exim4 configuration with SRS daemon

Question

I'm struggeling setting up exim 4 with an external SRS daemon (Debian package srs). The srsd is running and converting addresses back and forward just fine. I can't use exim's built-in srs code, since it is not enabled in Debian (in know I can compile myself, but it is not an option).

What I have problems with is the srs_forward router within exim to add SRS tags to forwarded mails. I have the following redirect router in place, which should run only for non-error messages from non-local senders and non-local recipients, which are not relayed for another mx - at least I understand srs to be applied to such messages. Please correct me, if this is wrong. I have the following code:

srs_forward:
  debug_print = "R: srs_forward for $local_part@$domain"
  driver = redirect
  senders = ! :
  condition = ${if ! match_domain{$sender_address_domain}{+local_domains}}
  domains = ! +local_domains : ! +relay_to_domains
  address_data = ${readsocket{/tmp/srsd}\
                {FORWARD $sender_address_local_part@$sender_address_domain $domain\n}\
                                        {5s}{\n}{:defer: SRS daemon failure}}
  errors_to = ${quote_local_part:${local_part:$address_data}}@${domain:$address_data}
  data = ${quote_local_part:$local_part}@$domain
  headers_add = X-SRS: Sender address rewritten from $sender_address to ${quote_local_part:${local_part:$address_data}}@$$
  repeat_use = false
  allow_defer
  no_verify

What I could test and works: The return path gets generated right (lines with address_data and errors_to, as well as the to-address (line starting with data).

I'm unsure with the preconditions:

senders = ! : 

This line should prevent the router from running for error messages.

condition = ${if ! match_domain{$sender_address_domain}{+local_domains}}

This line should prevent the router from running for messages from local senders.

domains = ! +local_domains : ! +relay_to_domains

This line should prevent the router from running for messages to local recipients or for relayed messages.

Could some one please clarify?

(I used a manual as a starting point, although with no success.)

Answer 1

You did not test properly. Your information you pass to the SRS daemon is not correct:

FORWARD $sender_address_local_part@$sender_address_domain $domain\n

This does not do what you want: $domain contains the recipient domain and not the sending domain. Your intention to rewrite the return path to the domain the message was forwarded by is honorable but doesn't work like this: The message hits your SRS router after the forwarding has already been done, so $domain doesn't contain anymore the domain the message was sent to. You should use $primary_hostname or $original_domain. So this line should look like:

address_data = ${readsocket{/tmp/srsd}\
                {FORWARD $sender_address_local_part@$sender_address_domain $original_domain\n}\
                                    {5s}{\n}{:defer: SRS daemon failure}}

What concerns your preconditions, they are fine. You can take the "senders" and "condition" lines together:

senders = ! : ! *@+local_domains

You just need to make sure, that the domainlist local_domains really contains all of your local domains (at least it should contain for the currently routed message $original_domain and $sender_address_domain).

Please document your configuration if your code is running and give us some hints here. You need to arrange several things more: ACLs to verify incoming SRS tagged bounce messages, untag SRS tagged mails for greylisting, untag bounces, making sure not to add any other tags like BATV to outgoing messages, work around to accept SRS tagged messages with a smashed case, rewrite the bounce error message text to not include the SRS tagged sender address, maybe deny any non tagged bounces, etc. So a good tutorial would be appreciated. Thanx!