I have domain1.com and domain2.com configured in postfix. domian1.com is $mydomain (local domain). domain2.com is virtual_mailbox_domains. All these domains are excluded for srs when sending emails.

The srs is working when forwarding [email protected] to [email protected]. However, for mails delivered to [email protected] which is a local virtual mailbox with no forwarding, srs is also performed which is certainly not necessary. Is there a way to exclude emails delivered to [email protected] for srs? Thanks!

Below is an example maillog showing the rewriting:

Apr 24 10:04:55 mailserver postfix/smtpd[2329]: connect from st11p02mm-asmtp002.mac.com[17.172.220.237]:48448
Apr 24 10:04:56 mailserver postfix/smtpd[2329]: 2F0EF404C5: client=st11p02mm-asmtp002.mac.com[17.172.220.237]:48448
Apr 24 10:04:56 mailserver postsrsd[2336]: srs_forward: <[email protected]> rewritten as
 <[email protected]>
Apr 24 10:04:56 mailserver postfix/cleanup[2335]: 2F0EF404C5: message-id=<[email protected]>
Apr 24 10:04:57 mailserver postfix/qmgr[1358]: 2F0EF404C5: from=<[email protected]>, size=38105, nrcpt=1 (queue active)
Apr 24 10:04:57 mailserver postfix/virtual[2339]: 2F0EF404C5: to=<[email protected]>, relay=virtual, delay=1.6, delays=1.5/0.04/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
Apr 24 10:04:57 mailserver postfix/qmgr[1358]: 2F0EF404C5: removed

Hi Timo,

I'm sorry that I have to open an issue for this because it's not that, it's just a question about configuration and features of postsrsd.

My use case is that I need SRS rewriting fo single, configurable email alias addresses which are used as simple mailing lists. Our postfix instance is configured to serve multiple virtual domains.

Let's say I have the email alias [email protected] which forwards incoming mail to [email protected] and [email protected], where otherdomain.com and yetanotherdomain.com are not part of our virtual domain list.

If [email protected] writes an email to [email protected] SRS rewriting should happen, in a way that the mailserver of [email protected] does not reject the email becaus of a SPF mismatch.

Ideally [email protected] should be rewritten to [email protected].

Is this scenario possible?

Thank you for your help.

Best regards
Dietrich

The RATWARE_EFROM SpamAssassin check was catching mail as it only excludes "SRS0=". SpamAssassin probably should exclude at least [+-=] but I was wondering if there was a reason postsrsd hardcodes the use of "+" in line 458 in postsrsd.c:

srs_set_separator (srs, '+');

I just removed the line which defaults to "=". I guess it would be nice to have a config option for it but is there a reason it's overridden in code or just personal preference at the time?

Are there any manual install instructions - other than deciphering the makefile ? In particular, the format of the secrets file.
Reason ?
I have several systems to put this on, which don't have any build packages installed. So I'll be building on another system and then copying the files across.

Of course, if the package found it's way into Wheezy backports that would be even better, but I'm not greedy :-)

Hello,
I meantime I have created spec file for building RPM package of your project. It is more better to have every software installed as package and not just building/deploying as is.
This spec file can work also for any rpm-like (compatible) distribution and it is available here: http://pastebin.com/eK7Btr0e

Here are some info how it works:

• you have not defined any version numbering for postsrsd, so I decided to use version 0.1 in this particular spec file. maybe it will be good idea to have some initial version number for your project.
• this spec file is not performing "make install" provided by your package because:
  1. a bit different file locations are used for postsrsd binary and for documents (/usr prefix instead of /usr/local)
  2. there is still problem with postinstall cmake script - centos's cmake 2.6.4 does not implement "FILE_PERMISSIONS OWNER_READ OWNER_WRITE" in "file()" function and the line 46 is always failing (I have not checked it well before)
• postsrsd.secret is created as postinstall script to ensure uniqueness of included secret (it is generated same way as you do it in your cmake postinstall script. File permissions are corrected as well.
• chroot directory is choosed as /var/lib/postsrsd (standard location for RH systems) with corresponding permissions which are defined as well within spec file.

