On our server we are using policyd 1.x together with Postfix 2.1.5 for greylisting and enforcing incoming quotas from unauthorized users (ie. mail for our domains). For this, I have set up Postfix main.cf like this:
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10031
...
smtpd_recipient_restrictions =
permit_mynetworks,
...
permit_sasl_authenticated,
...
check_client_access pcre:/etc/postfix/checks/greylist.pcre,
and set up a selective greylisting configuration:
# greylist.pcre
/^unknown$/ greylisting
# TLDs with high spam rate
/\.(ni|ru|hu|us|si|sk|cn|jp|ro|hn|mx|br|ar|cc|ae|ee|my|tr|pt|cz)$/ greylisting
... etc
i.e. the SASL authentication overrides policyd. So far, this works great. However, I would now like to use policyd as well for authenticated users and set up a completely different rule set for these users:
For SOME unauthorized users, based on remote host name,
- greylisting,
- accounting (limit number of mails per time) with defaults,
- blacklisting,
- whitelisting.
For authorized (SASL) users,
- no greylisting,
- different user-specific outgoing mail quota with default,
- no blacklisting,
- no whitelisting.
So far, I think I have to run another instance of policyd with different SQL database and configuration file.
Is this true or is there a way to configure a single instance of policyd to use different rulesets based on remote hostname AND SASL authentication status?
Best Answer
It is possible in policyd v2 (cluebringer). You can define rules for each policy (1 policy for incoming email, another policy for outgoing, another for SASL). And then you can assign different policyd components (grelist, SPF, quota) to each policy.
http://wiki.policyd.org/documentation