On 26/02/07, Luca Bertoncello <bertoncello@???> wrote:
> Hi @all!
>
> With the good help of Peter Bowyer, I configured my Exim to use SRS.
> It works, thank a lot again, Peter! :)
You're welcome.
> Now I have a little question about HOW SRS works...
>
> I see, if I have a forward, Exim rewrites the sender (return-path) in a
> syntax as SRS0=XWYKL=IC=<domain_sender>=<localpart_sender>@<mydomain>
>
> OK! I can see the original sender and the destination MTA can verify my SPF
> information using "@<mydomain>". All right!
OK so far,
>
> I read in http://www.openspf.org/SRS that SRS adds this has (in my case:
> XWYKL=IC) to prevent open relays, and to limit the time this address lives.
>
> I see in http://www.exim.org/eximwiki/SRS that it is possible to use a DB to
> save this information, but I don't understood why...
> I tryed, with ngrep, to trace what happens, hoping that the destination MTA
> try to ask my MTA if the address is valid. It does not seems to do that.
> And MY Exim seems not to save this hash, too!
It doesn't need to save the hash - when your SRS reverse router spots
a boiunce addressed to an SRS-rewritten address, it verifies and
undoes the hash using your SRS secret. If the hash doesn't verify or
has expired (according to options you can set in the config), it
rejects the message.
If the domain you're sending to uses sender verification callouts,
this process should help them to verify the message, also.
Peter
--
Peter Bowyer
Email: peter@???
