On 05/01/2019 22:26, Philippe - Forums wrote: > Hello, > > I would like to filter SMTP access using geo-localization. > > I have installed geoip-bin on my mailserver. > > This tool works like nslookup with an IP (geoiplookup @IP) and give > geographic informations about this IP and especially the country (FR, > DE,...). > > My purpose is to filter IPs out of my country to reject SMTP connection. > > > I must made a linux script, on bash (/usr/bin/policyd-geoip). > > But I don't know how the script can tell to postfix if the IP is OK or > KO. > > > For postfix configuration I think that I must do that: > > * master.cf: > > policy-geoip unix - n n - 0 spawn > > user=nobody argv=/usr/bin/policyd-geoip > > * main.cf: > > check_policy_service unix:private/policy-geoip > > > If someone can help me for this "project". > > You can find the info and an example policy script here:
http://www.postfix.org/SMTPD_POLICY_README.html As for return values, "The policy server replies with any action that is allowed in a Postfix SMTPD access(5) <http://www.postfix.org/access.5.html> table." (http://www.postfix.org/access.5.html) I think you will want to reply with "dunno" for acceptable ips (so that then other checks following the check_policy_service restriction will be done, and with something like "reject" followed by some message such as "ip not allowed" in the case you want to reject the ip. John
