mailheadercheck is a Postfix milter.
It checks some headers for RFC/BCP validity.
Based on the milter "verifyemail" of Christian Rößner: https://gitlab.roessner-net.de/croessner/verifyemail/
The current implementation does the following checks:
Install libmilter and the python bindings (often known as pymilter). Place the mailheadercheck script into /usr/local/sbin/. Place the systemd unit file into /etc/systemd/system/ and create a user named "milter":
sudo apt install python3-dev libmilter-dev python3-pip python3-yaml
sudo pip3 install pymilter
sudo cp mailheadercheck /usr/local/sbin/
sudo cp -r lib /usr/local/sbin/
sudo chmod 755 /usr/local/sbin/mailheadercheck
sudo cp mailheadercheck.service /etc/systemd/system/
sudo mkdir /etc/mailheadercheck
sudo cp config.yaml /etc/mailheadercheck
mailheadercheck --help
The YAML configuration file will be read from the following locations:
If there is no config file found, the program exits.
Please edit the default config.yaml according to your needs!
debug=0 only outputs the "summary line" at the end with the results.
debug=1 additionally outputs some log lines for each check that is run.
The milter has a dry-run mode which can be activated by globally setting "dry_run" to "1" in the config file.
If there is no setting found in the config.yaml, dry-run is active by default.
Additionally you can change the "dry_run" setting in each check individually. With this you can either set "dry_run" globally to 1, and then individual checks to 0. Or the other way around.
You can choose from the following log targets:
This can be set to either "plain" or "json". This only affects the "summary line" when debug=0. It does not affect the DEBUG log lines which are written when debug=1.
Setting "log_privacy_mode" to 1 activates the privacy mode, which does not write the Subject:-header or From:-header to the logfile.
The "socket" setting can have one of the following formats:
Setting "add_result_header" to 1 will add a header to the email with the name "X-MailHeaderCheck". It contains a JSON string with the "qid", "error_response_text", "result", "actiontaken" and "dry_run".
Reload the mailheadercheck.service file and start the systemd service:
sudo systemctl daemon-reload
sudo systemctl enable mailheadercheck
sudo systemctl start mailheadercheck
Add the milter in Postfix to the smtpd_milters setting in the main.cf:
smtpd_milters = ..., inet:127.0.0.1:30073, ...
If you have installed miltertest from the OpenDKIM project, you can run the tests from the tests/ folder by simply calling the testing.sh script on a shell.
sudo apt install -V opendkim-tools
chmod 700 mailheadercheck
chmod 700 testing.sh
./testing.sh
# or run a single test:
miltertest -s tests/test-01.lua
Enjoy