Self-Validating Email Aliases for Postfix

trualias

Copyright (c) 2019 Fred Morris, Tacoma WA. Apache 2.0 license.

Trualias is a postfix tcp table that lets you hand out your email address to anyone and everyone but add a bit of math to protect yourself while doing so.

These days every vendor, grocery store, and app wants to register you with an email address so they can offer better service (and track you). Most people either use their primary address which eventually gets flooded or create a second email account which they use for "commercial" purposes. Trualias is a more sophisticated way to create aliases as an alternative to wildcarding an entire domain which also lets you conveniently track the trackers!

Creating aliases or accounts every time you need to register for something or give out your email is a lot of work and annoying. This is why Trualias lets you make up a "new" email address (alias) on the fly. Wildcarding a domain means you receive every single email sent to the domain and there's no easy way to determine whether or not you handed out a particular alias or not. We need a bit more error correction to make that determination. What's the error checking? An easy, mentally-calculable checksum to add at the end of the alias.

Postfix tcp tables

This utility is implemented as a TCP table service . Except for some rudimentary configuration settings (for network interface/address, port and logging level) and service startup there is nothing else to set up beside the specifics of your particular encoding scheme (in a file trualias.conf in the same directory as the script).

Inside of main.cf the only thing you need to do in a vanilla installation is add the service to alias_maps (assuming that the service is configured to listen on loopback port 3047):

alias_maps = hash:/etc/aliases tcp:127.0.0.1:3047

Look in the install/ and python/ directories for further information about installation and setup. Because current policy of the Postfix team decrees TCP tables to be a security risk when looking up aliases, you will need to recompile and replace local(8) ; instructions are provided.

Some examples

See Grammar.md for the syntax specification.

Let's start with an account named foo , and define an alias pattern for foo-macys-m5 :

• append the company name
• compute a checksum (more correctly a verification code) which concatenates the first letter of the company name with the number of letters in it.

ACCOUNT foo
MATCHES "%account%-%alnum%-%code%
WITH CHAR(1,1,-), CHARS()

Maybe we don't want to reflect our actual account foo , and want to set up a traditionally-purposed alias joe , so that joe-macys-m5 gets delivered to foo :

ACCOUNT foo
ALIASED joe
MATCHES "%alias%-%alnum%-%code%
WITH CHAR(1,1,-), CHARS()

You will quickly discover that you're not allowed to put certain things right next to each other, because they will be rejected as semantically ambiguous, for instance %alpha%%alpha% is not allowed. But you can use literals to separate them, for instance %alpha%is%alpha% as in the following rule, which will match samissexy.34 :

ACCOUNT baz
MATCHES %alpha%is%alpha%.%code%
WITH CHARS(1), CHARS(2);

This also demonstrates resolution to an account for which neither an account or alias is specified.

Let's be honest, this is broken crypto for a broken internet. Nobody is doing SHA or MD5 in their head. But this is policy, not security: in other words we don't need to verifiably block every single bogus email forever, we just need to make the miscreant's jobs difficult enough that they move on to softer targets. Different people have different levels of mental facility with number and word games; some people have none at all (sorry, this may not be the tool for you). Part of the strength of this scheme is that everyone gets to choose a somewhat different format.

We make it easy to tailor the format of the alias and to compute a checkum which works for you:

Identifiersare used to select text to compute values on:

alnum
alpha
number
fqdn
ident

Functionsare used to calculate parts of the checksum from identifiers:

DIGITS()
ALPHAS()
LABELS()
CHARS()
VOWELS()
ANY()
NONE()
CHAR()

I don't want to patch postfix is there anything I can do?

If you are wildcarding a domain or stemming an account and you're using a filtering program such as procmail, you can still filter on the Delivery-Account: . See /install/procmailrc as one example.