https://github.com/mschout/postfix-srsd-java

Java Implementation of SRSD for Postfix
https://github.com/mschout/postfix-srsd-java

Last synced: about 1 month ago
JSON representation

Java Implementation of SRSD for Postfix

• Host: GitHub
• URL: https://github.com/mschout/postfix-srsd-java
• Owner: mschout
• License: apache-2.0
• Created: 2022-09-20T15:43:41.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2023-09-30T22:21:05.000Z (over 1 year ago)
• Last Synced: 2023-09-30T23:24:40.957Z (over 1 year ago)
• Language: Java
• Size: 106 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Postfix SRSD

This is a Sender Rewriting Scheme (SRS) daemon for postfix, written in Java.

SRS handles address rewriting as part of the SPF/SRS protocol pair.

## What is SRS?

SPF (and related systems) present a challenge to forwarders, since the envelope

sender address might be seen by the destination as a forgery by the forwarding

host. Forwarding services must rewrite the envelope sender address, while

encapsulating the original sender and preventing relay attacks by spammers. The

Sender Rewriting Scheme, or SRS, provides a standard for this rewriting which

makes forwarding compatible with these address verification schemes, preserves

bounce functionality and is not vulnerable to attacks by spammers.

## Dependencies

If building from sources, you need a Java JDK, version 11 or later.

To run the jar file you just need a Java JRE, version 11 or higher.

## Installation

If building from souces:

```

./gradlew jar

```

The generated jar file will be in `build/libs`

## Configuration

You need to generate at least one secret and save it in a file (default is

`/usr/local/etc/postfix/postfix-srsd.secrets').  The format is one secret per

line, with the last one being the current secret used for encoding addresses,

and all lines valid for decoding.

## Configure Postfix

Add something simmiarl to the following to `main.cf`:

```

recipient_canonical_maps = hash:$config_directory/nosrs, socketmap:inet:localhost:2510:srsdecoder

recipient_canonical_classes = envelope_recipient, header_recipient

sender_canonical_maps = hash:$config_directory/nosrs, socketmap:inet:localhost:2510:srsencoder

sender_canonical_classes = envelope_sender

```

the "nosrs" file can be used to sepecify recipients/senders that should not be

rewritten.

## Running

Run the jar file like:

```

java -jar postifx-srsd-java.jar --port 2510 --local-alias bounces.example.com --secret-file /etc/srsd.secrets

```

Run with --help to get usage information:

```

Usage: postfix-srsd [-hV] --local-alias= --secret-file=

                    (--socket= | [[--host=]

                    --port=]) ([--log-file=]

                    [--syslog-host=] [--syslog-port=]

                    [--syslog-facility=]

                    [--log-level=])

SRS encoder and decoder daemon for postfix.

  -h, --help                 Show this help message and exit.

      --host=      TCP Hostname to bind to

      --local-alias=

      --log-file=

      --log-level=

      --port=          TCP Port to listen on

      --secret-file=

                             File containing SRS encoder secrets.  First line

                               is the default secret, additional lines are

                               valid secrets for verifying addresses.

      --socket=  Unix socket file path to listen on.

      --syslog-facility=

      --syslog-host=

      --syslog-port=

  -V, --version              Print version information and exit.

```

## Docker Compose

There is an example `docker-compose.yml` showing how to run the daaemon with

docker compose.