# Sample Configuration for Experimental Return Path Rewriting in Exim 3 # Copyright 2004, Daniel Roethlisberger # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # copy of the GNU General Public License is distributed with exim itself ############################################################################## ### Version 2.2 of my return path rewriting scheme ### Living at http://www.roe.ch/spam/rpr-exim3-roe-02.txt ### See http://www.roe.ch/spam/return-path-rewriting.xml ### Changes in 2.3: Case-Insensitivity fix - lowercase address before hashing ### Changes in 2.2: Adding X-Primary-Address header for TMDA compatibility ### Changes in 2.1: Reordering of data fields in the hash to prevent known ### clever cryptographical attacks on the hash # Q() : Quoting: replace last @ with _ (s/@([^@]+)$/_$1/) # Hn() : First n characters of Hash (MD5) in hex (n:=RPR_STRENGTH) # local_domain : domain of original recipient (which is a local domain) # old_from : original return path / envelope sender # timestamp = strftime(%Y%m%d%H%M) # new_from = '_2_' + $timestamp + Hn($secret + $old_from + $timestamp) + # Q($old_from) + '@' + $local_domain ############################################################################## ### in startup.pl use POSIX qw(mktime); ### [...] sub rpr_verify_date { my ($y, $m, $d, $hr, $mn, $emb) = @_; # 2592000s = 30d # 1296000s = 15d # 691200s = 8d if(time() <= 691200 + mktime(0, $mn, $hr, $d, $m-1, $y-1900)) { return $emb; } else { return 'postmaster@'.Exim::expand_string('$domain'); } } ############################################################################## ############################################################################## ### in exim.conf ### somewhere near the top - ADJUST THIS # the secret RPR_SECRET = yoursecret # cookie length in hex digits; 1..32 (n hex digits give 2n bits of security) RPR_STRENGTH = 12 # you may use my URL if you wish, but creating your own might be a good idea RPR_URL = http://www.roe.ch/spam/return-path-rewriting.xml # domain lists or file lookups or the like -- gets used in "senders =" below # to decide whether the router is run on a foreign address or not. # You may want to edit the senders line below instead of adding these macros. LOCAL_DOMAINS = your : local : domains VIRTUAL_DOMAINS = your : virtual : domains ### [...] ### in the directors section, preferrably at the top # Return Path Rewriting # rewrite incoming RPR bounces to their real destinations rpr_return: driver = smartuser prefix = _2_ condition = ${if and {{eq {$sender_address}{}}\ {match {$local_part}{^(\\d\{12\})([0-9a-f]\{RPR_STRENGTH\})(.*)_([^_]+)\$}}\ {eq {${length_RPR_STRENGTH:${md5:RPR_SECRET${lc:$3@$4}$1}}}{$2}}\ } {1}{0}} new_address = ${if match {$local_part}{^(\\d\{4\})(\\d\{2\})(\\d\{2\})(\\d\{2\})(\\d\{2\})[0-9a-f]\{RPR_STRENGTH\}(.*)_([^_]+)\$}{\ # $1=2004 $2=01 $3=21 $4=12 $5=59 $6=emb_lp $7=emb_do ${perl{rpr_verify_date}{$1}{$2}{$3}{$4}{$5}{${quote:$6}@$7}}\ }{"postmaster@$domain"}} headers_add = "X-RPR-Return: DSN routed to destination via $primary_hostname\n\ \tSee RPR_URL" rpr_error_checksum: driver = smartuser prefix = _2_ condition = ${if and {{eq {$sender_address}{}}\ {match {$local_part}{^(\\d\{12\})([0-9a-f]\{RPR_STRENGTH\})(.*)_([^_]+)\$}}\ } {1}{0}} new_address = "postmaster@$domain" headers_add = "X-RPR-Alert: Checksum mismatch!" rpr_error_nodsn: driver = smartuser prefix = _2_ condition = ${if match {$local_part}{^(\\d\{12\})([0-9a-f]\{RPR_STRENGTH\})(.*)_([^_]+)\$} {1}{0}} new_address = "postmaster@$domain" headers_add = "X-RPR-Alert: Not a DSN (non-empty return-path)!" ### [...] ### in the routers section, preferrably at the top # Return Path Rewriting # rewrite outgoing mail with foreign return-path to local RPR scheme rpr_lookup_mx: senders = !LOCAL_DOMAINS:!VIRTUAL_DOMAINS driver = lookuphost transport = remote_smtp ignore_target_hosts = 127.0.0.0/8 condition = ${if and {{!eq {$sender_address}{}}\ {!match {$h_X-RPR-Return:}{$primary_hostname}}\ }{1}{0}} headers_add = "X-RPR-Rewrite: SMTP envelope sender rewritten by $primary_hostname\n\ \tSee RPR_URL\n\ ${if !def:h_X-Primary-Address: {X-Primary-Address: $sender_address}}" errors_to = "${quote:_2_\ ${sg {$tod_log}{^(\\\\d+)-(\\\\d+)-(\\\\d+) (\\\\d+):(\\\\d+):(\\\\d+)}{\\$1\\$2\\$3\\$4\\$5}}\ ${length_RPR_STRENGTH:${md5:\ RPR_SECRET\ ${lc:$sender_address}\ ${sg {$tod_log}{^(\\\\d+)-(\\\\d+)-(\\\\d+) (\\\\d+):(\\\\d+):(\\\\d+)}{\\$1\\$2\\$3\\$4\\$5}}\ }}\ ${sg {$sender_address}{@}{_}}\ }@${if eq {$domain}{$original_domain} {$primary_hostname}{$original_domain}}" ##############################################################################