[Mimedefang] SRS with mimedefang

Benoit Panizzon benoit.panizzon at imp.ch
Thu Jun 2 09:57:43 EDT 2016 

Hi Marcus

> is there a way to implement SRS using mimedefang? GMX set SPF to
> "-all" and forwarded mails to gmx accounts get blocked.

Sure...

Just some Code Fragments:

use Mail::SRS;

sub filter_recipient {
[...]
  my $srs = new Mail::SRS(
        Secret => $srskey,
        MaxAge => 30,
        HashLength => 4,
        HashMin => 4,
        );
[...]

Get and Process SRS Signed bounces with something like:

  if ($user =~ m/(.*)\+bounce-(SRS.*)/) {
        $user = $1;
        my @recipientstoadd;
        $vars->{imp_bounce_user} = $1;
        $vars->{imp_bounce_domain} = $domain;
        $vars->{imp_bounce} = $2;
        my $srsreturn = eval { $srs->reverse($2 . '@' . $domain); };
        if ($@) {
                if ($SendmailMacros{'mail_mailer'} eq 'smtp') {
                        md_syslog('warning',"SRS FAILED $1 $2 $domain");
                        return ('REJECT',"SRS Signatur ungueltig / SRS Signature invalid",571,'5.7.1');
                } else {
                        # DEBUGGING, wie kann dies passieren?
                        md_syslog('warning',"DEBUG: SRS FAILED NOT SMTP $1 $2 $domain");
                        $vars->{imp_special} =  "SRS-FAIL: ";
                        md_syslog('warning',"DEBUG: BOOOOOUNCE SRS FAIL id ". $2 .", Not forwarding recipient " . $user . "\@" . $domain);
                        push(@recipientstoadd,"$user\@$domain");
                        $vars->{delete_recipient} = $originalrecipient;
                }
        } else {
                md_syslog('warning',"SRS REWRITE SUCCESS <$1\@$2> $domain => <$srsreturn>");
                md_syslog('warning',"BOUNCE id ". $2 .", Not forwarding recipient <" . $user . "\@" . $domain . ">. But returning to " . <$srsreturn>);
                push(@recipientstoadd,"$user\@$domain");
                push(@recipientstoadd,$srsreturn);
                $vars->{add_recipient} = \@recipientstoadd;
                $vars->{delete_recipient} = $originalrecipient;
        }
        $vars->{add_recipient} = \@recipientstoadd;
        &store_vars($vars);
  }

Here is the part about actualy forwarding the email, altering the sender.

                if (($sender ne '') and ($sender ne 'UNKNOWN') and ($SendmailMacros{'mail_mailer'} eq 'smtp')) {
                        $vars->{imp_originalsender}=$sender;
                        my ($ruser,$rdomain) = split('@',$recipient);
                        my $srssender = $srs->forward($sender,$recipient);
                        $ruser = "$user+bounce-$srssender";
                        $vars->{change_sender} = $ruser;
                        md_syslog('warning',"FORWARDING ====> Push Sender change FROM " . $sender . " TO " . $ruser . " this is done later. <====");
                        $vars->{imp_forwarded}=1;
                        if ($ref->{'keepFwdCopy'} eq 0) {
                                md_syslog('warning',"Push Recipient to be deleted later " . $originalrecipient);
                                $vars->{delete_recipient} = $originalrecipient;
                        }
                        my @recipientstoadd;
                        while (my $aliasref = $forwards->fetchrow_hashref()) {
                                md_syslog('warning',"Push Recipient to be added later: <" . $aliasref->{'destEMailAddr'} . ">");
                                push(@recipientstoadd,$aliasref->{'destEMailAddr'});
                                @recipientstoadd = &recurse_forwards($aliasref->{'destEMailAddr'},0, at recipientstoadd);
                        }
                        $vars->{add_recipient}=\@recipientstoadd;
                        &store_vars($vars);
                } else {
                        md_syslog('warning',"DOOOOOH! Sender: <$sender>
                        Recipient: <$recipient> Mailer:
                        $SendmailMacros{'mail_mailer'} -
                        Unencapsulated, unsigned BOOOOOUNCE. Not from
                        us! No SRS, just forward this crap and forget
                        it!");

[...] do some more stuff...

This is our special version of doing SRS. It encodes the address of the mailbox which forwards the email as sender, so we can process and count the bounces and disable email forwarding to specific recipients if we count too many bounces.

But it gives you an idea.

And yes, you can only change sender and recipient in filter_begin and later:

    if (defined($vars->{change_sender})) {
                md_syslog('warning',"Change Sender: <$vars->{change_sender}>");
                change_sender($vars->{change_sender});
    }
    if (defined($vars->{delete_recipient})) {
                md_syslog('warning',"Delete Recipient: <$vars->{delete_recipient}>");
                delete_recipient($vars->{delete_recipient});
    }
    if (defined($vars->{add_recipient})) {
                my $recipientstoadd = $vars->{add_recipient};
                my %seen;
                @$recipientstoadd = grep { ! $seen{ $_ }++ } @$recipientstoadd;
                foreach (@$recipientstoadd) {
                        md_syslog('warning',"Add Recipient: <$_>");
                        add_recipient($_);
                }
    }

    if (defined($vars->{'imp_originalsender'})) {
            action_add_header('X-Original-Envelope-Sender',$vars->{'imp_originalsender'});
    }

This is why we use Storable to dump all needed information in a file within the working directory of this specific email being scanned.

We do almost everything with MIMEDefang now to help avoid any kind of 'late' bounces.

-Benoît Panizzon-
-- 
I m p r o W a r e   A G    -    Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web  http://www.imp.ch
______________________________________________________

More information about the MIMEDefang mailing list