Simon,
I have similar functionality working with a filter. Have you tried
using a filter for this?
Here are some anonymized snippets from my smtpd.conf:
```
table bad_guys file:/etc/mail/bad_guys
filter "bad_guys" phase mail-from match mail-from regex <bad_guys>
reject "550 Bad Guys"
listen on ... filter { ..., "bad_guys", ... } tag PORT_25
```
- Otto
On 2024-03-09, Simon Hoffmann wrote:
Hey list,
cat smtpd.conf
# some general config like pki, ttl, message size etc stripped
table aliases file:/etc/aliases
table vusers file:/etc/smtpd/vusers
table vdoms file:/etc/smtpd/vdoms
table passwd file:/etc/dovecot/passwd-file
table blocked_senders file:/etc/smtpd/blocked_senders
listen on ens18 port 25 tls-require pki mx01.hoffbox.net
listen on ens18 port 587 tls-require pki mx01.hoffbox.net auth <passwd>
listen on ens18 port 465 smtps pki mx01.hoffbox.net auth <passwd>
action "local" lmtp "/var/run/dovecot/lmtp" virtual <vusers>
action "relay" relay host smtps://smtp...@mailout.mailout.hoffmann-systems.net helo
mx01.klm.hoffbox.net auth <external_relays_auth>
match from mail-from <blocked_senders> reject
match from any for domain <vdoms> action "local"
match from local for any action "relay"
match from auth for any action "relay"
cat blocked_senders
t...@simonhoffmann.net
root@mx01:~# dpkg -l opensmtpd
ii opensmtpd 6.8.0p2-3 amd64 secure, reliable, lean, and
easy-to configure SMTP server
I was under the impression that with this config, all mail coming from
addresses in the
blocked_senders table would immediately be rejected.
However, if i use telnet/openssl s_client to connect to the server, I get an OK
in
response to MAIL FROM:<t...@simonhoffmann.net> and can state RCPT TO and DATA
without
any problems.
I then used a remote server and sendmail to send an email from
t...@simonhoffmann.net
to si...@simonhoffmann.net and this email was delivered into my mailbox. I was
not
authenticated (on purpose), but rather used the normal unauthenticated mail flow
(hence not sending from mutt oder thunderbird but just piping a mail into
sendmail on
a server on the internet). (Based in the man pages being authenticated should
not
matter anyways because the reject match is the first in the file and the first
match
is always used.)
What am I doing wrong? Did I interpret the matching options wrong?
Thanks!
Cheers,
Simon