Mailing List Archive: SPF: Discuss

Using SRS in production

Index | Next | Previous | View Threaded

jluehr at online

Feb 10, 2011, 2:42 PM

Post #1 of 6 (1350 views)
Permalink

Using SRS in production

Hello,

I'm posting here, 'cause srs-discuss (mentioned at: http://www.openspf.org/Forums) bounced while subscribing.

I'm in the need of deploying srs in production:
We're running a small site (debian, postfix as mta), that uses alias adresses via postfix'es virtual alias maps. Some aliases forward to external domains (eg. @gmail.com, @gmx.com), that perform spf checking. All virtual alias maps are stored in ldap (by that: if mail is received via smtp, postfix performs an ldap search in order to find all receivers).

In theory, srs can be implemented using a filter (for postfix) or using another mta as smarthost (having srs-capabilities already built in) - am I right?
Using google I found:
- http://www.libsrs2.org/patch/postfix-libsrs2-2.1.4-1.patch that seems quite old. Neither debian-security support is provided nor integration into postfix (upstream) is done yet.
- http://www.libsrs2.org/srs/Mail-SRS-0.31.tar.gz that might be used with postfix this way: http://www.postfix.org/FILTER_README.html - but I'ven't found an example config yet (however, a debian package exists)

So, what's your way of implementing srs?

Thanks in advance,
Keep smiling
yanosz

-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110210174231:0A22A42E-3567-11E0-A02A-90164ADEEF4E
Powered by Listbox: http://www.listbox.com

elliott at rod

Feb 10, 2011, 4:52 PM

Post #2 of 6 (1323 views)
Permalink

Re: Using SRS in production [In reply to]

On Thu, Feb 10, 2011 at 11:42:24PM +0100 or thereabouts, Jan L?hr wrote:
> Hello,
>
> I'm posting here, 'cause srs-discuss (mentioned at: http://www.openspf.org/Forums) bounced while subscribing.
>
> I'm in the need of deploying srs in production:
> We're running a small site (debian, postfix as mta), that uses alias adresses via postfix'es virtual alias maps. Some aliases forward to external domains (eg. @gmail.com, @gmx.com), that perform spf checking. All virtual alias maps are stored in ldap (by that: if mail is received via smtp, postfix performs an ldap search in order to find all receivers).
>
> In theory, srs can be implemented using a filter (for postfix) or using another mta as smarthost (having srs-capabilities already built in) - am I right?
> Using google I found:
> - http://www.libsrs2.org/patch/postfix-libsrs2-2.1.4-1.patch that seems quite old. Neither debian-security support is provided nor integration into postfix (upstream) is done yet.
> - http://www.libsrs2.org/srs/Mail-SRS-0.31.tar.gz that might be used with postfix this way: http://www.postfix.org/FILTER_README.html - but I'ven't found an example config yet (however, a debian package exists)
>
> So, what's your way of implementing srs?
>
> Thanks in advance,
> Keep smiling
> yanosz
>

I have been using the http://www.libsrs2.org/srs/Mail-SRS-0.31.tar.gz
for the last seven years. Unfortunately, I have been using it with
sendmail, so I cannot give you specific details about implementation
with postfix. Generally, I keep a file of domain names that are
the virtual aliases. That list is checked by SRS for alias/unalias
work before normal processing happens. I just have to automatically
rebuild the file if there is a change in the virtualization data files.

Good luck with the postfix side of the package.
-Mike Elliott

-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110210195231:58C86CF0-3579-11E0-9854-B7470F79E801
Powered by Listbox: http://www.listbox.com

jluehr at online

Feb 11, 2011, 2:30 AM

Post #3 of 6 (1324 views)
Permalink

Re: Using SRS in production [In reply to]

Hello,

Am 11.02.2011 um 01:52 schrieb Mike Elliott:

> On Thu, Feb 10, 2011 at 11:42:24PM +0100 or thereabouts, Jan L?hr wrote:

>> I'm in the need of deploying srs in production:
>> We're running a small site (debian, postfix as mta), that uses alias adresses via postfix'es virtual alias maps. Some aliases forward to external domains (eg. @gmail.com, @gmx.com), that perform spf checking. All virtual alias maps are stored in ldap (by that: if mail is received via smtp, postfix performs an ldap search in order to find all receivers).
>>
>> In theory, srs can be implemented using a filter (for postfix) or using another mta as smarthost (having srs-capabilities already built in) - am I right?
>> Using google I found:
>> - http://www.libsrs2.org/patch/postfix-libsrs2-2.1.4-1.patch that seems quite old. Neither debian-security support is provided nor integration into postfix (upstream) is done yet.
>> - http://www.libsrs2.org/srs/Mail-SRS-0.31.tar.gz that might be used with postfix this way: http://www.postfix.org/FILTER_README.html - but I'ven't found an example config yet (however, a debian package exists)
>>
>> So, what's your way of implementing srs?
>>
>> Thanks in advance,
>> Keep smiling
>> yanosz
>>
>
> I have been using the http://www.libsrs2.org/srs/Mail-SRS-0.31.tar.gz
> for the last seven years. Unfortunately, I have been using it with
> sendmail, so I cannot give you specific details about implementation
> with postfix. Generally, I keep a file of domain names that are
> the virtual aliases. That list is checked by SRS for alias/unalias
> work before normal processing happens. I just have to automatically
> rebuild the file if there is a change in the virtualization data files.

