The configuration file is very simple and intuitive. The file is located in /etc/apolicy/main.conf by default and follows this syntax:

parameter = value
other-parameter = other-value

Leading whitespace is removed from values and lines beginning with "#" or ";" are ignored and may be used to provide comments.


The main.conf file contains the configuration for the main process, log level, listen address, etc. The file is well commented and self explanatory.


The policy.conf file contains the ACLs, Actions and Access statements. It's in this file that you put your rules.

You define an ACL, an ACTION and finally you combine one or more ACL with an ACTION, using the ACCESS statement. If all ACLs matched, then apolicy will return the defined ACTION to Postfix. If not all ACLs matched, then DUNNO is returned.

An ACL line

An ACL line should follow this syntax:

acl name type value

Where acl sets the line as an ACL statement, name is an identifier, for type look at the supported ACLs and value is the value that will be used by the ACL. You can set the value to a path to another text file that contains one value per line. It must be a full path to the file.

An ACTION line

An ACTION line should follow this syntax:

action name type text

Where action sets the line as an ACTION statement, name is an identifier, type is any of the actions listed in the Postfix Access(5) table, and text is the optional text returned by the action.

<!> There is an special action named default. The default action is used when there is nothing left to do, and apolicy has always to return something to Postfix. The standard value of the default action is DUNNO, but you can change this. Setting the default action to REJECT, you can have the same behavior as a firewall, denying everything and allowing just what is necessary.

An ACCESS line

An ACCESS line should follow this syntax:

access acl action

Where access sets the line as an ACCESS statement, acl is an identifier of any previous defined ACL (you can use more than one) and action is an identifier of any previous defined ACTION.

<!> You can use the operator ! to negate an ACL and invert the response.

acl foo sender
action not_foo REJECT You are not foo!
access !foo not_foo

The example above says: if the sender is different of, execute the action not_foo

{i} Available in apolicy 0.72 and latter

In an access statement the action is now optional. If there is no action specified, the default action is used.

Configuration (last edited 2014-08-27 10:01:44 by vic)