2.0 KiB
CSC Milter
This is a milter ("mail filter") for CSC. Currently it only has one purpose: prevent clients outside of the UW network from setting the 'From' header to a CSC address and using port 25 (port 587 is OK).
Installation
As root:
apt install python3-milter
pip3 install .
Installing python3-milter will also install libmilter as a dependency.
Now open /etc/postfix/main.cf and add 'unix:/run/csc-milter/csc-milter.sock' to the end of smptd_milters. Example:
smtpd_milters = unix:/var/spool/postfix/spamass/spamass.sock unix:/run/csc-milter/csc-milter.sock
Also open /etc/postfix/master.cf and explicitly set smtpd_milters without csc-milter for the ports where csc-milter should not be running. Example:
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
...
-o smtpd_milters=unix:/var/spool/postfix/spamass/spamass.sock
...
Notice how smtpd_milters above does not have the csc-milter socket path. Therefore csc-milter will not be invoked on messages arriving on port 587 (submission).
Optional, but strongly recommended: modify milter_connect_macros in
/etc/postfix/main.cf to include {daemon_port}
. This ensures that even if you
forget to exclude csc-milter from master.cf, clients using non-25 ports will not
be rejected.
Example:
milter_connect_macros = j v _ {daemon_name} {daemon_port}
Optional, but recommended: add the following to /etc/postfix/main.cf:
smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map
Then, in /etc/postfix/smtpd_milter_map, add something like the following:
127.0.0.0/8 DISABLE
192.168.0.0/16 DISABLE
::/64 DISABLE
2001:db8::/32 DISABLE
This ensures that csc-milter will not be run on messages from local clients. Replace 'DISABLE' by any additional milters which should be run. Note that even if you do not do this, csc-milter will still accept messages from local clients.
Tests
Run the following from the root directory:
pip3 install -r test_requirements.txt
pytest