[Exim] Sender-/Return-Path-Rewriting

Top Page
Delete this message
Reply to this message
Author: Martin Treusch von Buttlar
Date:  
To: exim-users
Subject: [Exim] Sender-/Return-Path-Rewriting
Hi,

the following 4 routers implement a SRS as needed for proper SPF
support. This is heavily based on work from Daniel Roethlisberger who
implemented this for Exim3 [1]. To get this working one needs to provide
3 macros:
RPR_SECRET = ultrasecret
RPR_EXPLAIN_URL = http://yoursite/rpr.html?$message_id
RPR_DSN_TIMEOUT = 86400*5

Insert rpr_sender before your normal remote_smtp router.
The other 3 go before your routers for your localdomains.

rpr_sender:
  driver = dnslookup
  senders = ! *@+local_domains
  ignore_target_hosts = 127.0.0.0/8
  domains = ! +local_domains
  verify = false
  address_data = ${eval:$tod_epoch+RPR_DSN_TIMEOUT}=\
                   ${sg {${sg {$sender_address}{([=#%_])}{_\$1}}}{@}{#}}=\
                   ${sg {$original_local_part}{([=#%_])}{_\$1}}\
                   ${if eq {$domain}{$original_domain}\
                     {%$original_domain@$primary_hostname}\
                     {@$original_domain}}
  # Check for empty sender_address and prevent bounces from being rewritten
  condition = ${if and {{!eq {$sender_address}{}}\
                        {!match {$h_X-RPR-Return:}{$primary_hostname}}\
                       }{1}{0}}
  headers_add = "X-RPR-Rewrite: SMTP envelope sender rewritten by $primary_hostname\n\
                 \tSee RPR_EXPLAIN_URL"
  errors_to = bounce-${md5:RPR_SECRET-$address_data}-$address_data
  transport = remote_smtp


rpr_return:
  driver = redirect
  local_part_prefix = bounce-
  senders = :
  condition = ${if match {$local_part}{\N^([0-9a-f]{32})-(\d+=(?:.*[^_])?(?:_[_#])*#[^=#]+=.+)$\N} {${if eq {${md5:RPR_SECRET-$2@$domain}}{$1} {1}{0}}}{0}}
  data = ${if match {$local_part}{\N^[0-9a-f]{32}-(\d+)=((?:.*[^_])?(?:_[_#])*)#([^=#]+)=(.+)$\N}{ ${sg {${if >{$1}{$tod_epoch} {$2@$3}{"postmaster@$domain"}}} {_([_=#%])}{\$1}} }{"postmaster@$domain"}}
  headers_add = "X-RPR-Return: DSN routed to destination via $primary_hostname\n\
                 \tSee RPR_EXPLAIN_URL"


rpr_error_checksum:
driver = redirect
local_part_prefix = bounce-
senders = :
condition = ${if match {$local_part}{\N^([0-9a-f]{32})-(\d+=(?:.*[^_])?(?:_[_#])*#[^=#]+=.+)$\N} {${if eq {${md5:RPR_SECRET-$2@$domain}}{$1} {1}{0}}}{0}}
data = postmaster@$domain
headers_add = "X-RPR-Alert: Checksum mismatch!"

rpr_error_nodsn:
driver = redirect
local_part_prefix = bounce-
condition = ${if match {$local_part}{\N^([0-9a-f]{32})-(\d+=(?:.*[^_])?(?:_[_#])*#[^=#]+=.+)$\N} {${if eq {${md5:RPR_SECRET-$2@$domain}}{$1} {1}{0}}}{0}}
data = postmaster@$domain
headers_add = "X-RPR-Alert: Not a DSN (non-empty return-path)!"

I have two questions:
- it seems, max_rcpt=1 is not necessary for rpr_sender. I do not
understand why. Would someone mind to explain?
- Enabling sender_on_delivery on the log_selector does not result in
logging the rewritten returnpath, but the original one. Is that
intentional? How can I log the rewritten one?

Martin

[1] http://www.roe.ch/spam/return-path-rewriting.xml