GatewayEmails

Silmar A. Marca edited this page Jan 10, 2014 · 6 revisions
Clone this wiki locally

Author: Silmar A. Marca

If you use the SPF, this technology helps to make a bridge of communication between e-mails with dual external redirects.

Before, set these in Main Configuration Settings:

#-SRS0 DATESIZE = 4 for dual gateway expire in year, 6 for dual gateway expire in montly, 8 for day expire
#- Sintaxe: SRS0=secpassword=forwarddomaindest.com.br=user@hostmx.yourdomain.com.br (SIGN_DOMAIN is $qualify_domain as correct)
SIGN_PREFIX             = SRS0
SIGN_PASS               = themasterpassword
SIGN_SIZE               = 10
SIGN_DATESIZE           = 8
SIGN_HASH               = md5
SIGN_DOMAIN             = $qualify_domain

#-- After, put the code in acl_check_rcpt:

  .ifdef SIGN_PASS
    #BLK: Nega se sintaxe errada para dominios tipo forward (ponte de um dominio para outro atraves deste servidor). Geralmente usado em apelidos para
    #evitar bloqueios de SPF
    drop  local_parts   = ^SIGN_PREFIX=*
          domains       = SIGN_DOMAIN : +local_domains : +alias_domains : +relay_to_domains
          condition     = ${if match{$local_part}{(?i)^(.+)=(.+)=(.+)\\.(.+)=(.+)\$}{no}{yes}}
          message       = Invalid sintax of forward signature.
          delay         = 45s
    drop  senders       = !:
          local_parts   = ^SIGN_PREFIX=*
          domains       = SIGN_DOMAIN : +local_domains : +alias_domains : +relay_to_domains
          condition     = ${if eqi\
                            {${hash_SIGN_SIZE:${hmac{SIGN_HASH}{${length_SIGN_DATESIZE:$tod_zulu}SIGN_PASS}{\
                                ${lc:${extract{3}{=}{$local_part}}=${extract{4}{=}{$local_part}}=$sender_address_domain=$sender_address_local_part}}}}}\
                            {${extract{2}{=}{$local_part}}}\
                            {no}{yes}}
          message       = Invalid or expired forward signature to send mail from <$sender_address> for external address <${extract{4}{=}{${lc:$local_part}}}@${extract{3}{=}{${lc:$local_part}}}>
          delay         = 45s
     #ACT: Aceita se ja tem um recipiente com o email validado. Certamente uma resposta direta ao email em questao via gateway. 
     accept senders     = !:
          local_parts   = ^SIGN_PREFIX=*
          domains       = SIGN_DOMAIN : +local_domains : +alias_domains : +relay_to_domains
          condition     = ${if eqi {$local_part@$domain} {$sender_address_local_part@$sender_address_domain} {no}{yes}}
          condition     = ${if eqi\
                            {${hash_SIGN_SIZE:${hmac{SIGN_HASH}{${length_SIGN_DATESIZE:$tod_zulu}SIGN_PASS}{\
                                ${lc:${extract{3}{=}{$local_part}}=${extract{4}{=}{$local_part}}=$sender_address_domain=$sender_address_local_part}}}}}\
                            {${extract{2}{=}{$local_part}}}\
                            {yes}{no}}
          verify        = recipient
          control       = queue_only
          logwrite      = :main: $message_exim_id Sign: accept recipient F=${extract{4}{=}{$local_part}}@${extract{3}{=}{$local_part}} T=$sender_address H=$sender_rcvhost
     
     #ACT: Aceita se ja e um email validado. O sender eh o email validado. No caso eh util sempre se quem envia eh um Sevidor Relay MX, que nao envia diretamente mas passando por este servidor. 
     accept senders     = !: ^SIGN_PREFIX=*
          sender_domains= SIGN_DOMAIN : +local_domains : +alias_domains : +relay_to_domains
          condition     = ${if eqi {$local_part@$domain} {$sender_address_local_part@$sender_address_domain} {no}{yes}}
          condition     = ${if eqi\
                            {${hash_SIGN_SIZE:${hmac{SIGN_HASH}{${length_SIGN_DATESIZE:$tod_zulu}SIGN_PASS}{\
                                ${lc:${extract{3}{=}{$sender_address_local_part}}=${extract{4}{=}{$sender_address_local_part}}=$domain=$local_part}}}}}\
                            {${extract{2}{=}{$sender_address_local_part}}}\
                            {yes}{no}}
          verify        = recipient
          logwrite      = :main: $message_exim_id Sign: accept sender F=${extract{4}{=}{$sender_address_local_part}}@${extract{3}{=}{$sender_address_local_part}} T=$local_part@$domain H=$sender_rcvhost
  .endif

