Repfilter
Homepage Controlled headers The rationale behind repfilter The design of repfilter Configuring repfilter Download

Repfilter imposes restrictions on the following data in the senders message:

For each of the above data repfilter will decide if it is permissible or not, and accept or reject the message. Repfilter may optionally correct an invalid header so as to make the message acceptable, again according to policy.

For one of the above data to be considered valid, Repfilter checks for membership in predefined sets. Currently the following sets are defined:

The contents of these sets are retrieved from the LDAP directory.

From header

As we said the main goal is to place restrictions on the presentation of the senders identity. It is natural therefore that the From header is the main focus of the filters attention.

For each address appearing in the From header the filter will

  1. check if the full address specification is found in the authorized set of addresses. If so the address is considered permissible and remains in the header.
  2. check if the address is found in the permitted set of addresses. If not then, depending on policy, the address is either deleted or the message is rejected.
  3. check if the real name is found in the permitted set of names. If not then, depending on policy, the name is corrected, the address is deleted or the message is rejected.
  4. if the address name was corrected then the full address is considered permissible and remains in the header.
After all these steps are iterated for each address without fault, the From header will be rewritten with all the addresses that remain. For a diagramatic explanation of the logic see Figure 1.

an activity diagram modelling the filters processing of the From header

Figure 1: Activity diagram for the From header (click to view full size).

Envelope address

Each message coming through sendmail has an envelope address. This is made accessible to repfilter via the {f} configuration macro. Repfilter will check that this address belongs either to the authorized addresses or to the permitted addresses. If the check is succesfull the envelope remains as is. Otherwise the message is rejected. This behaviour is not configurable.

Reply-to address

If a Reply-to header occurs in the message headers Repfilter checks that the address it contains belongs to the set of reply-to addresses. If that is not the case then policy will dictate whether Repfilter will delete the header or reject the message.

Sender address

Repfilter will modify the message headers so that there is always a Sender header that contains a default email address of the sender. This behaviour is configurable by the addsender configuration variable.