Milter implementation

The milter interface negotiates supports for various capabilities and actions. A given milter has the option of requiring a capability or action, optionally using a capability or action, or ignoring it entirely. This section documents what capabilities and actions are supported by Messaging Server as well as when support was first introduced.

The status of support for milter capabilities is:

The status of support for milter actions is:

The macros provided by the milter interface are:

The MTA&#x27;s milter macros support can be extended/modified using the  mapping table.

The smfi_insheader modification action associated with the SMFIF_ADDHDRS action flag specifies an index into the header where the field is to be inserted. Such semantics are not provided by Sieve; indeed, the smfi_insheader documentation itself notes that indices are not reliable. Prior to the 8.0 release, smfi_insheader was implemented by using a plain Sieve " " for an index of 0 and " " for a nonzero index. However, some milters, notably OpenDKIM, have been observed using an index value of 1 in an attempt to insert a field above the Received: field added by sendmail. Accordingly, a new milter spamfilter option,, has been added to deal with this and similar  situations. specifies the smallest index value that can be passed to smfi_insheader by the milter server and cause the resulting header field to be inserted at the top of the header block rather than the bottom. The default value is 1.

The libmilter provided by sendmail 8.14 now supports milter session reuse for multiple SMTP sessions or transactions. Unfortunately this support does not appear to be negotiated, making it necessary to have an option to enable it in addition to various options to control its use. Accordingly, several new options have been added to the milter spamfilter option file:



 (boolean, default 0) - Enable use of the QUIT_NC milter command so sessions can be reused. This should only be set when the version of libmilter is recent enough to support the feature. (Sendmail 8.14 or later.) 

 (integer, default 180) - Time in session a session is allowed to remain idle and still be a candidate for reuse. 

 (integer, default 100) - Number of transactions allowed in a single session. 

 (integer, default 3600) - Maximum time, in seconds, that a single session can be used. 



As of the 8.0 release, proper remote port information is transferred through the smfi_connect callback.

Finally, support for milter connections via Socks has been removed, so the,  ,   , and  milter options  are no longer supported in 8.0 and later versions.

Most spam/virus filter packages return package-specific so-called "verdict strings", which the MTA is configured to interpret as desired (Sieve actions), with the correspondence controlled via pairs of MTA options      and     . However, milter normally returns an actual Sieve scriptlet, which should be used verbatim. So the usual pairs of verdict/action MTA options are not used in the MTA&#x27;s configuration for milter integration; instead, only the    and     MTA options are relevant for the MTA&#x27;s milter configuration.

The default value for   , namely  , is proper for use with milter, as if milter returns no verdict then the meaning is that the message should be discarded. To have milter&#x27;s Sieve scriptlets used when milter does return a verdict, the     option must be set to exactly: data:,$M So for instance: msconfig&#x3e; show spamfilter3_&#x2a; role.mta.spamfilter3_config_file = /opt/sun/comms/messaging64/config/miltertest.dat role.mta.spamfilter3_library = /opt/sun/comms/messaging64/lib/libmilter.so msconfig&#x3e; show -default spamfilter3_null_action role.mta.spamfilter3: data:,discard msconfig&#x3e; set spamfilter3_string_action "data:,$M" This setting of  above is using the   substitution  (see the discussion of such substitutions in the discussion of the   MTA option) which means to use the detailed verdict string provided by the milter directly as a Sieve scriptlet (and triggers special handling to allow proper handling of extra "long" returned verdicts, such as a milter-returned entire Sieve scriptlet).

See also:
 * received_domain MTA Option
 * official_host_name Option
 * MILTER_ACTIONS mapping table
 * MILTER_MACROS mapping table
 * Milter spamfilterN_config_file
 * Milter single recipient extension
 * Spamfilter MTA options
 * Spam and virus filtering