Re: [Exim] Sender-/Return-Path-Rewriting

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Martin Treusch von Buttlar
CC: exim-users, www
Subject: Re: [Exim] Sender-/Return-Path-Rewriting
On Fri, 2004-02-20 at 15:35 +0000, David Woodhouse wrote:
> I'm playing with a variant based on this, but using a different domain
> for _all_ RPR addresses rather than a prefix. Looks something like this
> at the moment...


That broke as soon as I started actually _using_ it, because I was using
'-' as a delimiter but that exists in $message_id too. I switched to
'+', and also added caseful_local_part so that the hmac didn't break.

The version which I've actually rolled out is at
http://www.infradead.org/rpr.html and looks like this...

  # Verify, and extract return address from, an RPR-address
rpr_bounce:
  caseful_local_part
  driver = redirect
  domains = RPR_DOMAIN
  allow_fail
  data = ${if !match {$local_part}{\N^rpr\+([^+]*)\+([^+]*)\+([^+]*)\+([0-9]+)\+(.*)\N} \
        {:fail: Unknown RPR localpart \
#            (malformed)\
        } \
     {${if !eq {$1}{${hmac{md5}{RPR_SECRET}{$2+$3+$4+${quote_local_part:$5}}}} \
        {:fail: Unknown RPR localpart \
#            (HMAC should be ${hmac{md5}{RPR_SECRET}{$2+$3+$4+${quote_local_part:$5}}} not $1)\
        } \
    {${if <{$4}{$tod_epoch} \
        {:fail: Unknown RPR localpart \
#            (expired ${eval:$tod_epoch-$4} seconds ago)\
        } \
    {${if !eq {$sender_address}{} \
        {:fail: Only bounces to RPR localparts are permitted.\nSee RPR_URL} \
# Wheee. At last the actual rewrite part...
    {${sg {${sg {$5}{%#}{@}}}{%%}{%}} \
    }}}}}}}}
  headers_add = X-RPR-Return: DSN routed via $primary_hostname. See RPR_URL


# Rewrite reverse-path so that forwarding to SPF-afflicted servers
# doesn't break. We generate a limited-lifetime hash cookie,
# containing an escaped form of $sender_address along with (part of)
# $primary_hostname and $message_id so that we can track down the
# offending message in the log if it _does_ offend us.

rpr_rewrite:
  # Don't rewrite if it's a bounce, or from one of our own addresses.
  senders = ! : ! *@+local_domains : ! *@+virtual_domains
  # Don't rewrite for local delivery, or domains we're allowed to relay for anyway.
  domains = !+local_domains : !+relay_domains
  # Don't rewrite if the sender's domain doesn't actually advertise SPF records.
  # Actually it would be nicer if we could say 'only if we're not permitted
  # by the SPF record for this domain' but even if we had an SPF lookup type
  # we wouldn't have easy access to the IP we'd need to look up.
  condition = ${if match {${lookup dnsdb{txt=$sender_address_domain}{$value}fail}}{v=spf1} {1}}
  headers_add = "X-RPR-Rewrite: SMTP reverse-path rewritten from <$sender_address> by $primary_hostname\n\tSee RPR_URL"
  # Encode sender address by escaping % to %% and @ to %#, add expiry timestamp and tracking info
  address_data = ${sg {$primary_hostname}{^([^.]*)\..*}{\$1}}+$message_id+\
        ${eval:$tod_epoch+RPR_DSN_TIMEOUT}+\
        ${quote_local_part:${sg {${sg {$sender_address} {%}{%%}}} {@}{%#}}}
  errors_to = rpr+${hmac{md5}{RPR_SECRET}{$address_data}}+$address_data@RPR_DOMAIN
  driver = redirect
  data = ${quote_local_part:$local_part}@$domain
# Straight to output; don't start routing again from the beginning.
  redirect_router = lookuphost
  no_verify



--
dwmw2