----- Original Message -----
From: "Shevek" <spf(_at_)anarres(_dot_)org>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Sunday, February 15, 2004 11:27 AM
Subject: Re: [spf-discuss] A couple of thoughts
On Sun, 15 Feb 2004, Mark wrote:
That could have elegantly been solved, using a trick with sendmail's
"plussed users" capability, where I would create a dummy alias like
this:
SRS0+*: dummy(_at_)test(_dot_)com
I thought you could specify OperatorChars in sendmail.
You can. But you cannot use it to change the + character in the plussed
user facility. Funny thing is, sendmail does have a wildcard *, but it
can only be used in conjunction with the + character:
john+*(_at_)doe(_dot_)com
Will work (for john+a@, john+ab@, etc.) But,
john*(_at_)doe(_dot_)com
Will not.
So it will use (IIRC, it's been a long time since my sendmail days) any
OperatorChar as a terminator for the address when delivering, but will
only allow you to use + in milters or with the * character?
No. Let me explain better.
OperatorChars, as you know, is the list of characters that are considered to
be operators, that is, characters that delimit tokens. You can use any of
the OperatorChars in a Milter too; that makes no difference. The "plussed
user" facility, however, uses the "+" character, in the localpart of an
alias or virtusertable entry, as a hard-coded symbol to make wildcard
addresses possible, based on the "+" in the localpart. That is why this
works:
SRS0+*(_at_)asarian-host(_dot_)net admin
That is a virtusertable entry, telling sendmail that all addresses starting
with "SRS0+" @ asarian-host.net are, in principle, valid addresses. And
although the "+" character is also a OperatorChar (or could be removed as
such), still, the "plussed user" facility will not take any other character
than the "+" sign to form its wildcard controlling addresses.
Now, how does this relate to the Milter? When sendmail makes the
envrcpt_callback to a Milter, at RCPT TO: <address>, that Milter will return
control to sendmail, with a status-code, say SMFIS_CONTINUE. That would tell
sendmail that the envrcpt_callback was successfully completed, and that
sendmail may continue (no REJECTS or DISCARDS).
So far so good. This address:
SRS0+y9Lz7WZP=Cv=asarian-host(_dot_)net(_at_)?Ê¡Ëè�?Ö3¾O̪éßø
Does, of course, not really exist on my system. So, without the wildcard in
virtusertable, sendmail will, upon return of the envrcpt_callback, REJECT
the recipient after all, regardless of what status-code I returned -- simply
because that user does not exist, and delivery could not possibly be made.
So, that is why I define the plussed virtusertable entry, so sendmail will
not reject the SRS recipient upon return of the envrcpt_callback from the
Milter.
Some people define a "catchall" address, like so:
@asarian-host.com admin
Which essentially makes ALL addresses valid. IMHO, a Bad Idea. So, I now
defined this (for all my virtual domains):
SRS0+*(_at_)asarian-host(_dot_)com admin
@asarian-host.com error:nouser "550 User Unknown"
Which tells sendmail all SRS+ address at asarian-host.com are, in principle,
valid, but to reject all other wildcard addresses. I said valid "in
principle", because, with the Milter in-between, addresses with a fake SRS
signature will be rejected by the Milter.
I honestly don't understand why anyone still uses sendmail. If it's doing
the job, it's fine, but if it isn't, it's usually quicker to setup exim to
spec than to work out why sendmail is broken.
I love sendmail. :)
You will be glad to know that version 0.19 will permit you to specify
the initial character of your SRS addresses, therefore this feature
will once again become available.
Great!! Really useful. Thanks.
Yur. Cool. I should go to sleep before 3am. This is ruining my sleep
patterns. *giggle* I'm dangerous near specs or ideas.
I really appreciate the change. It is important for the Milter community, I
think, that we can offer a version of spf-milter that is SRS enabled and can
check for fake/no SRS bounce messages and such, without having to ask people
to hack around in complicated rulesets. With the wonderful change you made
today, all people will have to do, is to go through the regular "API" of
adding a regular plussed user entry to their virtusertable/aliases file.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-----
"Sendmail administration is not black magic. There are legitimate technical
reasons why it requires the sacrificing of a live chicken." - Unknown