mtpolicyd - a modular policy daemon for postfix

for use with postfix SMTP Access Policy Delegation.

Getting Started Download


Checks are implemented as plugins. Plugins can be configured and combined as needed. Plugins included:

  • RBL - query DNS IP black/whitelists
  • DBL - query DNS domain black/whitelists
  • SqlList - use SQL query as black/whitelist
  • CtIpRep - use Commtouch IP reputation
  • GeoIP - use location of sending IP
  • Fail2ban - block spammers with fail2ban/iptables
  • Greylist - greylisting
  • SPF - Sender Policy Framework
  • Accounting - collect SMTP-level accounting informations
  • Quota - apply quota limits based on Accounting data
  • and more... (see Documentation)

It is also possible to implement your own plugins. Mtpolicyd is written in perl. See Mail::MtPolicyd::Cookbook::BasicModule on how to implement a basic plugin class.


Configuration is done via Apache-Style configuration file (Config::General):


<VirtualHost 12345>
                module = "RBL"
                mode = "accept"

        <Plugin geoip>

Virtual Hosts

You can use a single mtpolicyd instance to serve multiple configurations on different ports.

Session Caching

Mails can be tracked across different checks within a postfix session. Plugins can use the session for caching results(RBL lookups etc.). Sessions are stored in memcached.

Per-User Configuration

Additional run-time configration parameters can be retrieved and stored within the session. The SqlUserConfig plugin will retrieve recipient, sender, client_address, sasl_username or other request specific settings from a database.


Checks can be combined into a scoring and mails can be rejected or taged later based on the score. You can also apply additional checks (eg. greylisting) based on the scoring. For example apply greylisting only to blacklisted IP and avoid the greylisting delay for regular mail.


mtpolicyd keeps track how many time each plugin runs. Plugins can also set their own timing events.