Browse Source

Merge pull request #63 from gadall/gedalya-add-length

Make hash length and hash minimum length configurable
master
Timo Röhling 8 years ago
parent
commit
d0c8e0133c
9 changed files with 106 additions and 7 deletions
  1. 69
    0
      README.exim.md
  2. 4
    0
      README.md
  3. 9
    0
      init/postsrsd.default.in
  4. 1
    1
      init/postsrsd.systemd.in
  5. 1
    1
      init/postsrsd.sysv-lsb.in
  6. 2
    1
      init/postsrsd.sysv-redhat.in
  7. 1
    1
      init/postsrsd.upstart.in
  8. 18
    2
      postsrsd.c
  9. 1
    1
      srs2.c

+ 69
- 0
README.exim.md View File

@@ -0,0 +1,69 @@
1
+PostSRSd integration with Exim
2
+==============================
3
+
4
+## SRS Return router
5
+
6
+If using a domain solely for SRS return addresses:
7
+
8
+    SRS_DOMAIN = srs.your.domain
9
+    
10
+    begin routers
11
+    
12
+    srs_return:
13
+      caseful_local_part
14
+      domains = SRS_DOMAIN
15
+      driver = redirect
16
+      allow_fail
17
+      data = ${if match {$local_part}{\N(?i)^srs[01]=\N} \
18
+    	{${if match \
19
+    	  {${readsocket{inet:localhost:10002}{get ${quote_local_part:$local_part_prefix$local_part}@$domain}{3s}}} \
20
+    	  {\N^200 (.+)\N} \
21
+    	  {$1} \
22
+    	  {:fail: Invalid SRS bounce} \
23
+    	}} \
24
+    	{:fail: Invalid SRS bounce} \
25
+      }
26
+      no_more
27
+
28
+If your SRS domain is also used for other addresses:
29
+
30
+    SRS_DOMAIN = srs.your.domain
31
+    
32
+    begin routers
33
+    
34
+    srs_return:
35
+      caseful_local_part
36
+      domains = SRS_DOMAIN
37
+      local_part_prefix = srs0= : srs1=
38
+      driver = redirect
39
+      allow_fail
40
+      data = ${if match \
41
+        {${readsocket{inet:localhost:10002}{get ${quote_local_part:$local_part_prefix$local_part}@$domain}{3s}}} \
42
+        {\N^200 (.+)\N} \
43
+        {$1} \
44
+        {:fail: Invalid SRS bounce} \
45
+      }
46
+
47
+## Rewriting outgoing mail in the SMTP transport
48
+
49
+The following excludes locally submitted mail, or mail submitted by authenticated
50
+users from SRS rewriting. Of course, if the sender address is already in
51
+one of our local domains, there is no need to rewrite the address.
52
+
53
+    begin transports
54
+    
55
+    remote_smtp:
56
+      debug_print = "T: remote_smtp for $local_part@$domain"
57
+      driver = smtp
58
+      return_path = ${if and { \
59
+    		{!match_ip{$sender_host_address}{:@[]}} \
60
+    		{!def:authenticated_id} \
61
+    		{!match_address {$sender_address} { : *@+local_domains : *@+virtual_domains : SRS_DOMAIN}} \
62
+    	} \
63
+    	{${if match \
64
+    	  {${readsocket{inet:localhost:10001}{get $sender_address}{3s}}} \
65
+    	  {\N^200 (.+)\N} \
66
+    	  {$1} \
67
+    	  fail } \
68
+    	} \
69
+    	fail }

+ 4
- 0
README.md View File

@@ -109,3 +109,7 @@ Known Issues
109 109
 - The Postfix package in CentOS 6 lacks the required support for TCP
110 110
   dictionaries. Please upgrade your distribution or build Postfix yourself.
111 111
 
112
+Use with Exim
113
+-------------
114
+
115
+Exim configuration examples can be found in [README.exim.md](README.exim.md)

+ 9
- 0
init/postsrsd.default.in View File

@@ -23,6 +23,15 @@ SRS_SEPARATOR==
23 23
 #
24 24
 SRS_SECRET=@SYSCONF_DIR@/@PROJECT_NAME@.secret
25 25
 
26
+# Length of hash to be used in rewritten addresses
27
+SRS_HASHLENGTH=4
28
+
29
+# Minimum length of hash to accept when validating return addresses.
30
+# When increasing SRS_HASHLENGTH, set this to its previous value and
31
+# wait for the duration of SRS return address validity (21 days) before
32
+# increading this value as well.
33
+SRS_HASHMIN=4
34
+
26 35
 # Local ports for TCP list.
27 36
 # These ports are used to bind the TCP list for postfix. If you change
28 37
 # these, you have to modify the postfix settings accordingly. The ports

