Client-Detection Rules
Postfix provides the following rules that are assigned restrictions based on client information:
smtpd_client_restrictionssmtpd_helo_restrictionssmtpd_sender_restrictionssmtpd_recipient_restrictionssmtpd_data_restrictions
Each one corresponds to a step of the SMTP transaction. At each step, the client provides a
piece of information. Using the client-supplied information, Postfix
considers one or more restrictions that you assign to each rule. Figure 11-1 shows an SMTP
conversation along with the client rule applied at each step. The
header_checks and body_checks are discussed later in the
chapter.
Let’s review the SMTP conversation to see where each of the parameters fits in.
![]() |
The SMTP Conversation (Briefly)
The SMTP conversation in Figure 11-1 should be familiar to you from Chapter 2. Example 11-1 shows the log entries for the transaction. First, an SMTP client connects to Postfix over a socket. Because of the way sockets function, Postfix learns the IP address of the client when it establishes the connection. You don’t see the client IP address in the figure, but it is logged by Postfix. You can accept or reject a message based on the client hostname or IP address, thus blocking specific hostnames or IP and network addresses.
1. postfix/smtpd[866062]: connect from mail.ora.com[10.143.23.45] ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
