hosts_allow - decide if a host is allowed to connect

The hosts_allow module decides before the SMTP-Greeting if a host is allowed to connect. It checks for too many (running) connections from one host (see -m/--max-from-ip options in qpsmtpd-forkserver) and the config file hosts_allow.

The plugin takes no config/plugin arguments.

This plugin only works with the forkserver and prefork deployment models. It does not work with the tcpserver deployment model. See SEE ALSO below.

The hosts_allow config file contains lines with two or three items. The first is an IP address or a network/mask pair. The second is a (valid) return code from Qpsmtpd::Constants. The last is a comment which will be returned to the connecting client if the return code is DENY or DENYSOFT (and of course DENY_DISCONNECT and DENYSOFT_DISCONNECT).

Example:

  192.168.3.4    DECLINED
  192.168.3.0/24 DENY Sorry, known spam only source

This would exclude 192.168.3.4 from the DENY of 192.168.3.0/24.

To get similar functionality for the tcpserver deployment model, use tcpserver's -x feature. Create a tcp.smtp file with entries like this:

  70.65.227.235:deny
  183.7.90.207:deny
  :allow

compile the tcp.smtp file like this:

  /usr/local/bin/tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp

and add the file to the chain of arguments to tcpserver in your run file.

See also: http://cr.yp.to/ucspi-tcp.html