{"id":265,"date":"2009-07-29T23:09:18","date_gmt":"2009-07-29T23:09:18","guid":{"rendered":"https:\/\/www.bishnet.net\/tim\/blog\/?p=265"},"modified":"2019-05-22T14:48:38","modified_gmt":"2019-05-22T13:48:38","slug":"implementing-srs-with-exim-and-sqlite","status":"publish","type":"post","link":"https:\/\/www.bishnet.net\/tim\/blog\/2009\/07\/29\/implementing-srs-with-exim-and-sqlite\/","title":{"rendered":"Implementing SRS with Exim and SQLite"},"content":{"rendered":"<p>Due to issues with SPF-style restrictions I decided I&#8217;d take a look at implementing SRS (the Sender Rewriting Scheme) with <a href=\"http:\/\/www.exim.org\/\">Exim<\/a>. I thought it&#8217;d be fairly straightforward and well documented, but it wasn&#8217;t. I&#8217;m left wondering if anybody actually does it like this?<\/p>\n<p>To start with I built Exim on <a href=\"http:\/\/www.freebsd.org\/\">FreeBSD<\/a> with the SPF and SRS libraries (I used <a href=\"http:\/\/srs.mirtol.com\/\">libsrs_alt<\/a>). This was straightforward enough &#8211; although where are the options in the FreeBSD port? &#8211; and would be standard across most operating systems.<\/p>\n<p>Since this was a trial run I thought I&#8217;d take the lightweight approach and use <a href=\"http:\/\/www.sqlite.org\/\">SQLite<\/a> rather than set up a full database like MySQL. This again was a straightforward install.<\/p>\n<p>Lets look quickly and the SQLite tables. The <a href=\"http:\/\/srs.mirtol.com\/exim.php\">instructions on the libsrs_alt site<\/a> don&#8217;t talk about creating these, so I just figured it out for myself. This is what I ended up with:<\/p>\n<pre># sqlite3 \/var\/tmp\/srs.db .dump\nBEGIN TRANSACTION;\nCREATE TABLE SRS(Key TEXT, Address TEXT, Time INTEGER);\nCOMMIT;\n#<\/pre>\n<p>That&#8217;s pretty simple. The database should probably live somewhere a bit more permanent though :-).<\/p>\n<p>Right, back to the instructions. Basically we need to add a bit of config and a new router to the exim configuration. Starting with the default configuration I added the following option in the global section:<\/p>\n<pre>hide srs_secrets = asecurestringofareasonablelength<\/pre>\n<p>And then the following routers:<\/p>\n<pre>srs_reverse:\n  driver = redirect\n  domains = +local_domains\n  srs = reverseandforward\n  srs_dbinsert = ${lookup sqlite{\/var\/tmp\/srs.db \\\n    INSERT INTO SRS ('Key', 'Address', 'Time') \\\n    VALUES ('${srs_db_key}', '${srs_db_address}', \\\n    strftime('%s','now'))}}\n  srs_dbselect = ${lookup sqlite{\/var\/tmp\/srs.db \\\n    SELECT Address FROM SRS \\\n    WHERE Key = '${srs_db_key}' \\\n    AND Time &gt; strftime('%s','now','-30 days') \\\n    LIMIT 1}}\n  data = ${srs_recipient}<\/pre>\n<pre>srs_forward:\n  driver = redirect\n  domains = +local_domains\n  srs = forward\n  srs_dbinsert = ${lookup sqlite{\/var\/tmp\/srs.db \\\n    INSERT INTO 'SRS' ('Key', 'Address', 'Time') \\\n    VALUES ('${srs_db_key}', '${srs_db_address}', \\\n    strftime('%s','now'))}}\n  data = $local_part@example.org<\/pre>\n<p>As you can see in this case, I&#8217;m simply forwarding all email to another domain. That&#8217;s not the most useful setup, but again I&#8217;m just testing.<\/p>\n<p>Note that I had to put these in the opposite order to <a href=\"http:\/\/srs.mirtol.com\/exim.php\">the instructions<\/a>. The first router is looking for addresses that are already SRS encoded (so bounces for forwarded messages, etc). If it doesn&#8217;t find one, it just passes on to the next one. So this way round work best for me.<\/p>\n<p>That&#8217;s it really. At a simple level this works. I&#8217;ve not looking at proper integration in to the forwarding setup or any kind of database maintenance yet. But given the lack of useful documentation online I thought I&#8217;d post my findings.<\/p>\n<p>If you&#8217;re reading this and thinking &#8220;why on earth is he doing it like that?&#8221; please drop me a comment below and enlighten me :-).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this post I look at implemeting SRS using Exim and SQLite.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,2],"tags":[112,110,113,111,109],"class_list":["post-265","post","type-post","status-publish","format-standard","hentry","category-computing","category-work","tag-exim","tag-sender-rewriting-scheme","tag-spf","tag-sqlite","tag-srs"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.bishnet.net\/tim\/blog\/wp-json\/wp\/v2\/posts\/265","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bishnet.net\/tim\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bishnet.net\/tim\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bishnet.net\/tim\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bishnet.net\/tim\/blog\/wp-json\/wp\/v2\/comments?post=265"}],"version-history":[{"count":21,"href":"https:\/\/www.bishnet.net\/tim\/blog\/wp-json\/wp\/v2\/posts\/265\/revisions"}],"predecessor-version":[{"id":511,"href":"https:\/\/www.bishnet.net\/tim\/blog\/wp-json\/wp\/v2\/posts\/265\/revisions\/511"}],"wp:attachment":[{"href":"https:\/\/www.bishnet.net\/tim\/blog\/wp-json\/wp\/v2\/media?parent=265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bishnet.net\/tim\/blog\/wp-json\/wp\/v2\/categories?post=265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bishnet.net\/tim\/blog\/wp-json\/wp\/v2\/tags?post=265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}