Access mapping tables
From MsgServerDocWiki
There are several mapping tables that may be used to control who may or may not connect to the SMTP server, send mail, or receive mail. For general information on the format and usage of MTA mapping tables, see Mapping table format.
The PORT_ACCESS mapping table is used by the Dispatcher to control blocking of connections from particular IP addresses or IP address ranges, and to control use of different authentication mechanisms for differents sorts of connections; see PORT_ACCESS mapping table. The PORT_ACCESS mapping table in particular is relevant for certain techniques falling under the general category of defending against denial of service attacks; see Defending against denial of service attacks. Although the PORT_ACCESS mapping table does not have access to message address information and hence does not permit the fine level granularity of, for instance, the ORIG_MAIL_ACCESS mapping table, and although it only applies to incoming SMTP over TCP/IP messages, note that for what it does do it is a very efficient approach (more efficient than using one of the later, address-based access mapping tables) since it rejects a disallowed host's connection attempt at the TCP level, before the channel dialogue (the SMTP transaction) has even begun.
The remaining *_ACCESS mapping tables discussed below can make use of envelope address information (as well as, in some cases, all the IP information available to the PORT_ACCESS mapping table). The nature of these mapping tables is very general, and allows per channel granularity, that is, channel-specific controls.
The FROM_ACCESS mapping table is probed at the point of attempted message submission where the envelope From: address has been provided; in SMTP terms, at the stage of the MAIL FROM: command. In particular, this is after the PORT_ACCESS probe (that decides whether to allow an SMTP connection) but before the recipient address mapping tables probes discussed below (that decide whether to allow particular recipient addresses). Another feature of the FROM_ACCESS mapping table is that it also has access to the authenticated sender information (SMTP AUTH information in particular). See FROM_ACCESS mapping table.
Of the recipient access control mapping tables applied at the SMTP RCPT TO command stage, see Recipient access mapping tables, the MAIL_ACCESS and ORIG_MAIL_ACCESS mapping tables are the most general, having available not only the address and channel information available to SEND_ACCESS and ORIG_SEND_ACCESS, but also any information that would be available via the PORT_ACCESS mapping table, including IP address and port number information. But when IP address information is not relevant to the desired controls, then use of SEND_ACCESS or ORIG_SEND_ACCESS may be simpler. And for some purposes, combining use of two or more of these tables may be convenient; see When access mapping table controls are applied for a discussion of the timing and ordering of when access mapping table controls are applied.
See also: Defending against denial of service attacks, FROM_ACCESS mapping table, Handling large numbers of mapping table entries, Mail filtering and access control, Mapping table format, PORT_ACCESS mapping table, Recipient access mapping tables, When access mapping table controls are applied.
