Implement sender rewriting scheme in an ISPConfig mailserver part 1

Discussion in 'Tips/Tricks/Mods' started by remkoh, Nov 29, 2022.

  1. remkoh

    remkoh Member

    This tutorial is the result of my struggles in this thread on how to relay emails to a host after they've gone through Postsrsd:
    Postsrsd is used for sender rewriting on forwarded emails to retain a SPF and DKIM pass at the receiver side.

    Almost all tutorials about installing Postsrsd result in a situation where ALL emails are rewritten. Not a desirable situation.
    I found one where Postsrsd rewrites emails that have been forwarded by local mailboxes only.

    Downside is that by default it will break functionality behind ISPConfig's ability to set a relayhost per domain and entire host.
    A workaround for per domain relaying will be implemented in part 2 of this tutorial.
    Unfortunately relaying per entire host will remain broken and needs some manual action by the sysadmin to activate.
    This will also be included in part 2.

    To get started with this tutorial you need to have completed one of ISPConfig's Perfect Server tutorials.
    Make sure you have installed Rspamd for spamfiltering, DKIM signing etc. and NOT Amavis!!
    Follow this tutorial to replace Amavis with Rspamd if you haven't yet installed Rspamd:

    Install Postsrsd from source ( or from your linux distribution repository if it includes it.
    After installation set at least SRS_DOMAIN in /etc/sysconfig/postsrsd or /etc/default/postsrsd (depending on you're linux distribution).
    Most other default settings are just fine and can be left as is.

    Implement Postsrsd in Postfix by adding these lines to
    default_transport = smtp:
    and these lines to
    cleanup-srs unix n - - - 0 cleanup
            -o syslog_name=postfix/srs
            -o sender_canonical_maps=mysql:/etc/postfix/,tcp:
            -o sender_canonical_classes=envelope_sender inet n - n - - smtpd
            -o syslog_name=postfix/srs
            -o cleanup_service_name=cleanup-srs
            -o smtpd_milters=
            -o non_smtpd_milters=
            -o content_filter=smtp:
            -o smtpd_tls_security_level=none
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o mynetworks=
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtp_send_xforward_command=yes
            -o disable_dns_lookups=yes
    Create file in /etc/postfix
    user = <db_user>
    password = <db_password>
    dbname = dbispconfig
    hosts =
    query = SELECT '%s' FROM mail_domain WHERE domain='%d' AND active = 'y' AND server_id = <server_id>
    This excludes local domains from being rewritten by Postsrsd

    Alter file in /etc/postfix
    user = <db_user>
    password = <db_password>
    dbname = dbispconfig
    hosts =
    query = SELECT sender_cc FROM (
                SELECT SUBSTRING_INDEX(sender_cc, ',', 1) AS sender_cc
                  FROM mail_user
                 WHERE email = '%s' AND disablesmtp = 'n' AND sender_cc != '' AND server_id = <server_id>
                   AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = <server_id>)
                SELECT SUBSTRING_INDEX(u.sender_cc, ',', 1) AS sender_cc
                  FROM mail_user u, mail_forwarding f
                 WHERE f.destination REGEXP CONCAT( '((^|\\n)[[:blank:]]*,?|[[:alnum:]][[:blank:]]*,)[[:blank:]]*',
                                                    REPLACE( REPLACE(, '+', '\\+'), '.', '\\.' ),
                                                    '[[:blank:]]*(,[[:blank:]]*[[:alnum:]]|,?[[:blank:]]*(\\r?\\n|$))' )
                   AND u.disablesmtp = 'n' AND u.sender_cc != '' AND u.server_id = <server_id>
                   AND f.source = '%s' AND f.allow_send_as = 'y' AND = 'y' AND f.server_id = <server_id>
                   AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = <server_id>)
            ) table1 WHERE sender_cc != '' LIMIT 1
    Without this alteration sender_bcc_maps will stop working in Postfix after installation of Postsrsd (or similar SRS software).

    Postfix and Postsrsd services.

    Finally make sure your SRS_DOMAIN has a proper SPF- and MX-record set in the DNS.

    This concludes the basic installation of Postsrsd and implementation in Postfix.

    But this line added in, which will send all emails to Postsrsd, has broken the functionality behind ISPConfig's ability to configure a relayhost per domain and entire host:
    default_transport = smtp:
    Relay settings will be set in corresponding transport rules, only to be ignored because all transport rules are overruled by the default_transport rule.

    If you're not using any relay settings in ISPConfig then you're good to go!
    When you do use these settings or want to be able to use them in the future then continue to part 2!
    Last edited: Nov 29, 2022
    till likes this.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    One important thing to mention, do not alter any config files written by making your changes update-safe, otherwise, you'll lose your modifications on the next update. Always copy the matching file template from install/tpl/ folder (in the ISPConfig tar.gz file) to the folder /usr/local/ispconfig/server/conf-custom/install/ and do the modifications in the copied template. See also:
  3. remkoh

    remkoh Member

    I did ran ISPConfig's update script WITH reconfiguration of the services after switching from Amavis to Rspamd and all of the lines related to the implementation of Postsrsd in and remained untouched.
    Also stayed the same.
    Last edited: Dec 1, 2022
    till likes this.

Share This Page