Beta, Documentation incomplete


policyd-weight [-option] [-option2 <arg>] command


policyd-weight(8) is a SMTP policy daemon written in perl(1) for postfix(1). It evaluates based on RBL/RHSBL results, HELO and MAIL FROM domain and subdomain arguments and the client IP address the possibility of forgery or SPAM. It is designed to be called before the SMTP DATA command at the RCPT TO stage. This way it is a) possible to reject a mail attempt before the body has been received and b) to keep multirecipient mail intact, i.e. provide the functionality of selective usage based on recipients.

To make policyd-weight(8) work with postfix(1), it is required to add a system account for $USER (default: polw)

Policyd-weight can operate in or daemon mode. In mode it uses postfix' spawn(8), which results in number of simultanous requests perl instances. In daemon mode it uses shared memory and forks on load, and only if all child processes are busy.

At the time of writing the man-pages for policyd-weight assume a postfix installation. It has been reported that policyd-weight works with other MTAs like Exim, too.

SETUP mode:

policy unix - n n - - spawn user=polw

   argv=/usr/bin/perl /usr/local/bin/policyd-weight

smtpd_recipient_restrictions =


   ... authenticated permits ...


   ... whitelists, role accounts, clients ...

   check_policy_service unix:private/policy

daemon mode:

start the daemon with policyd-weight start. Poliyd-weight then listens on $TCP_PORT (default: 12525) for policy requests. To make postfix talk to that port do following changes to

smtpd_recipient_restrictions =


   ... authenticated permits ...


   ... whitelists, role accounts, clients ...

   check_policy_service inet:

It is possible to have more than one postfix server talk to the daemonized policyd-weight by configuring each postfix machine to query the policy server with check_policy_service inet:IP:12525 where IP is the host on which policyd-weight runs.

Please note that check_policy_service should come at last, or at least after reject_unauth_destination, or else you may become an open relay.


Following commands exist and are reserved for daemon mode only:

start start the policy server
stop stop the policy server
restart restart the policy server
reload tells the policy server to reload its configuration
defaults prints the default settings to STDOUT and exits


-d operate in debug mode

Not for use in In debug mode everything is reported on STDOUT instead of syslog(3). Also an own debug cache daemon will be spawned. The socket-file is named after the value of $SPATH with ".debug" as suffix.

-f /path/to/file

Pass a configuration file to policyd-weight

-h show help
-k kill cache daemon

Not for use in Together with -d this kills the debug cache daemon. Without -d it kills the global running cache daemon.

-s show cache entries

Not for use in

-v show version


Logging is done via syslog(3) with facility "mail" and priority "info". For a complete list of log entries and their correspondending configuration parameters refer to policyd-weight.conf(5).


Please report bugs to [email protected]


March 2005

Ralf Hildebrandt (Author of the Book of Postfix) is the spiritual father of policyd-weight. It was his idea to have a scored RBL evaluation, I've added the weighted MAIL FROM/HELO DNS-evaluation. For that purpose I used Meng Wong's which was shipped with the postfix source as example.


/etc/policyd-weight.conf, Policyd-weight configuration file
/etc/postfix/, Postfix configuration parameters
/etc/postfix/, Postfix daemon processes

RELATED TO policyd-weight…

policyd-weight.conf(5), Policyd-weight configuration file
master(5), Postfix file syntax
postconf(5), Postfix file syntax
access(5), Postfix SMTP access control table


GNU General Public License


Robert Felber <[email protected]>
Autohaus Erich Kuttendreier
81827 Munich, Germany