+ 1
- 1
init/postsrsd.systemd.in View File

@@ -17,7 +17,7 @@ EnvironmentFile=-/run/@PROJECT_NAME@/default
17 17
 # Load the real configuration.
18 18
 EnvironmentFile=@CONFIG_DIR@/@PROJECT_NAME@
19 19
 
20
-ExecStart=@CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f "${SRS_FORWARD_PORT}" -r "${SRS_REVERSE_PORT}" -d "${SRS_DOMAIN}" -s "${SRS_SECRET}" -a "${SRS_SEPARATOR}" -u "${RUN_AS}" -c "${CHROOT}" -X"${SRS_EXCLUDE_DOMAINS}"
20
+ExecStart=@CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f "${SRS_FORWARD_PORT}" -r "${SRS_REVERSE_PORT}" -d "${SRS_DOMAIN}" -s "${SRS_SECRET}" -a "${SRS_SEPARATOR}" -n "${SRS_HASHLENGTH}" -N "${SRS_HASHMIN}" -u "${RUN_AS}" -c "${CHROOT}" -X"${SRS_EXCLUDE_DOMAINS}"
21 21
 
22 22
 [Install]
23 23
 WantedBy=multi-user.target

+ 1
- 1
init/postsrsd.sysv-lsb.in View File

@@ -44,7 +44,7 @@ case "$1" in
44 44
 		--pidfile $PIDFILE \
45 45
 		--name $NAME \
46 46
 		--startas $DAEMON \
47
-		-- -f "$SRS_FORWARD_PORT" -r "$SRS_REVERSE_PORT" -d "$SRS_DOMAIN" -s "$SRS_SECRET" -a "$SRS_SEPARATOR" -u "$RUN_AS" -p "$PIDFILE" -c "$CHROOT" -D -X"$SRS_EXCLUDE_DOMAINS"
47
+		-- -f "$SRS_FORWARD_PORT" -r "$SRS_REVERSE_PORT" -d "$SRS_DOMAIN" -s "$SRS_SECRET" -a "$SRS_SEPARATOR" -n "$SRS_HASHLENGTH" -N "$SRS_HASHMIN" -u "$RUN_AS" -p "$PIDFILE" -c "$CHROOT" -D -X"$SRS_EXCLUDE_DOMAINS"
48 48
 	then
49 49
 	    log_end_msg 0
50 50
 	else

+ 2
- 1
init/postsrsd.sysv-redhat.in View File

@@ -35,7 +35,8 @@ test -r "$SRS_SECRET" -a -n "$SRS_DOMAIN" || exit 0
35 35
 do_start()
36 36
 {
37 37
 	echo -n "Starting $DESC: "
38
-	daemon $DAEMON -f "$SRS_FORWARD_PORT" -r "$SRS_REVERSE_PORT" -d "$SRS_DOMAIN" -s "$SRS_SECRET" \
38
+	daemon $DAEMON -f "$SRS_FORWARD_PORT" -r "$SRS_REVERSE_PORT" -d "$SRS_DOMAIN" \
39
+	               -s "$SRS_SECRET" -n "$SRS_HASHLENGTH" -N "$SRS_HASHMIN" \
39 40
 	               -u "$RUN_AS" -p "$PIDFILE" -a "$SRS_SEPARATOR" -c "$CHROOT" -D -X"$SRS_EXCLUDE_DOMAINS"
40 41
 	RETVAL=$?
41 42
 	echo

+ 1
- 1
init/postsrsd.upstart.in View File

@@ -9,6 +9,6 @@ script
9 9
 	SRS_DOMAIN=`postconf -h mydomain || true`
10 10
 	SRS_EXCLUDE_DOMAINS=
11 11
 	. "@CONFIG_DIR@/@PROJECT_NAME@"
12
-	exec @CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f "$SRS_FORWARD_PORT" -r "$SRS_REVERSE_PORT" -d "$SRS_DOMAIN" -s "$SRS_SECRET" -a "$SRS_SEPARATOR" -u "$RUN_AS" -c "$CHROOT" -X"$SRS_EXCLUDE_DOMAINS"
12
+	exec @CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f "$SRS_FORWARD_PORT" -r "$SRS_REVERSE_PORT" -d "$SRS_DOMAIN" -s "$SRS_SECRET" -a "$SRS_SEPARATOR" -n "$SRS_HASHLENGTH" -N "$SRS_HASHMIN" -u "$RUN_AS" -c "$CHROOT" -X"$SRS_EXCLUDE_DOMAINS"
13 13
 end script
14 14
 

