GNU Mailutils Manual (split by node):   Section:   Chapter:FastBack: Programs   Up: mailutils   FastForward: Libraries   Contents: Table of ContentsIndex: Function Index

3.20.10 mailutils acl

The mailutils acl command tests Mailutils Access Control Lists. By default it reads ACL from the Mailutils configuration file section ‘acl’. The command takes a list of IP addresses as its arguments, applies the ACL to each of them in turn and prints the result.

To select the ACL to test, two options are provided. The --file (-f) option supplies the name of configuration file to read instead of the default one. The --path (-p option supplies the pathname (see Paths) of the ACL section to use instead of the default ‘.acl’. For example, to test ACL in section ‘server 213.130.1.232’ of file /etc/pop3d.conf use:

mailutils acl --file=/etc/pop3d.conf \
       --path=/server="213.130.1.232"/acl address

As an example of its use, consider file test.conf with the following contents:

acl {
        deny from 10.10.10.1;
        deny from 10.10.1.0/24;
        log from any "Connect from ${address}";
        allow from 10.0.0.0/8;
        allow from 192.168.1.0/24;
        deny from any;
}

Then, running mailutils acl --file=test.conf 127.0.0.1 you will get:

Testing 127.0.0.1:
mailutils: Connect from 127.0.0.1
127.0.0.1: deny

More examples:

$ mailutils acl --file=test.conf 127.0.0.1 10.10.10.1 \
         10.10.1.3 10.5.3.1 192.168.1.0 192.168.2.0
Testing 127.0.0.1:
mailutils: Connect from 127.0.0.1
127.0.0.1: deny
Testing 10.10.10.1:
10.10.10.1: deny
Testing 10.10.1.3:
10.10.1.3: deny
Testing 10.5.3.1:
mailutils: Connect from 10.5.3.1
10.5.3.1: accept
Testing 192.168.1.0:
mailutils: Connect from 192.168.1.0
192.168.1.0: accept
Testing 192.168.2.0:
mailutils: Connect from 192.168.2.0
192.168.2.0: accept

The mailutils option --debug-level will give you a deeper insight into the address matching algorithm:

$ mailutils --debug-level=acl.trace9 acl --file test.conf 127.0.0.1
Testing 127.0.0.1:
mailutils: Checking sockaddr 127.0.0.1
mailutils: 1:deny: Does 10.10.10.1/255.255.255.255 match 127.0.0.1? no; 
mailutils: 2:deny: Does 10.10.1.0/255.255.255.0 match 127.0.0.1? no; 
mailutils: 3:log: Does any match 127.0.0.1? yes; 
mailutils: Expanding "Connect from ${address}";
mailutils: Expansion: "Connect from 127.0.0.1";. 
mailutils: Connect from 127.0.0.1
mailutils: 4:accept: Does 10.0.0.0/255.0.0.0 match 127.0.0.1? no; 
mailutils: 5:accept: Does 192.168.0.0/255.255.0.0 match 127.0.0.1? no; 
mailutils: 6:deny: Does any match 127.0.0.1? yes; 
127.0.0.1: deny

See acl.

GNU Mailutils Manual (split by node):   Section:   Chapter:FastBack: Programs   Up: mailutils   FastForward: Libraries   Contents: Table of ContentsIndex: Function Index