Devuan Exim using SRS Daemon (srsd) Pseudo-HOW-TO

The code published here is tested, the tutorial not so much... If you try this, please report back
your experience to improve this tutorial. Thank you!


This Pseudo-HOW-TO describes in short terms how to configure exim Sender Rewriting Scheme (using srsd to tag forwarded mails) to comply with SPF enabled target hosts.


What you need:


What you get:

Install Software:

Configure:


Advanced setup (optional):

Automatically adding srs tagging to all your domains having a published SPF record can be accomplished as follows:
  1. Download and edit the script srs_auto_add_domains: You need to adjust the line after "# process all mail domains" for your setup, if it differs from mine:
    I use a flat file having two fields on one line, separated by a colon. The first field contains my virtual domains.
    DOMLIST should get populated with all your domains you are handling mails for.

  2. Adjust the variable EXIM_PRIMARY_DOMAIN in the beginning of the script to contain your primary hostname or primary domain.
    This is just one additional entry to DOMLIST.

  3. If you publish your SPF records only in TXT style, you need to adjust the line: if [ $(dig +noall +short $dom SPF | wc -m) -eq 0 ]; then
    or publish your records as SPF RR aswell.

  4. Save your script to /usr/local/sbin/srs_auto_add_domains, make it executable and test, that it does what it should:
    It should gather all your domains that are SPF enabled that you are handling mail for.

  5. If you are happy with the result, let it execute, when you restart or reload your name server:
    Using bind9, you can add a statement to the end of the file /etc/default/bind9:
    # regenerate SRS enabled domain list for exim
    [ -x /usr/local/sbin/srs_auto_add_domains ] && $(sleep 10; /usr/local/sbin/srs_auto_add_domains "$1") >/dev/null &
    This is not safe, if your bind9 can get restartet or reloaded several times within 15 seconds or so. If you are the only one reloading your bind9, that's fine. You have to add a locking mechanism to the script or use another mean for auto generation (please report back!).


Test your setup:

Caveats:

Enjoy. Comments and corrections are welcome.


Adrian Zaugg. (info at ente dot limmat dot ch)


(v0.0.6) 2019-07-21
- removed BETA note
- targeted for Devuan

(v0.0.5) 2017-01-02
- corrected smashed case code in 175_exim4-config_srs and warning acl
- corrected some typos

(v0.0.4) 2016-09-13
- forgot to mention SRS_ENABLED_DOMAINS_FILE
- give up my perl hack to solve the smashed case bug in favor of the official, better soltuion

history: (v0.0.3) 2016-06-01

Thanks go to Bernd Strehhuber and Xan Charbonnet for pointing out some mistakes!