Repfilter is a sendmail filter written using the libmilter API. It was developed for the UoA arm of the EDUNET project.

In short what it does is check and fix different errors in the From headers of outgoing mail. The goal is to place restrictions on how users present themselves through their emails, thus limiting the possibility of impersonation or misrepresentation from inside an organisation.

Features

Repfilter restricts header data

Repfilter can impose restrictions on the following data in the senders message:

For an explanation of the above see RFC2822. Note that the envelope address is the address given in the "MAIL FROM" command during the SMTP dialog.

For each of the above data repfilter will decide if it is permissible or not, and accept or reject the message. Repfilter may optionally correct an invalid header so as to make the message acceptable, again according to policy.

Repfilter uses LDAP

Repfilter needs to know a few things about every sender of email. This information comes from an LDAP directory. Repfilter queries the directory for a set of attributes that specify the possible names and addresses a sender can present himself.

Currently only OpenLDAP is supported but it is probably possible to use other servers too.

Repfilter and Sendmail

Obviously Repfilter only works with the Sendmail daemon, since it is a libmilter filter. Furthermore Repfilter requires that SMTP AUTH be enabled in the daemon. The SMTP authentication will usually happen against the same LDAP directory that Repfilter uses, but that is believed to not be strictly necessary.

Author

Konstantinos Koukopoulos
University of Athens, Network Operations Centre
Email: kouk at noc uoa gr