The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
MBRADSHAW / Mail-Milter-Authentication-2.20180612 / README.md

Authentication Milter

A Perl implementation of email authentication standards rolled up into a single easy to use milter.

This milter verifies using the following standards.

Includes 3 additional modules.

Badges

Code on GitHub Build Status Open Issues Dist on CPAN CPANTS

Protocol

Authentication Milter is able to run as a sendmail style milter, or a SMTP style after queue filter.

A very basic subset of SMTP is implemented which allows use as an after queue filter in postfix (and others)

The XFORWARD SMTP extension is supported to allow the original connection details to be passed through to the milter.

The milter does NOT store it's current email on disk, all processing is done in memory. When running in SMTP mode the milter does not issue a 250 queued response until the destination MTA has also done so.

See Postfix After-Queue Content Filter

Note: When running in SMTP mode please do not allow untrusted clients to connect to the milter directly, always filter these connections through your usual MTA first.

Limitations: SMTP protocol does not yet support detection of Authenticated connections.

Metrics

Authentication Milter optionally collects and exposes metrics in a promethius compatible format.

The authentication milter metrics port it a http service which provides some basic information about the running server, and also provides a standard dashboard file for grafana.

The grafana dashboard can be imported into grafana and provides rows for all installed modules which support the metrics feature.

Point your browser at the port configured in metric_connection to access this feature.

Design Decisions

Mailing Lists and DMARC

Mailing lists are a major source of DKIM, SPF, and DMARC failures. Legitimately modifying messages and resending with differing from addresses and from IP addresses is a legitimate use of email, however this can be a cause of false positives and result in legitimate email being quarantined or rejected.

This milter can optionally detect messages with a List-Id header, and include a flag in the resulting DMARC failure in the Authentication-Results header. This header can then be used to apply a more lenient filter.

DMARC failures with p=reject can optionally be rejected, and emails with a detected list id can be exempted from this rejection. A whitelist can be setup to excempt rejections based on IP address or valid DKIM domain.

Trust Model

Installation

CPAN

To install the latest version released to CPAN, run the following commands:

From source

To install this module from source, run the following commands:

The DMARC module requires a little extra setup.

Please see the documentation for Mail::DMARC for details.

Config

Please see the output of 'authentication_milter --help'

Credits and License

Copyright (c) 2018 Marc Bradshaw. marc@marcbradshaw.net

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

See LICENSE file for license details.

Who is using this?

FastMail are using this to perform SPF/DKIM/DMARC checks on email.

Contributing

Please fork and send pull requests.