# to update the database after changing this file, run: # tcprules /etc/tcprules.d/tcp.qmail-smtp.cdb /etc/tcprules.d/.tcp.qmail-smtp.tmp < /etc/tcprules.d/tcp.qmail-smtp # For the full documentation on the format of this file, # see http://cr.yp.to/ucspi-tcp/tcprules.html #----------------------------------------------------------------- # Short description of the rules # If you set 'allow', this means that our mail server will allow the specified # IP address range to make a TCP connection to our server. # If you set 'deny', this means that our mail server will not allow the # specified IP address range to make a TCP connection to our server. # If you set RELAYCLIENT="", this means that the listed IP address range is # allowed to relay mail through our server. # If you don't set RELAYCLIENT="", this means that the listed IP address range # will not be able to relay mail through our server. # If you set RBLSMTPD="", this means that the listed IP address ranges will not # be checked against any of the RBL databases. # If you set RBLSMTPD="some text here", this means that an RBL lookup won't be # performed, but the mail will be rejected with the specified text as a 4xx # temp error message. # If you set RBLSMTPD="-some text here", this means that an RBL lookup won't be # performed, but the mail will be rejected with the specified text as a 5xx # permanent error message. # If you do not set RBLSMTPD="" or ="some text", then an RBL lookup will be # performed. If the lookup is successful, then RBLSMTPD will return your custom # error message (as specified in the -r parameter in smtpd supervise script). #----------------------------------------------------------------- # Bypass open relay checking for these IP addresses: # These IP addresses are ones that we have setup so that they aren't RBL # checked. We have done this because these particular servers are RBL listed, # and for whatever reason they can't/won't fix their open relay problem, and we # still want to be able to receive mail from them. # reminder text goes here for this entry so we know the story... #111.111.111.111:allow,RBLSMTPD="" #----------------------------------------------------------------- # Do not allow these IP addresses to send e-mails to us: #1.2.3.:allow,RBLSMTPD="-Connections refused due to spam from domain.tld" #4.5.6.7:allow,RBLSMTPD="-Connections refused due to spam from domain2.tld" #8.9.10.11-100:allow,RBLSMTPD="-Connections from this IP have been banned" #----------------------------------------------------------------- # Allow these IP addresses to relay mail trough our server # IP addresses from our LAN are allowed to relay, and we won't bother doing any # RBL checking. #192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="" # Connections from localhost are allowed to relay (because the Webmail server # runs on localhost), and obviously there is no point trying to perform an RBL # check. 127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="" #----------------------------------------------------------------- # Allow everyone else to send us e-mails: # Everyone else can make connections to our server, but not allowed to relay. # RBL lookups are performed. :allow # If you are using qmail-scanner, this line here is the correct one to use # instead (comment out the above ':allow' line FIRST) and applies that script # to any mail coming in that is not from a host allowed to relay. You can # change the value of the variable to any other value you desire to use custom # scripts for example. #:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"