smtpd/smtpfwdd examples.

1 files changed, 34 insertions, 0 deletions

diff --git a/share/smtpd/example.norelay b/share/smtpd/example.norelay
new file mode 100644
index 00000000000..e2a976e33d6
--- /dev/null
+++ b/share/smtpd/example.norelay
@@ -0,0 +1,34 @@
+# A simple anti-relay only example. Make sure you don't get used as a third
+# party relay to spam other unfortunate people and grind your server
+# to a halt dealing with the complaints. 
+
+# this file goes into /var/spool/smtpd/etc/smtpd_check_rules once you 
+# have made the appropriate modifications to it.
+
+# assumes we are "my.domain". - edit for your own use.
+
+# Don't allow people to %hack relay off of me.
+noto:ALL:ALL:*%*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
+noto:ALL:ALL:*!*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
+noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
+
+# we can allow outbound mail from our own hosts by allowing
+# outbound from hosts that have dns.my.domain as one of
+# their nameservers. this might be useful if we sit in front of a 
+# lot of domains. but will be slower than below.
+#allow:NS=dns.my.domain:ALL:ALL
+# alternatively, if we don't want to bother with a name lookup,
+# we can simply allow all hosts ending in my.domain to relay through me.
+allow:*my.domain:ALL:ALL
+
+# Again, for inbound mail we can match on the nameserver
+# accepting mail for any address where the RHS uses us as a nameserver.
+#allow:ALL:ALL:NS=dns.my.domain
+# alternatively, allow anything ending in my.domain.
+allow:ALL:ALL:*my.domain
+
+#
+# punt anything else, we won't relay for people we don't know.
+#
+noto:ALL:ALL:ALL:551 Sorry %H(%I), I don't allow unauthorized relaying. Please
+use another SMTP host to mail from %F to %T