Installation

Debian Etch 4.0 dependencies

# aptitude install python python-ipy python-dns python-twisted-core python-twisted-bin python-ldap
# wget http://ufpr.dl.sourceforge.net/sourceforge/pymilter/python-spf_2.0.3-0_all.deb
# dpkg -i python-spf_2.0.3-0_all.deb 

For all Ubuntu releases, make sure that the Universe repository is in your sources.list.

Ubuntu 6.06 dependencies

Add Dapper backports in sources.list.

deb http://archive.ubuntu.com/ubuntu dapper-backports main universe

aptitude install python python-ipy python-dns python-twisted-core python-twisted-bin python-ldap
aptitude install -t dapper-backports python-spf

Ubuntu 6.10, 7.04, 7.10, 8.04 dependencies

aptitude install python-ipy python-dns python-twisted-core python-twisted-bin python-spf python-ldap

Fedora 7, 8, 9 dependencies

yum install python-twisted-core python-pyspf python-pydns python-IPy python-devel python-ldap

Other distributions

apolicy depends on the following Python modules:

• twisted >= 2.4: http://twistedmatrix.com/

• ipy >= 0.50: http://software.inl.fr/trac/wiki/IPy

• pydns >= 2.3: http://pydns.sourceforge.net/

• pyspf >= 2.0: http://www.bmsi.com/python/milter.html

• ldap: http://python-ldap.sourceforge.net/

Your distribution might have most of them already packaged.

Installing apolicy from source

The following commands should do just fine, you must be root:

# wget ftp://ftp.uma.es/pub/apolicy/apolicy-0.74-1.tar.gz
# tar zxf apolicy-0.74-1.tar.gz
# cd apolicy-0.74-1
# python setup.py install

If you are updating a previous installation, don't run python setup.py install, instead run this one:

# python setup.py install_lib

The command above will preserve your configuration files.

Take a look at /etc/apolicy/main.conf for additional settings, and /etc/apolicy/policy.conf for the ACLs, actions and access configuration.

Verify integrity and authenticity <= 0.73

# wget http://www.apolicy.org/gpg/miguelfilho.gpg -O- -q | gpg --import
# wget http://download.gna.org/apolicy/apolicy-0.73.tar.gz.sig
# gpg --verify apolicy-0.73.tar.gz.sig

init scripts

To start the daemon

systemctl daemon-reload
systemctl enable apolicy
systemctl start apolicy

Note that the supplied default cofiguration comes with a complex example that makes apolicy fail to start. This is because the example need datasource configuration. Adapt the configuraton with trivial stuff and make apolicy starts.

apolicy will listen by default on 127.0.0.1:10001.

By now the proccess must be running, check with ps and netstat. In case of any problem, check /var/log/syslog and /var/log/maillog.

Configuring Postfix

Just add check_policy_service inet:127.0.0.1:10001 to smtpd_client_restrictions, smtpd_recipient_restrictions etc, and you are good to go.

For the size acl works properly, apolicy must to be called from smtpd_end_of_data_restrictions.

Restart Postfix.

Logging

There is two log sources to get information, first is the log sent to syslog, using the mail facility. The other is the file /var/log/twistd.log. This file contains critical errors from the twisted daemon, keep an eye on this file too.

Debugging

You can turn debug on editing the configuration file /etc/apolicy/main.conf. Go to the bottom of the file and change this:

[logger_apolicy]
level=INFO

To this:

[logger_apolicy]
level=DEBUG

Then restart apolicy.