The opened questions:

• I defined build requirements and dependency as follows:
  BuildRequires: cmake make gcc
  Requires: postfix
  but I am not sure if I miss something or they are fine.
• During package uninstalling the postsrsd secret file is deleted. But not sure if it will be better just to rename it (with standard .rpmsave extension).
• URL package availability: I heard that there is chance to get corresponding package version directly using correct github URL path - like this one: "http://github.com/masterzen/mysql-snmp/tarball/v1.0rc2". Something similar will be fine for your project once you decided to give it some version numbering - hopefully gihub will do the rest (URL version availability for direct download).

If you think this spec file is useful, you can put it in some "contrib" folder in your project. Just wanted to make this project more available for deployment as possible.

Hi Timo, thanks for the great project.

I'm getting errors starting postsrsd with init. I've installed the version from your stable PPA, running this on x86_64 Ubuntu 14.04.

After running service postsrsd start, I get the following in my syslog:

Dec 21 21:38:19 axon kernel: init: postsrsd main process (12904) terminated with status 1
Dec 21 21:38:19 axon kernel: init: postsrsd main process ended, respawning
Dec 21 21:38:19 axon kernel: init: postsrsd main process (12907) terminated with status 1
Dec 21 21:38:19 axon kernel: init: postsrsd main process ended, respawning
Dec 21 21:38:19 axon kernel: init: postsrsd main process (12909) terminated with status 1
Dec 21 21:38:19 axon kernel: init: postsrsd main process ended, respawning
Dec 21 21:38:19 axon kernel: init: postsrsd main process (12912) terminated with status 1
Dec 21 21:38:19 axon kernel: init: postsrsd main process ended, respawning
Dec 21 21:38:19 axon kernel: init: postsrsd main process (12915) terminated with status 1
Dec 21 21:38:19 axon kernel: init: postsrsd main process ended, respawning
Dec 21 21:38:19 axon kernel: init: postsrsd main process (12918) terminated with status 1
Dec 21 21:38:19 axon kernel: init: postsrsd main process ended, respawning
Dec 21 21:38:19 axon kernel: init: postsrsd main process (12921) terminated with status 1
Dec 21 21:38:19 axon kernel: init: postsrsd main process ended, respawning
Dec 21 21:38:19 axon kernel: init: postsrsd main process (12924) terminated with status 1
Dec 21 21:38:19 axon kernel: init: postsrsd main process ended, respawning
Dec 21 21:38:19 axon kernel: init: postsrsd main process (12927) terminated with status 1
Dec 21 21:38:19 axon kernel: init: postsrsd main process ended, respawning
Dec 21 21:38:19 axon kernel: init: postsrsd main process (12930) terminated with status 1
Dec 21 21:38:19 axon kernel: init: postsrsd main process ended, respawning
Dec 21 21:38:19 axon kernel: init: postsrsd main process (12933) terminated with status 1
Dec 21 21:38:19 axon kernel: init: postsrsd respawning too fast, stopped

I'm able to manually start postsrsd using the same command from /etc/init/postsrsd.conf:

/usr/sbin/postsrsd -4 -f"10001" -r"10002" -d"example.com" -s"/etc/postsrsd.secret" -u"nobody" -c"/var/lib/postsrsd" -X""

Let me know if you need any more information.

If there are multiple mailers handling the same domains, are there any special considerations ?
Eg, if there are mailer1.mydomain.com, mailer2.mydomain.com, etc, should each one be re-writing as "mailerN", or can it be setup so they all use (eg) "mailers.mydomain.com" which resolves to all the mailers in use ?
I'm guessing that for the latter to work, they'd need to use a common secrets file ?

