Enable SRS (Sender Rewriting Scheme) support

Enable SRS (Sender Rewriting Scheme) support

Attention

If you deploy iRedMail server with the iRedMail Easy platform, you can simply enable or disable it by toggling on/off a checkbox on the mail server profile page, then apply the change.

What SRS is

It's recommended to read links below to understand what SRS is:

Upgrade iRedAPD to 2.6 or later release

We implemented SRS support since iRedAPD-2.6, please make sure you're running 2.6 or later release. You can check its version by running command below:

ls -dl /opt/iredapd

To upgrade iRedAPD, please follow this tutorial: Upgrade iRedAPD.

iRedAPD will listen on 3 network ports by default:

7777: for general smtp access policy, including greylisting, throttling, white/blacklisting, etc.
7778: for SRS forward rewriting.
7779: for SRS reverse rewriting.

Test SRS

You can use telnet or netcat (command nc) to test it. We use nc for example here.

Connect to port 7778 first:

nc localhost 7778

Then type command:

get user@gmail.com

Since gmail.com is an external domain, you should get a rewritten address returned like this:

200 SRS0=XsrM=R5=gmail.com=a@<HOSTNAME>

The placholder <HOSTNAME> will be replaced by your server hostname.

Then try with your mail domain name (replace mydomain.com below by your real mail domain name):

get user@mydomain.com

You should get this:

500 Domain is a local mail domain, bypassed.

If you get same/similar output, the SRS feature is working fine.

Enable SRS integration in Postfix

Please add 4 new parameters in Postfix config file /etc/postfix/main.cf (on Linux/OpenBSD) or /usr/local/etc/postfix/main.cf (on FreeBSD):

sender_canonical_maps = tcp:127.0.0.1:7778
sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:127.0.0.1:7779
recipient_canonical_classes= envelope_recipient,header_recipient

Restarting or reloading Postfix service is required. After restarted/reloaded, please monitor its log file (/var/log/maillog) and pay close attention to the sender address.

Known issues of SRS support

Sender addresses will always be rewritten even if the mail is not forwarded at all, except locally hosted mail domains. This is because Postfix sends minimal info to iRedAPD via the tcp table lookup, and it performs address rewritten at the very beginning before any routing decision is made.
Postfix will rewrite the address in the Return-Path: header, if you have any sieve rules based on Return-Path:, it MAY not work anymore. In this case, you need to update your sieve rules to match the rewritten address.
Postfix logs rewritten addresses in its log file, so it may confuse you while troubleshooting.
Amavisd stores rewritten addresses in its SQL database, so the Top 10 Senders and Top 10 Recipients in iRedAdmin-Pro Dashboard page may not work well.