Cool Solution - Mtpolicyd

From Univention Wiki

Revision as of 12:06, 1 December 2017 by Apeichert (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Produktlogo UCS Version 4.2

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Packages provided by a Cool Solutions Repository are built by Univention, but will not be maintained. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.
Note: This article is not yet reviewed.

The modular policy daemon for postfix, mtpolicyd, allows an Administrator to restrict the access to your mail server. The current package implements restrictions for a user within your domain, so that a user, whose account has been compromised, cannot turn your server into a spam machine.


The software is designed to operate on the Postfix Based Mailserver on UCS, including the UCS Mailstack and Open-Xchange. To install the packages, you need to enable the Cool Solution repository at first.

Next, you must install the package univention-mtpolicyd on the Mailserver. This can be achieved by using either the UMC module Package management or invoke the following command:

univention-install univention-mtpolicyd

During the installation, new UCR variables will be created (see below).

To activate the policy service, you will have to tell your postfix to utilize it by setting the following UCR Variable


to access the policy service at

check_policy_service inet:

You can either configure it using the UMC or on the command line with the following command:

ucr set mail/postfix/smtpd/restrictions/recipient/79='check_policy_service inet:'

UCR variables and their functionality

The system can run with the default values right from the start. However, you can finetune it to match your needs with the following UCR Variables:

UCR variable Default value Description
mtpolicyd/allowedcountries DE List of 2-Letter-ISO-Codes of countries from which to accept E-Mails. Separate multiple entries with a comma ','
mtpolicyd/debug 1 Debug level for which the policy daemon. Valid values are 0 to 4
mtpolicyd/host Host IP or Hostname on which the daemon should run. If you want to access the policy daemon over the network, change this to a valid name or IP. If not, leave it at the localhost.
mtpolicyd/port 12345 Port on which the policy daemon is running. If you change this, please ensure that you change the UCR variable mentioned in the installation section as well.
mtpolicyd/threshold 1000 Number of E-Mails a user is allowed to send per day. Please note, that depending on the email client, every address, no matter whether TO:, CC: or BCC: might count as an individual E-Mail
Personal tools