When i run on solaris sparc64 i get :

telnet localhost 10001
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
get [email protected]
get [email protected]
200 SRS0+xxxxx=7I=gmail.com=[email protected]

Note that the get line is echoed for some reason, the first one is the one i type, the second is some sort of socket echo. This confuses poor postmap which tries to parse the echo as the result, and not the 200 line underneath.

../sbin/postmap -q '[email protected]' tcp:127.0.0.1:10001
postmap: warning: read TCP map reply from 127.0.0.1:10001: malformed reply: get [email protected]
postmap: fatal: table tcp:127.0.0.1:10001: query error: Error 0

I compiled it successfully. Btw, I could't find the startup script. Please help me. It is gentoo server. Thanks

• As you can see in the logs, long strings give: unexpected EOF (Connection timed out)

Jun 19 18:26:06 ifmx03 postfix/cleanup[12280]: warning: read TCP map reply from 127.0.0.1:10002: unexpected EOF (Connection timed out)
Jun 19 18:26:06 ifmx03 postfix/cleanup[12280]: warning: tcp:127.0.0.1:10002 lookup of "Marian mare de Violeta Brizuela 3r EP [email protected]; Merche mare Nico [email protected]; Cristina i
Muriel mares de Mar [email protected]; Eduard pare Marc Guerau [email protected]; Empar mare Emma i Marcel [email protected]; Enric Camps pare Aitana <[email protected]
om>; estherolga [email protected]; Helena Mare Mar?a [email protected]; Hugo Talens [email protected]; Iker ContrerasMamen [email protected]; Isabel mare Iker Garc?a <info@i
sabelpallardo.com>; Isabel Mart?nez [email protected]; Joan fill de M? Jos? germana Isabel pallard? [email protected]; Jose Antonio Moreno [email protected]; Lucas Casaban
[email protected]; Luc?a Navarro [email protected]; Mar mare de Luc?a i Alex Baixauli [email protected]; SONIA marco [email protected]; maria jose marc costa <maria.jose.cost
[email protected]>; Marian mare de Violeta Brizuela 3r EP [email protected]; Merche mare Nico"@xxxx.xx.xx failed
Jun 19 18:26:06 ifmx03 postfix/cleanup[12280]: warning: CAA3EA03C5: recipient_canonical_maps map lookup problem for "Marian mare de Violeta Brizuela 3r EP [email protected]; Merche mare Nico <costyal
[email protected]>; Cristina i Muriel mares de Mar [email protected]; Eduard pare Marc Guerau [email protected]; Empar mare Emma i Marcel [email protected]; Enric Camps pare Aita
na [email protected]; estherolga [email protected]; Helena Mare Mar?a [email protected]; Hugo Talens [email protected]; Iker ContrerasMamen [email protected]; Isa
bel mare Iker Garc?a [email protected]; Isabel Mart?nez [email protected]; Joan fill de M? Jos? germana Isabel pallard? [email protected]; Jose Antonio Moreno <josantmore
[email protected]>; Lucas Casaban [email protected]; Luc?a Navarro [email protected]; Mar mare de Luc?a i Alex Baixauli [email protected]; SONIA marco [email protected]; maria jose
marc costa [email protected]; Marian mare de Violeta Brizuela 3r EP [email protected]; Merche mare Nico"@xxxx.xx.xx
Jun 19 18:26:06 ifmx03 postsrsd[12854]: srs_forward: [email protected] rewritten as [email protected]

• Postfix version:
  Name : postfix
  Version : 2.8.12
  Release : 1.vda.el6

syslog timestamps are off due to lack of timezone info being loaded, due to chroot.

Need to modify so we do a timezone related call before we chroot to load the proper files.

--- postsrsd.orig 2014-07-05 23:20:09.416740202 -0400
+++ postsrsd.c 2014-07-05 23:18:49.322197811 -0400
@@ -356,6 +356,10 @@

/* Open syslog now (NDELAY), because it may no longer reachable from chroot */
openlog (self, LOG_PID | LOG_NDELAY, LOG_MAIL);
+

• /* Call localtime to load timezone info so syslog time is accurate */
• localtime();
• /* We also have to lookup the uid of the unprivileged user for the same reason. */
  if (user) {
  errno = 0;

Silly question, but if i get a SRS hash like :

telnet localhost 10001
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
get [email protected]
200 SRS0+auuv=7M=guy.com=test@my_srs_domain
Connection to localhost closed by foreign host.

