# $OpenBSD: example.norelay,v 1.2 2001/02/03 08:23:45 niklas Exp $ # A simple anti-relay only example. Make sure you don't get used as a third # party relay to spam other unfortunate people and grind your server # to a halt dealing with the complaints. # this file goes into /var/spool/smtpd/etc/smtpd_check_rules once you # have made the appropriate modifications to it. # assumes we are "my.domain". - edit for your own use. # Don't allow people to %hack relay off of me. noto:ALL:ALL:*%*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. noto:ALL:ALL:*!*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T. # we can allow outbound mail from our own hosts by allowing # outbound from hosts that have dns.my.domain as one of # their nameservers. this might be useful if we sit in front of a # lot of domains. but will be slower than below. #allow:NS=dns.my.domain:ALL:ALL # alternatively, if we don't want to bother with a name lookup, # we can simply allow all hosts ending in my.domain to relay through me. allow:*my.domain:ALL:ALL # Again, for inbound mail we can match on the nameserver # accepting mail for any address where the RHS uses us as a nameserver. #allow:ALL:ALL:NS=dns.my.domain # alternatively, allow anything ending in my.domain. allow:ALL:ALL:*my.domain # # punt anything else, we won't relay for people we don't know. # noto:ALL:ALL:ALL:551 Sorry %H(%I), I don't allow unauthorized relaying. Please use another SMTP host to mail from %F to %T