milter-length/0.10
|
text!/path/map.txt | R/O text file, memory hash |
/path/map.db | Berkeley DB hash format |
db!/path/map.db | Berkeley DB hash format |
db!btree!/path/map.db | Berkeley DB btree format |
sql!/path/database | An SQLite3 database |
socketmap!host:port | Sendmail style socket-map |
socketmap!/path/local/socket | Sendmail style socket-map |
socketmap!123.45.67.89:port | Sendmail style socket-map |
socketmap![2001:0DB8::1234]:port | Sendmail style socket-map |
If :port is omitted, the default is 7953.
The access-db contains key-value pairs. Lookups are performed from most to least specific, stopping on the first entry found. Keys are case-insensitive.
An IPv4 lookup is repeated several times reducing the IP address by one octet from right to left until a match is found.
tag:192.0.2.9 tag:192.0.2 tag:192.0 tag:192
An IPv6 lookup is repeated several times reducing the IP address by one 16-bit word from right to left until a match is found.
tag:2001:0DB8:0:0:0:0:1234:5678 tag:2001:0DB8:0:0:0:0:1234 tag:2001:0DB8:0:0:0:0 tag:2001:0DB8:0:0:0 tag:2001:0DB8:0:0 tag:2001:0DB8:0:0 tag:2001:0DB8:0 tag:2001:0DB8 tag:2001
A domain lookup is repeated several times reducing the domain by one label from left to right until a match is found.
tag:[ipv6:2001:0DB8::1234:5678] tag:[192.0.2.9] tag:sub.domain.tld tag:domain.tld tag:tld tag:
An email lookup is similar to a domain lookup, the exact address is first tried, then the address's domain, and finally the local part of the address.
tag:account@sub.domain.tld tag:sub.domain.tld tag:domain.tld tag:tld tag:account@ tag:
If a key is found and is a milter specific tag (ie. milter-length-Connect, milter-length-From, milter-length-Auth, milter-length-To), then the value is processed as a pattern list and the result returned. A pattern list is a whitespace separated list of pattern-size pairs followed by an optional default size. The supported patterns are:
[network/cidr]size Classless Inter-Domain Routing !pattern!size Simple fast text matching. /regex/size POSIX Extended Regular Expressions
The CIDR will only ever match for IP address related lookups.
A !pattern! uses an astrisk (*) for a wildcard, scanning over zero or more characters; a question-mark (?) matches any single character; a backslash followed by any character treats it as a literal (it loses any special meaning).
!abc! exact match for 'abc' !abc*! match 'abc' at start of string !*abc! match 'abc' at the end of string !abc*def! match 'abc' at the start and match 'def' at the end, maybe with stuff in between. !*abc*def*! find 'abc', then find 'def'
For black-white lookups, the following actions are recognised: OK or RELAY (white list), REJECT or ERROR (black list), DISCARD (accept & discard), SKIP or DUNNO (stop lookup, no result), and NEXT (opposite of SKIP, resume lookup). Its possible to specify an empty action after a pattern, which is treated like SKIP returning an undefined result. Other options may specify other actions.
Below is a list of supported tags. Other options may specify additional tags.
milter-length-Connect:client-ip value § Can be a pattern list. milter-length-Connect:[client-ip] value § Can be a pattern list. milter-length-Connect:client-domain value § Can be a pattern list. milter-length-Connect: value § Can be a pattern list. All mail sent by a connecting client-ip, unresolved client-ip address or IP addresses that resolve to a client-domain are black or white-listed. These allows you to white-list your network for mail sent internally and off-site, or connections from outside networks. milter-length-From:sender-address value § Can be a pattern list. milter-length-From:sender-domain value § Can be a pattern list. milter-length-From:sender@ value § Can be a pattern list. milter-length-From: value § Can be a pattern list. All mail from the sender-address, sender-domain, or that begins with sender is black or white-listed. In the case of a +detailed email address, the left hand side of the +detail is used for the sender@ lookup. milter-length-Auth:auth_authen value § Can be a pattern list. milter-length-Auth: value § Can be a pattern list. All mail from the authenticated sender, as given by sendmail's {auth_authen} macro, is black or white-listed. The string searched by the pattern list will be the sender-address
. The empty form of milter-length-Auth: allows for a milter specific default only when {auth_authen} is defined.milter-length-To:recipient-address value § Can be a pattern list. milter-length-To:recipient-domain value § Can be a pattern list. milter-length-To:recipient@ value § Can be a pattern list. milter-length-To: value § Can be a pattern list. All mail to the recipient-address, recipient-domain, or that begins with recipient is black or white-listed. In the case of a +detailed email address, the left hand side of the +detail is used for the recipient@ lookup.
