A simple Postfix policy server.
Don't forget to check out our lightweight email archiving software: https://spiderd.io/
iredapd
by default),
with plugin support.libs/daemon.py
is BSD license.libs/srslib.py
is Apache License, Version 2.0.NOTES:
INSTALL.md
.7777
: normal smtp policy service7778
: SRS (Sender Rewriting Scheme) for sender address rewriting7779
: SRS (Sender Rewriting Scheme) for recipient address rewritingiRedMail project has a detailed tutorial to show you how to manage iRedAPD with command line tools: Manage iRedAPD
Plugins are files placed under plugins/
directory, plugin name is file name
without file extension .py
. It's recommended to read comment lines in plugin
source files to understand what it does and how it works.
reject_to_hostname
: reject emails sent to xxx@<server hostname>
from
external network.
reject_sender_login_mismatch
: Reject sender login mismatch (addresses in
From:
and SASL username). It will verify user alias addresses against
SQL/LDAP database.
This plugin also verifies forged sender address, e.g. sending email as a local domain to local domain.
reject_null_sender
: Reject message submitted by sasl authenticated user but
use null sender in From:
header (from=<>
in Postfix log).
RECOMMENDED to enable this plugin. It doesn't require SQL/LDAP query.
If your user's password was cracked by spammer, spammer can use
this account to bypass smtp authentication, but with a null sender
in From:
header, throttling won't be triggered.
amavisd_wblist
: Whitelist/blacklist for both inbound and outbound messages.
The white/blacklists are used by both iRedAPD (before-queue) and Amavisd (after-queue).
greylisting
: for greylisting service.
throttle
: Throttling based on:
whitelist_outbound_recipient
: automatically whitelist recipient addresses
of outgoing emails sent by sasl authenticated (local) users. It's able to
whitelist single recipient address or domain for greylisting and normal
white/blacklist.
ldap_maillist_access_policy
: restrict who can send email to mail list.ldap_force_change_password_in_days
: force users to change password in days (default 90 days). User cannot send email before resetting password.sql_alias_access_policy
: restrict who can send email to mail alias.sql_force_change_password_in_days
: force users to change password in days (default 90 days). User cannot send email before resetting password.