The configuration file is very simple and intuitive. The file is located in /etc/apolicy/main.conf by default and follows this syntax:
[section] parameter = value other-parameter = other-value
Leading whitespace is removed from values and lines beginning with "#" or ";" are ignored and may be used to provide comments.
The main.conf file contains the configuration for the main process, log level, listen address, etc. The file is well commented and self explanatory.
The policy.conf file contains the ACLs, Actions and Access statements. It's in this file that you put your rules.
You define an ACL, an ACTION and finally you combine one or more ACL with an ACTION, using the ACCESS statement. If all ACLs matched, then apolicy will return the defined ACTION to Postfix. If not all ACLs matched, then DUNNO is returned.
An ACL line
An ACL line should follow this syntax:
acl name type value
Where acl sets the line as an ACL statement, name is an identifier, for type look at the supported ACLs and value is the value that will be used by the ACL. You can set the value to a path to another text file that contains one value per line. It must be a full path to the file.
An ACTION line
An ACTION line should follow this syntax:
action name type text
Where action sets the line as an ACTION statement, name is an identifier, type is any of the actions listed in the Postfix Access(5) table, and text is the optional text returned by the action.
There is an special action named default. The default action is used when there is nothing left to do, and apolicy has always to return something to Postfix. The standard value of the default action is DUNNO, but you can change this. Setting the default action to REJECT, you can have the same behavior as a firewall, denying everything and allowing just what is necessary.
An ACCESS line
An ACCESS line should follow this syntax:
access acl action
Where access sets the line as an ACCESS statement, acl is an identifier of any previous defined ACL (you can use more than one) and action is an identifier of any previous defined ACTION.
You can use the operator ! to negate an ACL and invert the response.
acl foo sender email@example.com action not_foo REJECT You are not foo! access !foo not_foo
The example above says: if the sender is different of firstname.lastname@example.org, execute the action not_foo
Available in apolicy 0.72 and latter
In an access statement the action is now optional. If there is no action specified, the default action is used.