Failure to accept emails sent with SRS

[emrah]

Hi,

We send the mails to be sent outwards on our server via exim using RollerNET's service.

However, there are e-mail forwarding on some domains on our server, incoming mails can be forwarded to personal e-mail addresses such as multiple gmail, hotmail, etc. as in the example.
For example;
Any mail sent to abc@abc.com
abc@abc.com -> 123@123.com,xyz@xyz.com

But I see that these forwarded mails are rejected by RollerNet due to "MAIL From sender". See the example below;

Code: Select all

2023-10-14 15:05:22 1qreKO-0006DC-0Q ** xxx@gmail.com <emrah@abc.com> F=<xion@qwerty.com> R=smart_route_forward T=auth_relay_forward H=smtpauth.rollernet.us [208.79.240.5] X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after RCPT TO:<ogfuri@gmail.com>: 550 5.1.7 <SRS0=fa08=f4=qwerty.com=xion@abc.com>: Sender address rejected: undeliverable address: Unable to accept MAIL FROM sender. Please read https://acc.rollernet.us/help/mail/outbound.php#restrictions

As far as I see here, RollerNET cannot detect SRS supported forwarding mails and does not accept these mails.

Code: Select all

<SRS0=fa08=f4=emrahciftcibasi.com=xion@ciftcibasi.com>: Sender address rejected: undeliverable address: Unable to accept MAIL FROM sender. 

This SRS record is created by the field in /etc/exim.transports.pre.conf.

Code: Select all

return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}

Do you have any suggestions for making this work here?


My exim configuration file;

Code: Select all

Exim version 4.96.1 #2 built 14-Oct-2023 12:29:36

/etc/exim.transports.pre.conf

Code: Select all

auth_relay_forward:
    driver = smtp
    port = 25
    hosts_require_auth = $host_address
    hosts_require_tls = $host_address
    headers_add = "${if def:authenticated_id{X-Authenticated-Id: ${{authenticated_id}}}}"
    interface = <; ${if exists{/etc/virtual/domainips}{${lookup{$sender_address_domain}lsearch*{/etc/virtual/domainips}}}}
    helo_data = ${if exists{/etc/virtual/helo_data}{${lookup{$sending_ip_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}
    hosts_try_chunking =
    hosts_try_fastopen =
    max_rcpt = 1
    return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
.include_if_exists /etc/exim.dkim.conf

/etc/exim.routers.pre.conf

Code: Select all

smart_route_forward:
    driver = manualroute
    domains = ! +local_domains
    ignore_target_hosts = 127.0.0.0/8
    condition = ${if !eq{$original_domain}{$domain}}
    condition = ${if !eq{$original_domain}{}}
    condition = "${perl{check_limits}}"
    transport = auth_relay_forward
    route_list = * smtpauth.rollernet.us:587
    no_more

smart_route:
    driver = manualroute
    domains = ! +local_domains
    ignore_target_hosts = 127.0.0.0/8
    condition = "${perl{check_limits}}"
    transport = auth_relay
    route_list = * smtpauth.rollernet.us:587
    no_more

[Seth]

I can't help you with EXIM config since I've never used it, but the issue is that part of the process for our SMTP AUTH service to accept an email is that it will connect back and try to verify that the sender address is a working email address i.e. you can't just make up a non-working sender address for the sake of forwarding.

This is the error that needs to be corrected:

Code: Select all

2023-10-14T03:56:43.435702-07:00 smtpauth postfix/smtp[25438]: 1163D2801000: to=<SRS0=fa08=f4=emrahciftcibasi.com=xion@ciftcibasi.com>, rela
y=mail.ciftcibasi.com[195.200.82.5]:25, delay=1.4, delays=0/0/1.2/0.16, dsn=5.0.0, status=undeliverable (host mail.ciftcibasi.com[195.200.82
.5] said: 550 No such recipient here (in reply to RCPT TO command))

The server at 195.200.82.5 told us that the email address:

Code: Select all

<SRS0=fa08=f4=emrahciftcibasi.com=xion@ciftcibasi.com>

is invalid, so our SMTP AUTH service will not accept it as a sender address during submission.

[Seth]

Your mail system needs to handle incoming SRS too if it's going to generate such addresses for outgoing. If you have /usr/bin/srs on your system you can pipe aliases for srs0 and srs1 to sendmail using srs for reverse handling of the address.

Something like this in /etc/aliases:

Code: Select all

srs0:   |"/usr/sbin/sendmail `/usr/bin/srs --reverse --secret=X --address=$RECIPIENT`"
srs1:   |"/usr/sbin/sendmail `/usr/bin/srs --reverse --secret=X --address=$RECIPIENT`"

This works for Postfix systems but the man page for srs will tell you more.

[emrah]

Although I don't fully understand the problem, the problem is that this mail is being sent via RollerNET SMTP service. Isn't it actually because "SRS0=fa08=f4=emrahciftcibasi.com=xion@ciftcibasi.com>" doesn't accept such a recipient when the sent mail is checked by Rollernet?

I don't see how this has anything to do with whether there is an SRS controller on my server or not. Normally, if I delete the line "return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}" in "/etc/exim.transports.pre.conf", the forward messages are successfully forwarded. But this time other problems arise.

[emrah]

I basically understood the problem and realized it was in my exim configuration.
So I decided not to use SRS for forwards. Thanks for your support. we can close the subject.

[Seth]

The domain encoding SRS needs to also handle inbound SRS if it's going to rewrite addresses.

Read section 5 of this link:

https://www.exim.org/exim-html-current/ ... dmarc.html