Startsida Utforska Hjälp
Registrera dig Logga in
fphammerle
/
milterfrom
spegling av https://github.com/fphammerle/milterfrom
1
0
Fork 0
Filer Ärenden 0 Wiki

Ingen beskrivning

Träd: b273dbfd1e
Grenar Taggar
milterfrom
ZIP TAR.GZ
Max von Buelow b273dbfd1e typo 7 år sedan
CMakeLists.txt 304658ca7d export 7 år sedan
FindMilter.cmake 304658ca7d export 7 år sedan
README.md b273dbfd1e typo 7 år sedan
milterfrom.c 525d05b948 bug fixes 7 år sedan

README.md

MilterFrom

This milter compares the envelope sender with the sender specified in the mail header for authenticated users.

It aims to resolve the problem that OpenDKIM signs ALL mails with domains listed in its databases. If you have a multi user setup, user A "a@example.invalid" can send mails with the from field "From: b@example.invalid" and OpenDKIM signs it although user A should not be allowed to send authenticated mails from "b@example.invalid".

The postconf option "reject_authenticated_sender_login_mismatch" doesn't solve the problem at all, because it only enforces the envelope sender to be correct. This milter further ensures that the sender specified in the header matches the envelope sender.

Beta

This code is beta. It would be great if someone who has more experience with libmilter would look at my code and send me some feedback. The code is really short (one file with 270 lines) and based on the libmilter example.

Build

As always:

mkdir build
cd $_
cmake ..
make

Postfix (on Debian)

apt-get install git cmake make gcc libmilter1.0.1 libmilter-dev

groupadd milterfrom
useradd -g milterfrom -s /bin/false -d /var/spool/postfix/milterfrom milterfrom
adduser postfix milterfrom
mkdir /var/spool/postfix/milterfrom
chown milterfrom:milterfrom /var/spool/postfix/milterfrom

cp milterfrom /usr/local/bin

nano /etc/systemd/system/milterfrom.service

[Unit]
Description=Milter which enforces equal envelope and header sender

[Service]
Type=forking
PIDFile=/var/run/milterfrom.pid
EnvironmentFile=-/etc/default/milterfrom
ExecStart=/usr/local/bin/milterfrom -d -p /var/run/milterfrom.pid $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

nano /etc/default/milterfrom

OPTIONS="-u milterfrom -g milterfrom -m 002 -s /var/spool/postfix/milterfrom/milterfrom"

Change the Postfix config file (if you don't use DKIM, remove the parts):

nano /etc/postfix/main.cf

smtpd_milters = unix:/milterfrom/milterfrom, unix:/opendkim/opendkim.sock
non_smtpd_milters = unix:/milterfrom/milterfrom, unix:/opendkim/opendkim.sock

systemctl enable milterfrom
service postfix restart
service milterfrom start

Example

openssl s_client -connect mail.example.invalid -starttls smtp

CONNECTED(00000003)
[TLS stuff]
---
250 DSN
auth login
[...]
235 2.7.0 Authentication successful
mail from: theuser@example.invalid
250 2.1.0 Ok
rcpt to: someuser@external.invalid
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
From: anotheruser@example.invalid
To: someuser@external.invalid
Subject: Spam

Hey! :)
.
550 5.7.1 Rejected due to unmatching envelope and header sender.
quit
221 2.0.0 Bye
closed

Run

To start the daemon directly, run the following:

./milterfrom -u milterfrom -g milterfrom -m 002 -d -p /var/run/milterfrom.pid -s /var/spool/postfix/milterfrom/milterfrom

License

Licensed under the 3-Clause BSD License.