-
-
Notifications
You must be signed in to change notification settings - Fork 2
indimail srs.5
indimail-srs - indimail srs configuration files
Hosts which adopt the Sender Permitted From (SPF) convention face a challenge when required to forward mail. If the forwarding host does not change the sender domain, it will fail the SPF test and may not be able to hand the message off to the recipient. The Sender Rewriting Scheme (SRS) is a scheme for bypassing the Sender Policy Framework's (SPF) methods of preventing forged sender addresses. SPF "breaks" email forwarding. SRS is a way to fix it. SRS is a simple way for forwarding MTAs to rewrite the sender address. indimail-mta's SRS implementation has been adapted from Marcelo Coelho's qmail SRS patch. The base SRS functions comes from libsrs2.
You can configure indimail system for SRS by modifying indimail-mta's control files in /etc/indimail/control. You can set the environment variable CONTROLDIR to make indimail-mta look for control files in a different directory. The control files srs_domain and srs_secrets are mandatory.
You can also configure SRS by setting environment variables SRS_DOMAIN, SRS_SECRETS, SRS_MAXAGE, SRS_HASHLENGTH, SRS_HASHMIN, SRS_SEPARATOR, SRS_ALWAYSREWRITE.
The table below lists programs that use SRS and the SRS operation they do.
| Program SRS operation | |||
|---|---|---|---|
| condredirect Rewrites sender address using SRS | |||
| filterit Rewrites sender address using SRS | |||
| forward Rewrites sender address using SRS | |||
| qmail-inject Rewrites sender address using SRS | |||
| qmail-local Rewrites sender address using SRS | |||
| autoresponder Converts SRS address to the original sender address | |||
| qmail-send Converts SRS address to the original sender address | |||
| qmta-send Converts SRS address to the original sender address | |||
| slowq-send Converts SRS address to the original sender address | |||
| qmail-smtpd Converts SRS address to the original sender address | |||
| srsfilter Converts SRS address to the original sender address |
srs_domain
A domain to use in rewritten address. If not set, SRS is disabled. You
must create a MX record for srs.domain. If your domain is
example.com, this will be.
srs.example.com
srs_domain can also be configured by setting SRS_DOMAIN environment variable. The environment variable takes precedence over control file.
srs_secrets
A random string to generate and check SRS addresses. You can specify a
list of secrets (one per line). The first secret in the list is used for
generating new SRS addresses. All secrets on the list may be used to
verify SRS addresses. You can use the following command to generate a
random string of 24 charactoers.
$ tr -dc 'A-Za-z0-9!"#$%&'''()*+,-./:;<=>?@[]^_`{|}~' </dev/urandom | head -c 24; echo
srs_secrets can also be configured by setting SRS_SECRETS environment variable. The environment variable takes precedence over control file.
srs_maxage
The maximum permitted age of a rewritten address. SRS rewritten
addresses expire after a specified number of days. libsrs2 default
is 21. But a week is enough to get all bounces. Recommended value is 7
srs_maxage can also be configured by setting SRS_MAXAGE environment variable. The environment variable takes precedence over control file.
srs_hashlength
The hash length to generate in a rewritten address. The hash length is a
measure of security in the SRS system; longer is more secure.
Recommended value 4
srs_hashlength can also be configured by setting SRS_HASHLENGTH environment variable. The environment variable takes precedence over control file.
srs_hashmin
The hash length to require when checking an address. If the hash length
is increased, there may be SRS addresses from your MTA in the wild which
use a shorted hash length. This paramter may be sit to permit checking
of hashes shorter than srs_hashlength. This parameter should be at
most srs_hashlength. Recommended value 4
srs_hashmin can also be configured by setting SRS_HASHMIN environment variable. The environment variable takes precedence over control file.
srs_separator
The separator to appear immediately after SRS[01] in rewritten
addresses. This must be -, + or =. Default value is =
srs_separator can also be configured by setting SRS_SEPARATOR environment variable. The environment variable takes precedence over control file.
srs_alwaysrewrite
Skip rcpthosts check and perform SRS rewriting for all forwarding,
even when not required. This must be 0 (disabled) or 1 (enabled).
Default value is 0
srs_alwaysrewrite can also be configured by setting SRS_ALWAYSREWRITE environment variable. The environment variable takes precedence over control file.
indimail-control(5), qmail-send(8), slowq-send(8), qmta-send(8), qmail-smtpd(8), qmail-inject(8), qmail-local(8), sendmail(1) srsfilter(1)