Mail filtering and access control

A common goal is to outright reject messages from (or to) certain users at the system level, or to limit the number of throttle the rate at which messages are accepted, or to institute more complex restrictions of message traffic between certain users, or to allow users to set up filters on their own incoming messages (including rejecting messages based on contents of the message headers). The MTA has a number of facilities in such areas, including:



 system level mapping tables such as,  , and   that permit both simple and sophisticated restrictions of message traffic based on source and destination and envelope From and To addresses---see Access mapping tables; 

 the  mapping table that permits restriction of SMTP and LMTP connection attempts  based on source IP address; if using the MMP as an SMTP proxy, see also the  MMP&#x27;s access filters; 

 user level (and system level) message filtering using Sieve filters, including sophisticated filtering based on message headers---see Sieve filters. 

 the general MeterMaid facility that can be used to count or track numbers of messages (or other "events" of interest) across processes and either perform "throttling" itself, or be queried from system level mapping tables or Sieve filters that then make access decisions based upon the MeterMaid counts. 



Use of the  mapping table for connections to the MTA Dispatcher (e.g., connections to the  SMTP server) or  TCP wrappers for client connections to the Message Store servers is a very efficient approach when rejection decisions can be taken based purely upon source IP address. Use of mapping tables such as,  ,  , etc., is an efficient approach when "envelope level" controls are desired---see Access mapping tables. When users wish to implement their own personalized controls, or when message header and body content-based filtering is desired, the more general mail filtering approach using Sieve is likely appropriate---see Sieve filters.

The MTA also uses mapping tables to check other sorts of access, including:



 Deciding which IP addresses are "internal": 

 Permitting use of specific SMTP commands:

 ETRN commands: 

 BURL commands: </li>

 STARTTLS commands: </li>

</ul>

</li>

 Controlling mailing list posting access: 

  </li>

 Many alias options (or in legacy configuration,  alias file named parameters) that name site-specific mapping tables, including alias options ,  ,  ,  ,  ,  ,  , and </li>

</ul>

</li>

 Controlling outbound SMTP connections and authentication:

  </li>

  </li>

  </li>

  </li>

</ul>

</li>

</ul>

See also:
 * Access mapping tables
 * Sieve filters
 * Connection access control
 * Blocking SMTP relaying
 * Defending against denial of service attacks
 * tcpaccess Option
 * TCP wrappers
 * Client access to Message Store servers
 * BURL_ACCESS mapping table
 * ETRN_ACCESS mapping table
 * TLS_ACCESS mapping table
 * GROUP_AUTH mapping table
 * Alias options
 * Alias file named parameters
 * DEQUEUE_ACCESS mapping table
 * AUTH_ACCESS mapping table
 * AUTH_DEACCESS mapping table
 * IP_ACCESS mapping table
 * MX_ACCESS mapping table
 * MeterMaid