Hi.
I was thinking about writing a *simple* SRS implementation for qmail.
I've seen qmail already has something similar in qmail-send but for
internal purposes (a percenthack and something with mailing list owner
addresses).
So adding something here would not be a big problem as long as it is
kept simple.
I was thinking about when a generic solution should do rewriting.
My idea:
- rewrite sender on outgoing mails if the sender domain isn't a locally
handled domain. What is a locally handled domain? Should it be
locals/virtualdomains or rcpthosts or both? Domains listed in rcpthosts
but not in locals/virtualdomains are most likely accepted because the
host is a backup MX.
If a mail is locally generated but the domain is not listed in
locals/virtualdomains SRS would also kick in. This means that a
returning mail will be returned to the real owner of that domain. For
things like web servers...?
That would require minimal configuration: Just a configuration file with
a local srs bounce user or a srs bounce domain. Finished. (and
optionally a file with a private key so that keys are creating)
About SRS itself:
I think that a database would be overkill for a normal use. But still
some key is needed so that you can't spam through a mail server using
SRS backwards.
What about something like:
bounce-key-origsender#origdomain.tld@bouncedomain.tld
The problem is: Things might become too long. If the address looks like
a already rewritten one, are we allowed to assume it really is? If it's
from us we can assume it. Can we assume it otherwise? It was already
stated that using SRS0 or something instead of bounce would probably be
more secure but still...
Let's ignore it for a moment.
How would rewriting look like?
Old sender: a@b.c
New sender: a#b.c@bounce.local.tld
or: bounce-a#b.c@local.tld
@ is replaced by #, - by =, =(n) by =(n+1), #(n) by #(n+1)
The prefix bounce and the domain can be configured. A bounce domain
would be preferrable, if not available a virtual bounce user can be used
(at least this is qmail style, with the user <dash> ext).
If you want to parse the sender, e.g. because a bounce comes back:
Go backwards until you find a #. What comes afterwards will be a domain.
If you find a dash, the domain ends here, there rest is ignore (could be
some information?)
Go back until you find a dash or arrive at the beginning of the line.
= -> -, # -> @, #(n+1) -> #(n), =(n+1) -> =(n).
Then you have the address. You can go backwards again and look for the
next #. Everything after that will be a domain again. If you find more
than one dash between the end of the domain and the start of the local
part, like:
bounce-local1#domain1-blabla-local2#domain2-blabla@domain
^^^^^^
this is some information that belongs to local2#domain2. It is where a
key could be stored.
A very simple way to create the key:
Create a unique value for the current date. Add a private key, the old
sender and this value for the date together, hash it and use it as key.
How the key is verified: The address gets decoded so that the old sender
is obtained. For every day (today-14 ... today+2) try to reproduce the
hash. If it fits the SRS rewritten sender is valid an can be relayed.
So, still the problem what should be done about lines becoming too long.
What if the address was already very long in the first place?
What if the line gets too long after some hops? If we want to remove old
hops, how can we reliably detect if the sender address was already
rewritten? Should we remove the last hop in general? Should MTA that
know about SRS directly send bounce to the original sender because they
can decode the rewritten sender?
What if the original sender had multiple @ characters in the local part?
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h
I was thinking about writing a *simple* SRS implementation for qmail.
I've seen qmail already has something similar in qmail-send but for
internal purposes (a percenthack and something with mailing list owner
addresses).
So adding something here would not be a big problem as long as it is
kept simple.
I was thinking about when a generic solution should do rewriting.
My idea:
- rewrite sender on outgoing mails if the sender domain isn't a locally
handled domain. What is a locally handled domain? Should it be
locals/virtualdomains or rcpthosts or both? Domains listed in rcpthosts
but not in locals/virtualdomains are most likely accepted because the
host is a backup MX.
If a mail is locally generated but the domain is not listed in
locals/virtualdomains SRS would also kick in. This means that a
returning mail will be returned to the real owner of that domain. For
things like web servers...?
That would require minimal configuration: Just a configuration file with
a local srs bounce user or a srs bounce domain. Finished. (and
optionally a file with a private key so that keys are creating)
About SRS itself:
I think that a database would be overkill for a normal use. But still
some key is needed so that you can't spam through a mail server using
SRS backwards.
What about something like:
bounce-key-origsender#origdomain.tld@bouncedomain.tld
The problem is: Things might become too long. If the address looks like
a already rewritten one, are we allowed to assume it really is? If it's
from us we can assume it. Can we assume it otherwise? It was already
stated that using SRS0 or something instead of bounce would probably be
more secure but still...
Let's ignore it for a moment.
How would rewriting look like?
Old sender: a@b.c
New sender: a#b.c@bounce.local.tld
or: bounce-a#b.c@local.tld
@ is replaced by #, - by =, =(n) by =(n+1), #(n) by #(n+1)
The prefix bounce and the domain can be configured. A bounce domain
would be preferrable, if not available a virtual bounce user can be used
(at least this is qmail style, with the user <dash> ext).
If you want to parse the sender, e.g. because a bounce comes back:
Go backwards until you find a #. What comes afterwards will be a domain.
If you find a dash, the domain ends here, there rest is ignore (could be
some information?)
Go back until you find a dash or arrive at the beginning of the line.
= -> -, # -> @, #(n+1) -> #(n), =(n+1) -> =(n).
Then you have the address. You can go backwards again and look for the
next #. Everything after that will be a domain again. If you find more
than one dash between the end of the domain and the start of the local
part, like:
bounce-local1#domain1-blabla-local2#domain2-blabla@domain
^^^^^^
this is some information that belongs to local2#domain2. It is where a
key could be stored.
A very simple way to create the key:
Create a unique value for the current date. Add a private key, the old
sender and this value for the date together, hash it and use it as key.
How the key is verified: The address gets decoded so that the old sender
is obtained. For every day (today-14 ... today+2) try to reproduce the
hash. If it fits the SRS rewritten sender is valid an can be relayed.
So, still the problem what should be done about lines becoming too long.
What if the address was already very long in the first place?
What if the line gets too long after some hops? If we want to remove old
hops, how can we reliably detect if the sender address was already
rewritten? Should we remove the last hop in general? Should MTA that
know about SRS directly send bounce to the original sender because they
can decode the rewritten sender?
What if the original sender had multiple @ characters in the local part?
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h