mirror of
https://github.com/chillout2k/ldap-acl-milter.git
synced 2025-12-13 19:30:18 +00:00
44 lines
1.6 KiB
Markdown
44 lines
1.6 KiB
Markdown
# ldap-acl-milter
|
|
A fast and lightweight and thread-safe python3 milter on top of [sdgathman/pymilter](https://github.com/sdgathman/pymilter) for Access ControL (ACL) scenarios. The milter consumes policies from a LDAP server based on custom queries with trivial templating support (%from% = RFC5321.from; %rcpt% = RFC5321.rcpt). Please have a look at the docker-compose.yml example.
|
|
|
|
So, if you already have a LDAP server running with e.g. amavis-schema, you may reuse the 'amavisWhitelistSender'/'amavisBlacklistSender' attributes. Please have a look at the docker-compose.yml example.
|
|
|
|
The connection to the LDAP server is always persistent: one TCP-Session, one LDAP-bind -> less overhead
|
|
|
|
### docker-compose.yml
|
|
|
|
```
|
|
version: '3'
|
|
|
|
volumes:
|
|
lam_socket:
|
|
|
|
services:
|
|
ldap-acl-milter:
|
|
image: "ldap-acl-milter/debian:19.02_devel"
|
|
restart: unless-stopped
|
|
environment:
|
|
LDAP_SERVER: ldap://ldap-slave.example.org:389
|
|
LDAP_BINDDN: uid=lam,ou=apps,dc=example,dc=org
|
|
LDAP_BINDPW: TopSecret1!
|
|
LDAP_BASE: ou=users,dc=example,dc=org
|
|
LDAP_QUERY: (&(mail=%rcpt%)(amavisWhitelistSender=%from%))
|
|
# Socket default: /socket/ldap-acl-milter
|
|
# MILTER_SOCKET: inet6:8020
|
|
MILTER_REJECT_MESSAGE: Rejected due to security policy violation
|
|
hostname: ldap-acl-milter
|
|
volumes:
|
|
- "lam_socket:/socket/:rw"
|
|
postfix:
|
|
depends_on:
|
|
- ldap-acl-milter
|
|
image: "postfix/alpine/amd64"
|
|
restart: unless-stopped
|
|
hostname: postfix
|
|
ports:
|
|
- "25:25"
|
|
volumes:
|
|
- "./config/postfix:/etc/postfix:rw"
|
|
- "lam_socket:/socket/:rw"
|
|
```
|