cluegetter

ClueGetter - Access and Auditing Milter

Cluegetter provides a means to have an integrated way to determine if a message should be accepted by Postfix. All email (metadata) and verdicts are stored in a database allowing for auditing.

Each message has a verdict of one of the following values:

• Permit: Accept message.
• Tempfail: Deny delivery, but expect the delivering MTA to deliver it at a later time.
• Reject: Reject the message, indicating it will not be accepted a next time either.

Features:

• Quotas - Limit the number of emails (per ip, sasl user, recipient, sender) over an arbitrary amount of time.
• SpamAssassin - Determine whether an email is SPAM through SpamAssassin. Can be used alongside the Rspamd module.
• Rspamd - Determine whether an email is SPAM through Rspamd. Can be used alongside the SpamAssassin module.
• ClamAV/Clamd - Scan the message for viruses, malware, etc.
• Greylisting - Ask a server to try again in a bit if it wasn't seen before and the mail looks spammy.
• Bounce Handling - Keep track of what emails were rejected by remote MTAs and for what reasons.
• Abusers - Present a list of users in the web interface who had an unusual amount of email rejected. Usually these users have been hacked, or are otherwise malicious.
• MailQueue - Display an aggregate of all mail queues that reside in your ClueGetter cluster. Filter based on instance, recipient(/domain), sender(/domain) and delete or requeue selections of items in the queue.
• Contacts - Import address books (e.g. from RoundCube) so these addresses and/or domains can be used to (partially) blacklist messages from those addresses or domains.
• SRS - Sender Rewriting Scheme

Planned modules:

• GeoIP - Detect anomalies in the countries used to send mail from
• Reputation - Incorporate previous verdicts in future verdicts.

See the Wiki for more documentation how to use these features.

ClueGetter should be usable, but as long as no 1.0 release has been released, you should make sure to test it before using in production. Coming to think of it, you should always test anything you take into production. But at least you've been warned.

Screenshots

Message Details	Searching for a message	Search results	Mail Queue

Quick Setup

Copy the example config file: cp cluegetter.conf.dist cluegetter.conf

Add the following directives to Postfix' main.cf:

smtpd_milters = inet:localhost:10033
enable_long_queue_ids = yes

The long queue id's are necessary because ClueGetter uses these id's as internal reference and as such they are required to be unique (which the enable_long_queue_ids directive ensures).

If you want to test ClueGetter first to see how it would behave, without actually influencing current operations, run it in noop mode.

Change the noop directive in the cluegetter config file:

noop = true

Add to the Postfix main.cf:

milter_default_action=accept

Create and fill the database:

echo 'CREATE DATABASE cluegetter DEFAULT CHARACTER SET utf8' | mysql
mysql cluegetter < mysql.sql

Run ClueGetter:

make
./bin/cluegetter --config ./cluegetter.conf --loglevel=DEBUG daemon --foreground

Once you got things up and running, consider setting up Redis. This will significantly improve performance and the ability to handle email while under load.

License

ClueGetter is distributed under a BSD 2-clause style license. Please see the LICENSE file for specifics.