Milter == Mail Filter,一种邮件过滤协议,用于在mta之外的程序对smtp的每一个事件进行注入,在邮件进入队列之前判断邮件是否允许发送,检查邮件签名等。要使用milter,可以在main.cf中做如下配置:
1 /etc/postfix/main.cf: 2 smtpd_milters = { inet:host:port, 3 connect_timeout=10s, default_action=accept }
postfix模拟了一些与Sendmail类似的宏,这些宏可以在邮件发送的不同阶段使用:
| Sendmail macro | Milter protocol stage | Description |
|---|---|---|
| i | DATA, EOH, EOM | Queue ID, also Postfix queue file name |
| j | Always | Value of myhostname |
| _ | Always | The validated client name and address |
| {auth_authen} | MAIL, DATA, EOH, EOM | SASL login name |
| {auth_author} | MAIL, DATA, EOH, EOM | SASL sender |
| {auth_type} | MAIL, DATA, EOH, EOM | SASL login method |
| {client_addr} | Always | Remote client IP address |
| {client_connections} | CONNECT | Connection concurrency for this client (zero if the client is excluded from all smtpd_client_* limits). |
| {client_name} | Always | Remote client hostname When address → name lookup or name → address verification fails: "unknown" |
| {client_port} | Always (Postfix ≥2.5) | Remote client TCP port |
| {client_ptr} | CONNECT, HELO, MAIL, DATA | Client name from address → name lookup When address → name lookup fails: "unknown" |
| {cert_issuer} | HELO, MAIL, DATA, EOH, EOM | TLS client certificate issuer |
| {cert_subject} | HELO, MAIL, DATA, EOH, EOM | TLS client certificate subject |
| {cipher_bits} | HELO, MAIL, DATA, EOH, EOM | TLS session key size |
| {cipher} | HELO, MAIL, DATA, EOH, EOM | TLS cipher |
| {daemon_addr} | Always (Postfix ≥3.2) | Local server IP address |
| {daemon_name} | Always | value of milter_macro_daemon_name |
| {daemon_port} | Always (Postfix ≥3.2) | Local server TCP port |
| {mail_addr} | Sender address | |
| {mail_host} | MAIL (Postfix ≥ 2.6, only withsmtpd_milters) | Sender next-hop destination |
| {mail_mailer} | MAIL (Postfix ≥ 2.6, only withsmtpd_milters) | Sender mail delivery transport |
| {rcpt_addr} | RCPT | Recipient address With rejected recipient: descriptive text |
| {rcpt_host} | RCPT (Postfix ≥ 2.6, only withsmtpd_milters) | Recipient next-hop destination With rejected recipient: enhanced status code |
| {rcpt_mailer} | RCPT (Postfix ≥ 2.6, only withsmtpd_milters) | Recipient mail delivery transport With rejected recipient: "error" |
| {tls_version} | HELO, MAIL, DATA, EOH, EOM | TLS protocol version |
| v | Always | value of milter_macro_v |
postfix会在milter的不同阶段发送指定的宏集合,这些宏集合与下表中的参数一起配置:
| Postfix parameter | Milter protocol version | Milter protocol stage |
|---|---|---|
| milter_connect_macros | 2 or higher | CONNECT |
| milter_helo_macros | 2 or higher | HELO/EHLO |
| milter_mail_macros | 2 or higher | MAIL FROM |
| milter_rcpt_macros | 2 or higher | RCPT TO |
| milter_data_macros | 4 or higher | DATA |
| milter_end_of_header_macros | 6 or higher | EOH |
| milter_end_of_data_macros | 2 or higher | EOM |
| milter_unknown_command_macros | 3 or higher | unknown command |
默认情况下,只有宏的值与main.cf,master.cf,smtp会话中或邮个投递事务中有不同时才会被发送,如果需要强制发送宏,需要通过 milter_macro_defaults配置宏参数的默认值。可以设置成0,或更多的name=value对,甚至可以设置postfix所不识别的宏名称。