From: Aneurin Price (aneurin.pricegmail.com)
Date: Thu Apr 17 2008 - 08:00:52 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/17/08, Wietse Venema <wietseporcupine.org> wrote:
> Aneurin Price:
>
> > On 4/17/08, Wietse Venema <wietseporcupine.org> wrote:
> > > Aneurin Price:
> > >
> > > > Hello all,
> > > >
> > > > I've been searching for a way to get Postfix to perform SRS, and it
> > > > looks like it's not currently possible, but i'd like to check if this
> > > > is the case.
> > > >
> > > > It seems that SPF and SRS implementations are completely separate
> > > > (which makes sense as they do completely different things, but still
> > > > surprised me a little as I would have expected SRS to be more or less
> > > > required if you want to use SPF). Unfortunately, although there are
> > > > SPF implementations compatible with Postfix, it doesn't look like
> > > > there are any for SRS.
> > > >
> > > > All the talk about it seems to say things like 'in development' or
> > > > 'sort of works if you patch some old version', but then I've not found
> > > > too much recent information, so could anyone summarise the current
> > > > situation vis-a-vis SRS in Postfix?
> > >
> > > Postfix implements SPF, SenderID, DKIM and DomainKeys only via
> > > non-Postfix software (milters, smtp-based content filters).
> >
> > Should the absence of SRS from that list be taken to mean that it is
> > not implemented at all, even using a milter?
>
>
> SRS can be done today with an SMTP-based content filter. I don't
> know if someone has taken this approach.
>

Thanks, I'll try to find the time to look into this.

> An alternative is to use the Milter plug-in interface. However,
> this would have to wait until "replace envelope sender" support
> (introduced with Sendmail 8.14) has been implemented in Postfix.
>

Ah, that must be the limitation the OpenSPF people were talking about.

>
> > I assume that's the case,
> > based on http://www.openspf.org/SRS, which states that "Postfix
> > doesn't support a plugin interface that can do SRS, but there is a
> > source patch for libsrs2". Additionally, libsrs2 apparently is broken
> > with recent versions of Postfix, and was only ever a development
> > version.
> >
> > I was really hoping that this would turn out to be out of date, but I
> > suppose I'll have to think of something else.
> >
> > A pity because the solution described in the page linked in my
> > original mail seems like it would be something of a magic bullet for
> > my current problem, allowing accurate automatic discernment of real
> > bounces from backscatter.
>
>
> There is no magic bullet. Solutions like SRS and BATV depend on
> RFC-compliant behavior of remote MTAs (send mail from<> to envelope
> sender address). Other solutions have other limitations, and what
> works best is often a combination.
>

Hmm, so what I hadn't considered is mailers that send bounces to the
wrong address. What do they use then? The 'From:' address or something
even more zany? Do you know what MTAs do this? If they're not all that
common then it would probably be a worthwhile trade-off for us as
we're unlikely to find legitimate bounces in the flood currently
anyway. Personally I'd like to drop mail from them out of spite, but
that's the frustration talking (we've had basically no spam get
through the filter for ages until a couple of weeks ago, when the
backscatter shot up, and today we've been absolutely inundated).

Well, thanks for your time,
Aneurin Price

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]