[Pymilter] Howto for pymilter?

Stuart D. Gathman stuart at bmsi.com
Mon Jan 8 21:03:48 EST 2007 

On Mon, 8 Jan 2007, Henry Kwan wrote:

> The milter seems to be running since I see this new header in my emails:
> 
> Received-SPF: none

Hopefully, more stuff follows that.  Otherwise, something is wrong.
It should look like this:

2007Jan08 20:58:27 [2137] Received-SPF: none (mail.bmsi.com: 209.190.247.152 is neither permitted nor denied by domain of calypso.tux.org) client_ip=209.190.247.152; envelope_from="novalug-bounces at calypso.tux.org"; helo=calypso.tux.org; receiver=mail.bmsi.com; identity=mailfrom

You now have milter-0.8.7, correct?

> But I have a couple of questions.
> 
> 1.  The SPF DSN is sent at least once for domains that don't publish a
> SPF.  How do I stop it this behavoir?

The SPF response is controlled by /etc/mail/access.  Responses are
OK, CBV, and REJECT.  CBV sends the DSN.

You can change the defaults.  For instance, I have:

SPF-None:	REJECT
SPF-Neutral:	CBV
SPF-Softfail:	CBV
SPF-Permerror:	CBV

I have best_guess = 1, so SPF none is converted to PASS/NEUTRAL for policy
lookup, and 3 strikes (no PTR, no HELO, no SPF) becomes "SPF NONE" for local
policy purposes (the Received-SPF header always shows the official SPF
result.)

You can change the default for specific domains:

# these guys aren't going to pay attention to CBVs anyway...
SPF-None:cia.gov	REJECT
SPF-None:fbi.gov	REJECT
SPF-Neutral:aol.com	REJECT
SPF-Softfail:ebay.com	REJECT

> 2.  Wiretap isn't working.  Or I don't understand how it's suppose to
> work.  I have "mail_archive = /var/mail/mail_archive" in pymilter.cfg but
> nothing ever gets dumped into /var/mail/mail_archive.

Does 'mail' have write access?  That should be logged as a traceback
in milter.log if not.

> 3.  The SRS part doesn't seem to work as whenever I try to start
> /etc/init.d/pysrs, I get this in /var/log/milter/pysrs.log:
> 
> [root at boxen milter]# cat pysrs.log
> Traceback (most recent call last):
>   File "pysrs.py", line 153, in ?
>     main(sys.argv[1:])
>   File "pysrs.py", line 132, in main
>     daemon.server.fwdomain = cp.get('srs','fwdomain',None)
>   File "/usr/lib/python2.4/ConfigParser.py", line 520, in get
>     raise NoOptionError(option, section)
> ConfigParser.NoOptionError: No option 'fwdomain' in section: 'srs'

You need to specify the forward domain - i.e. the domain you want
SRS to rewrite stuff too.

For instance, I have:

# sample SRS configuration
[srs]
secret = don't you wish
maxage = 8
hashlength = 5
;database=/var/log/milter/srs.db
fwdomain = bmsi.com
sign=bmsi.com,mail.bmsi.com,gathman.org
srs=bmsaix.bmsi.com,bmsred.bmsi.com,stl.gathman.org,bampa.gathman.org

-- 
	      Stuart D. Gathman <stuart at bmsi.com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

More information about the Pymilter mailing list