Sender Rewriting Scheme in Python
This web page is written by Stuart D. Gathman
and
originally sponsored by
Business Management Systems, Inc.
Last updated Oct 17, 2017
This is a Python implementation of
the Sender Rewriting Scheme.
It is a fairly direct translation of the
draft implementation in Perl
by Shevek. It includes a test suite, which currently checks four
levels of forwarding and subsequent reversal for the Guarded, DB, and
Reversible implementations.
- SRS.Daemon.Daemon() provides a simple socket daemon suitable
for use with the Exim mailer.
- RPM now includes a sendmail socketmap daemon. The program map is
no longer recommended. It is slow and a security risk. Prior to socketmaps,
it was all that was available for a custom map. Socketmap is available
in sendmail 8.13.
Use the supplied sendmail m4 hack with
sendmail.mc
to
install the socketmap.
- For best results, use with
Python milter to reject unsigned recipients.
Sendmail integration
Add the following lines to your /etc/mail/sendmail.mc (RedHat /
Fedora) after any MAILER():
dnl #
dnl # File listing domains we do not SRS encode for when sending to
dnl #
define(`NO_SRS_FILE',`/etc/mail/no-srs-mailers')dnl
dnl #
dnl # Uncomment the following if you do not wish to SRS encode mail from
dnl # local domains. Only non-local domains need to be SRS encoded to
dnl # satisfy SPF. But encoding all outgoing mail can detect bounce forgeries.
dnl #
dnl define(`NO_SRS_FROM_LOCAL')dnl
dnl #
HACK(`pysrs',`/var/run/milter/pysrs')dnl
If you cannot install a version of sendmail with socketmap support, then
the original program map is still available as HACK(pysrsprog)
.
- NO_SRS_FILE is the path of a file containing the recipient
MTA's for which you won't do SRS (typically, primary MXes for
which you are secondary). Just leave this away, if you are
secondary for nobody. The no-srs-mailers file is a simple text
file which has one recipient MTA per line.
- The argument to pysrs is the socket where the socketmap daemon
is listening. This must match
/etc/mail/pysrs.cfg
or
the default of /var/run/milter/pysrs
.
- NO_SRS_FROM_LOCAL : if this is set (define line present), then
no SRS is done if sender is local (i.e. his domain is in
/etc/mail/local-host-names)
- The argument to pysrsprog is the domain that your SRS addresses bear
(i.e. if your SRS addresses are srs0=mumble-jumble-toto@mydomain.com,
then the argument is mydomain.com). This overrides fwdomain in
/etc/mail/pysrs.cfg.
Downloads
Goto Github repo for latest source.