Then i expand it back :

telnet localhost 10002
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
get SRS0+auuv=7M=guy.com=test@cluck_cluck_im_achicken
200 [email protected]
Connection to localhost closed by foreign host.

I can specify any domain right of the @ if the hash validates, is this a good thing, or should it only get 200 if i use the srs domain that i have declared with -d${SRS_DOMAIN} ? (@cluck_cluck_im_achicken is not he same as @my_srs_domain)

Probably at this point postfix should have rejected all the invalid domains, but it does leave all the domains which are still valid domains, but still not actually your specified srs domain.

I am using postsrsd for SRS rewriting with Postfix. I can see MAIL FROM: address has been modified to SRS rewritten address. Along with that, I can see that even MIME From: header has been rewritten. Because of that when this email is received by the recipient, it is shown to come from SRS written address instead of being from original sender. Is there a way to prevent MIME From: header from being replaced with SRS address?

When a bounce gets back to my MX the headers of the message seem to get reversed and the bounce gets back to the origin but the From header is the SRS converted one.
This behaviour get some customers confused.

I' ve tried adding header_recipient to recipient_canonical_classes but it won't work.

Is it posible to reverse From header in the bounces?

Hi there,

I just realized that Gmail has been silently discarding several of my root emails over the past few days mostly containing stats and log checks and the likes coming from my server.

Basically in my /etc/aliases file most of the system accounts redirect to root and root redirects to my Google Apps email address (ovidiu at pacura dot ru)

Here is an excerpt from my log file:

(1:539)# cat /var/log/mail.log | grep E3E844240CE

May 21 00:12:26 h2118175 postfix/cleanup[458751]: E3E844240CE: message-id=[email protected]
May 21 00:12:27 h2118175 postfix/local[458773]: CF3CB4240A3: to=[email protected], relay=local, delay=0.15, delays=0.08/0/0/0.07, dsn=2.0.0, status=sent (forwarded as E3E844240CE)
May 21 00:12:27 h2118175 postfix/qmgr[351027]: E3E844240CE: from=[email protected], size=15088, nrcpt=1 (queue active)
May 21 00:12:27 h2118175 postfix/smtp[458775]: E3E844240CE: to=[email protected], orig_to=[email protected], relay=aspmx.l.google.com[74.125.143.26]:25, delay=0.85, delays=0.07/0/0.16/0.61, dsn=5.7.1, status=bounced (host aspmx.l.google.com[74.125.143.26] said: 550-5.7.1 [85.214.221.98 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550 5.7.1 more information. cq10si18502940lad.77 - gsmtp (in reply to end of DATA command))
May 21 00:12:28 h2118175 postfix/bounce[458908]: E3E844240CE: sender non-delivery notification: EAC784240AF
May 21 00:12:28 h2118175 postfix/qmgr[351027]: E3E844240CE: removed

And if you visit the link they give: https://support.google.com/mail/answer/175365?hl=en

It says: We recommend that you do not change the envelope sender when forwarding email to Gmail.

What is happening here?
Any help would be much appreciated.

I have a computer which I name "m2osw.com" so that way it gets its PTR as "m2osw.com" (that's how DigitalOcean works, at least so it seems.) I also tried to name my mail computers with "mail.m2osw.com", but I have not (yet) been able to get gmail, yahoo!, etc. to accept such along with SPIF, DMARC, etc. Anyway...

This means my /etc/hostname file is just "m2osw.com".

When I do not specifically setup the SRS_DOMAIN variable, the result is that postsrsd uses "com" instead of "m2osw.com".

