ACL Policy Daemon is a program that communicates with the Postfix MTA using the Policy Delegation Protocol implementing an ACL (Access Control List) system, making very easy to improve and create nice controls on your e-mail traffic. You can use it to verify SPF records to.
The project is developed using Python and has no other dependencies and licensed by GPL version 2.
The rules are loaded from a regular text file. It is planned to load the rules from a SQL database or LDAP directory in the future.
Greylisting functionality will be implemented soon.
For news and updated information about ACL Policy Daemon, you can always check the project page at GNA: https://gna.org/projects/apolicy/
You must have Python installed, version 2.3 or above. Run python to check:
Python 2.4.4c0 (#2, Jul 30 2006, 15:43:58)
[GCC 4.1.2 20060715 (prerelease) (Debian 4.1.1-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
It is very easy to install apolicy. In some distributions, Postfix's daemons are located in /usr/libexec/postfix, check your distribution.
The following commands should do just fine, you must be root:
debian:~# tar zcf apolicy-0.3.tar.gz
debian:~# cp apolicy-0.3/src/apolicy.py /usr/lib/postfix/
debian:~# chmod 755 /usr/lib/postfix/apolicy.py
debian:~# mkdir /etc/apolicy/
debian:~# cp apolicy.conf /etc/apolicy/
debian:~# chmod 644 /etc/apolicy/apolicy.conf
debian:~# echo "apolicy unix - n n - - spawn" >> /etc/postfix/master.cf
debian:~# echo " user=nobody argv=/usr/lib/postfix/apolicy.py" >> /etc/postfix/master.cf
The apolicy.conf is a sample file with examples, you must edit it to fit your needs.
Install the complementary modules for apolicy. We will install 3 packages: apolicy, pyspf and pydns. Note that the directory that contains Python libraries is not the same on all operating systems. Sometimes it is inside /usr/lib or /usr/libexec, and may be named python or python< version >:
debian:~# mkdir /usr/lib//site-packages/apolicy
debian:~# mkdir /usr/lib//site-packages/spf
debian:~# mkdir /usr/lib//site-packages/DNS
debian:~# cp apolicy-0.3/src/apolicy/* /usr/lib//site-packages/apolicy
debian:~# cp apolicy-0.3/src/spf/* /usr/lib//site-packages/spf
debian:~# cp apolicy-0.3/src/DNS/* /usr/lib//site-packages/DNS
debian:~# echo apolicy > /usr/lib//site-packages/apolicy.pth
debian:~# echo spf > /usr/lib//site-packages/spf.pth
debian:~# echo DNS > /usr/lib//site-packages/DNS.pth
Before setting Postfix, it is wise to test apolicy and check if everything is right. The configuration file is loaded by default from /etc/apolicy/apolicy.conf, you can use -c parameter to change to point where your configuration file is. It is possible to debug your configuration using the parameter -d, it will send a lot of output to syslog mail facility:
debian:~# /usr/lib/postfix/apolicy.py -d
The program must keep running and waiting input from stdin. Take a look at mail.log for any problem. You can press ctrl+c to finish it. If no errors happened, then lets move forward.
Finally, add to your main.cf:
For the size acl works, apolicy need to be called this way:
smtpd_end_of_data_restrictions = check_policy_service unix:private/apolicy
· Python >= 2.3