Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: SRS

Postfix SRS Patch ?

 

 

SPF srs RSS feed   Index | Next | Previous | View Threaded


michel at bouissou

Jun 29, 2004, 3:06 PM

Post #1 of 7 (5207 views)
Permalink
Postfix SRS Patch ?

Hi there,

Has anybody had any success with the
http://www.libsrs2.org/patch/postfix-libsrs2-2.0.19-1.patch Postfix patch ?

I have patched a Mandrake postfix-2.1.1-0.1.92mdk RPM with it, and first had
difficulties applying the patch ("patch" itself was complaining that the
patchfile was incorrect).

I performed a couple manual fixes, then got the patch to apply and Postfix to
compile. (Please find attached my "fixed"' version of the patch).

Postfix seems to be running fine, I have configured the SRS parameters as
follows :

[root [at] toto BUILD]# postconf | grep srs
srs_alwaysrewrite = yes
srs_hashlength = 8
srs_hashmin = 8
srs_maxage = 15
srs_secrets = thisisasecretkey
srs_separator = =

...after having found out that first the values didn't have the "sensible
defaults" they were supposed to have (local crashed if srs_hashlength was not
specified for example), and second the documentation is very unclear about
which values should be used (for the hash length, or secret length and
contents) as well as for the maxage unit (seconds ? hours ? days ?) after
having reviewed the libSRS website I decided for myself that this was
probably days ;-)

Anyway, Postfix is now running without any complaint and without any special
error message, but however doesn't perform _any_ SRS rewriting for messages
that are forwarded to an external address, in any way (either by virtual, or
by aliases, or by .forward).

It just behaves as if it simply wasn't there.

I have installed the libsrs2-1.0.13-1 RPM gotten from
http://www.libsrs2.org/download.html

Any hint or clue would be greatly appreciated.

Best regards.

--
Michel Bouissou <michel [at] bouissou> OpenPGP ID 0xDDE8AC6E

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2
Attachments: postfix-libsrs2-2.0.19-1.MiB.patch (9.34 KB)


kiwi at oav

Jun 30, 2004, 12:12 PM

Post #2 of 7 (4998 views)
Permalink
Re: Postfix SRS Patch ? [In reply to]

By the way if someone have a up to date postfix patch (eg for postfix
2.1.3 for example) I will be very pleased to use and test it :)

/Xavier
Le 30 juin 04, à 00:06, Michel Bouissou a écrit :

> Hi there,
>
> Has anybody had any success with the
> http://www.libsrs2.org/patch/postfix-libsrs2-2.0.19-1.patch Postfix
> patch ?
>
> I have patched a Mandrake postfix-2.1.1-0.1.92mdk RPM with it, and
> first had
> difficulties applying the patch ("patch" itself was complaining that
> the
> patchfile was incorrect).
>
> I performed a couple manual fixes, then got the patch to apply and
> Postfix to
> compile. (Please find attached my "fixed"' version of the patch).
>
> Postfix seems to be running fine, I have configured the SRS parameters
> as
> follows :
>
> [root [at] toto BUILD]# postconf | grep srs
> srs_alwaysrewrite = yes
> srs_hashlength = 8
> srs_hashmin = 8
> srs_maxage = 15
> srs_secrets = thisisasecretkey
> srs_separator = =
>
> ...after having found out that first the values didn't have the
> "sensible
> defaults" they were supposed to have (local crashed if srs_hashlength
> was not
> specified for example), and second the documentation is very unclear
> about
> which values should be used (for the hash length, or secret length and
> contents) as well as for the maxage unit (seconds ? hours ? days ?)
> after
> having reviewed the libSRS website I decided for myself that this was
> probably days ;-)
>
> Anyway, Postfix is now running without any complaint and without any
> special
> error message, but however doesn't perform _any_ SRS rewriting for
> messages
> that are forwarded to an external address, in any way (either by
> virtual, or
> by aliases, or by .forward).
>
> It just behaves as if it simply wasn't there.
>
> I have installed the libsrs2-1.0.13-1 RPM gotten from
> http://www.libsrs2.org/download.html
>
> Any hint or clue would be greatly appreciated.
>
> Best regards.
>
> --
> Michel Bouissou <michel [at] bouissou> OpenPGP ID 0xDDE8AC6E
>
> -------
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to
> http://v2.listbox.com/member/?listname=srs-discuss [at] v2
> <postfix-libsrs2-2.0.19-1.MiB.patch>
--
Xavier Beaudouin - Unix System Administrator & Projects Leader.
President of Kazar Organization : http://www.kazar.net/
Please visit http://caudium.net/, home of Caudium & Camas projects


