In short what it does is check and fix different errors in the From headers of outgoing mail. The goal is to place restrictions on how users present themselves through their emails, thus limiting the possibility of impersonation or misrepresentation from inside an organisation.
Repfilter can impose restrictions on the following data in the senders message:RFC2822. Note that the envelope address is the address given in the "MAIL FROM" command during the SMTP dialog.
For each of the above data repfilter will decide if it is permissible or not, and accept or reject the message. Repfilter may optionally correct an invalid header so as to make the message acceptable, again according to policy.
Repfilter needs to know a few things about every sender of email. This information comes from an LDAP directory. Repfilter queries the directory for a set of attributes that specify the possible names and addresses a sender can present himself.
Currently only OpenLDAP is supported but it is probably possible to use other servers too.
Obviously Repfilter only works with the Sendmail daemon, since it is a libmilter filter. Furthermore Repfilter requires that SMTP AUTH be enabled in the daemon. The SMTP authentication will usually happen against the same LDAP directory that Repfilter uses, but that is believed to not be strictly necessary.