Back in the old days of the ancient syntax smtpd.conf(5) contained the following section: sender [!] <senders> If specified, the rule will only be matched if the sender email address is found in the table senders. The table may contain complete email addresses or apply to an entire domain if prefixed with ‘@’.
This almost worked for me, except when adding @<domain>.<tld> in my sqlite backend (haven't tested with different backends). I reported this way back in 2016 and left it at that, but today I had a machine at my $DAYJOB that got an annoying amount of spam from a single domain that varied in user component and source ip. So filtering on domain would've helped a lot. The following diff implements what the old sender said it would do for mail-from and rcpt-to. So far only lightly tested on a private server. thoughts? martijn@ Index: ruleset.c =================================================================== RCS file: /cvs/src/usr.sbin/smtpd/ruleset.c,v retrieving revision 1.36 diff -u -p -r1.36 ruleset.c --- ruleset.c 16 Jun 2018 19:41:26 -0000 1.36 +++ ruleset.c 25 Oct 2018 20:18:53 -0000 @@ -179,6 +179,13 @@ ruleset_match_smtp_mail_from(struct rule table = table_find(env, r->table_smtp_mail_from, NULL); if ((ret = ruleset_match_table_lookup(table, key, K_MAILADDR)) < 0) return -1; + if (ret == 0) { + if ((key = strchr(key, '@')) == NULL) + return 0; + ret = ruleset_match_table_lookup(table, key, K_MAILADDR); + if (ret < 0) + return -1; + } return r->flag_smtp_mail_from < 0 ? !ret : ret; } @@ -199,6 +206,13 @@ ruleset_match_smtp_rcpt_to(struct rule * table = table_find(env, r->table_smtp_rcpt_to, NULL); if ((ret = ruleset_match_table_lookup(table, key, K_MAILADDR)) < 0) return -1; + if (ret == 0) { + if ((key = strchr(key, '@')) == NULL) + return 0; + ret = ruleset_match_table_lookup(table, key, K_MAILADDR); + if (ret < 0) + return -1; + } return r->flag_smtp_rcpt_to < 0 ? !ret : ret; } Index: smtpd.conf.5 =================================================================== RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v retrieving revision 1.206 diff -u -p -r1.206 smtpd.conf.5 --- smtpd.conf.5 8 Oct 2018 06:10:17 -0000 1.206 +++ smtpd.conf.5 25 Oct 2018 20:18:53 -0000 @@ -531,6 +531,11 @@ Specify that session's HELO / EHLO shoul .Xc Specify that transactions's MAIL FROM should match the string or list table .Ar sender . +The +.Ar sender +may contain complete email addresses or apply to an entire domain if prefixed +with +.Sq @ . .It Xo .Op Ic \&! .Cm rcpt\-to @@ -538,6 +543,11 @@ Specify that transactions's MAIL FROM sh .Xc Specify that transaction's RCPT TO should match the string or list table .Ar recipient . +The +.Ar recipient +may contain complete email addresses or apply to an entire domain if prefixed +with +.Sq @ . .It Xo .Op Ic \&! .Cm tag Ar tag