Access Control Lists

Access control lists determine from which addresses comsatd will receive mail notification messages.

The access control lists are introduced in configuration file using keyword ‘acl’. General format for an ACL rule is

     acl action netlist

Here, action specifies the action to be taken when a request arrives from one of the networks, listed in netlist. There are two possible actions: ‘allow’ and ‘deny’.

The netlist is a whitespace-separated list of network numbers. Each network number may be specified in one of the following forms:

netnum

Means a single host with IP address netnum.

netnum/netmask

netnum/masklen

‘any’

Denotes any IP address. It is equivalent to ‘0.0.0.0/0’.

Upon receiving a notification message, comsatd compares its source address against each ACL rule in the order of their appearance in the configuration file. The first rule that matches the packet determines whether the message will be processed or rejected. If no matching rule was found, the default rule applies. Currently, default rule is

     acl allow any

If you don't need such behavior, specify the default rule explicitly. For example, the common use would be:

     acl allow 127.0.0.1
     acl deny any

which makes comsatd receive the notification messages from localhost only.