--- /dev/null
+# POSTLICYD configuration
+#
+# Postlicyd configuration contains:
+# - a set of filter definition
+# - the entry point in the filters for each smtp states
+#
+# The configuration format use 2 types of data:
+# Token: [[:alpha:]]([[:alnum:]_]*)
+# String: string format is a bit more complex. It can be one of the two following
+# format:
+# - C-like strings "[^\n\r]*". In this kind of string, the \ character is used to
+# escape any character \c = c (\n = n, \\ = \, ...). This format allow non-ascii
+# strings and string concatenation " abcd " "ef" = " abcd ef".
+# - ASCII-only strings can be written without double-quotes. They can be splitted
+# into several lines using shell-like escaping of EOL. A string begins on the
+# first non-blank character. This king of string can not contain semi-colons.
+# eg:
+# The following format are equivalent:
+# (1) this is a str\
+# (1) ing
+#
+# (2) "this is a string"
+#
+# (3) "this " "is a "
+# (3) "string"
+#
+# Most of the configuration use a format:
+# Token = String ;
+#
+# When not in a string, spaces and line breaks are ignored. You can use comments
+# everywhere out of a string. It starts with a '#' character and ends at the end of the
+# line. Comments are strictly equivalents to white spaces.
+
+# FILTER DEFINITION
+#
+# A definition of a filter contains:
+# - the name of the filter. This name MUST be uniq (non-uniq names can lead to undefined
+# behaviour)
+# - a type
+# - a list of type-specific parameters
+# - a list of hooks (on_hookname)
+#
+# Hooks:
+# A filter can returns different values. Each return value is given a name. The
+# configuration associates an action to run to a return value name.
+#
+# The action can be either a postfix access(5) value or a filter name. Postfix access
+# parameters must be prefixed by 'postfix:'.
+#
+# eg:
+# on_match = postfix:REJECT Blacklisted;
+#
+# Filter:
+# Current defined filter types are:
+# - rbl: match the client_address against one or more blacklist files from a rbl
+# Parameters:
+# - file: (non)?lock:weight:filename
+# declare a file to load. If lock is given, the blacklist is locked into the
+# RAM. The weight is a number giving the weight of this blaclist file in the
+# score of the IP
+# - soft_threshold: score (default: 0)
+# minimum score to match the soft_match return value
+# - hard_threshold: score (default: 0)
+# minimum score to match the hard_match return value
+# Return value:
+# The score of a query is the sum of the weight of the blacklist it matched.
+# - If the IP can not be parsed, returns error
+# - If the score is strictly greater than hard_threshold, returns hard_match
+# - If the score is strictly greater than soft_threshold, returns soft_match
+# - Else, returns fail
+#
+# - greylist: greylister
+# Paramters:
+# - path: /my/path/ (required)
+# path where to store the greylist database
+# - prefix: name (default: "")
+# prefix to the name of the greylist database
+# - lookup_by_host: boolean (default: false)
+# perform lookup per host instead of domain.
+# - delay: number (default: 300)
+# number of seconds the client must wait before retrial.
+# - retry_window: (default: 2 * 24 * 3600)
+# number of seconds we wait for a retry.
+# - client_awl: number (default: 5)
+# number of successful greylisting before the client get whitelisted (0 means,
+# no-auto-whitelist).
+# Return value:
+# - if the client is whitelisted, returns whitelist
+# - if the client is greylisted, returns greylist
+# - if a error occured (not currently possible), returns error
+#
+# Format:
+# A filter look likes that:
+#
+# filter_name {
+# type = type_name;
+# param1 = parameter value 1;
+# ...
+# on_action1 = action;
+# }
+
+
+greylist {
+ type = greylist;
+
+ # configuration
+ path = /var/spool/postlicyd/;
+ prefix = greylist_;
+
+ # hooks
+ on_greylist = postfix:DEFER_IF_PERMIT optional text;
+ on_whitelist = postfix:OK;
+}
+
+spamhaus_and_abuseat {
+ type = rbl;
+
+ # configuration
+ file = lock:10:/var/spool/postlicyd/rbl.spamhaus.org;
+ file = lock:1:/var/spool/postlicyd/cbl.abuseat.org;
+ soft_threshold = 0;
+ hard_threshold = 10;
+
+ # hooks
+ on_soft_match = greylist;
+ on_hard_match = postfix:REJECT optional text;
+ on_fail = postfix:OK;
+ on_error = postfix:DUNNO;
+}
+
+
+# ENTRY POINTS
+#
+# Access policy daemon can be used at several protocol states. For each of this states,
+# you can define a different entry point in the filtering tree. This entry points have
+# the following format:
+#
+# state = filter_name;
+#
+# The filter_name MUST be one of the filter you previously defined.
+#
+# The available states are:
+# - client_filter: called on CONNECT state (smtpd_client_restrictions)
+# - helo_filter (or ehlo_filter): called on HELO/EHLO command (smtpd_helo_restrictions)
+# - sender_filter: called on the MAIL FROM command (stmpd_sender_restrictions)
+# - recipient_filter: called on the RCPT TO command (smtpd_recipient_restrictions)
+# - data_filter: called on the DATA command (smtpd_data_restrictions)
+# - end_of_data_filter: called on the END-OF-DATA command
+# (smtpd_end_of_data_restrictions)
+# - ertn_filter: called on the ETRN command (stmpd_etrn_restrictions)
+# - verify_filter: called on the VRFY command (no postfix hook ?)
+
+recipient_filter = spamhaus_and_abuseat;
+
+# vim:set syntax=conf: