On Sun, 2004-02-08 at 20:14 +0100, Martin Treusch von Buttlar wrote:
> Hi,
>
> the following 4 routers implement a SRS as needed for proper SPF
> support. This is heavily based on work from Daniel Roethlisberger who
> implemented this for Exim3 [1].
Out of interest, why the thing with the domains:
${if eq {$domain}{$original_domain}\
{%$original_domain@$primary_hostname}\
{@$original_domain}}
Also, you don't seem to be doing much quoting... how does it fare with
addresses such as 'one-two=th$r\ee#fo\\ur##fi}v\e%six\@_seven@???'?
But you _do_ quote '#' and '='... why?
I'm playing with a variant based on this, but using a different domain
for _all_ RPR addresses rather than a prefix. Looks something like this
at the moment...
# Verify, and extract return address from, an RPR-address
rpr_bounce:
driver = redirect
domains = RPR_DOMAIN
allow_fail
data = ${if !match {$local_part}{\N^rpr-([^-]*)-([^-]*)-([^-]*)-([0-9]*)-(.*)\N} \
{:fail: Unknown RPR localpart \
# (malformed)\
} \
{${if !eq {$1}{${hmac{md5}{RPR_SECRET}{$2-$3-$4-${quote_local_part:$5}}}} \
{:fail: Unknown RPR localpart \
# (HMAC should be ${hmac{md5}{RPR_SECRET}{$2-$3-$4-${quote_local_part:$5}}} not $1)\
} \
{${if <{$4}{$tod_epoch} \
{:fail: Unknown RPR localpart \
# (expired ${eval:$tod_epoch-$4} seconds ago)\
} \
{${sg {${sg {$5}{%#}{@}}}{%%}{%}} \
}}}}}}
headers_add = X-RPR-Return: DSN routed via $primary_hostname. See RPR_URL
# Rewrite reverse-path so that forwarding to SPF-afflicted domains doesn't
# break. We include $primary_hostname and $message_id so that we can track
# down the offending message in the log if it _does_ offend us, and an
# escaped form of $sender_address with a limited-lifetime hash cookie.
rpr_rewrite:
senders = ! : ! *@+local_domains : ! *@+virtual_domains
domains = ! +local_domains
# Rewrite only if the sender domain actually advertises SPF records.
# Actually it would be nicer if we could say 'only if we're not permitted
# by the SPF record for this domain'
condition = ${if match {${lookup dnsdb{txt=$sender_address_domain}{$value}fail}}{v=spf1} {1}}
headers_add = "X-RPR-Rewrite: SMTP reverse-path rewritten from <$sender_address> by $primary_hostname"\n\tSee RPR_URL
# Encode sender address by escaping % to %% and @ to %#, add expiry timestamp
address_data = $primary_hostname-$message_id-\
${eval:$tod_epoch+RPR_DSN_TIMEOUT}-\
${quote_local_part:${sg {${sg {$sender_address} {%}{%%}}} {@}{%#}}}
errors_to = rpr-${hmac{md5}{RPR_SECRET}{$address_data}}-$address_data@RPR_DOMAIN
driver = redirect
data = ${quote_local_part:$local_part}@$domain
# Straight to output; don't start routing again from the beginning.
redirect_router = lookuphost
--
dwmw2