I would think that you should not remove the sub-domain name if there is a single dot in the name. Also there are ways to determine whether a name is an official TLD and you could use that technique to clearly only remove sub-domain names and not the actual domain name. I know you also have to deal with names such as "localhost", although really those won't work on the Internet and thus can most certainly be ignored in your case.

Without setting up SRS_DOMAIN, I would get errors when forwarding emails because my archive server would receive emails with names such as SRS...@com. The "@com" would be refused by the recipient, obviously.

Reference: http://serverfault.com/questions/829210/postfix-gives-me-sender-address-rejected-need-fully-qualified-address-errors

Hello Timo, it's a nice piece of code and it would be great to have similar functionality as postfix-mysql does. I'm using it together with ISPConfig and cron via command

mysql -Bse 'SELECT domain FROM dbispconfig.mail_domain' | sed ':a;N;$!ba;s/\n/,/g'

for my generating SRS_EXCLUDE_DOMAINS but it would be better to have direct table lookup like postfix does (user, password, dbname, query). Just my thoughts.

When trying to debug undelivered outgoing emails (Debian 8) after setting up postsrsd with error messages like the following (/var/log/mail.log)

May 28 10:09:34 server postfix/smtpd[12904]: connect from s1.client.ip[X.X.X.X]
May 28 10:09:34 server postfix/smtpd[12904]: warning: connect to TCP map 127.0.0.1:10002: Connection refused
May 28 10:09:35 server postfix/smtpd[12904]: warning: connect to TCP map 127.0.0.1:10002: Connection refused
May 28 10:09:36 server postfix/smtpd[12904]: warning: connect to TCP map 127.0.0.1:10002: Connection refused
May 28 10:09:37 server postfix/smtpd[12904]: warning: connect to TCP map 127.0.0.1:10002: Connection refused
May 28 10:09:38 server postfix/smtpd[12904]: warning: connect to TCP map 127.0.0.1:10002: Connection refused
May 28 10:09:39 server postfix/smtpd[12904]: warning: connect to TCP map 127.0.0.1:10002: Connection refused
May 28 10:09:40 server postfix/smtpd[12904]: warning: connect to TCP map 127.0.0.1:10002: Connection refused
May 28 10:09:41 server postfix/smtpd[12904]: warning: connect to TCP map 127.0.0.1:10002: Connection refused
May 28 10:09:42 server postfix/smtpd[12904]: warning: connect to TCP map 127.0.0.1:10002: Connection refused
May 28 10:09:43 server postfix/smtpd[12904]: warning: connect to TCP map 127.0.0.1:10002: Connection refused
May 28 10:09:43 server postfix/smtpd[12904]: warning: tcp:127.0.0.1:10002 lookup error for "recipient@mydomain"
May 28 10:09:43 server postfix/smtpd[12904]: NOQUEUE: reject: RCPT from s1.client.ip[X.X.X.X]: 451 4.3.0 <recipient@mydomain>: Temporary lookup failure; from=<[email protected]> to=<recipient@mydomain> proto=ESMTP helo=<client.ip>

I discovered that the init.d scipt silently failed to start the postsrsd daemon.
Turns out that postsrsd fails with error

postsrsd: extra argument on command line:

if the SRS_EXCLUDE_DOMAINS variable is empty, i.e. if calling postsrsd with argument

-X ""

I fixed it temporarily by simply removing the -X flag, however I suggest you might want to take another look at either the init.d script (additional if-clause) or the implementation of the -X flag.

Hi,
i would like to use postsrsd only for outgoing emails, how can i do that?
I tried to comment these lines on Postfix:

sender_canonical_maps = tcp:127.0.0.1:10001
sender_canonical_classes = envelope_sender
#recipient_canonical_maps = tcp:127.0.0.1:10002
#recipient_canonical_classes = envelope_recipient

Any help is appreciated, thank you.

