Add SRS alwaysrewrite config option

[gregcouch]

so BATV (Bounce Adderss Tag Validation) is possible.

[roehling]

1. You should return a "500 Already resigned" result here, to remain consistent with the rest of PostSRSd, which will only return a 200 result if a rewrite actually took place (this is important because a 200 result will end processing the Postfix canonical_maps, which should only happen on a successful rewrite).

2. I'm not exactly sure why this code block is neccessary to begin with. Is this assuming there is another program doing SRS rewrites?

[gregcouch]

Must admit I don't understand postfix yet. I'm working on porting an ancient sendmail setup to postfix. The setup is for a server that can send email for the domain, but does not receive it. The domain's email server uses BATV to reject fake bounces, so the sender address (envelope from address) needs to always be signed. Without that guard code, I see doubly signed sender addresses. You can see that is possible by turning on alreadyrewrite and then telneting to the forward SRS port. Here I've commented out that code and restarted the postsrsd daemon: get gregc@cgl.ucsf.edu 200 SRS0+DIdzIe7G=YQ=cgl.ucsf.edu=gregc@cgl.ucsf.edu get SRS0+DIdzIe7G=YQ=cgl.ucsf.edu=gregc@cgl.ucsf.edu 200 SRS1+krhbG13G=cgl.ucsf.edu=+DIdzIe7G=YQ=cgl.ucsf.edu=gregc@cgl.ucsf.edu I noticed that the original envfrom2srs.pl from 2004 has a guard around calling the $srs->forward function and duplicated that logic. You could make the guard code contingent on alwaysrewrite being set. It's unconditional in the original envfrom2srs.pl script. To prevent the signing from disappearing from sent email, I also had to change alter the recommended postfix configuration from: recipient_canonical_classes = envelope_recipient,header_recipient to: recipient_canonical_classes = header_recipient Otherwise, when a bounce was generated (eg., by sending email to a non-existent email address), the signing was removed from the envelope, and the domain's email server rejected the email as a fake bounce.

…

On Tue, Oct 22, 2019 at 7:55 AM Timo Röhling ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In postsrsd.c <#97 (comment)>: > + /* Comment from Mark Kramer's envfrom2srs.pl: + * "Ok, first check whether we already have a signed SRS address; + * if so, just return the old address: we do not want to double-sign + * by accident! (Non-locally generated SRS0 addresses, by nature + * of the protocol, will not 'eval'; so, they will simply become + * SRS1 addresses. Thus, only locally generated SRS0 addresses are + * exempted from double-signing.)" */ + result = srs_reverse(srs, value, sizeof(value), address); + if (result == SRS_SUCCESS) { + output = url_encode(outputbuf, sizeof(outputbuf), address); + fprintf (fp, "200 %s\n", output); + syslog (LOG_MAIL | LOG_INFO, "srs_forward: <%s> already signed", address); + fflush (fp); + return; + } 1. You should return a "500 Already resigned" result here, to remain consistent with the rest of PostSRSd, which will only return a 200 result if a rewrite actually took place (this is important because a 200 result will end processing the Postfix canonical_maps, which should only happen on a successful rewrite). 2. I'm not exactly sure why this code block is neccessary to begin with. Is this assuming there is another program doing SRS rewrites? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#97?email_source=notifications&email_token=ABVICTNWZCQQFUDQFVDVA3LQP4H4RA5CNFSM4JDFQC2KYY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOCIZB3YI#pullrequestreview-305274337>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABVICTPYNTOPZQMMEME7LB3QP4H4RANCNFSM4JDFQC2A> .

[roehling]

Superseded by 219b7de.