[Pymilter] SRS documentation on sendmail: broken links
David Friedlander
david.p.friedlander at nasa.gov
Mon Nov 13 10:28:27 EST 2017
Good morning, and thanks so much for your message on Friday.
On 11/10/17 6:15 PM, Stuart Gathman wrote:
> On 11/10/2017 05:11 PM, David Friedlander wrote:
>> OK, i have been able to get pysrs working properly with sendmail
>> SOCKETMAP support (a couple of weeks ago, actually). However, it does
>> not work for me with milter. (I keep getting timeouts from sendmail.)
>> Is there a compelling reason why I should prefer milter if I have a
>> functioning setup with socketmap, security or otherwise?
What works for me:
http://bmsi.com/python/pysrs.html
What was not working for me was the combination of sendmail:
mc file:
INPUT_MAIL_FILTER(`pythonfilter', `S=local:/var/run/milter/pysrs.sock')
and running "pysrs.py" as the other end of the socket.
Now, in preparing to write back to you this morning, I was trying to
hunt down where I saw it documented to run pysrs.py as the milter
script, but could not lay my hands on it. Does that mean I am
wrong/misunderstood something? I have been running pysrs.py as a
non-root user (from /etc/init.d) so that sendmail would have something
to talk to. Should I have been running srsmilter.py instead?
Overall, do I understand you correctly that I should be running _both_
the milter and the socketmap instantiations, because they do different
things (outgoing vs incoming)?
Thanks for your help and your patience!
David
> The pysrs socketmap just adds the SRS encoding to outgoing localparts.
> Now you want to do the reverse for RCPT TO on incoming emails. MAIL
> FROM <> where the RCPT TO does not have SRS should be rejected. Invalid
> SRS should be rejected.
>
> By "milter", do you mean my all singing, all dancing, hopeless feature
> creep bms milter? I just got that working on EL7 with pysrs, and
> updated github on Nov 8 (rpms at https://gathman.org/linux/el7). I was
> thinking we need srsmilter, just like we now have spfmilter and
> dkim-milter - for when you just want to do that one thing.
>
> It is almost certainly possible to do the reverse SRS logic in sendmail
> cf also (it *is* turing complete), using the same socketmap to do the
> reversals (or leaving the RCPT TO unchanged) - but it would be easier
> for me to just write that srsmilter.
>
> It is *almost* possible to do the forward SRS in milter instead of
> sendmail cf using the CHGFROM milter API. However, milters cannot fully
> handle the case of multiple recipients with different SRS policies (some
> recipients are not RFC compliant and barf on perfectly valid localpart
> chars) - you cannot CHGFROM independently for each recipient, as it can
> only be called from the eom() callback. That is why the forward map is
> done via sendmail cf with a socketmap.
>
<!DSPAM:15FB5FF3D5E590422816538>
More information about the Pymilter
mailing list