[Pymilter] SRS documentation on sendmail: broken links

David Friedlander david.p.friedlander at nasa.gov
Mon Nov 13 10:28:27 EST 2017 

Good morning, and thanks so much for your message on Friday.

On 11/10/17 6:15 PM, Stuart Gathman wrote:
> On 11/10/2017 05:11 PM, David Friedlander wrote:
>> OK, i have been able to get pysrs working properly with sendmail
>> SOCKETMAP support (a couple of weeks ago, actually).  However, it does
>> not work for me with milter. (I keep getting timeouts from sendmail.)
>> Is there a compelling reason why I should prefer milter if I have a
>> functioning setup with socketmap, security or otherwise?


What works for me:
http://bmsi.com/python/pysrs.html

What was not working for me was the combination of sendmail:

mc file:
INPUT_MAIL_FILTER(`pythonfilter', `S=local:/var/run/milter/pysrs.sock')
and running "pysrs.py" as the other end of the socket.

Now, in preparing to write back to you this morning, I was trying to 
hunt down where I saw it documented to run pysrs.py as the milter 
script, but could not lay my hands on it.  Does that mean I am 
wrong/misunderstood something?  I have been running pysrs.py as a 
non-root user (from /etc/init.d) so that sendmail would have something 
to talk to.  Should I have been running srsmilter.py instead?

Overall, do I understand you correctly that I should be running _both_ 
the milter and the socketmap instantiations, because they do different 
things (outgoing vs incoming)?

Thanks for your help and your patience!

David


> The pysrs socketmap just adds the SRS encoding to outgoing localparts.
> Now you want to do the reverse for RCPT TO on incoming emails.  MAIL
> FROM <> where the RCPT TO does not have SRS should be rejected.  Invalid
> SRS should be rejected.
>
> By "milter", do you mean my all singing, all dancing, hopeless feature
> creep bms milter?  I just got that working on EL7 with pysrs, and
> updated github on Nov 8 (rpms at https://gathman.org/linux/el7).  I was
> thinking we need srsmilter, just like we now have spfmilter and
> dkim-milter - for when you just want to do that one thing.
>
> It is almost certainly possible to do the reverse SRS logic in sendmail
> cf also (it *is* turing complete), using the same socketmap to do the
> reversals (or leaving the RCPT TO unchanged) - but it would be easier
> for me to just write that srsmilter.
>
> It is *almost* possible to do the forward SRS in milter instead of
> sendmail cf using the CHGFROM milter API.  However, milters cannot fully
> handle the case of multiple recipients with different SRS policies (some
> recipients are not RFC compliant and barf on perfectly valid localpart
> chars) - you cannot CHGFROM independently for each recipient, as it can
> only be called from the eom() callback.  That is why the forward map is
> done via sendmail cf with a socketmap.
>


<!DSPAM:15FB5FF3D5E590422816538>

More information about the Pymilter mailing list