diff --git a/ldap-acl-milter/ldap-acl-milter.schema b/ldap-acl-milter/ldap-acl-milter.schema
new file mode 100644
index 0000000..cf137cf
--- /dev/null
+++ b/ldap-acl-milter/ldap-acl-milter.schema
@@ -0,0 +1,99 @@
+# ldap-acl-milter https://github.com/chillout2k/ldap-acl-milter
+#
+# https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers
+# DC IT-Consulting
+# Dominik Chilla
+#
+# OID prefix: 1.3.6.1.4.1.53501
+#
+# Attributes: 1.3.6.1.4.1.53501.1.1
+
+attributetype ( 1.3.6.1.4.1.53501.1.1.1
+	NAME 'policyID'
+	DESC 'Policy ID'
+	EQUALITY caseExactIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128}
+	SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.53501.1.1.3
+	NAME 'allowedSenders'
+	DESC 'Allowed RFC5321.from'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{254})
+
+attributetype ( 1.3.6.1.4.1.53501.1.1.4
+	NAME 'allowedRcpts'
+	DESC 'Denied RFC5321.to'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{254})
+
+attributetype ( 1.3.6.1.4.1.53501.1.1.5
+	NAME 'deniedSenders'
+	DESC 'Allowed RFC5321.from'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{254})
+
+attributetype ( 1.3.6.1.4.1.53501.1.1.6
+	NAME 'deniedRcpts'
+	DESC 'Denied RFC5321.to'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{254})
+
+attributetype ( 1.3.6.1.4.1.53501.1.1.7
+	NAME 'allowedClientAddr'
+	DESC 'Allowed client IPv4/IPv6 address'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64})
+
+attributetype ( 1.3.6.1.4.1.53501.1.1.8
+	NAME 'deniedClientAddr'
+	DESC 'Denied client IPv4/IPv6 address'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64})
+
+attributetype ( 1.3.6.1.4.1.53501.1.1.9
+	NAME 'allowedSaslUser'
+	DESC 'Allowed SASL authentication user'
+	EQUALITY caseExactIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64})
+
+attributetype ( 1.3.6.1.4.1.53501.1.1.10
+	NAME 'extBLOB'
+	DESC 'placeholder for binary extensions'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4096})
+
+attributetype ( 1.3.6.1.4.1.53501.1.1.11
+	NAME 'allowedx509subject'
+	DESC 'Allowed x509 Common Name - subject'
+	EQUALITY caseExactIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64})
+
+attributetype ( 1.3.6.1.4.1.53501.1.1.12
+	NAME 'allowedx509issuer'
+	DESC 'Allowed x509 Common Name - issuer'
+	EQUALITY caseExactIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64})
+
+#
+# Objects: 1.3.6.1.4.1.53501.1.2
+#
+objectclass ( 1.3.6.1.4.1.53501.1.2.1
+	NAME 'lamPolicy'
+	DESC 'ldap-acl-milter policy'
+	SUP top	STRUCTURAL
+	MUST policyID
+  MAY	 ( allowedRcpts $ deniedRcpts $
+	  allowedSenders $ deniedSenders $
+		allowedClientAddr $ deniedClientAddr $
+		allowedSaslUser $ extBLOB $
+		allowedx509subject $ allowedx509issuer )
+	)
+