|
@@ -1,9 +1,16 @@
|
|
1
|
+PostSRSd
|
|
2
|
+========
|
|
3
|
+
|
1
|
4
|
About
|
2
|
|
-=====
|
|
5
|
+-----
|
|
6
|
+
|
3
|
7
|
PostSRSd provides the Sender Rewriting Scheme (SRS) via TCP-based
|
4
|
8
|
lookup tables for Postfix. SRS is needed if your mail server acts
|
5
|
9
|
as forwarder.
|
6
|
10
|
|
|
11
|
+
|
|
12
|
+Sender Rewriting Scheme Crash Course
|
|
13
|
+------------------------------------
|
7
|
14
|
Imagine your server receives a mail from alice@example.com
|
8
|
15
|
that is to be forwarded. If example.com uses the Sender Policy Framework
|
9
|
16
|
to indicate that all legit mails originate from their server, your
|
|
@@ -12,28 +19,54 @@ on behalf of example.com. The solution is that you map the address to
|
12
|
19
|
your own domain, e.g.
|
13
|
20
|
SRS0+xxxx=yy=example.com=alice@yourdomain.org (forward SRS). If the
|
14
|
21
|
mail is bounced later and a notification arrives, you can extract the
|
15
|
|
-original address from the rewritten one (revere SRS) and return the
|
|
22
|
+original address from the rewritten one (reverse SRS) and return the
|
16
|
23
|
notification to the sender. You might notice that the reverse SRS can
|
17
|
24
|
be abused to turn your server into an open relay. For this reason, xxxx
|
18
|
25
|
and yy are a cryptographic signature and a time stamp. If the signature
|
19
|
26
|
does not match, the address is forged and the mail can be discarded.
|
20
|
27
|
|
21
|
28
|
Building
|
22
|
|
-========
|
|
29
|
+--------
|
|
30
|
+
|
23
|
31
|
PostSRSd requires a POSIX compatible system and CMake to build.
|
24
|
32
|
Optionally, help2man is used to create a manual page.
|
25
|
33
|
|
26
|
34
|
For convenience, a Makefile fragment is provided which calls CMake with
|
27
|
35
|
the recommended command line options. Just run `make`.
|
28
|
36
|
|
|
37
|
+Alternatively, you can control many aspects of the build manually:
|
|
38
|
+
|
|
39
|
+ mkdir build
|
|
40
|
+ cd build
|
|
41
|
+ cmake .. <options>
|
|
42
|
+ make
|
|
43
|
+ make install
|
|
44
|
+
|
|
45
|
+The CMake script defines a number of options in addition to the
|
|
46
|
+standard CMake flags. Use `-D<option>=<value>` to override the defaults.
|
|
47
|
+
|
|
48
|
+* `GENERATE_SRS_SECRET` (default: `ON`). Generate a random secret on install.
|
|
49
|
+* `USE_APPARMOR` (default: `OFF`): Install an AppArmor profile for the daemon.
|
|
50
|
+* `INIT_FLAVOR` (default: auto-detect). Select the appriopriate startup
|
|
51
|
+ script type. Must be one of (`upstart`,`sysv-lsb`,`sysv-redhat`) or `none`.
|
|
52
|
+* `CHROOT_DIR` (default: `${CMAKE_INSTALL_PREFIX}/lib/postsrsd`). Chroot jail
|
|
53
|
+ for the daemon.
|
|
54
|
+* `SYSCONF_DIR` (default: `/etc`). Location of system configuration files.
|
|
55
|
+* `CONFIG_DIR` (default: `${SYSCONF_DIR}/default`). Install destination for
|
|
56
|
+ the postsrsd settings.
|
|
57
|
+* `DOC_DIR` (default: `${CMAKE_INSTALL_PREFIX}/share/doc/postsrsd`). Install
|
|
58
|
+ destination for documentation files.
|
|
59
|
+
|
29
|
60
|
Installing
|
30
|
|
-==========
|
|
61
|
+----------
|
|
62
|
+
|
31
|
63
|
Run `make install` as root to install the daemon and the configuration
|
32
|
64
|
files.
|
33
|
65
|
|
34
|
66
|
Configuration
|
35
|
|
-=============
|
36
|
|
-The configuration is located in `/etc/default/postsrsd`. You must store
|
|
67
|
+-------------
|
|
68
|
+
|
|
69
|
+The configuration is located in `/etc/default/postsrsd` by default. You must store
|
37
|
70
|
at least one secret key in `/etc/postsrsd.secret`. The installer tries to generate
|
38
|
71
|
one from `/dev/urandom`. Be careful that no one can guess your secret,
|
39
|
72
|
because anyone who knows it can use your mail server as open relay!
|