In the page http://asarian-host.net/srs/sendmailsrs.htm an SRS integration
with sendmail is presented. It is implied in the opening paragraphs that
after implementation something like the following would happen:
>>> MAIL from: <>
<<< 250 2.1.0 <>... Sender ok
>>> RCPT To:<admin@asarian-host.net>
<<< 250 2.1.5 <admin@asarian-host.net>... Recipient ok
>>> DATA
<<< 550 5.7.1 Bounce address not SRS signed!
However, this is NOT the case. There are no modifications to the sendmail
config file presented on the web page, which would generate a 550 error
after the data phase if the bounce recipient is not SRS signed. What this
implementation WILL do is reject a bounce with an _invalid_ SRS signed
recipient, but if the recipient is not SRS signed and is nonetheless a
valid address, the bounce will be delivered anyway.
How can this presentation be amended to achieve the goal of rejecting
bounces that are NOT signed AT ALL? This would need to be invoked:
1) Only if the envelope is <>, and
2) Only if the recipient is unsigned (either valid or invalid), and
3) only after we enter the DATA phase.
Since ParseLocal is called on the recipient before the possible DATA phase,
we can't reject the mail there. I am at a loss as to how to do anything
when we enter the DATA phase. Come someone point me to what I'm missing,
or is it not possible without modifying sendmail?
It might be sufficient to add the envelope sender to the ARGV list for the
program invoked by is_srs and rewrite the recipient to "/dev/null" ... If
its a valid probe, it won't matter, and if there's DATA later then it'll
get delivered to the bit bucket. The only thing is then we allow the DATA
to be transmitted even if we're going to drop it anyway.
--
-- =========================
Tom Lahti
Tx3 Online Services
(888)4-TX3-SVC (489-3782)
http://www.tx3.net/
-- =========================
with sendmail is presented. It is implied in the opening paragraphs that
after implementation something like the following would happen:
>>> MAIL from: <>
<<< 250 2.1.0 <>... Sender ok
>>> RCPT To:<admin@asarian-host.net>
<<< 250 2.1.5 <admin@asarian-host.net>... Recipient ok
>>> DATA
<<< 550 5.7.1 Bounce address not SRS signed!
However, this is NOT the case. There are no modifications to the sendmail
config file presented on the web page, which would generate a 550 error
after the data phase if the bounce recipient is not SRS signed. What this
implementation WILL do is reject a bounce with an _invalid_ SRS signed
recipient, but if the recipient is not SRS signed and is nonetheless a
valid address, the bounce will be delivered anyway.
How can this presentation be amended to achieve the goal of rejecting
bounces that are NOT signed AT ALL? This would need to be invoked:
1) Only if the envelope is <>, and
2) Only if the recipient is unsigned (either valid or invalid), and
3) only after we enter the DATA phase.
Since ParseLocal is called on the recipient before the possible DATA phase,
we can't reject the mail there. I am at a loss as to how to do anything
when we enter the DATA phase. Come someone point me to what I'm missing,
or is it not possible without modifying sendmail?
It might be sufficient to add the envelope sender to the ARGV list for the
program invoked by is_srs and rewrite the recipient to "/dev/null" ... If
its a valid probe, it won't matter, and if there's DATA later then it'll
get delivered to the bit bucket. The only thing is then we allow the DATA
to be transmitted even if we're going to drop it anyway.
--
-- =========================
Tom Lahti
Tx3 Online Services
(888)4-TX3-SVC (489-3782)
http://www.tx3.net/
-- =========================