HTTPS SSH

HASHBL Perl code for MIMEDefang milter

What is this repository for?

  • Quick summary

Perl milter code to query a HASHBL SHA1 hash-based DNS blacklist and block messages based on response codes.

Runs via MIMEDefang milter for before-queue filtering at the MAIL FROM SMTP dialogue level.

By default, only queries the MSBL EBL with 127.0.0.2 and 127.0.0.3 response codes. However, the configuration is flexible enough to use other SHA1 hash-based blacklists and process other response codes.

How do I get set up?

  • Summary of set up
  1. Download or clone git repo
  2. Ensure all the below dependencies are installed.
  3. Read the help/POD documentation.
  4. Install into MIMEDefang configuration.
  5. Run checks/tests.

Installing MIMEDefang

On RPM-based systems (RHEL, CentOS, etc), the sendmail-milter package is in the optional yum repo. If you get a yum error when installing the mimedefang package then enable the optional yum repo and re-install.

Also on RPM-based systems, the mimedefang package is in the EPEL yum repo. Again, if you see a yum error when installing the mimedefang package then install and setup EPEL and re-install.

Dependencies RPM package name

  1. MIMEDefang mimedefang

  2. Perl (version >= 5.10.1) perl

  3. Sendmail Milter library (libmilter) sendmail-milter

  4. Standard make utility make

Perl Modules:

  1. Digest::SHA perl-Digest-SHA

  2. Email::Address perl-Email-Address

  3. Getopt::Long perl-Getopt-Long

  4. Net::DNS perl-Net-DNS

How to run checks and tests

make check

Run perldoc HASHBL.pm and read EXAMPLES section.

Run ./checker and perldoc query-hashbl.pl as well.

Deployment instructions

Run make install that copies HASHBL.pm into /usr/local/share/perl5 which by default should be in the Perl library search path. Hint: Run perl -V to see Perl @INC directories.

Copy/merge contents of hashbl-filter into /etc/mail/mimedefang-filter file. This is a MANUAL step but without it, the before-queue HASHBL milter won't work!

Edit MIMEDefang configuration file /etc/sysconfig/mimedefang and set:

SOCKET=inet:16543
MX_SENDER_CHECK=yes

Enable and start MIMEDefang daemons/services:

systemctl enable --now mimedefang.service
systemctl enable --now mimedefang-multiplexor.service

If MIMEDefang daemon/service does not start then check inet SOCKET TCP port. You might need to pick another (higher) TCP port number! Run netstat -anp

Enable MIMEDefang milter in /etc/postfix/main.cf , read Postfix SMTP-Only Milter applications

smtpd_milters = inet:localhost:16543

Verify TCP port number matches what SOCKET is set to in /etc/sysconfig/mimedefang .

postfix check

systemctl restart postfix.service

Who do I talk to?