The PMDF Service Dispatcher is able to selectively accept or reject
incoming SMTP connections based on IP address and port number. At
Dispatcher startup time, the Dispatcher will look for a mapping table
PORT_ACCESS. If present, the Dispatcher will format
connection information in the form:
PORT_ACCESSmapping entries. If the result of the mapping contains
$F, the connection will be immediately closed. Any other result of the mapping indicates that the connection is to be accepted.
$Fcan optionally be followed by a rejection message. If present, the message will be sent back down the connection just prior to closure. Note that a CRLF terminator will be appended to the string before it is sent back down the connection.
The flag $< followed by an optional string causes PMDF to send the
string as an OPCOM broadcast (OpenVMS) or to syslog (UNIX) or to the
event log (NT) if the mapping probe matches; the flag $> followed by
an optional string causes PMDF to send the string as an OPCOM broadcast
(OpenVMS) or to syslog (UNIX) or to the event log (NT) if access is
If bit 1 of the
LOG_CONNECTION PMDF option is set and the
$N flag is set so that the connection is rejected, then also specifying
$T flag will cause a "T" entry to be written
to the connection log.
If bit 4 of the
LOG_CONNECTION PMDF option is set, then
site-supplied text can be provided in the
entry to include in the "C" connection log entries entries;
to specify such text, include two vertical bar characters in the right
hand side of the entry, followed by the desired text. See
Table 11-1 for a summary of the available flags.
|Flags with arguments, in argument reading order+|
Reject access with the optional error text
If bit 1 of the
|, placing the arguments in the order listed in this table.
For example, the following mapping will only accept SMTP connections (to port 25, the normal SMTP port) from a single network, except for a particular host singled out for rejection without explanatory text:
PORT_ACCESS TCP|*|25|192.168.10.70|* $N500 TCP|*|25|192.168.10.*|* $Y TCP|*|25|*|* $N500$ Bzzzzzzzzt$ thank$ you$ for$ playing.
Note that you will need to restart the Dispatcher after making any
changes to the
PORT_ACCESS mapping table so that the
Dispatcher will see the changes. (And if you're using a compiled PMDF
configuration, you'll first need to recompile your configuration to get
the change incorporated into the compiled configuration.)
PORT_ACCESS mapping table is specifically intended for
performing IP number based rejections; for more general control at the
email address level, the
MAIL_ACCESS mapping table, as described in Section 16.1,
can be more appropriate.