Skip to content


Folders and files

Last commit message
Last commit date

Latest commit


Repository files navigation


Postfwd is written in perl to combine complex postfix restrictions in a ruleset similar to those of the most firewalls. The program uses the postfix policy delegation protocol to control access to the mail system before a message has been accepted (please visit for more information). It allows you to choose an action (e.g. reject, dunno) for a combination of several smtp parameters (like sender and recipient address, size or the client's TLS fingerprint).

Important: Documentation, Quickstart guide and Examples are located at official postfwd web page

If you are interested in postfwd, please subscribe to mailing list.


Distribution packages

Popular Linux distributions like Debian and Ubuntu have postfwd 1.35 included in their package repository, so only thing you need to do is run apt-get install postfwd.

After that you can run or stop postfwd using systemd, init or script /etc/init.d/postfwd.

To change default arguments with which postfwd is run, edit file /etc/default/postfwd.

Manual installation

Clone this repository and copy postfwd2 from directory ./sbin to your PATH environment (eg. /usr/sbin/).

There are several perl module dependencies needed to run postfwd. These are mentioned at postfwd home page. For postfwd2 it is:

  • Net::Server::Daemonize
  • Net::Server::Multiplex
  • Net::Server::PreFork
  • Net::DNS
  • IO::Multiplex

You can install them using cpan.

perl -MCPAN -e shell
install Net::Server::Daemonize \
        Net::Server::Multiplex \
        Net::Server::PreFork \
        Net::DNS \

Note: Before installing with cpan make sure that you have installed gcc, gcc-devel and make or build-essential to build perl modules.


Postfwd can be run in a docker container. Please see for more information.


By default postfwd listens on port 10040 and configuration file is located in /etc/postfix/, but this can be overriden with postfwd arguments. To show postfwd argument list, simply run postfwd2 --help.

Postfwd with Postfix

Simple postfix setup to use postfwd can be configured using following options. After you change the configuration, you need to reload postfix:   = 3600
smtpd_recipient_restrictions = permit_mynetworks
                               check_policy_service inet:

Note: If you do not run postfwd on same server where postfix is run, replace IP address to IP address where your postfwd instance is located.

For more instructions to setup postfwd with postfix refer to Postfwd Integration.

Rules file

Sample postfwd configuration file can be found in file ./etc/ located in this repository.

To make your own rule set, refer to documentation and examples.

Checking the ruleset

To check if your ruleset has correct syntax, use command postfwd -f <PATH-TO-CONFIG> -C.

Running postfwd manually

To run postfwd in daemon mode as user postfwd and group postfwd using configuration file /etc/postfix/, use this command:

postfwd --daemon -f /etc/ -u postfwd -g postfwd


Postfwd functionality can be extended by creating plugins. Sample plugin can be found in plugins/postfwd.plugins.sample in this repository.

If you are interested in plugin development, use plugin development documentation as reference.

List of public plugins: