1 # POSTLICYD configuration
3 # Postlicyd configuration contains:
4 # - a set of filter definition
5 # - the entry point in the filters for each smtp states
7 # The configuration format use 2 types of data:
8 # Token: [[:alpha:]]([[:alnum:]_]*)
9 # String: string format is a bit more complex. It can be one of the two following
11 # - C-like strings "[^\n\r]*". In this kind of string, the \ character is used to
12 # escape any character \c = c (\n = n, \\ = \, ...). This format allow non-ascii
13 # strings and string concatenation " abcd " "ef" = " abcd ef".
14 # - ASCII-only strings can be written without double-quotes. They can be splitted
15 # into several lines using shell-like escaping of EOL. A string begins on the
16 # first non-blank character. This king of string can not contain semi-colons.
18 # The following format are equivalent:
22 # (2) "this is a string"
27 # Most of the configuration use a format:
30 # When not in a string, spaces and line breaks are ignored. You can use comments
31 # everywhere out of a string. It starts with a '#' character and ends at the end of the
32 # line. Comments are strictly equivalents to white spaces.
36 # A definition of a filter contains:
37 # - the name of the filter. This name MUST be uniq (non-uniq names can lead to undefined
40 # - a list of type-specific parameters
41 # - a list of hooks (on_hookname)
44 # A filter can returns different values. Each return value is given a name. The
45 # configuration associates an action to run to a return value name.
47 # The action can be either a postfix access(5) value or a filter name. Postfix access
48 # parameters must be prefixed by 'postfix:'.
51 # on_match = postfix:REJECT Blacklisted;
54 # Current defined filter types are:
55 # - rbl: match the client_address against one or more blacklist files from a rbl
57 # - file: (non)?lock:weight:filename
58 # declare a file to load. If lock is given, the blacklist is locked into the
59 # RAM. The weight is a number giving the weight of this blaclist file in the
61 # - soft_threshold: score (default: 1)
62 # minimum score to match the soft_match return value
63 # - hard_threshold: score (default: 1)
64 # minimum score to match the hard_match return value
66 # The score of a query is the sum of the weight of the blacklist it matched.
67 # - If the IP can not be parsed, returns error
68 # - If the score is strictly greater >= than hard_threshold, returns hard_match
69 # - If the score is strictly greater >= than soft_threshold, returns soft_match
70 # - Else, returns fail
72 # - greylist: greylister
74 # - path: /my/path/ (required)
75 # path where to store the greylist database
76 # - prefix: name (default: "")
77 # prefix to the name of the greylist database
78 # - lookup_by_host: boolean (default: false)
79 # perform lookup per host instead of domain.
80 # - delay: number (default: 300)
81 # number of seconds the client must wait before retrial.
82 # - retry_window: (default: 2 * 24 * 3600)
83 # number of seconds we wait for a retry.
84 # - client_awl: number (default: 5)
85 # number of successful greylisting before the client get whitelisted (0 means,
88 # - if the client is whitelisted, returns whitelist
89 # - if the client is greylisted, returns greylist
90 # - if a error occured (not currently possible), returns error
92 # this filter is a recipient filter and works in RCPT state only
93 # (smtpd_recipient_restrictions).
96 # A filter look likes that:
100 # param1 = parameter value 1;
102 # on_action1 = action;
110 path = /var/spool/postlicyd/;
114 on_greylist = postfix:DEFER_IF_PERMIT optional text;
115 on_whitelist = postfix:OK;
118 spamhaus_and_abuseat {
122 file = lock:10:/var/spool/postlicyd/rbl.spamhaus.org;
123 file = lock:1:/var/spool/postlicyd/cbl.abuseat.org;
128 on_soft_match = greylist;
129 on_hard_match = postfix:REJECT optional text;
130 on_fail = postfix:OK;
131 on_error = postfix:DUNNO;
137 # Access policy daemon can be used at several protocol states. For each of this states,
138 # you can define a different entry point in the filtering tree. This entry points have
139 # the following format:
141 # state = filter_name;
143 # The filter_name MUST be one of the filter you previously defined.
145 # The available states are:
146 # - client_filter: called on CONNECT state (smtpd_client_restrictions)
147 # - helo_filter (or ehlo_filter): called on HELO/EHLO command (smtpd_helo_restrictions)
148 # - sender_filter: called on the MAIL FROM command (stmpd_sender_restrictions)
149 # - recipient_filter: called on the RCPT TO command (smtpd_recipient_restrictions)
150 # - data_filter: called on the DATA command (smtpd_data_restrictions)
151 # - end_of_data_filter: called on the END-OF-DATA command
152 # (smtpd_end_of_data_restrictions)
153 # - ertn_filter: called on the ETRN command (stmpd_etrn_restrictions)
154 # - verify_filter: called on the VRFY command (no postfix hook ?)
156 recipient_filter = spamhaus_and_abuseat;
158 # vim:set syntax=conf: