mydomain = "example.com";
mykey = "bobble";

function MapRecipient(rcpt, rcptlist, mailfrom)
    if mailfrom == "" then
        local srch = "^SRS[01]=([^=]+)=([^=]+)=([^=]+)=(.-)@" .. string.gsub(mydomain, "%.", "%%.") .. "$";
        local hash, ts, domainPart, localPart;
        
        _, _, hash, ts, domainPart, localPart = rcpt:find(srch);
        
        if hash then
            local calcHash = VPOP3.Base64(VPOP3.SHA1(localPart .. "@" .. domainPart .. ts .. mykey)):sub(1,4);
            if calcHash == hash then
                
                local rcptTimestamp = UnMod32(ts:sub(1,1)) * 32 + UnMod32(ts:sub(2,2));
                local timestamp = math.floor((os.time()/ (60 * 60 * 24)) % 1024);
                
                if timestamp < rcptTimestamp then
                    timestamp = timestamp + 1024;
                end
                                
                if timestamp - rcptTimestamp > 5 then
                    return rcpt, "500 SRS Timestamp expired";
                end
                                
                return localPart .. "@" .. domainPart;
                
            else 
                return rcpt, "500 SRS Hash invalid";
            end
        end
        
    end
end

function UnMod32(x)
    return string.find("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567", x) - 1;
end