michel at bouissou

Jun 30, 2004, 1:26 PM

Post #3 of 7 (5016 views)
Permalink
Re: Postfix SRS Patch ? [In reply to]

Le mercredi 30 Juin 2004 21:12, Xavier Beaudouin a écrit :
>
> By the way if someone have a up to date postfix patch (eg for postfix
> 2.1.3 for example) I will be very pleased to use and test it :)

I've been thinking of this SRS patch for Postfix, and besides the missing
default values, I believe it misses a number of supplementary control
parameters.

First, srs_domain should default to $mydomain

Then, the SRS patch being compiled into Postfix, there should be parameters
for enabling or disabling the SRS subsystem, preferably separately (as one
might want to stop using forward SRS, but still perform reverse SRS as long
as there may be SRS'ed mails in the wild)

So I would suggest

srs_forward (whether or not to perform forward SRS globally, boolean, defaults
to "no")

srs_reverse (whether or not to perform reverse SRS globally, boolean, defaults
to $srs_forward)

Then, I believe there should be a list of "MAIL FROM:" domains for which
forward SRS should *never* be performed (let's say when a given server is an
origin for several mail domains, you don't want to forward SRS mails
originating from one of your own domains)

I would suggest to add a parameter fot this, such as:

srs_bypass_domains (list of strings, defaults to $mydestination + $srs_domain)

Any comments ?

--
Michel Bouissou <michel [at] bouissou> OpenPGP ID 0xDDE8AC6E


spf at metro

Jul 1, 2004, 2:23 AM

Post #4 of 7 (5016 views)
Permalink
Re: Postfix SRS Patch ? [In reply to]

Actually, this all sounds very reasonable, and not only for postfix but
for all patches.

Koen

On Wed, Jun 30, 2004 at 10:26:44PM +0200, Michel Bouissou wrote:
> Le mercredi 30 Juin 2004 21:12, Xavier Beaudouin a écrit :
> >
> > By the way if someone have a up to date postfix patch (eg for postfix
> > 2.1.3 for example) I will be very pleased to use and test it :)
>
> I've been thinking of this SRS patch for Postfix, and besides the missing
> default values, I believe it misses a number of supplementary control
> parameters.
>
> First, srs_domain should default to $mydomain
>
> Then, the SRS patch being compiled into Postfix, there should be parameters
> for enabling or disabling the SRS subsystem, preferably separately (as one
> might want to stop using forward SRS, but still perform reverse SRS as long
> as there may be SRS'ed mails in the wild)
>
> So I would suggest
>
> srs_forward (whether or not to perform forward SRS globally, boolean, defaults
> to "no")
>
> srs_reverse (whether or not to perform reverse SRS globally, boolean, defaults
> to $srs_forward)
>
> Then, I believe there should be a list of "MAIL FROM:" domains for which
> forward SRS should *never* be performed (let's say when a given server is an
> origin for several mail domains, you don't want to forward SRS mails
> originating from one of your own domains)
>
> I would suggest to add a parameter fot this, such as:
>
> srs_bypass_domains (list of strings, defaults to $mydestination + $srs_domain)
>
> Any comments ?
>
> --
> Michel Bouissou <michel [at] bouissou> OpenPGP ID 0xDDE8AC6E
>
> -------
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/


spf at anarres

Jul 2, 2004, 4:05 AM

Post #5 of 7 (4983 views)
Permalink
Re: Postfix SRS Patch ? [In reply to]

I will add this 'whitelist' feature to the library and documentation.

My apologies for not posting to the list earlier; I have been discussing
these problems with some of you by private mail.

