In the last few days united internet has decided to block emails forwarded to gmx or web.de addresses.
For customers of other providers who have individual e-mail addresses forwarded to their gmx/web.de e-mail, suddenly no more e-mails are received when the sender has sent the e-mail from gmx/web.de.
As a provider, you are now forced to comply with the request of united internet to change your server to the so-called SRS procedure, even if this leads to further problems and can cause problems especially with already forwarded emails.
With this guide you will have SRS installed in 1 minute and your customers' service requests will decrease.
This manual refers to a Centos7 system with Postfix as MTA.
Download and install the RPM postsrsd-1.4-3.el7.centos.x86_64.rpm.
wget https://download.hoster.online/postsrsd-1.4-3.el7.centos.x86_64.rpm rpm -i postsrsd-1.4-3.el7.centos.x86_64.rpm
If there were no error messages, the installation is complete. With the following command the installation can be checked. It also shows directly which files were installed.
rpm -qil postsrsd
Sample output:
Name : postsrsd
Version : 1.4
Release : 3.el7.centos
Architecture: x86_64
Install Date: Do 02 Jun 2016 11:55:53 CEST
Group : Unspecified
Size : 49065
License : GPLv2+
Signature : (none)
Source RPM : postsrsd-1.4-3.el7.centos.src.rpm
Build Date : Th 02 Jun 2016 10:54:45 CEST
Build Host : vpn.webhoster.ag
Relocations : (not relocatable)
URL : https://github.com/roehling/postsrsd
Summary : A sender-envelope rewriter to comply with SPF forwarding for postfix
Description :
PostSRSd provides the Sender Rewriting Scheme (SRS) via TCP-based
lookup tables for Postfix. SRS is needed if your mail server acts
as forwarder.
/etc/sysconfig/postsrsd
/usr/lib/system/system/postsrsd.service
/usr/sbin/postsrsd
/usr/share/doc/postsrsd
/usr/share/doc/postsrsd/README.md
/usr/share/doc/postsrsd/README_UPGRADE.md
/usr/share/doc/postsrsd/main.cf.ex
/usr/share/man/man8/postsrsd.8.gz
/var/lib/postsrsd
Now the configuration file must be adapted. After that the service can be integrated and started.
nano /etc/sysconfig/postsrsd
# Default settings for postsrsd
# Local domain name.
# Addresses are rewritten to originate from this domain. The default value
# is taken from postconf -h mydomain and probably okay.
#
#SRS_DOMAIN=example.com Please enter the mail server domain here. This should also be located in the main.cf.
SRS_DOMAIN=ihrefirma.de
# Exclude additional domains.
# You may list domains which shall not be subjected to address rewriting.
# If a domain name starts with a dot, it matches all subdomains, but not
# the domain itself. Separate multiple domains by space or comma.
#
#SRS_EXCLUDE_DOMAINS=.example.com,example.org
# First separator character after SRS0 or SRS1.
# Can be one of: -+=
SRS_SEPARATOR==
# Secret key to sign rewritten addresses.
# When postsrsd is installed for the first time, a random secret is generated
# and stored in /etc/postsrsd.secret. For most installations, that's just fine.
#
SRS_SECRET=/etc/postsrsd.secret
# Local ports for TCP list.
# These ports are used to bind the TCP list for postfix. If you change
# these, you have to modify the postfix settings accordingly. The ports
# are bound to the loopback interface, and should never be exposed on
# the internet.
#
SRS_FORWARD_PORT=10001
SRS_REVERSE_PORT=10002
# Drop root privileges and run as another user after initialization.
# This is highly recommended as postsrsd handles untrusted input.
#
RUN_AS=nobody
# Jail daemon in chroot environment
CHROOT=/var/lib/postsrsd
If not already existing create the following files in the postfix directory:
touch /etc/postfix/sender_canonical_maps touch /etc/postfix/recipient_canonical_maps postmap btree:/etc/postfix/recipient_canonical_maps postmap btree:/etc/postfix/sender_canonical_maps
Now add or change the following lines in your main.cf configuration file:
sender_canonical_maps = btree:/etc/postfix/sender_canonical_maps, tcp:127.0.0.1:10001 sender_canonical_classes = envelope_sender recipient_canonical_maps = btree:/etc/postfix/recipient_canonical_maps, tcp:127.0.0.1:10002 recipient_canonical_classes = envelope_recipient
Then you can start the postsrs service and restart postfix.
service postsrsd start service postfix restart
Check if everything is working by sending an email from a gmx address to an existing email address on the server. email address send from which an email is sent back to gmx.
tail -f /var/log/maillog|grep 'srs_forward'
Sample output:
Jun 2 12:22:10 yourcompany.com postsrsd [1899]: srs_forward: rewritten as
If these instructions were helpful for you, we would be happy to receive a donation to the local kindergarten:
If you are using another Linux distribution you can compile the daemon manually. If you use e.g. Centos6, please note that the postfix service included in Centos6 is too old and should be updated to the latest version first.
