Mail::Milter::Wrapper::DecodeSRS - milter wrapper to decode SRS-encoded return path
use Mail::Milter::Wrapper::DecodeSRS; my $milter = ...; my $wrapper = new Mail::Milter::Wrapper::DecodeSRS($milter); my $wrapper2 = &DecodeSRS($milter); # convenience
Mail::Milter::Wrapper::DecodeSRS is a convenience milter wrapper which decodes MAIL FROM: return paths which have been encoded by the Sender Rewrite Scheme, SRS. (More information: http://www.libsrs2.org/) This wrapper internally understands both the SRS0 and SRS1 encoding schemes documented by the Mail::SRS author.
The decoded address is made available to the contained milter via the
envfrom callback, in the same way that a raw address would.
NOTE: If the address is not SRS encoded, the contained milter is NOT called for the duration of the message; instead, SMFIS_ACCEPT is returned. This is because the milter writer is expected to use this wrapper in a chain that also includes the contained milter without wrapping, in order to prevent a malicious sender from using SRS to bypass access checks.
For instance, the following is a proper usage of this wrapper in a chain:
my $envfrommilter = ...; my $combinedmilter = new Mail::Milter::Chain( new Mail::Milter::Wrapper::UnwrapSRS($envfrommilter), $envfrommilter );
This behavior can also be used if, e.g., the MTA already does one form of MAIL FROM: check, and the contained milter repeats that same database check against SRS rewritten addresses. (A good example would be a milter emulating Sendmail's access_db map.)
Todd Vierling, <email@example.com> <firstname.lastname@example.org>