It's recommended to read links below to understand what SRS is:
We implemented SRS support since iRedAPD-2.6, please make sure you're running 2.6 or later release. You can check its version by running command below:
ls -dl /opt/iredapd
To upgrade iRedAPD, please follow this tutorial: Upgrade iRedAPD.
SRS is not enabled by default since iRedAPD-3.3, you need to generate a secret string and restart iredapd service to enable it.
$ echo $RANDOM$RANDOM$RANDOM$RANDOM$RANDOM$RANDOM | md5sum 9d3e3fbb52ea136033fc2c40a5340f86 -
srs_secrets = ["9d3e3fbb52ea136033fc2c40a5340f86"]
service iredapd restart
iRedAPD will listen to 3 network ports (all on
127.0.0.1) by default:
7777: for general smtp access policy, including greylisting, throttling, white/blacklisting, etc.
7778: for SRS forward rewriting.
7779: for SRS reverse rewriting.
Server hostname is used as srs domain (the mail domain name in rewritten
addresses) by default, it's configureable by updating parameter
srs_domain = in iRedAPD config file
/opt/iredapd/settings.py. You are
free to use a separated (sub-)domain name as srs domain, for example,
if you own domain name
example.com, you can use
The srs domain must be resolveable by DNS query and pointed to your iRedMail server. MX type DNS record is the best option, although it works with just A type DNS record (because MTA falls back to A if no MX record).
You can use
telnet or netcat (command
nc) to test it. We use
Connect to port
nc localhost 7778
Then type command:
gmail.com is an external domain, you should get a rewritten address
returned like this:
<HOSTNAME> will be replaced by your server hostname.
Then try with your mail domain name (replace
mydomain.com below by your real
mail domain name):
You should get this:
500 Domain is a local mail domain, bypassed.
If you get same/similar output, the SRS feature is working fine.
Please add 4 new parameters in Postfix config file
/usr/local/etc/postfix/main.cf (on FreeBSD):
sender_canonical_maps = tcp:127.0.0.1:7778 sender_canonical_classes = envelope_sender recipient_canonical_maps = tcp:127.0.0.1:7779 recipient_canonical_classes= envelope_recipient,header_recipient
Restarting or reloading Postfix service is required. After restarted/reloaded,
please monitor its log file (
/var/log/maillog) and pay close attention to the
srs_domain(which is server hostname by default), if you don't have SPF DNS record for
srs_domain, SpamAssassin may tag a score of the matched
Return-Path:header, if you have any sieve rules based on
Return-Path:, it MAY not work anymore. In this case, you need to update your sieve rules to match the rewritten address.
Top 10 Sendersand
Top 10 Recipientsin iRedAdmin-Pro Dashboard page may not work well.