2021-06-26 17:13:27 -04:00
|
|
|
# CSC Milter
|
|
|
|
This is a milter ("mail filter") for CSC. Currently it only has one purpose:
|
|
|
|
prevent clients outside of the UW network from setting the 'From' header
|
|
|
|
to a CSC address *and* using port 25 (port 587 is OK).
|
|
|
|
|
|
|
|
## Installation
|
|
|
|
As root:
|
2021-06-12 18:02:01 -04:00
|
|
|
```
|
2021-06-26 17:13:27 -04:00
|
|
|
apt install python3-milter
|
|
|
|
pip3 install .
|
2021-06-12 18:02:01 -04:00
|
|
|
```
|
2021-06-26 17:13:27 -04:00
|
|
|
Installing python3-milter will also install libmilter as a dependency.
|
2021-06-12 16:17:13 -04:00
|
|
|
|
2021-06-26 17:13:27 -04:00
|
|
|
Now open /etc/postfix/main.cf and add 'unix:/run/csc-milter/csc-milter.sock'
|
|
|
|
to the end of smptd_milters. Example:
|
2021-06-12 18:02:01 -04:00
|
|
|
```
|
2021-06-26 17:13:27 -04:00
|
|
|
smtpd_milters = unix:/var/spool/postfix/spamass/spamass.sock unix:/run/csc-milter/csc-milter.sock
|
2021-06-12 18:02:01 -04:00
|
|
|
```
|
2021-06-26 17:13:27 -04:00
|
|
|
Also open /etc/postfix/master.cf and explicitly set smtpd_milters *without*
|
|
|
|
csc-milter for the ports where csc-milter should not be running. Example:
|
2021-06-12 18:02:01 -04:00
|
|
|
```
|
2021-06-26 17:13:27 -04:00
|
|
|
submission inet n - n - - smtpd
|
|
|
|
-o smtpd_sasl_auth_enable=yes
|
|
|
|
...
|
|
|
|
-o smtpd_milters=unix:/var/spool/postfix/spamass/spamass.sock
|
|
|
|
...
|
2021-06-12 18:02:01 -04:00
|
|
|
```
|
2021-06-26 17:13:27 -04:00
|
|
|
Notice how smtpd_milters above does not have the csc-milter socket path. Therefore
|
|
|
|
csc-milter will not be invoked on messages arriving on port 587 (submission).
|
|
|
|
|
|
|
|
Optional, but strongly recommended: modify milter\_connect\_macros in
|
|
|
|
/etc/postfix/main.cf to include `{daemon_port}`. This ensures that even if you
|
|
|
|
forget to exclude csc-milter from master.cf, clients using non-25 ports will not
|
|
|
|
be rejected.
|
|
|
|
Example:
|
2021-06-12 18:02:01 -04:00
|
|
|
```
|
2021-06-26 17:13:27 -04:00
|
|
|
milter_connect_macros = j v _ {daemon_name} {daemon_port}
|
2021-06-12 18:02:01 -04:00
|
|
|
```
|
|
|
|
|
2021-06-26 17:13:27 -04:00
|
|
|
Optional, but recommended: add the following to /etc/postfix/main.cf:
|
2021-06-12 18:02:01 -04:00
|
|
|
```
|
2021-06-26 17:13:27 -04:00
|
|
|
smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map
|
|
|
|
```
|
|
|
|
Then, in /etc/postfix/smtpd\_milter\_map, add something like the following:
|
|
|
|
```
|
|
|
|
127.0.0.0/8 DISABLE
|
|
|
|
192.168.0.0/16 DISABLE
|
|
|
|
::/64 DISABLE
|
|
|
|
2001:db8::/32 DISABLE
|
|
|
|
```
|
|
|
|
This ensures that csc-milter will not be run on messages from local clients.
|
|
|
|
Replace 'DISABLE' by any additional milters which should be run. Note that
|
|
|
|
even if you do not do this, csc-milter will still accept messages from local
|
|
|
|
clients.
|
2021-06-12 18:02:01 -04:00
|
|
|
|
2021-06-26 17:13:27 -04:00
|
|
|
## Tests
|
|
|
|
Run the following from the root directory:
|
|
|
|
```
|
|
|
|
pip3 install -r test_requirements.txt
|
|
|
|
pytest
|
2021-06-12 18:02:01 -04:00
|
|
|
```
|