robin.thoni
/
roehling-postsrsd
Sledovat 1
Oblíbit 0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 5 Wiki Aktivita
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
28 Revize
2 Větve
Strom: 384331767d
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „384331767d“
${ noResults }
Timo Röhling 384331767d Fix Travis CI script před 11 roky
.gitignore Ignore Eclipse project files před 11 roky
.travis.yml Fix Travis CI script před 11 roky
CMakeLists.txt Older CMake versions do not support -1 for string length před 11 roky
LICENSE Initial commit před 11 roky
README.md Update README.md před 11 roky
main.cf.ex Update main.cf.ex před 11 roky
makefile Initial commit před 11 roky
postinstall.cmake.in Add chroot capability před 11 roky
postsrsd.apparmor.in Add AppArmor support před 11 roky
postsrsd.c Optionally exclude domains from address rewriting před 11 roky
postsrsd.default Optionally exclude domains from address rewriting před 11 roky
postsrsd.init.in Optionally exclude domains from address rewriting před 11 roky
postsrsd.upstart.in Optionally exclude domains from address rewriting před 11 roky
sha1.c Initial commit před 11 roky
srs2.c Initial commit před 11 roky
srs2.h Initial commit před 11 roky

README.md

About

PostSRSd provides the Sender Rewriting Scheme (SRS) via TCP-based lookup tables for Postfix. SRS is needed if your mail server acts as forwarder.

Imagine your server receives a mail from alice@example.com that is to be forwarded. If example.com uses the Sender Policy Framework to indicate that all legit mails originate from their server, your forwarded mail might be bounced, because you have no permission to send on behalf of example.com. The solution is that you map the address to your own domain, e.g. SRS0+xxxx=yy=example.com=alice@yourdomain.org (forward SRS). If the mail is bounced later and a notification arrives, you can extract the original address from the rewritten one (revere SRS) and return the notification to the sender. You might notice that the reverse SRS can be abused to turn your server into an open relay. For this reason, xxxx and yy are a cryptographic signature and a time stamp. If the signature does not match, the address is forged and the mail can be discarded.

Building

PostSRSd requires a POSIX compatible system and CMake to build. Optionally, help2man is used to create a manual page.

For convenience, a Makefile fragment is provided which calls CMake with the recommended command line options. Just run make.

Installing

Run make install as root to install the daemon and the configuration files.

Configuration

The configuration is located in /etc/default/postsrsd. You must store at least one secret key in /etc/postsrsd.secret. The installer tries to generate one from /dev/urandom. Be careful that no one can guess your secret, because anyone who knows it can use your mail server as open relay! Each line of /etc/postsrsd.secret is used as secret. The first secret is used for signing and verification, the others for verification only.

PostSRSd exposes its functionality via two TCP lookup tables. The recommended Postfix configuration is to add the following fragment to your main.cf:

sender_canonical_maps = tcp:127.0.0.1:10001
sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:127.0.0.1:10002
recipient_canonical_classes= envelope_recipient

This will transparently rewrite incoming and outgoing envelope addresses. Run service postsrsd start and postfix reload as root, or reboot.