Weldon Whipple <weldon@whipple.org>
Meng Weng Wong and friends devised SPF (originally "Sender Permitted From", later "Sender Policy Framework") in about 2003 in an effort to "help eliminate the spam problem by making it easy to detect forgeries." At about the same time, Microsoft proposed its own Caller-ID sender verification method.
On April 8, 2004, the IETF announced the MARID ("MTA Authorizition Records in DNS") working group, which tried to merge SPF and Caller-ID under the new name SenderID. When Microsoft attempted to patent the combined metholodigy as its own work (and require users to obtain licenses from Microsoft), most of the SPF backers "walked out," and MARID was disbanded.
Development of the original SPF version 1 ("SPF Classic") continues, and Microsoft continues to promote its SenderID, which includes elements of the original SPF. Sendmail, Inc.'s SenderID Milter supports both SPF Classic and Microsoft's SenderID.
This document describes how I installed Sendmail, Inc.'s sid-milter, available at SourceForge.net. (I tried building from FreeBSD ports initially, but the make system kept trying to install the ports version of sendmail as a dependency, so I opted for the "official" implementation.)
My setup at the time of this writing (6 Aug 2005) runs sendmail 8.13.4 (installed from the standard sendmail.org distribution) on the 5.3-RELEASE version of FreeBSD. I have built and installed the version of libmilter that ships with sendmail 8.13.4. (My setup includes the "usual" static libmilter.a, as well as a shared version libmilter.so. [Another document describes how I build the shared library version of libmilter.]) The version of sid-milter is 0.2.9.
FreeBSD's sendmail executable is compiled to support milters by default. There should be no need to recompile sendmail to support milters unless you are using a non-standard executable for some reason.
To verify that your sendmail supports MILTERS, issue the following command as root:# sendmail -d0.1 -bt < /dev/null | grep MILTERYou should see a line of output that includes the word "MILTER".
Visit http://sourceforge.net/projects/sid-milter/ and download the sid-milter tarball.
(I downloaded the copy from http://easynews.dl.sourceforge.net/sourceforge/sid-milter/sid-milter-0.2.9.tar.gz)
Create a directory (or use an existing one) and place the file sid-milter-0.2.9.tar.gz there. Change to that directory and issue a command something like
% tar xvzf sid-milter-0.2.9.tar.gzThe contents of the tarball should appear in a new subdirectory sid-milter-0.2.9.
The ./INSTALL file begins with instructions for downloading and unpacking the distribution (described above). We "join" the instructions at step 4, "Edit sid-filter/Makefile.m4 ..."
I found it unnecessary to edit any Makefile.m4 files. I noticed that the sid-milter build system is virtually identical to sendmail's build system, where the easiest way to change build behavior (the only way I do it for sendmail, actually) is through a "site configuration file," located in the directory ./devtools/Site (beneath the sid-milter-0.2.9 base source directory).
I name my site configuration file site.FreeBSD.m4, in case I ever want to build sid-milter for other operating systems. If you don't need to differentiate between OSes, you can name the file site.config.m4.)
My site configuration file (at ./devtools/Site/site.FreeBSD.m4) looks like this (after a little trial and error):
APPENDDEF(`confENVDEF',`-DNONSTANDARD_RES_STRUCTURE -DSM_CONF_SHM=0 -DSM_CONF_SEM=0')
The sid-milter builds the same way as the standard sendmail distribution. Change to the base sid-milter-0.2.9 directory and issue the command:
% sh Build
I typically use "./Build" instead of "sh Build".If all goes well, output will be placed in the directory ./obj.FreeBSD.5.3-RELEASE.i386 (or something similar that corresponds to your OS, version and architecture).
This step is omitted from the ./INSTALL file. It should be inserted as either the last step of the COMPILING section or the first step of the INSTALLING section.
Remaining in the sid-milter source directory of the previous step, switch to the root user (if you aren't already root) and install sid-milter:
% su # sh Build install
With the sid-filter executable (man pages, etc.) in place, we continue with the INSTALLING section of the ./INSTALL file in the base directory of the sid-milter distribution.
To make this milter parallel other milters in my configuration, I used a slightly different (from what is in the instructions) INPUT_MAIL_FILTER macro in my mc file:
INPUT_MAIL_FILTER(`sid-filter',`S=local:/var/sid-filter/sid-filter.sock')dnl
Since I'm doing this on FreeBSD, I follow these instructions when I change my sendmail.cf file.
I created a directory to hold the socket file:
# mkdir /var/sid-filter # chown smmsp:wheel /var/sid-filter
Here is my command:
# /usr/bin/sid-filter -l -p /var/sid-filter/sid-filter.sock
Tom Rhodes reports on 2 Jan 2009 that the command should be:# /usr/local/libexec/sid-filter"and the start script you have sets a default socket unless you overwrite it in /etc/rc.conf (see the one that the port currently installs)."
On FreeBSD, I issue the commands:
# cd /etc/mail; make restart
The following startup script was contributed by David Butterworth on 14 Aug 2007. It is "based on an example in the FreeBSD Handbook. ... It starts sid-filter automatically before mail services, allowing you to issue the 'start' and 'stop' commands directly."
Place this line in /etc/rc.conf:
sidfilter_enable="YES"Then create the following startup script /usr/local/etc/rc.d/sid-filter.sh:
#!/bin/sh # # PROVIDE: sidfilter # REQUIRE: LOGIN # BEFORE: mail # KEYWORD: shutdown # # DO NOT CHANGE THESE DEFAULT VALUES HERE # SET THEM IN THE /etc/rc.conf FILE # sidfilter_enable=${sidfilter_enable-"NO"} sidfilter_flags=${sidfilter_flags-"-l -p"} sidfilter_socket=${sidfilter_socket-"/var/run/sid-filter.sock"} . /etc/rc.subr name="sidfilter" rcvar=`set_rcvar` load_rc_config $name command="/usr/bin/sid-filter" start_cmd="echo \"Starting ${name}.\" ; /usr/bin/nice -5 ${command} ${sidfilter_flags} ${sidfilter_socket}" stop_postcmd=stop_postcmd stop_postcmd() { echo "Removing sidfilter socket." rm -f ${sidfilter_socket} } run_rc_command "$1" |
# chmod +x /usr/local/etc/rc.d/sid-filter.sh
(The paragraphs in the TESTING section of the ./INSTALL file speak for themselves.)
This document is very much a work in progress. Please feel free to send suggestions!