The size is the maximum number of octets permitted in a message and is expressed as a number with an optional scale suffix: K (kilo), M (mega), or G (giga). If no size is specified (or -1), then the message can be any length (ULONG_MAX).
When there are multiple message size limits assigned, then the limit applied, in order of precedence, will be: the maximum value of all relevant milter-length-to:, milter-length-auth:, milter-length-from:, milter-length-connection:, or an unlimited default. Essentially each matching milter tag replaces the previous value. When there are multiple recipients with one or more possible milter-length-to: entries, then maximum length limit found is applied.
Below are only some examples of what is possible:
milter-length-Connect:80.94 [80.94.96.0/20]2M 500K All the mail from netblock 80.94.96.0/20 (80.94.96.0 through to 80.94.111.255) is limited to 2 megabytes, while anything else in 80.94.0.0/16 is limited to 500 kilobytes. milter-length-Connect:192.0.2 10M All the mail from the network in 192.0.2.0/24 is limited to 10 megabytes. milter-length-Connect:192.0.2 /^192\.0\.2\.8[0-9]/1M 10M Mail sent from IP addresses 192.0.2.80 through to 192.0.2.89 is limited to 1 megabyte, while the rest of the network in 192.0.2.0/24 is limited to 10 megabytes.
This example is rather contrived to show some of what is possible with patterns and is the equivalent of ten simple milter-length-connect: entries. When using patterns, weigh the need vs. simplicity, readability, and administration.milter-length-From:example.com /^[^+]+@/500K Mail from within example.com, where the sender's address does not contain a plus-detail, is limited to 500 kilobytes, otherwise no limit is imposed. milter-length-To:example.net !*+*@*! /^[0-9].*/20K !*smith*@*!1M 4M Mail to addresses within example.net containing a plus-detail have no limit; those starting with a digit are limited to 20 kilobytes; mail to anyone with "smith" as part of their address is limited to 1 megabyte, while the rest of the domain is limited to 4 megabytes.
milter-length
.
Typically a unix named socket or a host:port. This value must match the value specified for
the INPUT_MAIL_FILTER() macro in the sendmail.mc file. The accepted syntax is:
{unix|local}:/path/to/file
- A named pipe. (default)
inet:port@{hostname|ip-address}
- An IPV4 socket.
inet6:port@{hostname|ip-address}
- An IPV6 socket.
kill -QUIT `cat /var/run/milter/milter-length.pid`
milter-length-auth:
tag (access-db=)
for finer granularity of control.
§ all All messages § 0 Log nothing. § info General info messages. (default) § trace Trace progress through the milter. § parse Details from parsing addresses or special strings. debug Lots of debug messages. dialog I/O from Communications dialog state State transitions of message body scanner. dns Trace & debug of DNS operations cache Cache get/put/gc operations. § database Sendmail database lookups. socket-fd Socket open & close calls socket-all All socket operations & I/O § libmilter libmilter engine diagnostics
This is the list of possible SMTP responses generated by milter-length
.
Download:
milter-length/0.10 md5sum Change Log LibSnert md5sum Change Log Sendmail 8.13 http://www.sendmail.org/ Berkeley DB http://www.sleepycat.com/
In order to support the access database milter-length
requires Berkeley DB.
