mail-de / mailheadercheck

This milter checks some headers (From, Subject, Date) for RFC validity.
BSD 2-Clause "Simplified" License
0 stars 2 forks source link

About

mailheadercheck is a Postfix milter.

It checks some headers for RFC/BCP validity.

Based on the milter "verifyemail" of Christian Rößner: https://gitlab.roessner-net.de/croessner/verifyemail/

Features

The current implementation does the following checks:

Installation

Install libmilter and the python bindings (often known as pymilter). Place the mailheadercheck script into /usr/local/sbin/. Place the systemd unit file into /etc/systemd/system/ and create a user named "milter":

sudo apt install python3-dev libmilter-dev python3-pip python3-yaml
sudo pip3 install pymilter
sudo cp mailheadercheck /usr/local/sbin/
sudo cp -r lib /usr/local/sbin/
sudo chmod 755 /usr/local/sbin/mailheadercheck
sudo cp mailheadercheck.service /etc/systemd/system/
sudo mkdir /etc/mailheadercheck
sudo cp config.yaml /etc/mailheadercheck
mailheadercheck --help

Configuration file

The YAML configuration file will be read from the following locations:

If there is no config file found, the program exits.

Configuration options

Please edit the default config.yaml according to your needs!

debug

debug=0 only outputs the "summary line" at the end with the results.

debug=1 additionally outputs some log lines for each check that is run.

dry_run

The milter has a dry-run mode which can be activated by globally setting "dry_run" to "1" in the config file.

If there is no setting found in the config.yaml, dry-run is active by default.

Additionally you can change the "dry_run" setting in each check individually. With this you can either set "dry_run" globally to 1, and then individual checks to 0. Or the other way around.

log_target

You can choose from the following log targets:

log_format

This can be set to either "plain" or "json". This only affects the "summary line" when debug=0. It does not affect the DEBUG log lines which are written when debug=1.

log_privacy_mode

Setting "log_privacy_mode" to 1 activates the privacy mode, which does not write the Subject:-header or From:-header to the logfile.

socket

The "socket" setting can have one of the following formats:

add_result_header

Setting "add_result_header" to 1 will add a header to the email with the name "X-MailHeaderCheck". It contains a JSON string with the "qid", "error_response_text", "result", "actiontaken" and "dry_run".

Start the systemd service

Reload the mailheadercheck.service file and start the systemd service:

sudo systemctl daemon-reload
sudo systemctl enable mailheadercheck
sudo systemctl start mailheadercheck

Configure the milter in Postfix

Add the milter in Postfix to the smtpd_milters setting in the main.cf:

smtpd_milters = ..., inet:127.0.0.1:30073, ...

Testing

If you have installed miltertest from the OpenDKIM project, you can run the tests from the tests/ folder by simply calling the testing.sh script on a shell.

sudo apt install -V opendkim-tools
chmod 700 mailheadercheck
chmod 700 testing.sh
./testing.sh
# or run a single test:
miltertest -s tests/test-01.lua

Enjoy