Hi there,

I just got this out of office reply from a user hosted on my server using postsrsd. Any idea why the recipient (myself = [email protected]) hasn't been nicely rewritten?

from: [email protected]
to: SRS0+luma=2U=pacura.ru=[email protected]
date: 22 May 2014 21:26
subject: Out of office reply

Here is the corresponding log part:

May 22 21:26:15 h2118175 postfix/smtpd[334184]: connect from mail-ie0-f182.google.com[209.85.223.182]
May 22 21:26:16 h2118175 postfix/policyd-weight[574237]: decided action=PREPEND X-policyd-weight: using cached result; rate: -7; <client=mail-ie0-f182.google.com[209.85.223.182]> <helo=mail-ie0-f182.google.com> [email protected] [email protected]; delay: 0s
May 22 21:26:16 h2118175 postgrey[3279]: action=pass, reason=client whitelist, client_name=mail-ie0-f182.google.com, client_address=209.85.223.182, sender=[email protected], recipient=[email protected]
May 22 21:26:16 h2118175 postfix/smtpd[334184]: AE960424081: client=mail-ie0-f182.google.com[209.85.223.182]
May 22 21:26:16 h2118175 postfix/cleanup[334930]: AE960424081: message-id=CAFtRoJGkr78Q7x6wGcWTcV_gPxLhT7yFCjMoo9ivQ-RO_FWsmw@mail.gmail.com
May 22 21:26:17 h2118175 postfix/qmgr[254084]: AE960424081: from=[email protected], size=11517, nrcpt=1 (queue active)
May 22 21:26:17 h2118175 postfix/smtpd[334184]: disconnect from mail-ie0-f182.google.com[209.85.223.182]
May 22 21:26:17 h2118175 postfix/smtpd[334934]: connect from localhost[127.0.0.1]
May 22 21:26:17 h2118175 postfix/smtpd[334934]: EBF294240C0: client=localhost[127.0.0.1]
May 22 21:26:17 h2118175 postsrsd[334935]: srs_forward: [email protected] rewritten as [email protected]
May 22 21:26:17 h2118175 postfix/cleanup[334930]: EBF294240C0: message-id=CAFtRoJGkr78Q7x6wGcWTcV_gPxLhT7yFCjMoo9ivQ-RO_FWsmw@mail.gmail.com
May 22 21:26:18 h2118175 postfix/qmgr[254084]: EBF294240C0: from=[email protected], size=12008, nrcpt=1 (queue active)
May 22 21:26:18 h2118175 postfix/smtpd[334934]: disconnect from localhost[127.0.0.1]
May 22 21:26:18 h2118175 amavis[319857]: (319857-02) Passed CLEAN {RelayedInbound}, [209.85.223.182]:49733 [209.85.223.182] [email protected] -> [email protected], Queue-ID: AE960424081, Message-ID: CAFtRoJGkr78Q7x6wGcWTcV_gPxLhT7yFCjMoo9ivQ-RO_FWsmw@mail.gmail.com, mail_id: RVdw2Sh8DunE, Hits: -1.989, size: 11517, queued_as: EBF294240C0, 847 ms
May 22 21:26:18 h2118175 postfix/smtp[334931]: AE960424081: to=[email protected], relay=127.0.0.1[127.0.0.1]:10024, delay=1.7, delays=0.84/0.01/0/0.85, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as EBF294240C0)
May 22 21:26:18 h2118175 postfix/qmgr[254084]: AE960424081: removed
May 22 21:26:18 h2118175 dovecot: lda([email protected]): sieve: msgid=CAFtRoJGkr78Q7x6wGcWTcV_gPxLhT7yFCjMoo9ivQ-RO_FWsmw@mail.gmail.com: stored mail into mailbox 'INBOX'
May 22 21:26:18 h2118175 postfix/pickup[314494]: 5C9984240CF: uid=5000 from=<>
May 22 21:26:18 h2118175 postfix/cleanup[334930]: 5C9984240CF: message-id=[email protected]
May 22 21:26:18 h2118175 dovecot: lda([email protected]): sieve: msgid=CAFtRoJGkr78Q7x6wGcWTcV_gPxLhT7yFCjMoo9ivQ-RO_FWsmw@mail.gmail.com: sent vacation response to [email protected]
May 22 21:26:18 h2118175 postfix/pipe[334937]: EBF294240C0: to=[email protected], relay=dovecot, delay=0.41, delays=0.08/0/0/0.33, dsn=2.0.0, status=sent (delivered via dovecot service)
May 22 21:26:18 h2118175 postfix/qmgr[254084]: EBF294240C0: removed
May 22 21:26:18 h2118175 postfix/qmgr[254084]: 5C9984240CF: from=<>, size=1024, nrcpt=1 (queue active)
May 22 21:26:19 h2118175 postfix/smtpd[334934]: connect from localhost[127.0.0.1]
May 22 21:26:19 h2118175 postfix/smtpd[334934]: B941D424081: client=localhost[127.0.0.1]
May 22 21:26:19 h2118175 postsrsd[334935]: srs_forward: <""> not rewritten: No at sign in sender address
May 22 21:26:19 h2118175 postsrsd[334936]: srs_reverse: [email protected] rewritten as [email protected]
May 22 21:26:19 h2118175 postfix/cleanup[334930]: B941D424081: message-id=[email protected]
May 22 21:26:19 h2118175 postfix/qmgr[254084]: B941D424081: from=<>, size=1583, nrcpt=1 (queue active)
May 22 21:26:19 h2118175 postfix/smtpd[334934]: disconnect from localhost[127.0.0.1]
May 22 21:26:19 h2118175 amavis[247302]: (247302-20) Passed CLEAN {RelayedInbound}, <> -> [email protected], Message-ID: [email protected], mail_id: IhDnxPZlzvHm, Hits: -1.9, size: 1024, queued_as: B941D424081, 1415 ms
May 22 21:26:19 h2118175 postfix/smtp[334931]: 5C9984240CF: to=[email protected], relay=127.0.0.1[127.0.0.1]:10024, delay=1.6, delays=0.2/0/0/1.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B941D424081)
May 22 21:26:19 h2118175 postfix/qmgr[254084]: 5C9984240CF: removed
May 22 21:26:20 h2118175 postfix/smtp[334954]: B941D424081: to=[email protected], orig_to=[email protected], relay=aspmx.l.google.com[173.194.65.27]:25, delay=1.3, delays=0.62/0.01/0.12/0.54, dsn=2.0.0, status=sent (250 2.0.0 OK 1400786780 g48si2306705eeo.50 - gsmtp)
May 22 21:26:20 h2118175 postfix/qmgr[254084]: B941D424081: removed

