Lagoa de Fogo (Azoren)Azoren

YanPolicy V0.6

Hobbies

Computer

Miscellaneous


Ulrich Eckhardt

What is YanPolicy?

It is an other policy daemon which implements greylisting and a size limit for mails. It is intended to use on small systems.

System

Unix with a database. It is currently only tested on linux with postgres. But since YanPolicy is written entirely in perl and uses the DBI interface it should be not problem to use it with other databases too.

Installation

This is only a short description. You should have at least basic knowledge about postgres and some more knowledge about the postfix configuration. Otherwise an incorrect installation may lead to an open relay.

Download

Untar the file yanpolicy-0.6.tar.gz. You will find the following scripts in this archive:
yanpolicy.pl Policy server script
yanpolcleanup.pl Database cleanup script
yanpolyweb.pl Web interface for the policy server
create_db.sql Script for creating the database

Create the database

Use the script create_db.sql to create the database and the default entry for no mail size limit. On a postgres database execute it with "psql -d template1 -f create_db.sql". To test the database enter "perl yanpolicy.pl -t". If the database is ok, this command should print a text similar to: 

Database connection OK
Get default limit OK : Mail exceeds allowed size

Install on postgres

Copy yanpolicy.pl for example to /usr/local/bin. Then enter the following lines to /etc/postfix/master.cf

greypolicy unix  -       n       n       -      -  spawn
  user=nobody argv=/usr/bin/perl /usr/local/bin/yanpolicy.pl
limitpolicy unix  -       n       n       -      -  spawn
  user=nobody argv=/usr/bin/perl /usr/local/bin/yanpolicy.pl -l

Now edit /etc/postfix/main.cf:

At the end of the smtpd_recipient_restrictions add 
check_policy_service unix:private/greypolicy
.

Now greylisting should works. To get the mail size check to work the following entry must be added to main.cf:

smtpd_end_of_data_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  check_policy_service unix:private/limitpolicy

If you remove permit_mynetworks and permit_sasl_authenticated the mail size of outgoing e-mails will also be checked.

You may now add new entries to the mail size check database with the follwing statements:

INSERT INTO rec_limits VALUES ('your@mail.address', 'Mail exceeds mailsize limit of 25K',25600);

where your@mail.adress ist the receipient address, then followed by a text, in case the mail is rejected. The last argument is the mail size in bytes. If this argument is 0 then mail size checking is disabled.

Database cleanup

Copy the script yanpolcleanup.pl to /usr/local/bin and add an entry to your crontab like:

5   5    *    *    * /usr/bin/perl /usr/local/bin/yanpolcleanup.pl -v

This purges old entries from the database every night.

The web interface.

Copy yanpolyweb.pl to a directory where you can execute cgi scripts. Also make sure that this directory is secured by at least basic http authentification in case the web server is connected to the internet.

The file yanpolicy.css is the CSS definition and should be accessible on your web server with the url /styles/yanpolicy.css

Customizing

On all files the important variables for database access are declared at the beginning of the script.

yanpolicy is written by Ulrich Eckhardt

git clone https://git.uli-eckhardt.de/yanpolicy.git
18-Dec-2015 17:13