|
⇤ ← Revision 1 as of 2014-08-27 10:00:40
Size: 3738
Comment:
|
Size: 3455
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 6: | Line 6: |
| # aptitude install python python-ipy python-dns python-twisted-core python-twisted-bin | # aptitude install python python-ipy python-dns python-twisted-core python-twisted-bin python-ldap |
| Line 8: | Line 8: |
| # dpkg -i python-spf_2.0.3-0_all.deb | # dpkg -i python-spf_2.0.3-0_all.deb |
| Line 22: | Line 22: |
| aptitude install python python-ipy python-dns python-twisted-core python-twisted-bin | aptitude install python python-ipy python-dns python-twisted-core python-twisted-bin python-ldap |
| Line 29: | Line 29: |
| aptitude install python-ipy python-dns python-twisted-core python-twisted-bin python-spf | aptitude install python-ipy python-dns python-twisted-core python-twisted-bin python-spf python-ldap |
| Line 34: | Line 34: |
| yum install python-twisted-core python-pyspf python-pydns python-IPy python-devel | yum install python-twisted-core python-pyspf python-pydns python-IPy python-devel python-ldap |
| Line 45: | Line 45: |
| * ldap: http://python-ldap.sourceforge.net/ | |
| Line 53: | Line 54: |
| # wget http://download.gna.org/apolicy/apolicy-0.73.tar.gz # tar zxf apolicy-0.73.tar.gz |
# wget ftp://ftp.uma.es/pub/apolicy/apolicy-0.74-1.tar.gz # tar zxf apolicy-0.74-1.tar.gz # cd apolicy-0.74-1 |
| Line 68: | Line 70: |
| === Verify integrity and authenticity === | === Verify integrity and authenticity <= 0.73 === |
| Line 77: | Line 79: |
| To start the daemon, you can use one of the init scripts supplied with the source. * '''debian/apolicy.init''': use this init script for Debian and derivatives * '''apolicy.init''': use this init script for Red Hat-like distributions Copy one of them to ''/etc/init.d'', renaming to just ''apolicy''. Red Hat-like distributions: |
To start the daemon |
| Line 85: | Line 81: |
| # chkconfig --add apolicy | systemctl daemon-reload systemctl enable apolicy systemctl start apolicy |
| Line 87: | Line 85: |
Debian and derivatives: {{{ # update-rc.d apolicy defaults }}} Then use the your normal procedure to start/stop the service. |
|
| Line 98: | Line 89: |
| In case of any problem, check /var/log/syslog and /var/log/mail.log. |
In case of any problem, check /var/log/syslog and /var/log/maillog. |
Installation
Debian Etch 4.0 dependencies
# aptitude install python python-ipy python-dns python-twisted-core python-twisted-bin python-ldap # wget http://ufpr.dl.sourceforge.net/sourceforge/pymilter/python-spf_2.0.3-0_all.deb # dpkg -i python-spf_2.0.3-0_all.deb
For all Ubuntu releases, make sure that the Universe repository is in your sources.list.
Ubuntu 6.06 dependencies
Add Dapper backports in sources.list.
deb http://archive.ubuntu.com/ubuntu dapper-backports main universe
aptitude install python python-ipy python-dns python-twisted-core python-twisted-bin python-ldap aptitude install -t dapper-backports python-spf
Ubuntu 6.10, 7.04, 7.10, 8.04 dependencies
aptitude install python-ipy python-dns python-twisted-core python-twisted-bin python-spf python-ldap
Fedora 7, 8, 9 dependencies
yum install python-twisted-core python-pyspf python-pydns python-IPy python-devel python-ldap
Other distributions
apolicy depends on the following Python modules:
twisted >= 2.4: http://twistedmatrix.com/
ipy >= 0.50: http://software.inl.fr/trac/wiki/IPy
pydns >= 2.3: http://pydns.sourceforge.net/
pyspf >= 2.0: http://www.bmsi.com/python/milter.html
Your distribution might have most of them already packaged.
Installing apolicy from source
The following commands should do just fine, you must be root:
# wget ftp://ftp.uma.es/pub/apolicy/apolicy-0.74-1.tar.gz # tar zxf apolicy-0.74-1.tar.gz # cd apolicy-0.74-1 # python setup.py install
If you are updating a previous installation, don't run python setup.py install, instead run this one:
# python setup.py install_lib
The command above will preserve your configuration files.
Take a look at /etc/apolicy/main.conf for additional settings, and /etc/apolicy/policy.conf for the ACLs, actions and access configuration.
Verify integrity and authenticity <= 0.73
# wget http://www.apolicy.org/gpg/miguelfilho.gpg -O- -q | gpg --import # wget http://download.gna.org/apolicy/apolicy-0.73.tar.gz.sig # gpg --verify apolicy-0.73.tar.gz.sig
init scripts
To start the daemon
systemctl daemon-reload systemctl enable apolicy systemctl start apolicy
apolicy will listen by default on 127.0.0.1:10001.
By now the proccess must be running, check with ps and netstat. In case of any problem, check /var/log/syslog and /var/log/maillog.
Configuring Postfix
Just add check_policy_service inet:127.0.0.1:10001 to smtpd_client_restrictions, smtpd_recipient_restrictions etc, and you are good to go.
For the size acl works properly, apolicy must to be called from smtpd_end_of_data_restrictions.
Restart Postfix.
Logging
There is two log sources to get information, first is the log sent to syslog, using the mail facility. The other is the file /var/log/twistd.log. This file contains critical errors from the twisted daemon, keep an eye on this file too.
Debugging
You can turn debug on editing the configuration file /etc/apolicy/main.conf. Go to the bottom of the file and change this:
[logger_apolicy] level=INFO
To this:
[logger_apolicy] level=DEBUG
Then restart apolicy.