The PMDF Service Dispatcher is able to selectively accept or reject incoming SMTP connections based on IP address and port number. At Dispatcher startup time, the Dispatcher will look for a mapping table named PORT_ACCESS . If present, the Dispatcher will format connection information in the form:

TCP|server-address|server-port|client-address|client-port

and try to match against all PORT_ACCESS mapping entries. If the result of the mapping contains $N or $F , the connection will be immediately closed. Any other result of the mapping indicates that the connection is to be accepted. $N or $F can optionally be followed by a rejection message. If present, the message will be sent back down the connection just prior to closure. Note that a CRLF terminator will be appended to the string before it is sent back down the connection.

The flag $< followed by an optional string causes PMDF to send the string as an OPCOM broadcast (OpenVMS) or to syslog (UNIX) or to the event log (NT) if access is rejected. If bit 1 of the LOG_CONNECTION PMDF option is set and the $N flag is set so that the connection is rejected, then also specifying the $T flag will cause a "T" entry to be written to the connection log. If bit 4 of the LOG_CONNECTION PMDF option is set, then site-supplied text can be provided in the PORT_ACCESS entry to include in the "C" connection log entries entries; to specify such text, include two vertical bar characters in the right hand side of the entry, followed by the desired text. See Table 11-1 for a summary of the available flags.

Table 11-1 PORT_ACCESS mapping flags

Flag	Description
$Y	Allow access
	Flags with arguments, in argument reading order+
$ < string	Send string as an OPCOM broadcast (OpenVMS) or to syslog (UNIX) or to the event log (NT) if access is rejected
$N string	Reject access with the optional error text string
$F string	Synonym for $N string , i.e., reject access with the optional error text string
$T text	If bit 1 of the LOG_CONNECTION PMDF option is set and the $N flag is set so that the connection is rejected, then $T causes a "T" entry to be written to the connection log; the optional text text (which must appear subsequent to two vertical bar characters) can be included in the connection log entry

For example, the following mapping will only accept SMTP connections (to port 25, the normal SMTP port) from a single network, except for a particular host singled out for rejection without explanatory text:

PORT_ACCESS TCP|*|25|192.168.10.70|* $N500 TCP|*|25|192.168.10.*|* $Y TCP|*|25|*|* $N500$ Bzzzzzzzzt$ thank$ you$ for$ playing.

Note that you will need to restart the Dispatcher after making any changes to the PORT_ACCESS mapping table so that the Dispatcher will see the changes. (And if you're using a compiled PMDF configuration, you'll first need to recompile your configuration to get the change incorporated into the compiled configuration.)

The PORT_ACCESS mapping table is specifically intended for performing IP number based rejections; for more general control at the email address level, the SEND_ACCESS or MAIL_ACCESS mapping table, as described in Section 16.1, can be more appropriate.