[Pymilter] Possible to use a milter for reverse SRS?

Melanie Dymond Harper mel at herald.co.uk
Mon Jan 28 10:50:52 EST 2019 

On Sun, Jan 27, 2019 at 07:41:34PM -0500, Stuart D. Gathman wrote:
> On Fri, 25 Jan 2019, Melanie Dymond Harper wrote:
> 
> >I'm in the process of testing an SRS setup -- we need to be able to
> >forward email for some customers from domains managed here to their own
> >email accounts. We have srsmilter working the way it ought to for
> >outbound mail, so far so good; is it possible to configure it to handle
> >returned (bounced) mail to SRS-encoded addresses as well? The
> >original SRS documentation seems to suggest piping that back
> >through a script, but the available scripts (e.g. srs2envtol.py) all
> >seem to have caveats of "DO NOT USE, BAD IDEA" (etc) and I'd like to do
> >it a "better" way if there is one. Sendmail and Debian involved.
> 
> srsmilter in pysrs-1.0.3 translates SRS encoded recipients.
> 
> Any SRS recipients with bad signatures will reject that recipient.
> If reject_spoofed is True in pysrs.cfg, any local recipients that
> are not SRS encoded cause the entire message to be rejected in DATA.
> (To avoid receiving "bounce spam".) More complex policies will have
> to be coded in python.

Hm. Okay, I've now taken out any alias declarations for the domain being 
used as fwdomain, and the only "fancy" mail processing is now srsmilter 
(I previously had spfmilter in there as well, but I've taken that out 
for the moment until I can be more sure of what's happening.) As far as 
I can tell, srsmilter isn't doing anything at all to mails coming in 
addressed to (SRS-encoded) addresses at the domain configured as 
fwdomain. It's accepting mail to known accounts -- which is fair enough 
since that domain is in the local-host-names file -- but for anything 
else it is rejecting as "unknown user", it isn't trying to unwrap it. 
(Taking it out of local-host-names causes things to fail in rather more 
fundamental ways.)

So basically what happens is (S == sending box, F == forwarding box, R 
== recipient box)

Mail sent to valid address:

- mail sent from S
- mail received by F and sending address SRS-encoded
- mail forwarded to R and accepted there


Mail sent to invalid address:

- mail sent from S
- mail received by F and sending address SRS-encoded
- F tries to send onwards to R and gets a bounce as user is unknown 
there
- F tries to send DSN to SRS-encoded address at domain set up as 
fwdomain (for which F is MX)
- this fails because SRS-encoded address is unknown at F, and not 
unwound to pass back to S


The relevant bit of sendmail.mc looks like:

INPUT_MAIL_FILTER(`pysrsfilter', `S=local:/var/run/milter/srsmilter, 
F=T, T=C:5m;S:20s;R:5m;E:5m')

*scratches head*

Mel

<!DSPAM:168951C0DE51211748871530>

More information about the Pymilter mailing list