Postfix - Sender Rewriting Scheme (SRS) installation

1 - About

This page is about the installation of postsrsd which implements Sender Rewriting Scheme (SRS) for Postfix

Sender Rewriting Scheme (SRS) is mandatory in order to conform to the SPF scheme when the emails are forwarded (ie with virual aliasing for PostFix)

Sender Rewriting Scheme (SRS) is a process that rewrite the sender address: [email protected] [email protected]

3 - Steps

3.1 - Installation

Autoconf process

  • Package

yum install -y cmake unzip curl 

  • Temporary installation directory

mkdir -p /tmp/srs
cd /tmp/srs

  • Download

curl -L -o
# or

  • Unzip


  • Install

cd postsrsd-master
# Optionally cmake you config (by default installed into /usr/lib)
make install

3.2 - Configuration

3.2.1 - SRS


cat /etc/default/postsrsd

# Default settings for postsrsd

# Local domain name.
# Addresses are rewritten to originate from this domain. The default value
# is taken from `postconf -h mydomain` and probably okay.

# Exclude additional domains.
# You may list domains which shall not be subjected to address rewriting.
# If a domain name starts with a dot, it matches all subdomains, but not
# the domain itself. Separate multiple domains by space or comma.

# First separator character after SRS0 or SRS1.
# Can be one of: -+=

# Secret key to sign rewritten addresses.
# When postsrsd is installed for the first time, a random secret is generated
# and stored in /etc/postsrsd.secret. For most installations, that's just fine.

# Length of hash to be used in rewritten addresses

# Minimum length of hash to accept when validating return addresses.
# When increasing SRS_HASHLENGTH, set this to its previous value and
# wait for the duration of SRS return address validity (21 days) before
# increading this value as well.

# Local ports for TCP list.
# These ports are used to bind the TCP list for postfix. If you change
# these, you have to modify the postfix settings accordingly. The ports
# are bound to the loopback interface, and should never be exposed on
# the internet.

# Drop root privileges and run as another user after initialization.
# This is highly recommended as postsrsd handles untrusted input.

# Bind to this address

# Jail daemon in chroot environment

3.2.2 - Postfix

In the conf file

sender_canonical_maps = tcp:localhost:10001
sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:localhost:10002
recipient_canonical_classes= envelope_recipient,header_recipient

where the below parameters are for adress rewrite:

3.3 - Services

systemctl enable postsrsd # to start it at boot
systemctl start postsrsd
systemctl restart postfix

3.4 - Test

3.4.1 - Email

Send an email to your provider and check the received message. For instance, for Email - (Mime) Message (Enveloppe)

You should see:

  • the email rewrite
  • and the added Return Path
  • and a successful SPF test

3.4.2 - Log

In the output of postsrsd, you should see the rewrite.

sudo systemctl status postsrsd

Jun 16 17:31:34 postsrsd[30592]: srs_forward: <[email protected]> rewritten as <[email protected]>

4 - Documentation / Reference

Data Science
Data Analysis
Data Science
Linear Algebra Mathematics

Powered by ComboStrap