Thanks for your help - anyway, has anyone just tried piping postfix virtual alias map entries through srs? Since all forward-entries are defined and stored as ldap-entries a traditionally alias file is rather painful.

Thanks,
Keep smiling
yanosz

-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110211053011:E6D086FE-35C9-11E0-B019-FC69F1566CC1
Powered by Listbox: http://www.listbox.com

ram at netcore

Feb 11, 2011, 5:42 AM

Post #4 of 6 (1320 views)
Permalink

Re: Using SRS in production [In reply to]

> I have been using the http://www.libsrs2.org/srs/Mail-SRS-0.31.tar.gz
> for the last seven years. Unfortunately, I have been using it with
> sendmail, so I cannot give you specific details about implementation
> with postfix. Generally, I keep a file of domain names that are
> the virtual aliases. That list is checked by SRS for alias/unalias
> work before normal processing happens. I just have to automatically
> rebuild the file if there is a change in the virtualization data files.
>

Should SRS not be handled at the actual point of forwarding.
We use postfix + cyrus and forwarding is done by sieve.

IMHO sieve should have a plugin to do SRS. This is not the work of postfix.

Thanks
Ram

PS:
Anyway Wietse is not very appreciative of SPF or SRS

-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110211084537:33E72810-35E5-11E0-9C08-BB1584CC8082
Powered by Listbox: http://www.listbox.com

jluehr at online

Feb 11, 2011, 5:57 AM

Post #5 of 6 (1322 views)
Permalink

Re: Using SRS in production [In reply to]

Hello,

Am 11.02.2011 um 14:42 schrieb Ram:

>
>> I have been using the http://www.libsrs2.org/srs/Mail-SRS-0.31.tar.gz
>> for the last seven years. Unfortunately, I have been using it with
>> sendmail, so I cannot give you specific details about implementation
>> with postfix. Generally, I keep a file of domain names that are
>> the virtual aliases. That list is checked by SRS for alias/unalias
>> work before normal processing happens. I just have to automatically
>> rebuild the file if there is a change in the virtualization data files.
>>
>
>
> Should SRS not be handled at the actual point of forwarding.
> We use postfix + cyrus and forwarding is done by sieve.

We neither use cyrus nor sieve. Mails are forwarded based on postfix'es virtual alias maps. Neither postfix nor dovecot supports sieve.

Keep smiling
yanosz

-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110211085716:D4652516-35E6-11E0-9475-80CA4DB2FC8C
Powered by Listbox: http://www.listbox.com

jluehr at online

Feb 11, 2011, 8:59 AM

Post #6 of 6 (1343 views)
Permalink

Re: Using SRS in production [In reply to]

Hello,

Am 11.02.2011 um 01:52 schrieb Mike Elliott:

> On Thu, Feb 10, 2011 at 11:42:24PM +0100 or thereabouts, Jan L?hr wrote:
>> Hello,
>>
>> I'm posting here, 'cause srs-discuss (mentioned at: http://www.openspf.org/Forums) bounced while subscribing.
>>
>> I'm in the need of deploying srs in production:
>> We're running a small site (debian, postfix as mta), that uses alias adresses via postfix'es virtual alias maps. Some aliases forward to external domains (eg. @gmail.com, @gmx.com), that perform spf checking. All virtual alias maps are stored in ldap (by that: if mail is received via smtp, postfix performs an ldap search in order to find all receivers).
>>
>> In theory, srs can be implemented using a filter (for postfix) or using another mta as smarthost (having srs-capabilities already built in) - am I right?
>> Using google I found:
>> - http://www.libsrs2.org/patch/postfix-libsrs2-2.1.4-1.patch that seems quite old. Neither debian-security support is provided nor integration into postfix (upstream) is done yet.
>> - http://www.libsrs2.org/srs/Mail-SRS-0.31.tar.gz that might be used with postfix this way: http://www.postfix.org/FILTER_README.html - but I'ven't found an example config yet (however, a debian package exists)
>>
>>
>
> I have been using the http://www.libsrs2.org/srs/Mail-SRS-0.31.tar.gz
> for the last seven years. Unfortunately, I have been using it with
> sendmail, so I cannot give you specific details about implementation
> with postfix. Generally, I keep a file of domain names that are
> the virtual aliases. That list is checked by SRS for alias/unalias
> work before normal processing happens. I just have to automatically
> rebuild the file if there is a change in the virtualization data files.
>
> Good luck with the postfix side of the package.
> -Mike Elliott

I've tried setting up Mail-SRS-0.31.tar.gz using ordinary alias defined /etc/aliases (neither virtual alias domains nor ldap yet - like http://www.openspf.org/SRS )
The alias looks like:
henrik.luehr: "|/usr/bin/srs --secretfile=/etc/srs.secret --alias=henrik.luehr [at] v50993 jluehr [at] gmx"

By that, mail is delivered to srs, but not requeued after rewriting:
Feb 11 17:54:40 v50993 postfix/local[13324]: 59F46E4C069: to=<henrik.luehr [at] v50993>, relay=local, delay=0.15, delays=0.04/0.01/0/0.09, dsn=2.0.0, status=sent (delivered to command: /usr/bin/srs --secretfile=/etc/srs.secret --alias=henrik.luehr [at] v50993 jluehr [at] gmx)

How can I make srs queuing the message?

Thanks in advance,
Keep smiling
yanosz

-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110211115944:6B0D5A60-3600-11E0-B3D9-87C1F559ED1D
Powered by Listbox: http://www.listbox.com

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads