web hosting

SRS with postfix under CentOS

At.den recent days united internet emails forwarded with determination, e.g. to gmx or web.de Addresses to block.

For customers of other providers the individual e-mail addresses to their gmx/web.de eMail forward suddenly no more e-mails received, if the sender has sent the e-mail from gmx/web.de

As Provider you are now forced to comply with the request of united internet to Server to the so-called SRS procedure, even if this leads to further problems and can cause problems especially with already forwarded e-mails.

With this guide you will have SRS installed in 1 minute and your customers' service requests will decrease.

This manual refers to a Centos7 system with Postfix as MTA.

Download the RPM postsrsd-1.4-3.el7.centos.x86_64.rpm and install She it.

wget https://download.hoster.online/postsrsd-1.4-3.el7.centos.x86_64.rpm
rpm -i postsrsd-1.4-3.el7.centos.x86_64.rpm

If there were no error messages, the Installation ...locked. With the following command the installation can be checked. It also shows directly which files were installed.

rpm -qil postsrsd

Sample output:

Name : postsrsd
Version : 1.4
Release : 3.el7.centos
Architecture: x86_64
Install Date: Do 02 Jun 2016 11:55:53 CEST
Group : Unspecified
Size : 49065
License : GPLv2+
Signature : (none)
Source RPM : postsrsd-1.4-3.el7.centos.src.rpm
Build Date : Th 02 Jun 2016 10:54:45 CEST
Build Host : vpn.webhoster.ag
Relocations : (not relocatable)
URL : https://github.com/roehling/postsrsd
Summary : A sender-envelope rewriter to comply with SPF forwarding for postfix
Description :
PostSRSd provides the Sender Rewriting Scheme (SRS) via TCP-based
lookup tables for Postfix. SRS is needed if your mail server acts
as forwarder.

Now the configuration file must be adapted. After that the service can be integrated and started.

nano /etc/sysconfig/postsrsd
# Default settings for postsrsd
# Local domain name.
# Addresses are rewritten to originate from this domain. The default value
# is taken from postconf -h mydomain and probably okay.
#SRS_DOMAIN=example.com Please enter the mail server domain here. This should also be located in the main.cf.
# Exclude additional domains.
# You may list domains which shall not be subjected to address rewriting.
# If a domain name starts with a dot, it matches all subdomains, but not
# the domain itself. Separate multiple domains by space or comma.
# First separator character after SRS0 or SRS1.
# Can be one of: -+=
# Secret key to sign rewritten addresses.
# When postsrsd is installed for the first time, a random secret is generated
# and stored in /etc/postsrsd.secret. For most installations, that's just fine.
# Local ports for TCP list.
# These ports are used to bind the TCP list for postfix. If you change
# these, you have to modify the postfix settings accordingly. The ports
# are bound to the loopback interface, and should never be exposed on
# the internet.
# Drop root privileges and run as another user after initialization.
# This is highly recommended as postsrsd handles untrusted input.
# Jail daemon in chroot environment

If not already existing create the following files in the postfix directory:

touch /etc/postfix/sender_canonical_maps

touch /etc/postfix/recipient_canonical_maps

postmap btree:/etc/postfix/recipient_canonical_maps

postmap btree:/etc/postfix/sender_canonical_maps

Now add or change the following lines in your main.cf configuration file:

sender_canonical_maps = btree:/etc/postfix/sender_canonical_maps, tcp:
sender_canonical_classes = envelope_sender
recipient_canonical_maps = btree:/etc/postfix/recipient_canonical_maps, tcp:
recipient_canonical_classes = envelope_recipient

Then you can start the postsrs service and restart postfix.

service postsrsd start
service postfix restart

Check if everything is working by sending an email from a gmx address to an existing email address on the server. email address send from which an email is sent back to gmx.

tail -f /var/log/maillog|grep 'srs_forward'

Sample output:

Jun 2 12:22:10 yourcompany.com postsrsd [1899]: srs_forward:  rewritten as 

If these instructions were helpful for you, we would be happy to receive a donation to the local kindergarten:


If you need another Linux distribution you can also compile the daemon manually. If you are using Centos6 for example, please note that the Postfix service included there is too old and should be updated to the latest version first.

Please divide the contribution
Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on whatsapp
Share on telegram
Latest posts

Recommended videos from our Youtube Channel