change Log: # Who When_______ What________________________________________ # # # Syntax: # # [:] # # where the LHS consists of a required tag (separated from the key # by a colon); a key that may be an IP address, network range, hostname, # Domain name or E-Mail address; and a RHS consisting of a value specific # to the keyword/key, generally indicating the action to be taken # # NOTE: If the "Spam:" tag is used, FEATURE(`delay_checks') MUST # be enabled in sendmail.mc so that checks are performed in correct order # See Sendmail book, Chap 7.5.6, Page 318 # # DSN codes for ERROR values are on page 708 of the Sendmail book. # # IMPORTANT: When at a step where both a string (e.g. Domain name, E-Mail address) # and an IP address are available for matching, the matching # algorithims generally check the string first, then the IP. Hence, # an entry for a specific IP can potentially be overridden by # a match with a string-based entry. ClientConn and ClientRate # work exclusively by IP and are not affected by this caveat. # Connect and GreetPause can use strings as well as IPs. # ############################## ############## # ClientConn # ############## # Sendmail v8.13.0 and greater only # Associated with FEATURE(`conncontrol') # Limit the number of simultaneous connections any given host # may have with this server; over the limit and sendmail # will drop the connection; 0 is no limit; entry with no # IP address applies to all hosts not specifically listed # Set no limit for localhost ClientConn:127.0.0.1 0 # Foreign mailservers are limited to no more than 2 connections # at a time ClientConn: 2 ############## # ClientRate # ############## # Sendmail v8.13.0 and greater only # Associated with FEATURE(`ratecontrol') # Limit the number of new connections any given host # may make with this server during the CLIENT_CONN_RATE_WINDOW # timeperiod set in sendmail.mc (default is 60 seconds); over the limit # and sendmail will drop the connection; 0 is no limit; entry with # no IP address applies to all hosts not specifically listed # Set no limit for localhost # NOTE: Prior to v8.14.2, sendmail drops when limit is *met*, rather # than when it is exceeded ClientRate:127.0.0.1 0 # Foreign mailservers are limited to initiating 2 connections # in any CLIENT_CONN_RATE_WINDOW period ClientRate: 2 ########### # Connect # ########### # If the IP address of a connecting host can be matched, # the RHS-specific action will be applied (checked # at connection time by check_relay) # Permit relay for localhost (this will bypass RBL check) Connect:127.0.0.1 RELAY # Whitelist a specific host/address (RBLs will not be checked) Connect:192.168.1.2 OK # Blacklist a specific host/address (connection will be dropped after # error message is displayed # This displays the stock REJECT message, which may have been modified in sendmail.mc Connect:212.21.77.35 REJECT # This displays a custom error message - the "SMAL-IP" text allows such rejects to # be easily counted in the mail log file Connect:129.33.162.103 ERROR:5.7.1:554 We do not want your SPAM SMAL-IP ############## # GreetPause # ############## # Sendmail v8.13.1 and greater only # Associated with FEATURE(`greet_pause') # Set GreetPause to 0 (no delay) for localhost GreetPause:127.0.0.1 0 # Can set different limits based on IP address/network GreetPause:192.168.1 2 GreetPause:10. 5 # This catchall entry will cause all other hosts to # experience the HELO banner presentation delay specified # in sendmail.mc GreetPause: # If a host attempts to send anything prior to presentation of # the HELO banner, sendmail will terminate the session ######## # Spam # ######## # Associated with FEATURE(`delay_checks') # Specify actions associated with E-Mail addresses when sending # MTA has been identified (usually via RBL) as a SPAM source # Permit E-Mail addressed to a specific address to still get through, # even if RBL checks would normally block the E_Mail Spam:request.whitelist@somedomain.tld FRIEND # As of v8.14, you can also omit the Domain portion, allowing # the same username to be used for all hosted Domains Spam:request.whitelist@ FRIEND ######## # From # ######## # Associated with FEATURE(`access_db') ###### # To # ###### # Associated with FEATURE(`blacklist_recipients') # Specify accept/reject based on Recipient address # Reject E-Mail sent to specific users (perhaps old E-Mail accounts) # This displays a custom error message - the "SMAL-NH" text allows such rejects to # be easily counted in the mail log file To:former.employee@somedomain.tld ERROR:5.1.7:550 SPAM rejected SMAL-NH # Reject E-Mail based only on username portion of address, # regardless of Domain portion; this is useful when # hosting multiple Domains To:bogusaccount@ ERROR:5.1.7:550 Spam rejected SMAL-NE # Reject E-Mail and display error message when E-Mail is sent to addresses # that should not be available from the Internet (for example, internal mailing lists) To:sales.staff@somedomain.tld ERROR:5.7.0:550 Address not available # Accept E-Mail for hosted Domains To:somedomain.tld OK To:otherdomain.tld OK # Allow Relay for specific hosts To:mail1.somedomain.tld RELAY ############## # Deprecated # ############## # The following constructs are deprecated as of sendmail v8.14 # Silently discard E-Mail to or from a specific E-Mail address #annoying.person@aol.com DISCARD # Replace with: From:annoyingperson@aol.com DISCARD # To:annoyingperson@aol.com DISCARD ############################# ## End of /etc/mail/access ## #############################