Postfix & Sender Rewriting Scheme?

Discussion in 'Plugins/Modules/Addons' started by paka, Jun 28, 2014.

  1. paka

    paka Member

    I manage a site that has a number of mail forwarding addresses. They use it as a simple way to distribute information to various groups of people.

    Problem: Some mail servers reject the forwarded email. This happens when the forwarder receives a DKIM signed email and forwards it out.

    I understand SRS will correct this issue (the people are quite non-technical. Mailman would mean it would be quite possible that none of those using these Mailman will readily grasp the change).

    Running Postfix under Debian Wheezy installed following:

    The Perfect Server - Debian Wheezy (Apache2, BIND, Dovecot, ISPConfig 3).
  2. paka

    paka Member

  3. Ovidiu

    Ovidiu Active Member

    I used this tutorial for a while then ran into unrelated problems and turned it off while debugging.
    I am also wondering if there are any drawbacks to using SRS according to that tutorial.
  4. Ovidiu

    Ovidiu Active Member

    @paka any progress? did you give it a go?
  5. SamTzu

    SamTzu Active Member

    I too am interested in SRS implementation in ISPC3.
    Johan Seutens likes this.
  6. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    I'm looking at this on debian jessie and not sure it's completely right yet, but if you have jessie-backports, it seems to be something along the lines of:
    # apt-get install postsrsd
    # sed -i "s/^SRS_DOMAIN=.*/SRS_DOMAIN=`hostname -f`/" /etc/default/postsrsd
    # service postsrsd stop
    # service postsrsd start
    # postconf -e "sender_canonical_maps = tcp:localhost:10001"
    # postconf -e "sender_canonical_classes = envelope_sender"
    # postconf -e "recipient_canonical_maps = tcp:localhost:10002"
    # postconf -e "recipient_canonical_classes= envelope_recipient,header_recipient"
    # postfix reload
    Note that this sets the server's hostname as the outgoing 'domain' to which sender addresses are rewritten - make sure there is an MX record for that hostname, or replies will fail.

    I have this disabled right at the moment till I can do a bit more testing, particularly in mailbox Cc: addrs (which appear to use sieve redirect rather than a postfix-level forward). But that's a start to play with, and seems to have some initial functionality working in initial tests.
    Last edited: Feb 15, 2017
  7. link-m

    link-m New Member

    This thread was linked within the bug report 2551 on .
    I wonder if there is any progress or recent exprience with this setup over the last two years.
  8. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    I've been running with the above config for some time, with pretty good results, though at this point I don't know how thorough my testing was. Issue 2551 mentions that the "outgoing bcc" fails (and includes a fix which I've not tried), which I probably did not test and possibly don't use anywhere. I just tested delivery to a mailbox which has a Cc: handled by sieve, and it worked fine - the envelope sender of the forwarded message was the rewritten srs address, so passes SPF checks.
  9. ollea

    ollea New Member

    Thank you for the howto, I've set up SRS with it and it works.
    I can confirm that the ISPConfig "Send outgoing BCC to" won't work anymore with PostSRSd but the fix you mentionned works:

    The only problem after setting all this up is that PostSRSd now rewrites all emails so I looked at Postforward:
    But I was not able to make it work with ISPConfig, do you have any solution?
    Thank you,
  10. zyzzza

    zyzzza Member HowtoForge Supporter

    Anyone has solution for this in 2023 ? (i cant make "Send copy to" work, due to SPF troubles , so need SRS to be implemented, but cant find clear solution :( )
  11. pyte

    pyte Well-Known Member HowtoForge Supporter

    There is postsrsd which added expirimental milter support in the latest version. You may want to have a look there and try it. No one here will give you a step by step guide on how to set it up, because the expirience with this is limited. Try it on a testsystem, see if it works for you.
  12. helmo

    helmo Member HowtoForge Supporter

    till likes this.

Share This Page