18.4 When Access Controls Are Applied

Messaging Server checks access control mappings as early as possible. Exactly when this happens depends upon the email protocol in use—when the information that must be checked becomes available.

For the SMTP protocol, a FROM_ACCESS rejection occurs in response to the MAIL FROM: command, before the sending side can send the recipient information or the message data. A SEND_ACCESS or MAIL_ACCESS rejection occurs in response to the RCPT TO: command, before the sending side gets to send the message data. If an SMTP message is rejected, Messaging Server never accepts or sees the message data, thus minimizing the overhead of performing such rejections.

If multiple access control mapping tables exist, Messaging Server checks them all. That is, a FROM_ACCESS, a SEND_ACCESS, an ORIG_SEND_ACCESS, a MAIL_ACCESS, and ORIG_MAIL_ACCESS mapping tables may all be in effect.

PORT_ACCESS is called from dispatcher as soon as it accepts the incoming TCP connection. It is also called from tcp_smtp_server when any of the maysaslserver or mustsaslserver keywords are present on the source channel. (See 12.4.4 SMTP Authentication, SASL, and TLS.)

FROM_ACCESS is used by the tcp_smtp_server when processing the MAIL FROM SMTP command.

SEND_ACCESS and ORIG_SEND_ACCESS tables are used by the tcp_smtp_server when processing the RCPT TO SMTP command.

MAIL_ACCESS and ORIG_MAIL_ACCESS tables are used by the tcp_smtp_server when processing the RCPT TO SMTP command.