Difference between revisions of "Srs domain, srs hash algorithm, srs maxage, srs secrets MTA Options"

From Messaging Server Technical Reference Wiki
Jump to: navigation, search
m (Bulk update)
 
Line 1: Line 1:
  
 
__NOTOC____NOEDITSECTION__
 
__NOTOC____NOEDITSECTION__
{{DISPLAYTITLE:Srs_domain, srs_maxage, srs_secrets MTA Options}}
+
{{DISPLAYTITLE:Srs_domain, srs_hash_algorithm, srs_maxage, srs_secrets MTA Options}}
  
==  Sender Rewriting Scheme (SRS) controls (<code>srs_domain</code>, <code>srs_maxage</code>, <code>srs_secrets</code>)  ==
+
==  Sender Rewriting Scheme (SRS) controls (<code>srs_domain</code>, <code>srs_hash_algorithm</code><code>srs_maxage</code>, <code>srs_secrets</code>)  ==
  
 
=== <code>srs_domain</code> (domain-name) ===
 
=== <code>srs_domain</code> (domain-name) ===
Line 16: Line 16:
  
 
(New in  MS 6.3P1.)  The <code>srs_secrets</code> MTA option takes as argument  a comma separated list of secret keys used to encode and decode SRS addresses. The first key on the list is used unconditionally for encoding. For decoding, each key is tried in order to generate a different hash value. The decoding operation proceeds if any of the hashes match. The ability to use multiple keys makes it possible to change secrets without service disruption: Add a second key, wait for all previously issued addresses to time out, and then remove the first key.  
 
(New in  MS 6.3P1.)  The <code>srs_secrets</code> MTA option takes as argument  a comma separated list of secret keys used to encode and decode SRS addresses. The first key on the list is used unconditionally for encoding. For decoding, each key is tried in order to generate a different hash value. The decoding operation proceeds if any of the hashes match. The ability to use multiple keys makes it possible to change secrets without service disruption: Add a second key, wait for all previously issued addresses to time out, and then remove the first key.  
 +
 +
=== <code>srs_hash_algorithm</code> (hash-algorithm) ===
 +
 +
New in MS 8.1.0.3. The <code>srs_hash_algorithm</code> MTA option controls what hash algorithm the MTA uses to generate the hash included in SRS addresses. The value should be a hash algorithm supported by the MTA, one of MD2, MD4, MD5, SHA1, SHA256, SHA512, MD128, or MD160. SHA1 is the default. Note that the setting of this option must be the same across a deployment for successful coordination of SRS addresses.
  
  

Latest revision as of 17:14, 13 February 2020



Sender Rewriting Scheme (SRS) controls (srs_domain, srs_hash_algorithmsrs_maxage, srs_secrets)

srs_domain (domain-name)

(New in MS 6.3P1.) The srs_domain MTA option must be set to the domain to use in SRS addresses. Email sent to this domain must always be routed to a system capable of SRS operations for the domain. SRS processing is handled as an overlay on top of normal address processing so nothing prevents a site from using their primary domain as the SRS domain.

srs_maxage (integer)

(New in MS 6.3P1.) The srs_maxage MTA option optionally specifies the number of days before an SRS address times out. The default if the option isn't specified is 14 days.

srs_secrets (comma-separated list of strings)

(New in MS 6.3P1.) The srs_secrets MTA option takes as argument a comma separated list of secret keys used to encode and decode SRS addresses. The first key on the list is used unconditionally for encoding. For decoding, each key is tried in order to generate a different hash value. The decoding operation proceeds if any of the hashes match. The ability to use multiple keys makes it possible to change secrets without service disruption: Add a second key, wait for all previously issued addresses to time out, and then remove the first key.

srs_hash_algorithm (hash-algorithm)

New in MS 8.1.0.3. The srs_hash_algorithm MTA option controls what hash algorithm the MTA uses to generate the hash included in SRS addresses. The value should be a hash algorithm supported by the MTA, one of MD2, MD4, MD5, SHA1, SHA256, SHA512, MD128, or MD160. SHA1 is the default. Note that the setting of this option must be the same across a deployment for successful coordination of SRS addresses.


See also: