Postfix - Sender Rewriting Scheme (SRS) installation

1 - About

This page is about the installation of postsrsd which implements Sender Rewriting Scheme (SRS) for Postfix

Sender Rewriting Scheme (SRS) is mandatory in order to conform to the SPF scheme when the emails are forwarded (ie with virual aliasing for PostFix)

Sender Rewriting Scheme (SRS) is a process that rewrite the sender address: [email protected] [email protected]

3 - Steps

3.1 - Installation

Autoconf process

  • Package

yum install -y cmake unzip curl 

  • Temporary installation directory

mkdir -p /tmp/srs
cd /tmp/srs

  • Download

curl -L -o master.zip https://github.com/roehling/postsrsd/archive/master.zip
# or
#wget https://github.com/roehling/postsrsd/archive/master.zip

  • Unzip

unzip master.zip

  • Install

cd postsrsd-master
# Optionally cmake you config (by default installed into /usr/lib)
make
make install

3.2 - Configuration

3.2.1 - SRS

Optional

cat /etc/default/postsrsd


# Default settings for postsrsd

# Local domain name.
# Addresses are rewritten to originate from this domain. The default value
# is taken from `postconf -h mydomain` and probably okay.
#
#SRS_DOMAIN=example.com

# Exclude additional domains.
# You may list domains which shall not be subjected to address rewriting.
# If a domain name starts with a dot, it matches all subdomains, but not
# the domain itself. Separate multiple domains by space or comma.
#
#SRS_EXCLUDE_DOMAINS=.example.com,example.org

# First separator character after SRS0 or SRS1.
# Can be one of: -+=
SRS_SEPARATOR==

# Secret key to sign rewritten addresses.
# When postsrsd is installed for the first time, a random secret is generated
# and stored in /etc/postsrsd.secret. For most installations, that's just fine.
#
SRS_SECRET=/etc/postsrsd.secret

# Length of hash to be used in rewritten addresses
SRS_HASHLENGTH=4

# Minimum length of hash to accept when validating return addresses.
# When increasing SRS_HASHLENGTH, set this to its previous value and
# wait for the duration of SRS return address validity (21 days) before
# increading this value as well.
SRS_HASHMIN=4

# Local ports for TCP list.
# These ports are used to bind the TCP list for postfix. If you change
# these, you have to modify the postfix settings accordingly. The ports
# are bound to the loopback interface, and should never be exposed on
# the internet.
#
SRS_FORWARD_PORT=10001
SRS_REVERSE_PORT=10002

# Drop root privileges and run as another user after initialization.
# This is highly recommended as postsrsd handles untrusted input.
#
RUN_AS=nobody

# Bind to this address
#
SRS_LISTEN_ADDR=127.0.0.1

# Jail daemon in chroot environment
CHROOT=/usr/local/lib/postsrsd

3.2.2 - Postfix

In the main.cf conf file


sender_canonical_maps = tcp:localhost:10001
sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:localhost:10002
recipient_canonical_classes= envelope_recipient,header_recipient

where the below parameters are for adress rewrite:

3.3 - Services


systemctl enable postsrsd # to start it at boot
systemctl start postsrsd
systemctl restart postfix

3.4 - Test

3.4.1 - Email

Send an email to your provider and check the received message. For instance, for Email - (Mime) Message (Enveloppe)

You should see:

  • the email rewrite
  • and the added Return Path
  • and a successful SPF test

3.4.2 - Log

In the output of postsrsd, you should see the rewrite.


sudo systemctl status postsrsd


Jun 16 17:31:34 server01.bytle.net postsrsd[30592]: srs_forward: <[email protected]> rewritten as <[email protected]>

4 - Documentation / Reference


Data Science
Data Analysis
Statistics
Data Science
Linear Algebra Mathematics
Trigonometry

Powered by ComboStrap