Skip to main content

Access List for qmail-smtpd

One of the feature that IndiMail adds to qmail-smtpd is accesslist between senders and recipients. Accesslist can be enabled by creating a control file /etc/indimail/control/accesslist. A line in accesslist is of the form
where type is either the word 'from' or 'rcpt'. sender and recipient can be the actual sender, recipient, a wildcard or a regular expression (uses regex(3))
The accesslist happens at SMTP and mails which get restricted get rejected with permanent 5xx code.
To give some examples

The above accesslist implies that only the users with email and can send a mail to the email
The 3rd line implies that all outside mails from the sender will be rejected at SMTP unless the recipient is
IndiMail also provides a program called uacl to test this accesslist. uacl is useful especially when you use wildcards or regular expressions.
An extreme example where you want to restrict the communication between two domains only
% cat /etc/indimail/control/accesslist

% uacl
rule no 1: rcpt:**
matched recipient [] with [*]
matched sender [] with [*] --
> access allowed
% uacl
rule no 1: rcpt:**
matched recipient [] with [*]
sender not matched [] --
> access denied
% uacl
rule no 2: from:**
matched sender [] with [*]
matched recipient [] with [*] --
> access allowed
% uacl
rule no 2: from:**
matched sender [] with [*]
recipient not matched [] --
> access denied

Post a Comment

Popular posts from this blog

IndiMail Installation for newbies in < 10 steps

Installing Indimail using YUM/APT Repository Install OS
openSUSE Leap 42.3
openSUSE Leap 42.2
openSUSE 13.2
openSUSE 13.1
SUSE Linux Enterprise 12 SP2
SUSE Linux Enterprise 12 SP1
SUSE Linux Enterprise 12
Red Hat
Feodra 27
Fedora 26
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
CentOS 7
CentOS 6
Debian 8.0
Debian 7.0
Ubuntu 17.04
Ubuntu 16.10
Ubuntu 16.04
Ubuntu 14.04
Ubuntu 12.04
Click the below URL for Install Instructions Shutdown MySQL if already running and disable MySQL from being started up by the system % /etc/init.d/mysqld stop % sudo chkconfig mysqld off % /bin/rm -f /service/mysql.3306/down
Start IndiMail
% sudo service indimail start Check Servicess
% sudo /usr/bin/svstat /service/* /service/clamd: up (pid 1014) 2985 seconds /service/dnscache: up (pid 1021) 2985 seconds /service/fetchmail: down 2985 seconds /service/freshclam: up (pid 1020) 2…

The AdminClient Protocol

IndiMail provides close to around 300 different programs as part of a flexible Enterprise Messaging Platform. You can carry administer the entire platform with around 45 of these programs. A program called indisrvr(8) provides a way for users to secure execute these commands from any remote location. To execute these programs, you need to have an admin account on the IndiMail server. These accounts can be created by the mgmtpass(8) program. Once you have an admin account on the IndiMail server, you can further restrict users to certain programs using the vpriv(8) program. vpriv can further modify privileges by allowing only certain options within a allowed program.

To execute these programs on the IndiMail server, you need to connect to port 4000 and use the adminclient protocol. The adminclient protocol is described below by showing a conversation between a client and the server 'indisrvr'

s - denotes server
c - denotes client

        s: "Login: "
        c: "u…

Writing Filters for IndiMail

IndiMail provides multiple methods by which you can intercept an email in transit and modify the email headers or the email body. A filter is a simple program that expects the raw email on standard input and outputs the message text back on standard output. The program /bin/cat can be used as a filter which simply copies the standard input to standard output without modifying anything. Some methods can be used before the mail gets queued and some methods can be used before the execution of local / remote delivery.

It is not necessary for a filter to modify the email. You can have a filter just to extract the headers or body and use that information for some purpose. IndiMail also provides the following programs - 822addr(1), 822headerfilter(1), 822bodyfilter(1), 822field(1), 822fields(1), 822header(1), 822body(1), 822headerok(1), 822received(1), 822date(1), 822fields(1) to help in processing emails.

Let us say that we have written a script /usr/local/bin/myfilter. The myfilter program …