What is YanPolicy?It is an other policy daemon which implements greylisting and a size limit for mails. It is intended to use on small systems.
SystemUnix with a database. It is currently only tested on linux with postgres. But since YanPolicy is written entirely in perl and uses the DBI interface it should be not problem to use it with other databases too.
InstallationThis is only a short description. You should have at least basic knowledge about postgres and some more knowledge about the postfix configuration. Otherwise an incorrect installation may lead to an open relay.
DownloadUntar the file yanpolicy-0.6.tar.gz. You will find the following scripts in this archive:
|yanpolicy.pl||Policy server script|
|yanpolcleanup.pl||Database cleanup script|
|yanpolyweb.pl||Web interface for the policy server|
|create_db.sql||Script for creating the database|
Create the database
Use the script create_db.sql to create the database and the default entry for no mail size limit. On a postgres database execute it with "psql -d template1 -f create_db.sql". To test the database enter "perl yanpolicy.pl -t". If the database is ok, this command should print a text similar to:
Database connection OK Get default limit OK : Mail exceeds allowed size
Install on postgres
Copy yanpolicy.pl for example to /usr/local/bin. Then enter the following lines to /etc/postfix/master.cf
greypolicy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/local/bin/yanpolicy.pl limitpolicy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/local/bin/yanpolicy.pl -l
Now edit /etc/postfix/main.cf:At the end of the smtpd_recipient_restrictions add
Now greylisting should works. To get the mail size check to work the following entry must be added to main.cf:
smtpd_end_of_data_restrictions = permit_mynetworks, permit_sasl_authenticated, check_policy_service unix:private/limitpolicy
If you remove permit_mynetworks and permit_sasl_authenticated the mail size of outgoing e-mails will also be checked.
You may now add new entries to the mail size check database with the follwing statements:
INSERT INTO rec_limits VALUES ('email@example.com', 'Mail exceeds mailsize limit of 25K',25600);
where firstname.lastname@example.org ist the receipient address, then followed by a text, in case the mail is rejected. The last argument is the mail size in bytes. If this argument is 0 then mail size checking is disabled.
Copy the script yanpolcleanup.pl to /usr/local/bin and add an entry to your crontab like:
5 5 * * * /usr/bin/perl /usr/local/bin/yanpolcleanup.pl -v
This purges old entries from the database every night.
The web interface.
Copy yanpolyweb.pl to a directory where you can execute cgi scripts. Also make sure that this directory is secured by at least basic http authentification in case the web server is connected to the internet.
The file yanpolicy.css is the CSS definition and should be accessible on your web server with the url /styles/yanpolicy.css
CustomizingOn all files the important variables for database access are declared at the beginning of the script.
yanpolicy is written by Ulrich Eckhardt