Postfix provides the following rules that are assigned restrictions based on client information:
Each one corresponds to a step of the SMTP transaction. At each step, the client provides a
piece of information. Using the client-supplied information, Postfix
considers one or more restrictions that you assign to each rule. Figure 11-1 shows an SMTP
conversation along with the client rule applied at each step. The
body_checks are discussed later in the
Let’s review the SMTP conversation to see where each of the parameters fits in.
The SMTP conversation in Figure 11-1 should be familiar to you from Chapter 2. Example 11-1 shows the log entries for the transaction. First, an SMTP client connects to Postfix over a socket. Because of the way sockets function, Postfix learns the IP address of the client when it establishes the connection. You don’t see the client IP address in the figure, but it is logged by Postfix. You can accept or reject a message based on the client hostname or IP address, thus blocking specific hostnames or IP and network addresses.
1. postfix/smtpd: connect from mail.ora.com[10.143.23.45] ...