init
This commit is contained in:
parent
52d221ffdf
commit
bd25ff18d4
35
README.md
35
README.md
|
@ -1,2 +1,37 @@
|
|||
# Spoof Milter
|
||||
Postfix does not provide libmilter so you will need to install that
|
||||
```
|
||||
apt install libmilter
|
||||
```
|
||||
may be provided by sendmail-devel on some systems
|
||||
|
||||
You will also need to install pymilter
|
||||
```
|
||||
pip install pymilter
|
||||
```
|
||||
|
||||
## Installation
|
||||
in /etc/postfix/mail.cf
|
||||
```
|
||||
smtpd_milters = inet:localhost:<portnumber> ...other filters...
|
||||
```
|
||||
Write systemd thing to run milter
|
||||
```
|
||||
/some/where/opendkim -l -u userid -p inet:<portnumber>@localhost ...other options...
|
||||
```
|
||||
|
||||
### Other notes
|
||||
Different milter settings for different client IP addresses
|
||||
```
|
||||
/etc/postfix/main.cf:
|
||||
smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map
|
||||
smtpd_milters = inet:host:port, { inet:host:port, ... }, ...
|
||||
|
||||
/etc/postfix/smtpd_milter_map:
|
||||
# Disable Milters for local clients.
|
||||
# do this for local waterloo
|
||||
127.0.0.0/8 DISABLE
|
||||
192.168.0.0/16 DISABLE
|
||||
::/64 DISABLE
|
||||
2001:db8::/32 DISABLE
|
||||
```
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
from setuptools import setup, find_packages
|
||||
|
||||
setup(
|
||||
name='milter_nospoof',
|
||||
version='0.0.1',
|
||||
description='rejects messages using csclub.uwaterloo.ca on port 25',
|
||||
packages=find_packages('src'),
|
||||
package_dir={'': 'src'},
|
||||
python_requires='>=3.0',
|
||||
install_requires=[
|
||||
],
|
||||
)
|
||||
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
import Milter
|
||||
from socket import AF_INET, AF_INET6
|
||||
from Milter.utils import parse_addr
|
||||
|
||||
class myMilter(Milter.Base):
|
||||
|
||||
def __init__(self): # A new instance with each new connection.
|
||||
self.id = Milter.uniqueID() # Integer incremented with each call.
|
||||
|
||||
# @Milter.noreply
|
||||
# called on connect to MTA
|
||||
def connect(self, IPname, family, hostaddr):
|
||||
# IPname: the PTR name or bracketed IP of the SMTP client
|
||||
# family: one of (socket.AF_INET, socket.AF_INET6, socket.AF_UNIX)
|
||||
# hostaddr: a tuple or string with peer IP or socketname
|
||||
# (self, 'ip068.subnet71.example.com', AF_INET, ('215.183.71.68', 4720) )
|
||||
# (self, 'ip6.mxout.example.com', AF_INET6, ('3ffe:80e8:d8::1', 4720, 1, 0) )
|
||||
self.IP = hostaddr[0]
|
||||
self.port = hostaddr[1]
|
||||
if family == AF_INET6:
|
||||
self.flow = hostaddr[2]
|
||||
self.scope = hostaddr[3]
|
||||
else:
|
||||
self.flow = None
|
||||
self.scope = None
|
||||
self.IPname = IPname # Name from a reverse IP lookup
|
||||
self.H = None
|
||||
return Milter.CONTINUE
|
||||
|
||||
# called when the SMTP client says MAIL FROM
|
||||
def envfrom(self, mailfrom, *str):
|
||||
uwaddr = "csclub.uwaterloo.ca"
|
||||
if uwaddr in parse_addr(mailfrom) and self.IP == 25:
|
||||
return Milter.REJECT # this will only drop the msg not the connection
|
||||
return Milter.CONTINUE
|
||||
|
||||
|
||||
def main():
|
||||
socketname = "/var/run/milter-nospoof"
|
||||
timeout = 600
|
||||
# Register to have the Milter factory create instances of your class:
|
||||
Milter.factory = myMilter
|
||||
# print "%s milter startup" % time.strftime('%Y%b%d %H:%M:%S')
|
||||
# sys.stdout.flush()
|
||||
# Milter.runmilter("pythonfilter",socketname,timeout)
|
||||
# print "%s bms milter shutdown" % time.strftime('%Y%b%d %H:%M:%S')
|
||||
if __name__ == "__main__":
|
||||
main()
|
Loading…
Reference in New Issue