exim 4.96, spamblocker 4.5.40 SRS issue (and fixed, I think)

hugor

Verified User
Joined
Dec 16, 2019
Messages
8
After updating to spamblocker 4.5.40 exim.conf and exim 4.96, I started noticing SRS errors. Forwarded emails were correctly srs encoded, but sender verification (which some receiving mailservers use) failed with "Invalid SRS recipient address" caused by the inbound_srs_failure router.
Therefore many forwarded mails were not received at the forwarded address.

After looking into the exim.conf supplied by spamblocker 4.5.40 and reading the exim documentation about SRS (see heading 5), I noticed the the order of the "inbound_srs" and "inbound_srs_failure" router has been reversed compared to the exim manual example.
After I switched the order in my exim.conf file, all seems to work fine and sender verification started working again.

Although I noticed I was having sender verification problems, I can imagine this is also causing the same problems when emails are bounced or causing a DSN.

Could this indeed be a bug in the provided configuration?

edit: There was a typo in the spamblocker version. I wrote 4.5.20, but I meant 4.5.40.
 
Last edited:
Could this indeed be a bug in the provided configuration?
That might be. Not sure.
Nothing mentioned about any change in the SRS after version 4.5.14 in the changelog.
However, in the 4.5.20 version of exim.conf there isn't even a inbound_srs or inbound_srs_failure in the config itself. So I don't know which reversed order you are talking about.
Those two statements like that are added later. Seems this is changed in version 4.5.39, then those two statements are added this way in this order. That didn't change in 4.5.40.

Which also makes me wonder why you use the newest Exim version but an old config? Why don't you use the 4.5.40 exim.conf version? Do you have that many customisations that you don't upgrade the exim.conf file?
 
Hi Richard,

I'm sorry, 4.5.20 was a typo, i meant 4.5.40 🤦‍♂️

So I'm using spamblocker's 4.5.40 exim.conf. In this file you'll find:
Code:
inbound_srs_failure:
    driver =    redirect
    senders =   :
    domains =   +local_domains
    # detect inbound bounces which look SRS'd but are invalid
    condition = ${if inbound_srs {$local_part} {}}
    allow_fail
    data =      :fail: Invalid SRS recipient address

inbound_srs:
    driver =    redirect
    senders =   :
    domains =   +local_domains
    # detect inbound bounces which are SRS'd, and decode them
    condition = ${if inbound_srs {$local_part} {SRS_SECRET}}
    data =      $srs_recipient

Where as in the exim documentation example you'll find:
Code:
  inbound_srs:
    driver =    redirect
    senders =   :
    domains =   +my_domains
    # detect inbound bounces which are SRS'd, and decode them
    condition = ${if inbound_srs {$local_part} {SRS_SECRET}}
    data =      $srs_recipient

  inbound_srs_failure:
    driver =    redirect
    senders =   :
    domains =   +my_domains
    # detect inbound bounces which look SRS'd but are invalid
    condition = ${if inbound_srs {$local_part} {}}
    allow_fail
    data =      :fail: Invalid SRS recipient address

Which is different and the first (as distributed by DA) causing problems in my case.
 
Last edited:
Seems you're correct, and if the order fixes this issue, then the order should be changed in DA's spamblocker exim.conf file.

Something for @smtalk or @fln please check/fix?
 
I don't see why would it cause problems, but I've changed the order of them per your request :) It's been done in exim.conf v4.5.41. Thank you.
 
@smtalk can you check #41874 for additional reported srs errors and some other debugging information. I am having some srs issues in 4.96 which are not occurring in exim 4.95
 
@smtalk sorry for the updating of the old post, but the same issue is again present, probably from 4.96 again but for sure in 4.97 issue is back. So the fix seems to be not working.

Causing this issue again on forwarders:
Code:
2023-12-10 20:05:04 1rCP6t-00000002fue-30sp ** [email protected] <[email protected]> F=<[email protected]> R=lookuphost_forward_router T=remote_smtp_forward_transport H=mail.domain.nl [2a01:xxxxxxxxxx] X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=no: SMTP error from remote mail server after RCPT TO:<[email protected]>: 550-Verification failed for <[email protected]>\n550-Invalid SRS recipient address\n550 Sender verify failed

and on the receiving mailserver the same:
Code:
2023-12-10 20:04:09 1rCP5y-00000000Tsx-1h17 => technical <[email protected]> F=<[email protected]> R=
virtual_user T=dovecot_lmtp_udp S=10417 C="250 2.0.0 <[email protected]> 8dMfKKkLdmVftAEAugeUdg Saved"
2023-12-10 20:04:09 1rCP5y-00000000Tsx-1h17 Completed
2023-12-10 20:05:04 H=(server.somedomain.nl) [2a01xxxxxxxxxxxxxxx2] sender verify fail for <[email protected]>: Inv
alid SRS recipient address
2023-12-10 20:05:04 H=(server.somedomain.nl) [2a01xxxxxxxxxxxxxxxxxxxxxxx2] X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=no F=<SRS0=9012=hv=outlook.com=snds-authorizat
[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2023-12-10 20:05:04 H=(server.somedomain.nl) [2a01:xxxxxxxxxxxxxxxxxx2] incomplete transaction (QUIT) from <[email protected]>
 
Last edited:
Back
Top