#-- And, put these code in Router Configuration

.ifdef SIGN_PASS
  #-Envia diretamente os emails ja assinados via SIGN_PASS. Evita fazer re-assinaturas
  # Quando o RCPT eh validado
  sign_remote_recipient_send:
    driver            = dnslookup
    senders           = !: ^SIGN_PREFIX=*
    domains           = !+local_domains : !+alias_domains : !+relay_to_domains
    mx_domains        = ${domain}
    #condition        = ${if eqi {$local_part@$domain} {$sender_address_local_part@$sender_address_domain} {no}{yes}}
    condition         = ${if eqi\
                            {${hash_SIGN_SIZE:${hmac{SIGN_HASH}{${length_SIGN_DATESIZE:$tod_zulu}SIGN_PASS}{\
                                ${lc:${extract{3}{=}{$local_part}}=${extract{4}{=}{$local_part}}=$sender_address_domain=$sender_address_local_part}}}}}\
                            {${extract{2}{=}{$local_part}}}\
                         {true}fail}
    self              = fail
    transport         = nosign_delivery
    ignore_target_hosts   = +ignore_target_hosts
    cannot_route_message  = Unrouteable address: <${domain}>
    debug_print       = "R: sign_remote_recipient_send from <${extract{4}{=}{${lc:$local_part}}}@${extract{3}{=}{${lc:$local_part}}}> for <${local_part}@${domain}>"
    headers_remove      = BYPASS_NHEADER
    no_more

  sign_remote_sender_send:
    driver            = dnslookup
    senders           = !: ^SIGN_PREFIX=*
    domains           = !+local_domains : !+alias_domains : !+relay_to_domains
    mx_domains        = ${domain}
    #condition        = ${if eqi {$local_part@$domain} {$sender_address_local_part@$sender_address_domain} {no}{yes}}
    condition         = ${if and {\
                             { match_domain{$sender_address_domain}{+local_domains : +relay_to_domains : +alias_domains} }\
                             { eqi\
                                {${hash_SIGN_SIZE:${hmac{SIGN_HASH}{${length_SIGN_DATESIZE:$tod_zulu}SIGN_PASS}{\
                                    ${lc:${extract{3}{=}{$sender_address_local_part}}=${extract{4}{=}{$sender_address_local_part}}=$domain=$local_part}}}}}\
                                {${extract{2}{=}{$sender_address_local_part}}}}\
                         }{true}fail}
    self              = fail
    transport         = nosign_delivery
    ignore_target_hosts   = +ignore_target_hosts
    cannot_route_message  = Unrouteable address: <${domain}>
    debug_print       = "R: sign_remote_sender_send from <${extract{4}{=}{${lc:$sender_address_local_part}}}@${extract{3}{=}{${lc:$sender_address_local_part}}}> for <${local_part}@${domain}>"
    headers_remove      = BYPASS_NHEADER
    no_more

  #-Verificacao de endereco e redirecionamento ao endereco correto. Possibilita callout de outros servidores na origem fiel e tambem o envio de emails
  sign_redirect:
    senders           = !:
    driver            = redirect
    local_parts       = ^SIGN_PREFIX=*
    domains           = SIGN_DOMAIN
    condition         = ${if eqi\
                            {${hash_SIGN_SIZE:${hmac{SIGN_HASH}{${length_SIGN_DATESIZE:$tod_zulu}SIGN_PASS}{\
                                ${lc:${extract{3}{=}{$local_part}}=${extract{4}{=}{$local_part}}=$sender_address_domain=$sender_address_local_part}}}}}\
                            {${extract{2}{=}{$local_part}}}\
                         {true}fail}
    data              = ${extract{4}{=}{${lc:$local_part}}}@${extract{3}{=}{${lc:$local_part}}}
    debug_print       = "R: sign_redirect from <$sender_address_local_part@$sender_address_domain> for <${extract{4}{=}{${lc:$local_part}}}@${extract{3}{=}{${lc:$local_part}}}>"
    headers_remove    = to:errors-to
    headers_add       = "To: ${extract{4}{=}{${lc:$local_part}}}@${extract{3}{=}{${lc:$local_part}}}\nErrors-To: ${address:$reply_address}"
    no_expn
    no_more
.endif