Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revisionLast revisionBoth sides next revision | ||
policies [2012-06-08 13:25] – randerson | policies [2012-07-16 14:16] – [Specifications] randerson | ||
---|---|---|---|
Line 5: | Line 5: | ||
=====Priorities===== | =====Priorities===== | ||
- | Priorities are processed in an ascending fashion, this means that 0 will be processed before 1 and 10 before 20. | + | Priorities are processed in an ascending fashion, this means that 0 will be processed before 1, 10 before 20 etc. |
=====Specifications===== | =====Specifications===== | ||
- | NULL or " | ||
- | This will match anything. | ||
- | @domain | + | * Match **anything** |
- | This will match all email @domain. | + | * < |
+ | any</ | ||
- | user@domain | + | * Match all email @**domain** |
- | This will match all email user@domain. | + | * < |
- | @ | + | * Match all email user@domain |
- | (present in r412+ and v2.1.x) | + | * < |
- | This will match < >. | + | * Match < >. |
+ | * < | ||
+ | * present in r412+ and v2.1.x | ||
- | a.b.c.d | + | * Match a single sending server IP address |
- | Matches a single sending server IP address. | + | * < |
- | a.b.c.d/e | + | * Match a CIDR formatted range of sending server IP addresses |
- | Matches a CIDR formatted range of sending server IP addresses. | + | * < |
+ | * Additional options for r493+ and v2.1.x | ||
+ | * Refer to IP address specification | ||
- | (Additional options for r493+ and v2.1.x) | + | * Match a single //peer// server IP address. This **does not** match the IP address of the server where the email came from, this matches the IP address of the server which requested the policy |
+ | * < | ||
+ | * present in r413+ and v2.1.x | ||
- | Refer to IP Address Specification. | + | * Match a CIDR formatted range of peer server IP addresses. This **does not** match the IP address of the server where the email came from, this matches the IP address of the server which requested the policy |
+ | * < | ||
+ | * present in r413+ and v2.1.x | ||
+ | * Additional options for r493+ and v2.1.x | ||
+ | * Refer to IP Address Specification. | ||
- | [a.b.c.d] | + | * Match an IPv6 range of sending server IP addresses. Bitmask is optional. The bitmask defaults to 128 if the IPv6 address contains all octets or if the right most octet is specified. If there is no octet on the right hand side of a :: , the bitmask is automatically calculated depending on how many bits are left out. Refer to IP Address Specification for additional formats. |
- | (present in r413+ and v2.1.x) | + | *< |
+ | | ||
- | Matches a single | + | * Match an IPv6 range of peer server IP addresses. This DOES NOT match the IP address of the server where the email came from. this matches the IP address of the server which requested the policy. |
+ | *< | ||
+ | * present in r493+ and v2.1.x | ||
- | [a.b.c.d/e] | + | * Match a group which, |
- | (present | + | * < |
- | Matches | + | * Match a SASL username. You can also use $* to match any SASL username and $- to match no SASL username |
+ | * < | ||
- | (Additional options | + | * Match the reverse dns of the IP where the client is connecting from |
+ | * < | ||
+ | * You can use * as a wildcard match against anything except the ., for example hello.*.example.com | ||
+ | * Specifying example.com will only match example.com | ||
+ | * Specifying .example.com will match anything.example.com and fu.bar.example.com | ||
+ | * As a technical note, * is expanded into [a-z0-9\-_\.] | ||
- | Refer to IP Address Specification. | + | =====Examples===== |
+ | The preconfigured default polices are defined as follows | ||
- | a: | + | |
- | (present in r493+ and v2.1.x) | + | |
- | + | ||
- | Matches an IPv6 range of sending server IP addresses. Bitmask is optional. The bitmask defaults to 128 if the IPv6 address contains all octets or if the right most octet is specified. If there is no octet on the right hand side of a :: , the bitmask is automatically calculated depending on how many bits are left out. Refer to IP Address Specification for additional formats. | + | |
- | + | ||
- | [a: | + | |
- | (present in r493+ and v2.1.x) | + | |
- | + | ||
- | Matches an IPv6 range of peer server IP addresses. This DOES NOT match the IP address of the server where the email came from. this matches the IP address of the server which requested the policy. The bitmask defaults to 128 if the IPv6 address contains all octets or if the right most octet is specified. If there is no octet on the right hand side of a :: , the bitmask is automatically calculated depending on how many bits are left out. Refer to IP Address Specification for additional formats. | + | |
- | + | ||
- | %group | + | |
- | Matches a group, which in turn can comprise of a list of any of the above specification types including groups. | + | |
- | + | ||
- | $sasl_username | + | |
- | This will match a SASL username. You can also use $* to match any SASL username and $- to match no SASL username. | + | |
- | + | ||
- | whatever.example.com | + | |
- | This will match the reverse dns of the IP where the client is connecting from. | + | |
- | + | ||
- | - You can use * as a wildcard match against anything except the ., for example hello.*.example.com . You can use * as much as you like. | + | |
- | - Specifying example.com will only match example.com | + | |
- | - Specifying .example.com will match anything.example.com and fu.bar.example.com | + | |
- | + | ||
- | As a technical note, * is expanded into [a-z0-9\-_\.] and if . doesn' | + | |
- | + | ||
- | Complete Example | + | |
- | + | ||
- | The pre-configured default polices are defiend as follows... | + | |
- | + | ||
- | Default System Policy | + | |
Priority: 0 | Priority: 0 | ||
Source: ANY | Source: ANY | ||
- | Desination: ANY | + | Desination: ANY</ |
- | + | * < | |
- | Default Outbound Policy | + | |
Priority: 10 | Priority: 10 | ||
Source: %internal_ips, | Source: %internal_ips, | ||
- | Destination: | + | Destination: |
- | + | * < | |
- | Default Inbound Policy | + | |
Priority: 10 | Priority: 10 | ||
Source: !%internal_ips, | Source: !%internal_ips, | ||
- | Destination: | + | Destination: |
- | + | * < | |
- | Default Internal Policy | + | |
Priority: 20 | Priority: 20 | ||
Source: %internal_ips, | Source: %internal_ips, | ||
- | Destination: | + | Destination: |
- | + | ||
- | These groups are defined in the following manner... | + | |
- | internal_ips | + | These groups are defined in the following manner |
- | 10.0.0.0/8 | + | |
- | internal_domains | + | * < |
+ | 10.0.0.0/ | ||
+ | * < | ||
example.org | example.org | ||
example.com | example.com | ||
- | example.net | + | example.net</ |