Someone has volunteered to do the postfix maintenance for us. I'm hoping
to hear more in the next couple of days. However, if anyone else is in a
position to hack with postfix, any partial results are useful.

I have forwarded all this information to the current volunteer.

Thanks.

S.

On Thu, 1 Jul 2004, Koen Martens wrote:

> Actually, this all sounds very reasonable, and not only for postfix but
> for all patches.
>
> Koen
>
> On Wed, Jun 30, 2004 at 10:26:44PM +0200, Michel Bouissou wrote:
> > Le mercredi 30 Juin 2004 21:12, Xavier Beaudouin a écrit :
> > >
> > > By the way if someone have a up to date postfix patch (eg for postfix
> > > 2.1.3 for example) I will be very pleased to use and test it :)
> >
> > I've been thinking of this SRS patch for Postfix, and besides the missing
> > default values, I believe it misses a number of supplementary control
> > parameters.
> >
> > First, srs_domain should default to $mydomain
> >
> > Then, the SRS patch being compiled into Postfix, there should be parameters
> > for enabling or disabling the SRS subsystem, preferably separately (as one
> > might want to stop using forward SRS, but still perform reverse SRS as long
> > as there may be SRS'ed mails in the wild)
> >
> > So I would suggest
> >
> > srs_forward (whether or not to perform forward SRS globally, boolean, defaults
> > to "no")
> >
> > srs_reverse (whether or not to perform reverse SRS globally, boolean, defaults
> > to $srs_forward)
> >
> > Then, I believe there should be a list of "MAIL FROM:" domains for which
> > forward SRS should *never* be performed (let's say when a given server is an
> > origin for several mail domains, you don't want to forward SRS mails
> > originating from one of your own domains)
> >
> > I would suggest to add a parameter fot this, such as:
> >
> > srs_bypass_domains (list of strings, defaults to $mydestination + $srs_domain)
> >
> > Any comments ?
> >
> > --
> > Michel Bouissou <michel [at] bouissou> OpenPGP ID 0xDDE8AC6E
> >
> > -------
> > To unsubscribe, change your address, or temporarily deactivate your subscription,
> > please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2
>
>

--
Shevek http://www.anarres.org/
Robust SPF with MTA support http://www.libspf2.org/
SRS for the next generation http://www.libsrs2.org/


kiwi at oav

Jul 24, 2004, 12:16 PM

Post #6 of 7 (5034 views)
Permalink
Re: Postfix SRS Patch ? [In reply to]

Le 2 juil. 04, à 13:05, Shevek a écrit :

[...]

> Someone has volunteered to do the postfix maintenance for us. I'm
> hoping
> to hear more in the next couple of days. However, if anyone else is in
> a
> position to hack with postfix, any partial results are useful.

Is there any new about that ? Or where to look for informations ? :p

Thanks,
/Xavier

--
Xavier Beaudouin - Unix System Administrator & Projects Leader.
President of Kazar Organization : http://www.kazar.net/
Please visit http://caudium.net/, home of Caudium & Camas projects


michel at bouissou

Jul 24, 2004, 12:19 PM

Post #7 of 7 (5006 views)
Permalink
Re: Postfix SRS Patch ? [In reply to]

Le samedi 24 Juillet 2004 21:16, Xavier Beaudouin a écrit :
> Le 2 juil. 04, à 13:05, Shevek a écrit :
>
> [...]
> > Someone has volunteered to do the postfix maintenance for us. I'm
> > hoping to hear more in the next couple of days. However, if anyone else is
> > in a position to hack with postfix, any partial results are useful.
>
> Is there any new about that ? Or where to look for informations ? :p

There's a new version of the Postfix SRS patch on http://www.libsrs2.org, but
it is still broken.
- Forward SRS seems to work
- Reverse SRS isn't done at all in smtpd (and gives "User Unknown")
- Reverse SRS done in local causes local to badly crash. Too bad.

I believe Shevek is on travel this week, and possibly the new patch maintainer
as well, as he didn't reply to my last emails about it.

--
Michel Bouissou <michel [at] bouissou> OpenPGP ID 0xDDE8AC6E

SPF srs RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.