Difference between revisions of "Mailutils acl"
(Created page with "The <tt>mailutils acl</tt> command tests GNU Mailutils access control lists. By default it reads ACL from the Mailutils configiration file section...") |
m |
||
| Line 7: | Line 7: | ||
As an example of its use, consider file <tt>test.conf</tt> with the following contents: | As an example of its use, consider file <tt>test.conf</tt> with the following contents: | ||
| − | <nowiki> | + | <nowiki> |
acl { | acl { | ||
deny from 10.10.10.1; | deny from 10.10.10.1; | ||
Latest revision as of 11:02, 11 July 2015
The mailutils acl command tests GNU Mailutils access control lists. By default it reads ACL from the Mailutils configiration file section "acl". The command takes a list of IP addresses as its arguments, applies the ACL to each of these addresses in turn and prints the result.
To select the ACL to test, two options are provided. The --file (-f) option supplies the name of configuration file to read instead of the default one. The --path (-p) option supplies the path to the ACL section to use instead of the default ".acl". For example, to test ACL in section server 198.51.100.33 of file /etc/pop3d.conf use:
mailutils acl --file=/etc/pop3d.conf --path=/server="198.51.100.33"/acl address
As an example of its use, consider file test.conf with the following contents:
acl {
deny from 10.10.10.1;
deny from 10.10.1.0/24;
log from any "Connect from ${address}";
allow from 10.0.0.0/8;
allow from 192.168.1.0/24;
deny from any;
}
Then, running mailutils acl --file=test.conf 127.0.0.1 you will get:
Testing 127.0.0.1: mailutils: Connect from 127.0.0.1 127.0.0.1: deny
More examples:
$ mailutils acl --file=test.conf 127.0.0.1 10.10.10.1 10.10.1.3 10.5.3.1 192.168.1.0 192.168.2.0 Testing 127.0.0.1: mailutils: Connect from 127.0.0.1 127.0.0.1: deny Testing 10.10.10.1: 10.10.10.1: deny Testing 10.10.1.3: 10.10.1.3: deny Testing 10.5.3.1: mailutils: Connect from 10.5.3.1 10.5.3.1: accept Testing 192.168.1.0: mailutils: Connect from 192.168.1.0 192.168.1.0: accept Testing 192.168.2.0: mailutils: Connect from 192.168.2.0 192.168.2.0: accept
The mailutils option --debug-level will give you a deeper insight into the address matching algorithm:
$ mailutils --debug-level=acl.trace9 acl --file test.conf 127.0.0.1
Testing 127.0.0.1:
mailutils: Checking sockaddr 127.0.0.1
mailutils: 1:deny: Does 10.10.10.1/255.255.255.255 match 127.0.0.1? no;
mailutils: 2:deny: Does 10.10.1.0/255.255.255.0 match 127.0.0.1? no;
mailutils: 3:log: Does any match 127.0.0.1? yes;
mailutils: Expanding "Connect from ${address}"
mailutils: Expansion: "Connect from 127.0.0.1".
mailutils: Connect from 127.0.0.1
mailutils: 4:accept: Does 10.0.0.0/255.0.0.0 match 127.0.0.1? no;
mailutils: 5:accept: Does 192.168.0.0/255.255.0.0 match 127.0.0.1? no;
mailutils: 6:deny: Does any match 127.0.0.1? yes;
127.0.0.1: deny