+ 18
- 2
postsrsd.c View File

@@ -219,6 +219,8 @@ static void show_help ()
219 219
     "   -s<file>       read secrets from file (required)\n"
220 220
     "   -d<domain>     set domain name for rewrite (required)\n"
221 221
     "   -a<char>       set first separator character which can be one of: -=+ (default: =)\n"
222
+    "   -n<num>        length of hash to be used in rewritten addresses (default: 4)\n"
223
+    "   -N<num>        minimum length of hash to accept for validation (default: 4)\n"
222 224
     "   -l<addr>       set socket listen address (default: 127.0.0.1)\n"
223 225
     "   -f<port>       set port for the forward SRS lookup (default: 10001)\n"
224 226
     "   -r<port>       set port for the reverse SRS lookup (default: 10002)\n"
@@ -242,7 +244,7 @@ typedef void(*handle_t)(srs_t*, FILE*, const char*, const char*, const char**);
242 244
 
243 245
 int main (int argc, char **argv)
244 246
 {
245
-  int opt, timeout = 1800, family = AF_UNSPEC;
247
+  int opt, timeout = 1800, family = AF_UNSPEC, hashlength = 0, hashmin = 0;
246 248
   int daemonize = FALSE;
247 249
   char *listen_addr = NULL, *forward_service = NULL, *reverse_service = NULL,
248 250
        *user = NULL, *domain = NULL, *chroot_dir = NULL;
@@ -265,7 +267,7 @@ int main (int argc, char **argv)
265 267
   tmp = strrchr(argv[0], '/');
266 268
   if (tmp) self = strdup(tmp + 1); else self = strdup(argv[0]);
267 269
 
268
-  while ((opt = getopt(argc, argv, "46d:a:l:f:r:s:u:t:p:c:X::Dhev")) != -1) {
270
+  while ((opt = getopt(argc, argv, "46d:a:l:f:r:s:n:N:u:t:p:c:X::Dhev")) != -1) {
269 271
     switch (opt) {
270 272
       case '?':
271 273
         return EXIT_FAILURE;
@@ -296,6 +298,12 @@ int main (int argc, char **argv)
296 298
       case 's':
297 299
         secret_file = strdup(optarg);
298 300
         break;
301
+      case 'n':
302
+        hashlength = atoi(optarg);
303
+        break;
304
+      case 'N':
305
+        hashmin = atoi(optarg);
306
+        break;
299 307
       case 'p':
300 308
         pid_file = strdup(optarg);
301 309
         break;
@@ -334,6 +342,10 @@ int main (int argc, char **argv)
334 342
           domain = strdup(getenv("SRS_DOMAIN"));
335 343
         if ( getenv("SRS_SEPARATOR") != NULL )
336 344
           separator = *getenv("SRS_SEPARATOR");
345
+        if ( getenv("SRS_HASHLENGTH") != NULL )
346
+          hashlength = atoi(getenv("SRS_HASHLENGTH"));
347
+        if ( getenv("SRS_HASHMIN") != NULL )
348
+          hashmin = atoi(getenv("SRS_HASHMIN"));
337 349
         if ( getenv("SRS_FORWARD_PORT") != NULL )
338 350
           forward_service = strdup(getenv("SRS_FORWARD_PORT"));
339 351
         if ( getenv("SRS_REVERSE_PORT") != NULL )
@@ -473,6 +485,10 @@ int main (int argc, char **argv)
473 485
   fclose (sf);
474 486
 
475 487
   srs_set_separator (srs, separator);
488
+  if (hashlength)
489
+    srs_set_hashlength (srs, hashlength);
490
+  if (hashmin)
491
+    srs_set_hashmin (srs, hashmin);
476 492
 
477 493
   for (sc = 0; sc < socket_count; ++sc) {
478 494
     fds[sc].fd = sockets[sc];

+ 1
- 1
srs2.c View File

@@ -371,7 +371,7 @@ srs_hash_check(srs_t *srs, char *hash, int nargs, ...)
371 371
 	len = strlen(hash);
372 372
 	if (len < srs->hashmin)
373 373
 		return SRS_EHASHTOOSHORT;
374
-	if (len < srs->hashlength) {
374
+	if (len > srs->hashlength) {
375 375
 		tmp = alloca(srs->hashlength + 1);
376 376
 		strncpy(tmp, hash, srs->hashlength);
377 377
 		tmp[srs->hashlength] = '\0';

Loading…
Cancel
Save