# We probably want the access_db feature enabled.
FEATURE(access_db)dnl

# List of IP addresses we allow relaying from.
Klocalip hash -a<MATCH> /etc/mail/localip
Kpopip hash  -a<MATCH> /etc/mail/popip


LOCAL_RULESETS


SLocal_check_rcpt
# Put the address into cannonical form (even if it doesn't resolve to an MX).
R$*			$: $>Parse0 $>3 $1
R$* < $* > $*		$: $1 < $2 . > $3				Pretend it's canonical.
R$* < $* . . > $*	$1 < $2 . > $3					Remove extra dots.

# Allow relaying if the connected host is a local IP address.
R$*			$: < $&{client_addr} >			Get client IP address.
R<>			$#OK					Local is ok.
R< $* . $- > $*		$(localip $1.$2 $: < $1 > . $2 $)	Check last three octets.
R$* < MATCH >		$#OK
R< $- > $*		$: $(localip $1 $: < > $1 $2 $)		Check first octet.
R$* < MATCH >		$#OK

# Allow relaying if the connected host has recently POP3 authenticated.
R$*			$: < $&{client_addr} >			Get client IP address.
R< $* > 		$(popip $1 $)				Check full address.
R$* < MATCH >		$#OK

# IP address didn't match.