reject clients with CSC address in From header

This commit is contained in:
Max Erenberg 2021-06-26 21:13:27 +00:00
parent bd25ff18d4
commit fd17a2e007
10 changed files with 289 additions and 85 deletions

4
.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
__pycache__/
*.swp
*.egg-info/
build/

View File

@ -1,37 +1,61 @@
# Spoof Milter # CSC Milter
Postfix does not provide libmilter so you will need to install that This is a milter ("mail filter") for CSC. Currently it only has one purpose:
``` prevent clients outside of the UW network from setting the 'From' header
apt install libmilter to a CSC address *and* using port 25 (port 587 is OK).
```
may be provided by sendmail-devel on some systems
You will also need to install pymilter
```
pip install pymilter
```
## Installation ## Installation
in /etc/postfix/mail.cf As root:
``` ```
smtpd_milters = inet:localhost:<portnumber> ...other filters... apt install python3-milter
pip3 install .
``` ```
Write systemd thing to run milter Installing python3-milter will also install libmilter as a dependency.
Now open /etc/postfix/main.cf and add 'unix:/run/csc-milter/csc-milter.sock'
to the end of smptd_milters. Example:
``` ```
/some/where/opendkim -l -u userid -p inet:<portnumber>@localhost ...other options... smtpd_milters = unix:/var/spool/postfix/spamass/spamass.sock unix:/run/csc-milter/csc-milter.sock
```
Also open /etc/postfix/master.cf and explicitly set smtpd_milters *without*
csc-milter for the ports where csc-milter should not be running. Example:
```
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
...
-o smtpd_milters=unix:/var/spool/postfix/spamass/spamass.sock
...
```
Notice how smtpd_milters above does not have the csc-milter socket path. Therefore
csc-milter will not be invoked on messages arriving on port 587 (submission).
Optional, but strongly recommended: modify milter\_connect\_macros in
/etc/postfix/main.cf to include `{daemon_port}`. This ensures that even if you
forget to exclude csc-milter from master.cf, clients using non-25 ports will not
be rejected.
Example:
```
milter_connect_macros = j v _ {daemon_name} {daemon_port}
``` ```
### Other notes Optional, but recommended: add the following to /etc/postfix/main.cf:
Different milter settings for different client IP addresses
``` ```
/etc/postfix/main.cf: smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map
smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map ```
smtpd_milters = inet:host:port, { inet:host:port, ... }, ... Then, in /etc/postfix/smtpd\_milter\_map, add something like the following:
```
127.0.0.0/8 DISABLE
192.168.0.0/16 DISABLE
::/64 DISABLE
2001:db8::/32 DISABLE
```
This ensures that csc-milter will not be run on messages from local clients.
Replace 'DISABLE' by any additional milters which should be run. Note that
even if you do not do this, csc-milter will still accept messages from local
clients.
/etc/postfix/smtpd_milter_map: ## Tests
# Disable Milters for local clients. Run the following from the root directory:
# do this for local waterloo ```
127.0.0.0/8 DISABLE pip3 install -r test_requirements.txt
192.168.0.0/16 DISABLE pytest
::/64 DISABLE
2001:db8::/32 DISABLE
``` ```

