spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] A couple of thoughts

2004-02-22 12:22:54
from [Mark] [Permanent Link] 
----- Original Message -----
From: "Greg Connor" <gconnor(_at_)nekodojo(_dot_)org>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Sunday, February 22, 2004 10:49 AM
Subject: Re: [spf-discuss] A couple of thoughts


--Mark <admin(_at_)asarian-host(_dot_)net> wrote:


So, I now defined this (for all my virtual domains):

SRS0+*(_at_)asarian-host(_dot_)com admin @asarian-host.com error:nouser 
"550 User
Unknown"

Which tells sendmail all SRS+ address at asarian-host.com are, in
principle, valid, but to reject all other wildcard addresses. I said
valid "in principle", because, with the Milter in-between, addresses
with a fake SRS signature will be rejected by the Milter.


Wouldn't this all be easier if SRS rewrites used a different virtual
domain, like bounce.asarian-host.com, or even srs.asarian-host.com?


I briefly thought of that, but decided against it. Because a single SRS
domain has a single SPF policy! And I host several domains, all of which
need to preserve their own SPF policies.


I thought the point of SRS was to make bounces go back to the original
sender... if you want bounces to go to "admin" there is a much easier way
to rewrite messages you are forwarding to come from
admin(_at_)asarian-host(_dot_)com(_dot_) So, does the milter do something 
else besides a
true reversal of SRS?


The front-end Milter validates the SRS addresses, and changed the SRS
envelope recipients to their 'reverse' state, so delivery would go to the
original sender.

The virtusertable entry, in the above example, was merely a "fall-through"
net; put in place, so sendmail would not reject with "User unknown" after
all, when the Milter returns control to sendmail after envrcpt_callback.

I spoke in past tense, as you noticed, because my current sendmail
implementation no longer requires the virtusertable fall-back entries:

http://asarian-host.net/srs/sendmailsrs.htm

SRS sender/recipient envelope rewriting is now integrated via rulesets.

Cheers,

- Mark

        System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx

-------
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=srs-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Sender Rewriting Scheme and open relays., Shevek
Next by Date:  Please Move SRS Discussion To SRS-Discuss; Linux Journal diagram, Meng Weng Wong
Previous by Thread:  Re: A couple of thoughts, Greg Connor
Next by Thread:  Re: A couple of thoughts, Mark
Indexes:  [Date] [Thread] [Top] [All Lists]