Postfix-policy

This software has been built using and depends on ServerKit.

Overview

Postfix-policy is a policy server intended for use with large-scale mail systems utilizing Postfix for MX duties and MySQL for the management of accounts with basic policy needs. Utilizing ServerKit this policy server achieves a high level of performance and scalability for Postfix servers.

Usage

It is advised that you read the ServerKit documentation before trying to use this module, as most of the basic usage is simply using ServerKit, nothing specific to this module.

You will probably want to use the included ServerKit personality as a starting point, found in the source archive as a directory named personality. Within the personality you will find a c11n file, a modules subdirectory, and a svsdir subdirectory.

The c11n file is a ServerKit configuration file, you will need to at least modify the database settings so ServerKit can successfully communicate with your database system. Another configuration value that you will definitely have to set is action_query_format_string.

The action_query_format_string is the SQL query postfix-policy will use to retrieve an action to send back to Postfix in response to policy delegation requests. See the Configuration section for a list of supported substitutions for use in the format string.

You are responsible for creating a query that is compatible with your mail system database schema, and ensuring that the query will:

  1. return an empty set for invalid recipients
  2. return a valid action string when not returning an empty set

For an explanation of valid policy action responses, see the access(5) manual reference from Postfix, you're interested in the *ACTIONS sections


Configuration

The following configuration options are supported:
NameTypeDescription
min_sessions integer Minimum number of sessions to allocate.
max_sessions integer Maximum number of sessions to allocate.
min_threads integer Minimum number of worker threads to create.
max_threads integer Maximum number of worker threads to create.
backlog integer Size of kernel-level connection backlog, passed to listen() as-is.
database string Identifier of database connection pool instance to use, see ServerKit configuration for assistance with database connection pool configuration.
socket_path string Path to use for the UNIX socket Postfix will communicate with postfix-policy through. See SMTPD_POLICY_README from your Postfix documentation for information on configuring Postfix to use this socket for policy checks.
action_query_format_string string SQL query with some special characters which get substituted at runtime. Currently supported substitutions include:
  • %l Left-hand side of recipient address (everything to the left of the '@')
  • %r Right-hand side of recipient address (everything to the right of the '@')

You can query the module for its supported configuration options by simply running it like a normal executable program. This is the preferred method of keeping informed on what configuration values are supported and what the defaults are.

Here is some sample output of running the module:
swivel@volatile:~/postfix-policy$ ./postfix-policy.so 
ServerKit bundled module inspector

- Summary -
Name: postfix_policy
Description: High performance Postfix policy server
Version: 0.0.2
Authors: Vito Caputo 

- Supported configuration options & defaults -
min_sessions = 128
max_sessions = 32768
max_threads = 4000
min_threads = 10
backlog = 32
# database = ""
# socket_path = ""
action_query_format_string = "select SMTPAction from VirtualEmailUser where VirtualEmailUser.Address=\"%l@%r\")"
swivel@volatile:~/postfix-policy$ 


Source archives

Release date Tar.gz MD5 checksum
12-04-2007 postfix-policy-0.0.3.tar.gz 2b1bd771fb74d038246ac3c3efa3a346
12-16-2006 postfix-policy-0.0.2.tar.gz 208aa3adc9130d12919fa6bbd5fd3dab
12-12-2006 postfix-policy-0.0.1.tar.gz 4ac071adb9d6d7387a58797ecf6ccab6

License

Postfix-policy is released under the HPLv1.1. A slightly modified version of the GNU General Public License version 2.

Contribute

I accept patches or feature requests, simply email me at the email address contained within the source tree. I am also always looking for testers so if you're willing to test new features, let me know.

If you would like to contribute to this project monetarily, feel free to donate via the paypal button below.

© 2008 Vito Caputo