1
csc_milter/__init__.py Normal file
View File

@ -0,0 +1 @@
from .main import CSCMilter

132
csc_milter/main.py Normal file
View File

@ -0,0 +1,132 @@
#!/usr/bin/env python3
import argparse
from email.utils import parseaddr
import ipaddress
import logging
import os
import pwd
import subprocess
import Milter
SOCKETPATH = "/run/csc-milter/csc-milter.sock"
TIMEOUT = 5
MYORIGIN = ''
MYNETWORKS = []
REJECT_MESSAGE = 'You may not send from a CSC address on port 25 - please use port 587 instead.'
logger = logging.getLogger(__name__)
logger.setLevel(logging.DEBUG)
log_handler = logging.StreamHandler()
log_handler.setLevel(logging.DEBUG)
log_handler.setFormatter(logging.Formatter('%(levelname)s: %(message)s'))
logger.addHandler(log_handler)
def is_in_myorigin(domain):
return domain == MYORIGIN or domain.endswith('.' + MYORIGIN)
def is_in_mynetworks(addr_str):
addr = ipaddress.ip_address(addr_str)
return any(addr in subnet for subnet in MYNETWORKS)
class CSCMilter(Milter.Base):
def __init__(self): # A new instance with each new connection.
super()
def connect(self, IPname, family, hostaddr):
"""
Called on connect to MTA.
:param IPname: the PTR name or bracketed IP of the SMTP client
:param family: one of (socket.AF_INET, socket.AF_INET6, socket.AF_UNIX)
:param hostaddr: a tuple or string with peer IP or socketname
Examples:
(self, 'ip068.subnet71.example.com', AF_INET, ('215.183.71.68', 4720) )
(self, 'ip6.mxout.example.com', AF_INET6, ('3ffe:80e8:d8::1', 4720, 1, 0) )
"""
self.IP = hostaddr[0]
if is_in_mynetworks(self.IP):
return Milter.ACCEPT
self.daemon_port = self.getsymval('{daemon_port}')
if self.daemon_port is not None and self.daemon_port != '25':
return Milter.ACCEPT
return Milter.CONTINUE
@Milter.noreply
def envfrom(self, mailfrom, *str):
self.mailfrom = mailfrom
return Milter.CONTINUE
def header(self, field, value):
"""Called for each header field in the message body."""
if field.lower() != 'from':
return Milter.CONTINUE
addr = parseaddr(value)[1]
if addr == '':
return Milter.CONTINUE
domain = addr.split('@')[1].lower()
if is_in_myorigin(domain):
logger.info('Rejecting message (MAIL FROM: %s, From: %s)' % (self.mailfrom, value))
# See RFC 1893
self.setreply('550', '5.7.1', REJECT_MESSAGE)
return Milter.REJECT
return Milter.CONTINUE
def check_postfix_user():
postfix_passwd = pwd.getpwnam('postfix')
uid = postfix_passwd.pw_uid
gid = postfix_passwd.pw_gid
if os.geteuid() != uid or os.getegid() != gid:
raise Exception('this program should be running as the Postfix user')
def get_postconf(param):
proc = subprocess.run(
rf"postconf -x | grep -oP '^{param} = \K(.*)'",
shell=True, capture_output=True, check=True
)
value = proc.stdout.decode().strip()
logger.debug(f'Retrieved from postconf: {param} = {value}')
return value
def main():
global MYORIGIN
global MYNETWORKS
check_postfix_user()
parser = argparse.ArgumentParser(description='Custom milter for CSC.')
parser.add_argument('--myorigin', help='domain name for locally-posted mail')
parser.add_argument('--mynetworks', help='space-separated list of trusted subnets')
args = parser.parse_args()
if args.myorigin is not None:
MYORIGIN = args.myorigin
else:
MYORIGIN = get_postconf('myorigin')
if args.mynetworks is not None:
networks = args.mynetworks.split()
else:
networks = get_postconf('mynetworks').split()
MYNETWORKS = [
ipaddress.ip_network(s.replace('[', '').replace(']', ''))
for s in networks
]
Milter.factory = CSCMilter
logger.debug("milter startup")
Milter.runmilter("csc-milter", SOCKETPATH, TIMEOUT)
logger.debug("milter shutdown")
if __name__ == "__main__":
main()

1
requirements.txt Normal file
View File

@ -0,0 +1 @@
pymilter>=1.0.0

View File

@ -1,14 +1,41 @@
import sys
from setuptools import setup, find_packages from setuptools import setup, find_packages
from setuptools.command.test import test as TestCommand
requirements = [line.strip() for line in open('requirements.txt')]
test_requirements = [line.strip() for line in open('test_requirements.txt')]
long_description = open('README.md').read()
class PyTest(TestCommand):
def run_tests(self):
import pytest
sys.exit(pytest.main([]))
setup( setup(
name='milter_nospoof', name='csc-milter',
version='0.0.1', version='0.1.0',
description='rejects messages using csclub.uwaterloo.ca on port 25', description='Custom milter for CSC',
packages=find_packages('src'), long_description=long_description,
package_dir={'': 'src'}, long_description_content_type='text/markdown',
python_requires='>=3.0', url='https://git.csclub.uwaterloo.ca/public/csc-milter.git',
install_requires=[ author='CSC Systems Committee',
], author_email='syscom@csclub.uwaterloo.ca',
classifiers=[
'Programming Language :: Python :: 3',
'OSI Approved :: GNU General Public License v3 or later (GPLv3+)',
'Operating System :: Unix',
],
license='GPLv3',
keywords='email, milter',
packages=find_packages(),
python_requires='>=3.6',
install_requires=requirements,
tests_require=test_requirements,
cmdclass={'test': PyTest},
entry_points={
'console_scripts': ['csc-milter=csc_milter.main:main']
},
) )

