----- Original Message -----
From: "Greg Connor" <gconnor@nekodojo.org>
To: <spf-discuss@v2.listbox.com>
Sent: Sunday, February 22, 2004 10:49 AM
Subject: Re: [spf-discuss] A couple of thoughts
> --Mark <admin@asarian-host.net> wrote:
>
> > So, I now defined this (for all my virtual domains):
> >
> > SRS0+*@asarian-host.com admin @asarian-host.com error:nouser "550 User
> > Unknown"
> >
> > Which tells sendmail all SRS+ address at asarian-host.com are, in
> > principle, valid, but to reject all other wildcard addresses. I said
> > valid "in principle", because, with the Milter in-between, addresses
> > with a fake SRS signature will be rejected by the Milter.
>
> Wouldn't this all be easier if SRS rewrites used a different virtual
> domain, like bounce.asarian-host.com, or even srs.asarian-host.com?
I briefly thought of that, but decided against it. Because a single SRS
domain has a single SPF policy! And I host several domains, all of which
need to preserve their own SPF policies.
> I thought the point of SRS was to make bounces go back to the original
> sender... if you want bounces to go to "admin" there is a much easier way
> to rewrite messages you are forwarding to come from
> admin@asarian-host.com. So, does the milter do something else besides a
> true reversal of SRS?
The front-end Milter validates the SRS addresses, and changed the SRS
envelope recipients to their 'reverse' state, so delivery would go to the
original sender.
The virtusertable entry, in the above example, was merely a "fall-through"
net; put in place, so sendmail would not reject with "User unknown" after
all, when the Milter returns control to sendmail after envrcpt_callback.
I spoke in past tense, as you noticed, because my current sendmail
implementation no longer requires the virtusertable fall-back entries:
http://asarian-host.net/srs/sendmailsrs.htm
SRS sender/recipient envelope rewriting is now integrated via rulesets.
Cheers,
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com
From: "Greg Connor" <gconnor@nekodojo.org>
To: <spf-discuss@v2.listbox.com>
Sent: Sunday, February 22, 2004 10:49 AM
Subject: Re: [spf-discuss] A couple of thoughts
> --Mark <admin@asarian-host.net> wrote:
>
> > So, I now defined this (for all my virtual domains):
> >
> > SRS0+*@asarian-host.com admin @asarian-host.com error:nouser "550 User
> > Unknown"
> >
> > Which tells sendmail all SRS+ address at asarian-host.com are, in
> > principle, valid, but to reject all other wildcard addresses. I said
> > valid "in principle", because, with the Milter in-between, addresses
> > with a fake SRS signature will be rejected by the Milter.
>
> Wouldn't this all be easier if SRS rewrites used a different virtual
> domain, like bounce.asarian-host.com, or even srs.asarian-host.com?
I briefly thought of that, but decided against it. Because a single SRS
domain has a single SPF policy! And I host several domains, all of which
need to preserve their own SPF policies.
> I thought the point of SRS was to make bounces go back to the original
> sender... if you want bounces to go to "admin" there is a much easier way
> to rewrite messages you are forwarding to come from
> admin@asarian-host.com. So, does the milter do something else besides a
> true reversal of SRS?
The front-end Milter validates the SRS addresses, and changed the SRS
envelope recipients to their 'reverse' state, so delivery would go to the
original sender.
The virtusertable entry, in the above example, was merely a "fall-through"
net; put in place, so sendmail would not reject with "User unknown" after
all, when the Milter returns control to sendmail after envrcpt_callback.
I spoke in past tense, as you noticed, because my current sendmail
implementation no longer requires the virtusertable fall-back entries:
http://asarian-host.net/srs/sendmailsrs.htm
SRS sender/recipient envelope rewriting is now integrated via rulesets.
Cheers,
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com