Skip to content

miltertab

Jump to bottom
Marco Favero edited this page Oct 18, 2017 · 15 revisions

Postfix 3.2 introduces a client lookup table for milters configuration. Each result must return a set of configurations, or the single key 'DISABLE' if no milter applies. If the lookup return no results, then the default Postfix milter configuration can applies.

Config

A special list of milter is proposed. In config.php a list of networks or ips could be configured with the key 'milter' => TRUE If this happens, then the key 'name' refers to the DB name for the list. An example is:

        'Milter Networks'       => array (
                'name'          => 'miltermap',
                'field'         => 'network',
                'active'        => TRUE,
                'bl'            => FALSE,
                'milter'        => TRUE
                ),

Each milter list must have a new mysql DB, configured as shown in doc/miltermap/db.sql. By default, we provide two DB:

  • miltermap: a milter list of networks
  • milteripmap: a milter list of ips

You can create new DBs like these. The table providing listing feature must always be named ips for ips list, or net for networks list.

The table milt associates each milter to the listed clients. You never must change this table.

The table config associates a short milter name (used in listing operations) to its configuration.

By default we provide an example with milter DKIM and DMARC with the default configuration for OpenDKIM and OpenDMARC. You can modify these values as desired.

A special value 'DISABLE ALL' refers to the config 'DISABLE'. This association must be kept. If you configure in the list a client (network or ip) with the 'DISABLE ALL' milter, then all milters are disabled for this client.

You can set multiple milter names for a single client, but if you select also the 'DISABLE ALL' milter, then only this configuration will be set. This is required by Postfix, see at documentation.

Network client and intersection

While usual networks in a list can't overlap to avoid confusion when used with applications like RBLDNSD, with milter list you can create intersecting networks. You must first create a smaller network, then the including larger networks to allow this mechanism.

The milter results will be the union of milters for each network where the client IP lives. The Postfix query must grant that only 'DISABLE' returns, if a resulting network contains it. See at the example in smtpd_milter_map lookup table file.

Empty responses

Every list could be used in conjunction with a default Postfix smtpd_milter setting. If there isn't a default smtpd_milter and the lookup table return no results, our query ensures no response instead of empty response. The DISABLE response is needed only to override smtpd_milter setting. See at Postifx documentation.

In other words, networks and ips without milter setting can exist. They don't cause Postfix error, even if smtpd_milter is not set in main.cf.

Fast setup

If you agree with default configuration, then do the follow:

  • cd doc/miltertab
  • with a privileged mysql user run mysql -u <user> -h localhost -p <password> < db.sql
    • if your DB doesn't listen at localhost change the name also in config.php
  • mysql -u <user> -h localhost -p <password> < grant.sql
    • we assume the default config.php for user db and password. Change it accordingly in grant.sql if you modified the config.php.
  • Set the active flag to TRUE in lists named Milter Networks and Milter IP in config.php.
  • Setup is done! Check at your main web page the presence of the two new lists.
  • The Postfix configuration depends on the type of list you choose to apply.
    • If you want to apply a networks list, then in main.cf add smtpd_milter_maps = mysql:/etc/postfix/smtpd_milter_map
    • If you want to apply an ips list, then in main.cf add smtpd_milter_maps = mysql:/etc/postfix/smtpd_milterip_map
    • Copy the corresponding smtpd_milter_map or smtpd_milterip_map to /etc/postfix
    • Add smtpd_milter_maps = mysql:/etc/postfix/smtpd_milter_map or smtpd_milter_maps = mysql:/etc/postfix/smtpd_milterip_map to /etc/postfix/main.cf.

Usage

The usage is very simple and intuitive. A milter list is a normal list, but it contains also the "Milters" column. Here you can set the milter configuration for each listed item. Enjoy with milter networks and ips!

Clone this wiki locally