Installation: # wget http://www.bertera.it/software/apolicy/apolicy-0.5-greylist.tgz # apt-get install python2.3-pysqlite2 # tar xzvf apolicy-0.5-greylist.tgz # cp apolicy-0.5/src/apolicy.py /usr/lib/postfix # python setup.py install # echo "apolicy unix - n n - - spawn" >> /etc/postfix/master.cf # echo " user=nobody argv=/usr/lib/postfix/apolicy.py" >> /etc/postfix/master.cf The configuration file is loaded by default from /etc/apolicy/apolicy.conf, you can use -c parameter to change and point where your configuration file is. It is possible to debug your configuration using the parameter -d, it will send a lot of output to syslog mail facility Finally, add to your main.cf: smtpd_recipient_restrictions = reject_unlisted_recipient ... reject_unauth_destination check_policy_service unix:private/apolicy For the size acl works, apolicy need to be called this way: smtpd_end_of_data_restrictions = check_policy_service unix:private/apolicy # /etc/init.d/postfix restart Example of /etc/apolicy/apolicy.conf: # main configuration of apolicy [main] # Parameter: 'policy_engine' # Sets the engine that will be used to load the policy. policy_engine = file # configuration of the 'file' engine [file] # Parameter: 'path' # Sets the path for the file that contains the policy configuration. path = /opt/apolicy-0.5/policy.conf [greylist] # time in minutes of greylisting time = 5 # lifetime in minutes of any entry in graylist db # 10 days lifetime = 72000 # greylist sqlite db db = /tmp/greylist.db ACL Examples: # disabling greylist for a sender acl pierto sender pietro@bertera.it no_greylist pietro # disabling greylist for a domain: acl bertera sender @bertera.it no_greylist bertera # enabling greylisting if sender ip is found in one of rbl list: acl any sender (.*) acl rbl1 rbl dynablock.njabl.org acl rbl2 rbl dul.dnsbl.sorbs.net acl rbl3 rbl cbl.abuseat.org acl rbl4 rbl sbl-xbl.spamhaus.org acl rbl5 rbl bl.spamcop.net action dunno DUNNO access any dunno no_greylist !rbl1 !rbl2 !rbl3 !rbl4 !rbl5 # enabling greylisting if sender ip is found in all rbl list: acl any sender (.*) acl rbl1 rbl dynablock.njabl.org acl rbl2 rbl dul.dnsbl.sorbs.net acl rbl3 rbl cbl.abuseat.org acl rbl4 rbl sbl-xbl.spamhaus.org acl rbl5 rbl bl.spamcop.net action dunno DUNNO access any dunno no_greylist !rbl1 no_greylist !rbl2 no_greylist !rbl3 no_greylist !rbl4 no_greylist !rbl5 ------------------------------------------------------------------------ Manipulating greylist database: bertera:/opt/apolicy-0.5# ./src/GreylistDB/greylistdb.py -h ./src/GreylistDB/greylistdb.py -c policy.conf [-a ip:sender:recipient] add a greylist entry [-r ip:sender:recipient] remove a greylist entry [-s] show greylist database [-d] clear grelist db [-t ip:sender:recipient] touch a entry timestamp [-g ip:sender:recipient] get a entry [-e timesec] get expired entry The output format is:sender IP [sender => recipient] last seen unix time - state Showing greylist full database: bertera:/opt/apolicy-0.5# ./src/GreylistDB/greylistdb.py -c apolicy.conf -s 82.54.116.40 [root@localhost.localdomain => pietro@bertera.it] 1165657808 -- true 87.242.24.203 [vickieaspandora@ppionline.org => pietro@bertera.it] 1165657613 -- false 59.184.61.72 [keycapmortgage.com@samplerealaccess.com => bug@bertera.it] 1165658086 -- false 211.209.74.214 [sheehanycoraelide@angeles-designs.com => pietro@bertera.it] 1165659235 -- false 75.39.167.134 [hotels@link2hotels.com => info@bertera.it] 1165659553 -- false 82.61.176.95 [dupontdev@vanderwyk.com => info@bertera.it] 1165660434 -- false Sat, 09 Dec 2006 Pietro Bertera