-
Notifications
You must be signed in to change notification settings - Fork 4
Git tracking repository of Jim Niemira and Stuart D. Gathman's Python milter implementation at https://sourceforge.net/p/pymilter/
License
jmehnle/pymilter
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Abstract -------- This is a python extension module to enable python scripts to attach to Sendmail's libmilter API, enabling filtering of messages as they arrive. Since it's a script, you can do anything you want to the message - screen out viruses, collect statistics, add or modify headers, etc. You can, at any point, tell Sendmail to reject, discard, or accept the message. Requirements ------------ This python milter extension: http://www.bmsi.com/python/milter.html Python: http://www.python.org Sendmail: http://www.sendmail.org NB: From Sendmail's libmilter/README: libmilter requires pthread support in the operating system. Moreover, it requires that the library functions it uses are thread safe; which is true for the operating systems libmilter has been developed and tested on. On some operating systems this requires special compile time options (e.g., not just -pthread). libmilter is currently known to work on (modulo problems in the pthread support of some specific versions): FreeBSD 3.x, 4.x SunOS 5.x (x >= 5) AIX 4.3.x HP UX 11.x Linux (recent versions/distributions) OpenBSD AIX 4.1.5 libmilter is currently not supported on: IRIX 6.x Ultrix Quick Installation ------------------ 1. Build and install Sendmail, enabling libmilter (see libmilter/README). 2. Build and install Python, enabling threading. 3. Install this module: python setup.py --help 4. Add these two lines to sendmail.cf[*]: O InputMailFilters=pythonfilter Xpythonfilter, S=local:/home/username/pythonsock 5. Run the sample.py example milter with: python sample.py Note that milters should almost certainly not run as root. That's it. Incoming mail will cause the milter to print some things, and some email will be rejected (see the "header" method). Edit and play. See spfmilter.py for a functional SPF milter, or see bms.py for an complex milter used in production. [*] This is for a quick test. Your sendmail.cf in most distros will get overwritten whenever sendmail.mc is updated. To make a milter permanent, add something like: INPUT_MAIL_FILTER(`pythonfilter', `S=local:/home/username/pythonsock, F=T, T=C:5m;S:20s;R:5m;E:5m') to sendmail.mc instead. Not-so-quick Installation ------------------------- First install Sendmail. Make sure you read libmilter/README in the Sendmail source directory, and make sure you enable libmilter before you build. The 8.11 series had libmilter marked as FFR (For Future Release); 8.12 officially supports libmilter, but it's still not built by default. Install Python, and enable threading in Modules/Setup. Install this miltermodule package; DistUtils Automatic Installation: $ python setup.py --help For versions of python prior to 2.0, you will need to download distutils separately or build manually. You will need to download unittest separately to run the test programs. The bdist_rpm distutils option seems not to work for python 2.0; upgrade to at least 2.1.1. Now that everything is installed, we need to tell sendmail that we're going to filter incoming email. Add lines similar to the following to sendmail.cf: O InputMailFilters=pythonfilter Xpythonfilter, S=local:/home/username/pythonsock The "O" line tells sendmail which filters to use in what order; here we're telling sendmail to use the filter named "pythonfilter". The next line, the "X" line (for "eXternal"), lists that filter along with some options associated with it. In this case, we have the "S" option, which names the socket that sendmail will use to communicate with this particular milter. This milter's socket is a unix-domain socket in the filesystem. See libmilter/README for the definitive list of options. NB: The name is specified in two places: here, in sendmail's cf file, and in the milter itself. Make sure the two match. NB: The above lines can be added in your .mc file with this line: INPUT_MAIL_FILTER(`pythonfilter', `S=local:/home/username/pythonsock') For versions of sendmail prior to 8.12, you will need to enable _FFR_MILTER for the cf macros. For example, m4 -D_FFR_MILTER ../m4/cf.m4 myconfig.mc > myconfig.cf RedHat 6.2 Notes ---------------- The Redhat 6.2 sendmail RPM does not enable milter. You can obtain a modified spec file at http://www.bmsi.com/linux/rh62/sendmail-rhmilter.spec use it to rebuild the Redhat 7.2 SRPM. The RH6.2 SRPM does not have recent sendmail security patches. RedHat 7.2 Notes ---------------- The Redhat 7.2 sendmail RPM enables milter in sendmail - but does not include the headers needed for compiling a milter. You can obtain a modified spec file with a sendmail-devel package that includes the needed static libraries and headers at http://www.bmsi.com/linux/sendmail-rh72.spec IPv6 Notes ---------- The IPv6 protocol is supported if your operation system supports it and if sendmail was compiled with IPv6 support. To determine if your sendmail supports IPv6, run "sendmail -d0" and check for the NETINET6 compilation option. To compile sendmail with IPv6 support, add this declaration to your site.config.m4 before building it: APPENDDEF(`confENVDEF', `-DNETINET6=1') IPv6 support can show up in two places; the communications socket between the milter and sendmail processes and in the host address argument to the connect() callback method. For sendmail to be able to accept IPv6 SMTP sessions, you must configure the daemon to listen on an IPv6 port. Furthermore if you want to allow both IPv4 and IPv6 connections, some operating systems will require that each listens to different port numbers. For an IPv6-only setup, your sendmail configuration should contain a line similar to (first line is for sendmail.mc, second is sendmail.cf): DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6, Modify=C, Port=25') O DaemonPortOptions=Name=MTA-v6, Family=inet6, Modify=C, Port=25 To allow sendmail and the milter process to communicate with each other over IPv6, you may use the "inet6" socket name prefix, as in: Xpythonfilter, S=inet6:1234@fec0:0:0:7::5c The connect() callback method in the milter class will pass the IPv6-specific information in the 'hostaddr' argument as a tuple. Note that the type of this value is dependent upon the protocol family, and is not compatible with IPv4 connections. Therefore you should always check the family argument before attempting to use the hostaddr argument. A quick example showing this follows: import socket ... class ipv6awareMilter(Milter.Milter): ... def connect(self,hostname,family,hostaddr): if family==socket.AF_INET: ipaddress, port = hostaddr elif family==socket.AF_INET6: ip6address, port, flowinfo, scopeid = hostaddr elif family==socket.AF_UNIX: socketpath = hostaddr The hostname argument is always safe to use without interpreting the protocol family. For IPv6 connections for which the hostname can not be determined the hostname will appear similar to the string "[IPv6:::1]" with the corresponding hostaddr[0] being "::1". Refer to RFC 2553 for information on interpreting and using the flowinfo and scopeid socket attributes, both of which are integers. Authors ------- Jim Niemira ([email protected]) wrote the original C module and some quick and dirty python to use it. Stuart D. Gathman ([email protected]) took that kludge and added threading and context objects to it, wrote a proper OO wrapper (Milter.py) that handles attachments, did lots of testing, packaged it with distutils, and generally transformed it from a quick hack to a real, usable Python extension.
About
Git tracking repository of Jim Niemira and Stuart D. Gathman's Python milter implementation at https://sourceforge.net/p/pymilter/
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published