SRS / Sender Rewriting when forwarding mail through postfix

Question

Is there any way to perform SRS, or something similar using Postfix?

When I get a mail from user@example.org, I forward it (via a catchall) to something@gmail.com, but GMail is checking SPF, and seeing that my server is not authorized to send mail on behalf of example.org. I'd like to rewrite the sender to something@myserver, while leaving the from as user@example.org.

score 7 · Accepted Answer · edited Jan 08 '17 at 03:12

7

Here are the steps to install postsrsd from Timo Röhling. These instructions seem to work for many Unix flavors including Ubuntu 14.04.

# Debian/Ubuntu preparations:
sudo apt-get install cmake sysv-rc-conf

# download and compile the software:
cd ~
wget https://github.com/roehling/postsrsd/archive/master.zip
unzip master
cd postsrsd-master/
make
sudo make install

# or alternatively install binary from later Ubuntu repositories
sudo apt-get install postsrsd

# Add postfix configuration parameters for postsrsd:
sudo postconf -e "sender_canonical_maps = tcp:127.0.0.1:10001"
sudo postconf -e "sender_canonical_classes = envelope_sender"
sudo postconf -e "recipient_canonical_maps = tcp:127.0.0.1:10002"
sudo postconf -e "recipient_canonical_classes = envelope_recipient"

# Add SRS daemon to startup (Red Hat 6/CentOS):
sudo chkconfig postsrsd on
# Add SRS daemon to startup (Debian/Ubuntu):
sudo sysv-rc-conf postsrsd on
# Start SRS daemon:
sudo service postsrsd restart
#Reload postfix:
sudo service postfix reload

edited Jan 08 '17 at 03:12

flurdy

545
4
8

answered Aug 26 '14 at 18:22

Erik van Oosten

186
1
3

1

Summarize the content on the linked page — it may fail to load in the future or have different content. – 89c3b1b8-b1ae-11e6-b842-48d705 Aug 26 '14 at 18:57
I was not allowed to add more links. Therefore here they are in a comment: See https://github.com/roehling/postsrsd for more configuration options. These steps were based on this tutorial: https://www.mind-it.info/forward-postfix-spf-srs/ – Erik van Oosten Aug 27 '14 at 07:38
This is not adding detail, this is adding more links. – 89c3b1b8-b1ae-11e6-b842-48d705 Aug 27 '14 at 14:38
PostSRSd is the best tool i've found for srs with postfix. +1 – Eaten by a Grue Nov 03 '15 at 07:17
"Add SRS daemon to startup" That row is not needed on ubuntu 14.04. The service will start automatically after reboot. And therefore there is no need to install sysv-rc-conf – the_nuts Mar 06 '16 at 21:46

score 5 · Answer 2 · edited Apr 10 '14 at 10:52

5

There's a 2012 tutorial here on setting up SRS with Postfix on Debian: http://blog.phusion.nl/2012/09/10/mail-in-2012-from-an-admins-perspective/

Here's a 2013 tutorial for Ubuntu: http://www.ameir.net/blog/archives/71-installing-srs-extensions-on-postfix-ubuntudebian.html

edited Apr 10 '14 at 10:52

Stefan Profanter

365
1
5
16

answered Sep 12 '12 at 07:56

Hongli Lai

2,112
4
22
27

There's a newer tutorial for Postfix / Debian: http://seasonofcode.com/posts/setting-up-dkim-and-srs-in-postfix.html – Nathanael Weiss Jan 30 '16 at 09:03

score 1 · Answer 3 · answered Dec 21 '09 at 21:24

Here are some thoughts, which will require some customization to meet your exact needs. The first thing I found was that Postfix doesn't seem to like doing anything to addresses that are aliases (i.e. virtual_alias_domain/virtual_alias_maps). But that's fine since in reality it doesn't matter what these addresses are called as long as everything gets delivered properly in the end.

So, in Postfix's main.cf, add the following lines:

virtual_mailbox_domains = example.org
# Feel free to give munger a better name, just update master.cf appropriately
virtual_transport = munger:

Next, you need to tell Postfix what munger actually means. Add the following (see pipe(8) for more options). So add the following to master.cf:

munger    unix  -       n       n       -       -       pipe
  flags= user=nobody argv=/usr/bin/redirector

According to the above, anything destined for example.org will get sent to the /usr/bin/redirector program (or whatever you want to call it). For most normal things, you'd need some command line arguments for sender/recipient information (again, pipe(8) has more details) but since the sender and destination addresses are fixed, nothing else is needed on the command line.

Now you just need to write the redirector program. This worked for me:

#!/bin/sh
/usr/sbin/sendmail -bm -f 'something@myserver' 'something@gmail.com'

It's a regular shell script (or your language of choice) so make it as simple or complex as you like.

This isn't srs, you can't use it for passing bounces back to the origonal sender securely. — JasperWallace, Sep 09 '13 at 15:38

score -4 · Answer 4 · edited Sep 24 '15 at 04:00

-4

You would better forget the whole spf thing and use dkim instead.

Here is a good article describing SPF problems.

edited Sep 24 '15 at 04:00

Louis

506
3
12

answered Jan 22 '10 at 21:28

cstamas

6,607
24
42

Try telling that to Google - as it's Gmail doing the checking not the poster. – Andy Shellam Feb 25 '10 at 08:26
1

Google is checking the records that the OP set up. – cstamas Mar 31 '10 at 23:30
4

That article was written in 2004, and some of what it says is no longer true; for example, SPF now has its own DNS record type, per RFC4408. Nearly the whole of the rest of the article boils down to "it breaks simple forwarding" and "its arbitrary rewriting of the envelope-from breaks these other systems which arbitrarily use the envelope-from". The former is true, but a price worth paying, to my mind; the latter is true, and tough - one arbitrary use is not implicitly better than another. – MadHatter Nov 14 '10 at 09:56

SRS / Sender Rewriting when forwarding mail through postfix

4 Answers4

Linked