= Configuration =

== Syntax ==

The configuration file is very simple and intuitive. The file is located in
/etc/apolicy/main.conf by default and follows this syntax:

{{{
[section]
parameter = value
other-parameter = other-value
}}}

Leading whitespace is removed from values and lines beginning with "#" or ";" 
are ignored and may be used to provide comments.

== /etc/apolicy/main.conf ==

The ''main.conf'' file contains the configuration for the main process, 
log level, listen address, etc. The file is well commented and self explanatory.

== /etc/apolicy/policy.conf ==

The ''policy.conf'' file contains the ACLs, Actions and Access statements. 
It's in this file that you put your rules.

You define an ACL, an ACTION and finally you combine one or more ACL with an
ACTION, using the ACCESS statement. If all ACLs matched, then apolicy will
return the defined ACTION to Postfix. If not all ACLs matched,
then DUNNO is returned. 

=== An ACL line ===

An ACL line should follow this syntax:
{{{
acl name type value
}}}

Where ''acl'' sets the line as an ACL statement, ''name'' is an identifier,
for ''type'' look at the supported [[AclList|ACLs]] and ''value'' is the
value that will be used by the ACL. You can set the value to a path to
another text file that contains one value per line. It must be a full
path to the file.

=== An ACTION line ===

An ACTION line should follow this syntax:
{{{
action name type text
}}}

Where ''action'' sets the line as an ACTION statement, ''name'' is an
identifier, ''type'' is any of the actions listed in the 
[[http://www.postfix.org/access.5.html|Postfix Access(5)]] table,
and ''text'' is the optional text returned by the action.

<!> There is an special action named '''default'''. The '''default''' action is used when
there is nothing left to do, and ''apolicy'' has always to return something to Postfix.
The standard value of the '''default''' action is '''DUNNO''', but you can change this. Setting the '''default''' action to
REJECT, you can have the same behavior as a firewall, denying everything and allowing
just what is necessary.

=== An ACCESS line ===

An ACCESS line should follow this syntax:
{{{
access acl action
}}}

Where ''access'' sets the line as an ACCESS statement, ''acl'' is an
identifier of any previous defined ACL (you can use more than one) and
''action'' is an identifier of any previous defined ACTION.

<!> You can use the operator '''!''' to negate an ACL and invert the response.
{{{
acl foo sender foo@domain.com
action not_foo REJECT You are not foo!
access !foo not_foo
}}}

The example above says: ''if the sender is different of foo@domain.com, execute the action not_foo''

{i} Available in apolicy 0.72 and latter

In an access statement the action is now optional. If there is no action specified, the '''default''' action is used.