[Pymilter] Possible to use a milter for reverse SRS?

[Melanie Dymond Harper]

Hi Stuart,

On Fri, Jan 25, 2019 at 10:49:33AM -0500, Stuart D. Gathman wrote:
> On Fri, 25 Jan 2019, Melanie Dymond Harper wrote:
>
> >I'm in the process of testing an SRS setup -- we need to be able to
> >forward email for some customers from domains managed here to their 
own
> >email accounts. We have srsmilter working the way it ought to for
> >outbound mail, so far so good; is it possible to configure it to 
handle
> >returned (bounced) mail to SRS-encoded addresses as well? The
>
> Oh my.  That was a very misleading thing for me to do.  srsmilter.py
> is a proof of concept for using the (at the time) new chgfrom milter
> API.
> Notice that it can't handle multiple recicients well due to the
> nature of the environment chgfrom is called from.

I've actually tried it on this end with a mixture of recipients which
should and should not be SRSed and it appears to Do The Right Thing at
this point (what comes out is SRSed addresses for non-local ones and
SESed ones for local ones, which is correct for my current config).
If this weren't Debian (and thus unlikely to have the most bleeding-edge
anything, let alone Sendmail) I might wonder whether CHGFROM had been
tweaked to be more mature, but...

> The SRS I use in production uses pysrs.py (a socket map) in 
conjunction
> with the pysrs.m4 feature for sendmail.cf for outgoing mail.

I was struggling to figure out a functional config for that; perhaps I
need to look again.

> Incoming SRS is handled off stage, in my case by the milter package.
> It is really rather mean of me.  srsmilter, even if chgfrom doesn't
> handle multiple recipients well, should at least provide a basic
> implementation of incoming SRS!
>
> So, the thing to do is extract the basics from bms.py in the milter
> package, and add them to srsmilter.py.  Invoking chgfrom should be
> configurable, as it is limited, so that pysrs.py can be used instead
> for outgoing SRS with sendmail.  And srsmilter would then provide
> simple processing of SRS bounces for either case.

Where might I get bms.py from, please? I have here both the pysrs and
pymilter packages from Github, but neither of them seem to include it
(and Google hasn't helped much as there are several different files out
there with that name)

> Note that pysrs.m4 also handles reverse by simply unwrapping SRS
> bounces.  Invalid SRS bounces are then rejected as 'unknown user'.

Right, so it sounds like if I can get pysrs working on this end it
should solve most of my problems (or at least get me further along the
track)

> Handling SRS bounces in a milter simply lets you do more accurate
> errors, e.g. bms.py responds to an invalid SRS bounce like this:
>
>             if not (self.internal_connection or self.trusted_relay):
>               if srsre.match(oldaddr):
>                 self.log("REJECT: srs spoofed:",oldaddr)
>                 self.setreply('550','5.7.1','Invalid SRS signature')
>                 return Milter.REJECT
>
> Which is more informative than "unknown user".
>
> So, outgoing SRS can be handled via CF and a socket map in pysrs.py,
> or via chgfrom milter API in srsmilter.py.
>
> Incoming SRS can be handle via CF and a socket map in pysrs.py with
> an "invalid user" response. Or, in the future - I think I can get
> something to test by Jan 29 - by srsmilter.py issuing an SRS
> specific
> rejection.  It is only a few lines - they just need to be the right
> lines.

That would be great if you do have the time. I'm unfortunately not
fluent enough in Python to want to try it from here (and let's not even
talk about the Perl scripts alleged to handle this stuff... sigh)

> In bms.py, I made srs_reject_spoofed a config boolean, thinking that
> I might want to give deliberately ambiguous errors to spammers.  But
> it has turned out that spammers don't really do anything with that
> kind
> of response, and being helpful to mail admins is more important.
>

Definitely. Thanks for your time!

Best,

Mel