Enable SRS (Sender Rewriting Scheme) support

Attention

Check out the lightweight on-premises email archiving software developed by iRedMail team: Spider Email Archiver.

Attention

What SRS is

It's recommended to read links below to understand what SRS is:

Upgrade iRedAPD to 2.6 or later release

We implemented SRS support since iRedAPD-2.6, please make sure you're running 2.6 or later release. You can check its version by running command below:

ls -dl /opt/iredapd

To upgrade iRedAPD, please follow this tutorial: Upgrade iRedAPD.

Enable SRS

SRS is not enabled by default since iRedAPD-3.3, you need to generate a secret string and restart iredapd service to enable it.

$ echo $RANDOM$RANDOM$RANDOM$RANDOM$RANDOM$RANDOM | md5sum
9d3e3fbb52ea136033fc2c40a5340f86 -
srs_secrets = ["9d3e3fbb52ea136033fc2c40a5340f86"]
service iredapd restart

iRedAPD will listen to 3 network ports (all on 127.0.0.1) by default:

Warning

Server hostname is used as srs domain (the mail domain name in rewritten addresses) by default, it's configureable by updating parameter srs_domain = in iRedAPD config file /opt/iredapd/settings.py. You are free to use a separated (sub-)domain name as srs domain, for example, if you own domain name example.com, you can use srs.example.com as srs domain.

The srs domain must be resolveable by DNS query and pointed to your iRedMail server. MX type DNS record is the best option, although it works with just A type DNS record (because MTA falls back to A if no MX record).

Test SRS

You can use telnet or netcat (command nc) to test it. We use nc for example here.

Connect to port 7778 first:

nc localhost 7778

Then type command:

get user@gmail.com

Since gmail.com is an external domain, you should get a rewritten address returned like this:

200 SRS0=XsrM=R5=gmail.com=a@<HOSTNAME>

The placholder <HOSTNAME> will be replaced by your server hostname.

Then try with your mail domain name (replace mydomain.com below by your real mail domain name):

get user@mydomain.com

You should get this:

500 Domain is a local mail domain, bypassed.

If you get same/similar output, the SRS feature is working fine.

Enable SRS integration in Postfix

Please add 4 new parameters in Postfix config file /etc/postfix/main.cf (on Linux/OpenBSD) or /usr/local/etc/postfix/main.cf (on FreeBSD):

sender_canonical_maps = tcp:127.0.0.1:7778
sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:127.0.0.1:7779
recipient_canonical_classes= envelope_recipient,header_recipient

Restarting or reloading Postfix service is required. After restarted/reloaded, please monitor its log file (/var/log/maillog) and pay close attention to the sender address.

Known Issues