A common goal is to outright reject messages from (or to) certain users at the system level, or to institute more complex restrictions of message traffic between certain users, or to allow users to set up filters on their own incoming messages (including rejecting messages based on contents of the message headers). This chapter will discuss some of PMDF's facilities in these areas, including: system level mapping tables such as SEND_ACCESS, FROM_ACCESS, and MAIL_ACCESS that permit both simple and sophisticated restrictions of message traffic based on source and destination and envelope From: and To: addresses---see Section 16.1; user level (and system level) message filtering using Sieve, including sophisticated filtering based on message headers.

Related topics discussed elsewhere in this manual include: system level blocking of connections from (or to) particular systems---see the discussion of the PORT_ACCESS mapping table in Section 11.5; using different authentication mechanisms for different sorts of connections -- see Chapter 14; and techniques falling under the general category of protecting against denial of service attacks---see Section 30.4.5.3.

Use of mapping tables such as SEND_ACCESS, MAIL_ACCESS, FROM_ACCESS, etc., is an efficient approach when "envelope level" controls are desired---see Section 16.1. When users want to implement their own personalized controls, or when header-based filtering is desired, the more general mail filtering approach using Sieve is likely appropriate---see Section 16.2.