Online demo Privacy policy GoBD notes Blog

This is an old revision of the document!


SMTP ACL lists

By default the piler-smtp server receives emails from any sources, and it may be a challenge to get rid of spammers accessing port 25. You may have several options to achieve that, eg. use iptables or a network firewall to restrict smtp access to the archive.

From version 1.3.10 piler supports a postscreen style smtp access list. Let's say you want to archive emails from office 365 servers, and another mail server on 1.2.3.4. In that case create a file /usr/local/etc/piler/smtp.acl readable by user piler with the following content:

# https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide
#
40.92.0.0/15 permit
40.107.0.0/16 permit
52.100.0.0/14 permit
104.47.0.0/17 permit
# our legacy mail server
1.2.3.4/32 permit

Then set the following in piler.conf, and restart the piler-smtp daemon:

smtp_access_list=1

When a remote smtp client connects to piler the piler-smtp daemon checks its IP-address against these cidr blocks and actions in the exact order as they are in the acl file, and decides if the connection is allowed or not.

The format of smtp.acl is <cidr block> <action>

Action is either “permit” or “reject” both in lowercase and without quotes.

When piler-smtp starts it syslogs all the parses smtp acl rules. If you mistype the action or the cidr block is invalid, then such line is discarded and syslogs the acl line having the error.

Notice that there's no reject line in the previous example, because there's an implicit reject rule at the end.

What if you want to allow smtp connections from everywhere, and block a few troublemakers, then try the following:

1.2.3.4/32 reject
4.5.6.0/24 reject
0.0.0.0/0 permit

0.0.0.0/0 is a special cidr block meaning the whole ipv4 Internet.

One final note. The smtp acl supports only ipv4 addresses. Do NOT use this feature over ipv6.

Google Analytics Alternative