SRS

From QmailToaster
Jump to navigation Jump to search

Back
First you need to configure some parameters in /var/qmail/control.

Do the following: 

echo srs.YOURDOMAIN > /var/qmail/control/srs_domain
echo SECRET > /var/qmail/control/srs_secrets

YOURDOMAIN: Replace with your domain name, e.g. srs.foo-bar.com

SECRET: Replace with a random string

Important! You MUST create a MX record for srs.YOURDOMAIN pointing to your server.

Optional parameters: 

echo 7 > /var/qmail/control/srs_maxage
echo 4 > /var/qmail/control/srs_hashlength
echo 4 > /var/qmail/control/srs_hashmin
echo = > /var/qmail/control/srs_separator
echo 0 > /var/qmail/control/srs_alwaysrewrite

Configure your SRS domain. 

echo srs.YOURDOMAIN >> /var/qmail/control/rcpthosts
echo srs.YOURDOMAIN:srs >> /var/qmail/control/virtualdomains
echo "| /var/qmail/bin/srsfilter" > /var/qmail/alias/.qmail-srs-default

YOURDOMAIN: Replace with your domain name, e.g. srs.foo-bar.com.

Here are the configuration options: 

srs_domain  	A domain to use in rewritten addresses. If not set, SRS is disabled.  	Ex: srs.foo-bar.com
srs_secrets 	A random string to generate and check SRS addresses. You can specify a list of secrets (one per line). The first secret in the
                list is used for generating new SRS addresses. All secrets on the list may be used to verify SRS addresses. 	Ex: foobar123
srs_maxage 	The maximum permitted age of a rewritten address. SRS rewritten addresses expire after a specified number of days. libsrs2
                default is 21, but I believe that a week is enougth to get all bounces, so I recommend you to use 7. 	Ex: 7
srs_hashlength 	The hash length to generate in a rewritten address. The hash length is a measure of security in the 
                SRS system; longer is more secure. 	Ex: 4
srs_hashmin 	The hash length to require when checking an address. If the hash length is increased, there may be SRS addresses from your MTA in the
                wild which use a shorter hash length. This parameter may be set to permit checking of hashes shorter than srs_hashlength.
                 This parameter must be at most srs_hashlength. 	Ex: 4
srs_separator 	The separator to appear immediately after SRS[01] in rewritten addresses. This must be -, + or =. Default value is =. 	Ex: =
srs_alwaysrewrite 	Skip rcpthosts check and perform SRS rewriting for all forwarding, even when not required. 
                        This must be 0 (disabled) or 1 (enabled). Default value is 0 (disabled). 	Ex: 0


External links

Retrieved from "http://wiki.qmailtoaster.org:80/index.php?title=SRS&oldid=1398"