-
Notifications
You must be signed in to change notification settings - Fork 4
Getting Started
The personification of divine order, law, natural law and custom.
Before we start dive into the details, we need to know the therminology that will be used in the rest of the documentation.
- Namespace - Each key inside a redis server is called namespace.
- Object - The metadata information about a particular connection: sender, recipient, ip address, etc.
- Policy - A policy is compared with objects to control the behavior of a message.
- Groups - A group it's bind with a policy, they will be used to match with objects.
- Metadata - For each match of source and destination, a metadata key is created. It contains data about the state of the current connection.
- Pools - It's a set of servers for running isolated policies.
- Features - Used to control the configuration from the milter.
The project is divided in two packages, themis-core and themis, the first one, only provides library and the proper tools for configuring themis. The second package puts all together using pymilter to provide the desired behavior of a common milter. themis-core could be installed separated and installed locally, provides the command line tmscli, which could be used to configure a remote redis-server.
The redis server was chosen because the data must be written and retrieved very fast from the milter, most part of the data should be volatile for this kind of environment and that should not be a problem.
The inteligence of the themis relies on the policies, providing mechanisms to strictly control every message sent and received, the metadata created when the source and destination of a particular policy matches has important data about the previous and the current request, could be used to bypass the object or manually block it. Each policy control the aspect of how the object will be treated at the end of the connection.
It's only tested and packaged with ubuntu, in the near future it will be available on other plataforms. Check the Quick Start Guide
There's an image on Docker also.
All the configuration of themis is stored in redis server, but instead of manually configuring all the aspects of how Themis works, I recommend using the command line tmscli.
The cli command provides a help for each item configured, so let's see an example in action:
tmscli -a --policy default Source any Destination any
This command will add a policy with name "default" and match every sent and receive message. For more details check the command line reference
Themis it's a daemon that runs by default on port 8440 (configurable), you could start the daemon using the service command in Ubuntu
service themisd start
After that, you only have to define your policies and configure the servers with postfix to bind the themis server port. The parameters bellow must be configured:
- smtpd_milters
- non_smtpd_milters
If you need more information, check the milter readme