View File

@ -1,48 +0,0 @@
import Milter
from socket import AF_INET, AF_INET6
from Milter.utils import parse_addr
class myMilter(Milter.Base):
def __init__(self): # A new instance with each new connection.
self.id = Milter.uniqueID() # Integer incremented with each call.
# @Milter.noreply
# called on connect to MTA
def connect(self, IPname, family, hostaddr):
# IPname: the PTR name or bracketed IP of the SMTP client
# family: one of (socket.AF_INET, socket.AF_INET6, socket.AF_UNIX)
# hostaddr: a tuple or string with peer IP or socketname
# (self, 'ip068.subnet71.example.com', AF_INET, ('215.183.71.68', 4720) )
# (self, 'ip6.mxout.example.com', AF_INET6, ('3ffe:80e8:d8::1', 4720, 1, 0) )
self.IP = hostaddr[0]
self.port = hostaddr[1]
if family == AF_INET6:
self.flow = hostaddr[2]
self.scope = hostaddr[3]
else:
self.flow = None
self.scope = None
self.IPname = IPname # Name from a reverse IP lookup
self.H = None
return Milter.CONTINUE
# called when the SMTP client says MAIL FROM
def envfrom(self, mailfrom, *str):
uwaddr = "csclub.uwaterloo.ca"
if uwaddr in parse_addr(mailfrom) and self.IP == 25:
return Milter.REJECT # this will only drop the msg not the connection
return Milter.CONTINUE
def main():
socketname = "/var/run/milter-nospoof"
timeout = 600
# Register to have the Milter factory create instances of your class:
Milter.factory = myMilter
# print "%s milter startup" % time.strftime('%Y%b%d %H:%M:%S')
# sys.stdout.flush()
# Milter.runmilter("pythonfilter",socketname,timeout)
# print "%s bms milter shutdown" % time.strftime('%Y%b%d %H:%M:%S')
if __name__ == "__main__":
main()

1
test_requirements.txt Normal file
View File

@ -0,0 +1 @@
pytest>=6.2.0

0
tests/__init__.py Normal file
View File

62
tests/test_from_header.py Normal file
View File

@ -0,0 +1,62 @@
import ipaddress
import socket
from unittest.mock import Mock
import Milter
import csc_milter.main as csc_milter
def setup_module():
csc_milter.MYNETWORKS = [
ipaddress.ip_network('129.97.134.0/24'),
]
csc_milter.MYORIGIN = 'csclub.uwaterloo.ca'
def teardown_module():
csc_milter.MYNETWORKS = []
csc_milter.MYORIGIN = ''
def get_milter(dst_port):
milter = csc_milter.CSCMilter()
milter.getsymval = Mock(side_effect=lambda s: str(dst_port) if s == '{daemon_port}' else None)
milter._protocol = 18266 # to make the @Milter.noreply work
milter.setreply = Mock()
return milter
def test_local_port_25():
milter = get_milter(25)
ret = milter.connect('caffeine.csclub.uwaterloo.ca', socket.AF_INET, ('129.97.134.17', 10000))
assert ret == Milter.ACCEPT
def test_local_port_587():
milter = get_milter(587)
ret = milter.connect('caffeine.csclub.uwaterloo.ca', socket.AF_INET, ('129.97.134.17', 10000))
assert ret == Milter.ACCEPT
def test_remote_port_25_csc_address():
milter = get_milter(25)
ret = milter.connect('[24.114.29.182]', socket.AF_INET, ('24.114.29.182', 10000))
assert ret == Milter.CONTINUE
milter.envfrom('<user@example.com>')
ret = milter.header('From', '<syscom@csclub.uwaterloo.ca>')
assert ret == Milter.REJECT
def test_remote_port_25_non_csc_address():
milter = get_milter(25)
milter.connect('[24.114.29.182]', socket.AF_INET, ('24.114.29.182', 10000))
milter.envfrom('<user@example.com>')
ret = milter.header('From', 'John Doe <user@example.com>')
assert ret == Milter.CONTINUE
def test_remote_port_587():
milter = get_milter(587)
ret = milter.connect('[24.114.29.182]', socket.AF_INET, ('24.114.29.182', 10000))
assert ret == Milter.ACCEPT