# to update the database after changing this file, run:
# tcprules /etc/tcprules.d/tcp.qmail-smtp.cdb /etc/tcprules.d/.tcp.qmail-smtp.tmp < /etc/tcprules.d/tcp.qmail-smtp
# For the full documentation on the format of this file,
# see http://cr.yp.to/ucspi-tcp/tcprules.html
#-----------------------------------------------------------------
# Short description of the rules
# If you set 'allow', this means that our mail server will allow the specified
# IP address range to make a TCP connection to our server.
# If you set 'deny', this means that our mail server will not allow the
# specified IP address range to make a TCP connection to our server.
# If you set RELAYCLIENT="", this means that the listed IP address range is
# allowed to relay mail through our server.
# If you don't set RELAYCLIENT="", this means that the listed IP address range
# will not be able to relay mail through our server.
# If you set RBLSMTPD="", this means that the listed IP address ranges will not
# be checked against any of the RBL databases.
# If you set RBLSMTPD="some text here", this means that an RBL lookup won't be
# performed, but the mail will be rejected with the specified text as a 4xx
# temp error message.
# If you set RBLSMTPD="-some text here", this means that an RBL lookup won't be
# performed, but the mail will be rejected with the specified text as a 5xx
# permanent error message.
# If you do not set RBLSMTPD="" or ="some text", then an RBL lookup will be
# performed. If the lookup is successful, then RBLSMTPD will return your custom
# error message (as specified in the -r parameter in smtpd supervise script).
#-----------------------------------------------------------------
# Bypass open relay checking for these IP addresses:
# These IP addresses are ones that we have setup so that they aren't RBL
# checked. We have done this because these particular servers are RBL listed,
# and for whatever reason they can't/won't fix their open relay problem, and we
# still want to be able to receive mail from them.
# reminder text goes here for this entry so we know the story...
#111.111.111.111:allow,RBLSMTPD=""
#-----------------------------------------------------------------
# Do not allow these IP addresses to send e-mails to us:
#1.2.3.:allow,RBLSMTPD="-Connections refused due to spam from domain.tld"
#4.5.6.7:allow,RBLSMTPD="-Connections refused due to spam from domain2.tld"
#8.9.10.11-100:allow,RBLSMTPD="-Connections from this IP have been banned"
#-----------------------------------------------------------------
# Allow these IP addresses to relay mail trough our server
# IP addresses from our LAN are allowed to relay, and we won't bother doing any
# RBL checking.
#192.168.1.:allow,RELAYCLIENT="",RBLSMTPD=""
# Connections from localhost are allowed to relay (because the Webmail server
# runs on localhost), and obviously there is no point trying to perform an RBL
# check.
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
#-----------------------------------------------------------------
# Allow everyone else to send us e-mails:
# Everyone else can make connections to our server, but not allowed to relay.
# RBL lookups are performed.
:allow
# If you are using qmail-scanner, this line here is the correct one to use
# instead (comment out the above ':allow' line FIRST) and applies that script
# to any mail coming in that is not from a host allowed to relay. You can
# change the value of the variable to any other value you desire to use custom
# scripts for example.
#:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"