You should build and install Berkeley DB library first, if you do not
already have it. Please read the Berkeley DB documentation on how to
build the library. Briefly, it should be something like this:
cd (path to)/db-4.2.52/build_unix ../dist/configure make make install
If your system is Linux and you install Berkeley DB in the default, non-
standard, location then you must remember to update
/etc/ld.so.conf
and run ldconfig
. You can change
the default install location by specifying the ../dist/configure
option --prefix=/usr/local
for example.
If you have never built a milter for Sendmail, then please make sure that you
build and install libmilter
, which is not built by default when you build Sendmail prior
to 8.13.0. Please read the libmilter
documentation. Briefly, it should be something like this:
cd (path to)/sendmail-8.12.11/libmilter sh Build -c sh Build install
The build process for libsnert
and milter-length
is pretty straight forward
once you have libmilter
installed:
cd (path to)/com/snert/src/lib ./configure make build cd ../milter-length ./configure make build make install
Both configuration scripts have some options that allow you to override defaults. Those options are listed with:
./configure --help
An example /usr/local/share/examples/milter-length/milter-length.mc
is supplied.
This file should be reviewed and the necessary elements inserted into your Sendmail
.mc
file and sendmail.cf
rebuilt.
Please note the comments on the general milter flags.
Once installed and configured, start milter-length
and then restart Sendmail.
An example startup script is provided in /usr/local/share/examples/milter-length/milter-length.sh
.
The default options can be altered by specifying them on the command-line or
within a /etc/mail/milter-length.cf
. The milter-length.cf
is
parsed first followed by the command-line options.
Currently tested platforms:
Cobalt Qube 1 with Linux RH 5.1 (mips 2.0.34 kernel)
;Linux RH 5.1 (Intel x386 2.2.25 kernel)
;FreeBSD 4.8, 4.9 (Intel x386)
;OpenBSD 3.6 (Intel x386)
The minimum desired file ownership and permissions are as follows for a typical Linux system. For FreeBSD, NetBSD, and OpenBSD the binary and cache locations may differ, but have the same permissions.
Process user ``milter'' is primary member of group ``milter'' and secondary member of group ``smmsp''. Note that the milter should be started as root, so that it can create a .pid file and .socket file in /var/run; after which it will switch process ownership to milter:milter before starting the accept socket thread.
/etc/mail/ root:smmsp 0750 drwxr-x--- /etc/mail/access.db root:smmsp 0640 -rw-r----- /etc/mail/sendmail.cf root:smmsp 0640 -rw-r----- /etc/mail/milter-length.cf root:root 0644 -rw-r--r-- /var/run/milter/milter-length.pid milter:milter 0644 -rw-r--r-- /var/run/milter/milter-length.socket milter:milter 0644 srw-r--r-- /var/db/milter-length milter:milter 0644 -rw-r--r-- (*BSD) /var/cache/milter-length milter:milter 0644 -rw-r--r-- (linux) /usr/local/libexec/milter-length root:milter 0550 -r-xr-x---
I would like to express my thanks to Derek Balling for his support at http://www.milter.org/.
SNERTSOFT & CO. ARE WILLING TO LICENSE THE SOFTWARE IDENTIFIED ABOVE TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS LICENSE AGREEMENT. PLEASE READ THE AGREEMENT CAREFULLY. BY DOWNLOADING OR INSTALLING THIS SOFTWARE, YOU ACCEPT THE TERMS OF THE AGREEMENT.
``Package'' means the identified above in source and/or binary form, any other machine readable materials provided (including, but not limited to documentation, sample files, data files), any updates or error corrections, and its derivative works.
``Organisation'' means a legal entity or an individual.
``You'' (or ``Your'') means an Organisation exercising rights under, and complying with all of the terms of, this License or a future version of this License issued under Section 6.1. For legal entities, ``You'' includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition,``control'' means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity.
``SnertSoft'' means Anthony C. Howe situated in Cannes, France (SIRET #489 259 937 00014).
