Online demo Privacy policy GoBD notes Blog

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
current:smtp-acl-list [2020/12/29 08:50]
sj
current:smtp-acl-list [2021/01/06 18:49]
sj
Line 1: Line 1:
 ==== SMTP ACL lists ==== ==== SMTP ACL lists ====
  
-By default the piler smtp server receives emails from any sources, and it may pose a challenge how to get rid of spammers accessing port 25 in the first placeYou may have several options to achieve that, eguse iptables or a network firewall to restrict smtp access to the archive.+See the detailed description of the feature in the blog: [[https://mailpiler.com/smtp-acl-list/|https://mailpiler.com/smtp-acl-list/]]
  
-From version 1.3.10 piler supports a postscreen style smtp access list. Let's say you want to archive emails from office 365 servers, a mail server on 1.2.3.4. In that case create a file /usr/local/etc/piler/smtp.acl readable by user piler with the following content: 
- 
-<code> 
-# https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide 
-# 
-40.92.0.0/15 permit 
-40.107.0.0/16 permit 
-52.100.0.0/14 permit 
-104.47.0.0/17 permit 
-1.2.3.4/32 permit 
-</code> 
- 
-Then set the following in piler.conf, and restart the piler-smtp daemon: 
- 
-<code> 
-smtp_access_list=1 
-</code> 
- 
-When a remote smtp client connects to piler the piler-smtp daemon checks its IP-address against these cidr blocks and actions in the exact order as they are in the acl file, and decides if the connection is allowed or not. 
- 
-The format of smtp.acl is <cidr block> <action> 
- 
-Action is either "permit" or "reject" both in lowercase and without quotes. 
- 
-When piler-smtp starts it syslogs all the parses smtp acl rules. If you mistype the action or the cidr block is invalid, then such line is discarded and syslogs the acl line having the error. 
- 
-Notice that there's no reject line in the previous example, because there's an implicit reject rule at the end. 
- 
-What if you want to allow smtp connections from everywhere, and block a few troublemakers, then try the following: 
- 
-<code> 
-1.2.3.4/32 reject 
-4.5.6.0/24 reject 
-0.0.0.0/0 permit 
-</code> 
- 
-0.0.0.0/0 is a special cidr block meaning the whole ipv4 Internet. 
- 
-One final note. The smtp acl supports only ipv4 addresses. Do NOT use this feature over ipv6. 
Google Analytics Alternative