Configuration12014-08-27 10:01:44vicConfigurationSyntaxThe configuration file is very simple and intuitive. The file is located in /etc/apolicy/main.conf by default and follows this syntax: Leading whitespace is removed from values and lines beginning with "#" or ";" are ignored and may be used to provide comments. /etc/apolicy/main.confThe main.conf file contains the configuration for the main process, log level, listen address, etc. The file is well commented and self explanatory. /etc/apolicy/policy.confThe policy.conf file contains the ACLs, Actions and Access statements. It's in this file that you put your rules. You define an ACL, an ACTION and finally you combine one or more ACL with an ACTION, using the ACCESS statement. If all ACLs matched, then apolicy will return the defined ACTION to Postfix. If not all ACLs matched, then DUNNO is returned. An ACL lineAn ACL line should follow this syntax: Where acl sets the line as an ACL statement, name is an identifier, for type look at the supported ACLs and value is the value that will be used by the ACL. You can set the value to a path to another text file that contains one value per line. It must be a full path to the file. An ACTION lineAn ACTION line should follow this syntax: Where action sets the line as an ACTION statement, name is an identifier, type is any of the actions listed in the Postfix Access(5) table, and text is the optional text returned by the action. <!> There is an special action named default. The default action is used when there is nothing left to do, and apolicy has always to return something to Postfix. The standard value of the default action is DUNNO, but you can change this. Setting the default action to REJECT, you can have the same behavior as a firewall, denying everything and allowing just what is necessary. An ACCESS lineAn ACCESS line should follow this syntax: Where access sets the line as an ACCESS statement, acl is an identifier of any previous defined ACL (you can use more than one) and action is an identifier of any previous defined ACTION. <!> You can use the operator ! to negate an ACL and invert the response. The example above says: if the sender is different of foo@domain.com, execute the action not_foo {i} Available in apolicy 0.72 and latter In an access statement the action is now optional. If there is no action specified, the default action is used.