View Categories

Mailborder Milter Daemon

4 min read

Table of Contents

Mailborder Milter Daemon (mb-milter) #

The Mailborder Milter Daemon (mb-milter) is a persistent daemon designed to interface with Postfix, handling SMTP transactions, validating email data, and queuing messages for further processing within the Mailborder Email Gateway. This service improves efficiency and security by enforcing rigorous validation, optimizing performance with Redis caching, and ensuring robust handling of SMTP commands.

Overview of Postfix and Milter Integration #

The Mailborder Milter is integrated into Postfix using the content_filter directive, enabling it to intercept emails after initial milter checks (such as OpenDKIM and OpenDMARC) but before final delivery processing. This placement allows mb-milter to apply advanced filtering and validation without interfering with Postfix’s core delivery mechanisms.

Inbound Mail Flow: #

  1. Initial SMTP Connection:

    • Postfix accepts incoming mail via SMTP on port 25.
    • Upstream milters like OpenDKIM and OpenDMARC are applied first to handle DKIM signing and DMARC policy validation.

  2. Mailborder Milter Processing:

    • Postfix forwards the email to mb-milter via a UNIX socket located at /var/run/mailborder/mb-milter.sock.
    • mb-milter processes the email, validating sender and recipient addresses, checking for malicious patterns, and securely queuing the message.

  3. Reinjection into Postfix:

    • After processing, clean emails are reinjected into Postfix for final delivery.

Postfix Configuration Example: #

# In main.cf
content_filter = unix:/var/run/mailborder/mb-milter.sock

Key Features #

  • Persistent Daemon Architecture:

    • Eliminates the overhead of spawning a new process for each email, reducing CPU and I/O usage.
    • Listens on a UNIX socket (/var/run/mailborder/mb-milter.sock) for incoming SMTP connections from Postfix.

  • Advanced Email Validation:

    • Validates sender and recipient addresses against RFC standards, including handling null senders (common in NDRs) and rejecting source routing attempts.
    • Sanitizes inputs to protect against malicious injection attacks, obfuscated characters, and newline injections.

  • Redis Caching for Performance:

    • Maintains persistent Redis connections to cache configuration data and reduce redundant file reads, improving overall responsiveness.

  • Robust Logging and Error Handling:

    • Logs SMTP transactions and errors to both syslog and dedicated log files (/var/log/mailborder/mb-milter.log).
    • Implements graceful shutdown, automatic retries for transient errors, and garbage collection for memory management.

System Requirements and Configuration #

  • PHP Version: PHP 7.x or higher with pcntl, posix, and redis extensions.
  • Redis Configuration: Redis should be installed and configured to allow up to a maximum of 512MB of memory, with keys expiring after 24 hours. Note that it typically will not use this much memory unless under extreme load. A normal memory footprint would likely be under 100MB. 
  • Socket Path: The daemon listens on /var/run/mailborder/mb-milter.sock, and Postfix communicates via this socket for efficient message processing.

Systemd Service Management: #

mb-milter is managed via systemd using the mb-milter.service unit file.

# Start the service
sudo systemctl start mb-milter

# Stop the service
sudo systemctl stop mb-milter

# Check the service status
sudo systemctl status mb-milter

# Enable the service at boot
sudo systemctl enable mb-milter

Redis Key Structure and Usage #

mb-milter interacts with Redis to store and retrieve critical data related to email processing, ensuring fast lookups and efficient data management.

  1. Queue ID Logging:

    • Key: mailborder:{msg_id}
    • Value: Hash containing mailborder_id, postfix_id, status, and timestamp.

  2. Status Tracking:

    • Key: postfix:{queue_id}
    • Value: Hash with delivery status (sent, bounced, deferred, etc.) and corresponding timestamps.

  3. Configuration Caching:

    • Mailborder configuration files are cached in Redis to minimize file I/O and enhance performance, with checks to ensure that only valid and updated configurations are used.

Logging and Error Handling #

  1. Log Files:

    • Standard Logs: /var/log/mailborder/mb-milter.log
    • Error Logs: /var/log/mailborder/mb-milter-error.log

  2. Syslog Integration:

    • Logs to syslog under the mail facility for centralized tracking of SMTP transactions and errors.

  3. Graceful Error Recovery:

    • Implements exponential backoff and automatic retries for socket creation and Redis connectivity issues.
    • Handles system signals (SIGTERM, SIGINT, SIGHUP) for clean shutdowns and dynamic configuration reloads.

Troubleshooting #

  • Milter Connection Errors:

    • Ensure that Postfix can access the UNIX socket at /var/run/mailborder/mb-milter.sock.
    • Check the mb-milter logs and syslog for connection issues.

  • Redis Connectivity Issues:

    • Verify that Redis is running and accessible by checking the Redis service status:
      sudo systemctl status redis-server
    • Review the Redis error logs for connectivity issues.

  • Configuration Errors:

    • Ensure that all configuration files in /etc/mailborder/conf.d/ are correctly formatted and accessible.
    • Use the verbose logging option to debug configuration loading issues.

 

What are your Feelings