| Deutsch English Français Italiano |
|
<vlua7c$3ce$1@tncsrv09.home.tnetconsulting.net> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder9.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.omega.home.tnetconsulting.net!not-for-mail
From: Grant Taylor <gtaylor@tnetconsulting.net>
Newsgroups: comp.mail.sendmail
Subject: Re: Trusted CA config
Date: Sat, 11 Jan 2025 11:36:44 -0600
Organization: TNet Consulting
Message-ID: <vlua7c$3ce$1@tncsrv09.home.tnetconsulting.net>
References: <87ttcbly3k.fsf@example.com> <vh2uu2$jqr$1@news.misty.com>
<87h68a526z.fsf@miraculix.mork.no> <87frlsoxci.fsf_-_@miraculix.mork.no>
<vlrk97$j5j$1@news.misty.com> <vlsbfd$fuf$1@tncsrv09.home.tnetconsulting.net>
<vlu82i$1rd$1@bastet.speedkom.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 11 Jan 2025 17:36:44 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="omega.home.tnetconsulting.net:198.18.1.11";
logging-data="3470"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla Thunderbird
Content-Language: en-US
In-Reply-To: <vlu82i$1rd$1@bastet.speedkom.net>
Bytes: 17787
Lines: 595
On 1/11/25 11:00, Andreas S. Kerber wrote:
> Would you mind sharing this 'perlsrs' file? I can't seem to find it
> and I'd like to take a look.
Not at all.
It's actually multiple files.
- perlsrs-old.m4 - the original version I found and started with
- perlsrs.m4 - a test modification of perlsrs-old.m4 to use socketmap
- socketmap.m4 - a version of (socketmap) perlsrs.m4 I used for a while
- envfrom2srs.pl - script to convert from SRS form to raw form
- srs2envto.pl - script to convert from raw form to SRS form
- socketmapd*.pl - socketmap of above Perl to avoid startup delay
I only used the socketmap version on one system for a few years before
giving up on it b/c I'd forget to start the socketmap daemon when the
system would reboot (patching / etc.).
I've never had any noticeable performance problems with the
perlsrs-old.m4 / envfrom2srs.pl / srs2envto.pl versions and they just
work without needing to remember start anything.
N.B. you need to change the $secret and $fwdomain. $secret is data
meant to prevent others from predicting your SRS values. $fwdomain is
mean to be the domain that you forward emailas; I use the hosts FQDN.
I save these files in the /etc/mail/srs directory.
I create a sym-link to the m4 files from where Sendmail / m4 looks for
hacks (/usr/share/sendmail-cf/hack on my system).
Then I include the following at the end of my sendmail.mc file:
HACK(`perlsrs-old')dnl
The premise behind the m4 is to check to see if the envelope from is in
class w, and if not, apply SRS to the envelope.
It's been a long time since I looked at this and I just confirmed that
it is still working.
--8<--perlsrs-old.m4--8<--
divert(-1)
# Copyright (c) 2004 by Mark Kramer <admin@asarian-host.net>
# All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
divert(0)
VERSIONID(`$Id: perlsrs.m4,v 1.2 2004/04/01 20:37:09 mkramer Exp $')
ifdef(`_MAILER_DEFINED_',,`errprint(`*** WARNING: MAILER() should be
before HACK(perlsrs)')')
LOCAL_CONFIG
# Forward SRS program map
Kenvfrom2srs program /etc/mail/srs/envfrom2srs.pl
# Reverse SRS program map
Ksrs2envto program /etc/mail/srs/srs2envto.pl
# SRS regex map
Kis_srs regex ^<?SRS[01][=+-].*
MAILER_DEFINITIONS
SEnvFromSMTP
R$*@$=w$* $@ $1@$2$3 Don't SRS
rewrite local (class w) sending domains.
R$* $: $(envfrom2srs $1 $) SRS rewrite
non-local (!class w) sending domains.
LOCAL_RULESETS
###################################################################
### Local SRS Macros ###
###################################################################
SIsSRS
R$* $: $(is_srs $1 $)
R$@ $@ YES
R$* $@ NO
SReverseSrs
R$* $: $1 $>IsSRS $1
R$* NO $@ $1
R$* YES $@ $(srs2envto $1 $)
LOCAL_RULE_0
# Do we need to reverse SRS address?
R$* $: $>ReverseSrs $1
-->8--perlsrs-old.m4-->8--
--8<--perlsrs.m4--8<--
divert(-1)
# Copyright (c) 2004 by Mark Kramer <admin@asarian-host.net>
# All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
divert(0)
VERSIONID(`$Id: 8.13.perlsrs.m4,v 1.0 2004/08/21 13:15:43 mkramer Exp $')
ifdef(`_MAILER_DEFINED_',,`errprint(`*** WARNING: MAILER() should be
before HACK(perlsrs)')')
LOCAL_CONFIG
# SRS socket maps
Kreverse_srs socket local:/var/run/socketmapd.sock
Kmake_srs socket local:/var/run/socketmapd.sock
# SRS regex map
Kis_srs regex ^<?SRS[01][=+-].*
MAILER_DEFINITIONS
SEnvFromSMTP
R$* $: $(make_srs $1 $)
LOCAL_RULESETS
###################################################################
### Local SRS Macros ###
###################################################################
SIsSrs
R$* $: $(is_srs $1 $)
R$@ $@ YES
R$* $@ NO
SReverseSrs
R$* $: $1 $>IsSrs $1
R$* NO $@ $1
R$* YES $@ $(reverse_srs $1 $)
LOCAL_RULE_0
# Do we need to reverse SRS address?
R$* $: $>ReverseSrs $1
-->8--perlsrs.m4-->8--
--8<--socketmap.m4--8<--
divert(-1)
========== REMAINDER OF ARTICLE TRUNCATED ==========