``SnertSoft & Co.'' means SnertSoft and all authorised & licensed partners, such as value-added resellers or appliance manufacturers.
The Package is an original work written by SnertSoft, with exception of following third party code:
MD5 routines written by L. Peter Deutsch, based on RFC 1321;
SQLite3 package is written by D. Richard Hipp of Hwaci and is in the public domain.
strnatcmp.c is written by Martin Pool of sourcefrog.net and has a BSD style license.
Protothreads headers originally written by Adam Dunkels and has a BSD style license.
You may install and use this Package, without modifications, exclusively on machines for which You have purchased a license, provided You retain this notice, SnertSoft's copyright notice, any and all license control methods (see below), and any links within the Package back to the most current online versions of this License and Disclaimer.
You may copy, share, distribute, modify, and create derivative works from the user manuals and any related documentation solely for Your internal business purposes, such as in-house documentation, training manuals, or reference material.
Redistribution, including but not limited to books, CDROMS, download mirrors, floppy diskettes, hard disks, hardcopy print outs, online archives, solid state disks, streaming tapes, or other current or future forms of storage or communication media of the Package, with or without modifications, including any and all derivative works such as source patches, binaries, binary patches, or similar is expressly forbidden without prior written permission in hardcopy (ie. letter or fax) signed and dated by SnertSoft.
It is expressly forbidden for You to use the Package, in whole or in part, in any other software or appliance without prior written permission in hardcopy (ie. letter or fax) signed and dated by SnertSoft.
It is expressly forbidden for You to use the Package to develop any software or other technology having the same primary function as the Package, including but not limited to using the Package in any development or test procedure that seeks to develop like software or other technology, or determine if such software or other technology performs in a similar manner as the Package.
You may not sell, rent, lease, or transfer the Package to third parties without prior written permission in hardcopy (ie. letter or fax) signed and dated by SnertSoft.
This Agreement is effective until terminated. You may terminate this Agreement at any time by destroying all copies of the Package.
This Agreement will terminate immediately without notice from SnertSoft if You fail to comply with any provision of this Agreement.
Either party may terminate this Agreement immediately should any portion of the Package become, or in either party's opinion be likely to become, the subject of a claim of infringement of any intellectual property right. Upon Termination, You must destroy all copies of the Package.
New Versions. SnertSoft may publish revised and/or new versions of the License from time to time. Each version will be given a distinguishing version number.
Effect of New Versions. Once a version of the Package has been published under a particular version of the License, You may always continue to use it under the terms of that License version. You may also choose to use such Package under the terms of the most current version of the License published by SnertSoft.
No one other than SnertSoft has the right to modify the terms applicable to the Package created under this License.
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO WAY SHALL SNERTSOFT OR LICENSEE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The Package may use one or more license control methods including, but not limited to, license key activation, periodic reporting of Package details and IP address of installation to SnertSoft & Co., or remote license verification by SnertSoft & Co.. Any information reported to or gathered by SnertSoft & Co. shall remain strictly confidential and the private property of SnertSoft & Co.. Under no circumstances will SnertSoft & Co. resell or release this information to third parties, unless demanded by court order.
Support is provided for one year from date of purchase and only for SnertSoft's original Package that was purchased directly from SnertSoft. Additional support beyond the first year can be obtained from SnertSoft on time & materials basis or from one of SnertSoft's authorised partners.
Support for the Package obtained from authorised partners, such as value-added resllers or appliance manufacturers, will be supplied by those partners. SnertSoft will not support the Package without proof of purchase from SnertSoft, such as an Order N° or Invoice N°.
Package enhancements requests and product suggestions are always welcome. A community mailing list is available; please refer to SnertSoft web site Support area for details.
Gifts from the author's Amazon US or Amazon UK wishlist (search by mail address <achowe at snert dot com>) are welcomed for the continued encouragement, moral support, and ego pumping needed to work in foreign non-english speaking lands.
parsecs since 23 October 2005