Srs_domain, srs_hash_algorithm, srs_maxage, srs_secrets MTA Options

From Messaging Server Technical Reference Wiki
Revision as of 17:14, 13 February 2020 by BulkPageCreator (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search



Sender Rewriting Scheme (SRS) controls (srs_domain, srs_hash_algorithmsrs_maxage, srs_secrets)

srs_domain (domain-name)

(New in MS 6.3P1.) The srs_domain MTA option must be set to the domain to use in SRS addresses. Email sent to this domain must always be routed to a system capable of SRS operations for the domain. SRS processing is handled as an overlay on top of normal address processing so nothing prevents a site from using their primary domain as the SRS domain.

srs_maxage (integer)

(New in MS 6.3P1.) The srs_maxage MTA option optionally specifies the number of days before an SRS address times out. The default if the option isn't specified is 14 days.

srs_secrets (comma-separated list of strings)

(New in MS 6.3P1.) The srs_secrets MTA option takes as argument a comma separated list of secret keys used to encode and decode SRS addresses. The first key on the list is used unconditionally for encoding. For decoding, each key is tried in order to generate a different hash value. The decoding operation proceeds if any of the hashes match. The ability to use multiple keys makes it possible to change secrets without service disruption: Add a second key, wait for all previously issued addresses to time out, and then remove the first key.

srs_hash_algorithm (hash-algorithm)

New in MS 8.1.0.3. The srs_hash_algorithm MTA option controls what hash algorithm the MTA uses to generate the hash included in SRS addresses. The value should be a hash algorithm supported by the MTA, one of MD2, MD4, MD5, SHA1, SHA256, SHA512, MD128, or MD160. SHA1 is the default. Note that the setting of this option must be the same across a deployment for successful coordination of SRS addresses.


See also: