csc-milter/README.md

# CSC Milter
This is a milter ("mail filter") for CSC. Currently it only has one purpose:
prevent clients outside of the UW network from setting the 'From' header
to a CSC address *and* using port 25 (port 587 is OK).

## Installation
As root:
```
apt install python3-milter
pip3 install .
```
Installing python3-milter will also install libmilter as a dependency.

Now open /etc/postfix/main.cf and add 'unix:/run/csc-milter/csc-milter.sock'
to the end of smptd_milters. Example:
```
smtpd_milters = unix:/var/spool/postfix/spamass/spamass.sock unix:/run/csc-milter/csc-milter.sock
```
Also open /etc/postfix/master.cf and explicitly set smtpd_milters *without*
csc-milter for the ports where csc-milter should not be running. Example:
```
submission inet n       -       n       -       -       smtpd
  -o smtpd_sasl_auth_enable=yes
  ...
  -o smtpd_milters=unix:/var/spool/postfix/spamass/spamass.sock
  ...
```
Notice how smtpd_milters above does not have the csc-milter socket path. Therefore
csc-milter will not be invoked on messages arriving on port 587 (submission).

Optional, but strongly recommended: modify milter\_connect\_macros in
/etc/postfix/main.cf to include `{daemon_port}`. This ensures that even if you
forget to exclude csc-milter from master.cf, clients using non-25 ports will not
be rejected.
Example:
```
milter_connect_macros = j v _ {daemon_name} {daemon_port}
```

Optional, but recommended: add the following to /etc/postfix/main.cf:
```
smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map
```
Then, in /etc/postfix/smtpd\_milter\_map, add something like the following:
```
127.0.0.0/8    DISABLE
192.168.0.0/16 DISABLE
::/64          DISABLE
2001:db8::/32  DISABLE
```
This ensures that csc-milter will not be run on messages from local clients.
Replace 'DISABLE' by any additional milters which should be run. Note that
even if you do not do this, csc-milter will still accept messages from local
clients.

## Tests
Run the following from the root directory:
```
pip3 install -r test_requirements.txt
pytest
```
reject clients with CSC address in From header 2021-06-26 17:13:27 -04:00			`# CSC Milter`
			`This is a milter ("mail filter") for CSC. Currently it only has one purpose:`
			`prevent clients outside of the UW network from setting the 'From' header`
			`to a CSC address and using port 25 (port 587 is OK).`

			`## Installation`
			`As root:`
init 2021-06-12 18:02:01 -04:00			```
reject clients with CSC address in From header 2021-06-26 17:13:27 -04:00			`apt install python3-milter`
			`pip3 install .`
init 2021-06-12 18:02:01 -04:00			```
reject clients with CSC address in From header 2021-06-26 17:13:27 -04:00			`Installing python3-milter will also install libmilter as a dependency.`
Initial commit 2021-06-12 16:17:13 -04:00
reject clients with CSC address in From header 2021-06-26 17:13:27 -04:00			`Now open /etc/postfix/main.cf and add 'unix:/run/csc-milter/csc-milter.sock'`
			`to the end of smptd_milters. Example:`
init 2021-06-12 18:02:01 -04:00			```
reject clients with CSC address in From header 2021-06-26 17:13:27 -04:00			`smtpd_milters = unix:/var/spool/postfix/spamass/spamass.sock unix:/run/csc-milter/csc-milter.sock`
init 2021-06-12 18:02:01 -04:00			```
reject clients with CSC address in From header 2021-06-26 17:13:27 -04:00			`Also open /etc/postfix/master.cf and explicitly set smtpd_milters without`
			`csc-milter for the ports where csc-milter should not be running. Example:`
init 2021-06-12 18:02:01 -04:00			```
reject clients with CSC address in From header 2021-06-26 17:13:27 -04:00			`submission inet n - n - - smtpd`
			`-o smtpd_sasl_auth_enable=yes`
			`...`
			`-o smtpd_milters=unix:/var/spool/postfix/spamass/spamass.sock`
			`...`
init 2021-06-12 18:02:01 -04:00			```
reject clients with CSC address in From header 2021-06-26 17:13:27 -04:00			`Notice how smtpd_milters above does not have the csc-milter socket path. Therefore`
			`csc-milter will not be invoked on messages arriving on port 587 (submission).`

			`Optional, but strongly recommended: modify milter\_connect\_macros in`
			/etc/postfix/main.cf to include `{daemon_port}`. This ensures that even if you
			`forget to exclude csc-milter from master.cf, clients using non-25 ports will not`
			`be rejected.`
			`Example:`
init 2021-06-12 18:02:01 -04:00			```
reject clients with CSC address in From header 2021-06-26 17:13:27 -04:00			`milter_connect_macros = j v _ {daemon_name} {daemon_port}`
init 2021-06-12 18:02:01 -04:00			```

reject clients with CSC address in From header 2021-06-26 17:13:27 -04:00			`Optional, but recommended: add the following to /etc/postfix/main.cf:`
init 2021-06-12 18:02:01 -04:00			```
reject clients with CSC address in From header 2021-06-26 17:13:27 -04:00			`smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map`
			```
			`Then, in /etc/postfix/smtpd\_milter\_map, add something like the following:`
			```
			`127.0.0.0/8 DISABLE`
			`192.168.0.0/16 DISABLE`
			`::/64 DISABLE`
			`2001:db8::/32 DISABLE`
			```
			`This ensures that csc-milter will not be run on messages from local clients.`
			`Replace 'DISABLE' by any additional milters which should be run. Note that`
			`even if you do not do this, csc-milter will still accept messages from local`
			`clients.`
init 2021-06-12 18:02:01 -04:00
reject clients with CSC address in From header 2021-06-26 17:13:27 -04:00			`## Tests`
			`Run the following from the root directory:`
			```
			`pip3 install -r test_requirements.txt`
			`pytest`
init 2021-06-12 18:02:01 -04:00			```