0

Is it possible to use a milter under postfix to implement SPF?

It seems to me that this would not be possible, because of the way that postfix manages milters.

According do the postfix docs, the milter goes here in the message-processing chain:

Network => postfix smptd process => MILTER => postfix smtpd process => etc.

Given that the milter gets its message from the postfix smtpd, the milter will see its initial connection coming from postfix's IP address. This would mean that the milter has no knowledge of the original sender's IP address.

SPF needs the sender's IP, so it seems like it would be impossible to perform a proper SPF validation from within a postfix milter.

This seems to be exactly what is happening when I install a test milter into my postfix server.

Am I correct about this, or has anyone been able to implement SPF via a postfix milter?

Thanks in advance.

4

2 回答 2

0

Sendmail/Postfix 在传入 SMTP 会话期间执行给定 milter 提供的回调。Postfix 可能会根据回调的结果拒绝某些 SMTP 命令。

Postfix 队列前 Milter 支持

Postfix 实现了对 Sendmail 版本 8 Milter(邮件过滤器)协议的支持。在 MTA 之外运行的应用程序使用此协议来检查 SMTP 事件(CONNECT、DISCONNECT)、SMTP 命令(HELO、MAIL FROM 等)以及邮件内容(标题和正文)。这一切都发生在邮件排队之前

https://en.wikipedia.org/wiki/Milter

于 2016-04-27T18:39:00.293 回答
0

好的。我现在更好地理解了这个问题。显然,我使用的 milter 实现没有正确设置 {client_addr}。我会假设我的问题是我正在使用的底层 milter 实现(pymilter 的最新版本)。

此外,我发现我可以按如下方式解决此问题:postfix 将客户端的主机名和 IP 地址放入它在将消息发送到 milter 之前设置的最顶部的“已接收”标头中。因此,我可以解析 milter 中的第一个“Received”标头,以获取 SPF 所需的客户端地址。

于 2016-04-28T16:51:10.557 回答