qpsmtpd Wiki


You are here: start » plugins » auth » restrict_submission


You are currently not logged in! Enter your authentication credentials below to log in. You need to have cookies enabled to log in.


You don't have an account yet? Just get one: Register

Forgotten your password? Get a new one: Set new password

Plug-in Summary

Plug-in name: restrict_submission
Info: Restricts the use of a specific port to authorised users only
Author: Eliot Foster
Compatibility: Requires forkserver with multiple –port arguments enabled
Download: inline


Restricts the use of a specific port to authorised users only

#!/usr/bin/perl -Tw
# This plugin makes sure that foreign MTAs do not attempt to send mail to mail submission ports (465,587)
# Basically:
# 1.) A list of ports is given as a set of arguments
# 2.) If a connection comes in on one of those ports and is not a relayclient (authenticated)
# 3.) Reject the connection
# example config line for config/plugins:
# 	restrict_submission 465 587

use Qpsmtpd::DSN;

sub init {
  my ($self, $qp, @args) = @_;

  my %ports = ();
  if (@args) {
    @ports{@args} = @args;

  $self->{_submission_ports} = \%ports;

sub hook_mail {
  my ($self, $transaction, $sender) = @_;

  # all is well if relaying
  return (DECLINED)
    if ( $self->qp->connection->relay_client );

  # RFC2476, section 3.2:  MUST accept null return path
  return (DECLINED) if
    ($sender->format eq "<>");

  # if the local port is one of the defined submission restricted ports, DENY
  if (defined( $self->{_submission_ports}->{ $self->qp->connection->local_port } )) {
    return Qpsmtpd::DSN->sec_sender_unauthorized(DENY, "Authentication required for submission");

  return (DECLINED);