Any other info I can supply?

Hello,

I'm a maintainer of mail/postsrsd at FreeBSD ports tree. I've just testing last release of postsrsd to make a port update. I had some compilation errors. So I think it could be added to source code.

--- srs2.c.orig 2015-12-13 08:56:05 UTC
+++ srs2.c
@@ -21,7 +21,11 @@
#include <sys/types.h> /* tyepdefs /
#include <sys/time.h> / timeval / timezone struct /
#include <string.h> / memcpy, strcpy, memset */
-#include <alloca.h>
+#if defined(FreeBSD)
+# include <stdlib.h>
+#else
+# include <alloca.h>
+#endif

#ifdef USE_OPENSSL
#include <openssl/hmac.h>

--- srs2.h.orig 2015-12-13 08:56:05 UTC
+++ srs2.h
@@ -23,7 +23,7 @@
#ifdef APPLE
#include <sys/types.h>

#endif

+#if defined(FreeBSD)
+#include <time.h>
+#endif

#ifndef __BEGIN_DECLS
#define __BEGIN_DECLS

These changes are small but could be very useful for FreeBSD community :-)

Thanks a lot for your work.

Greetings,

krzyszstofs

I followed this guy's instructions (again) as I did a while ago and it worked perfectly, basically I was trying to update postsrsd and at the step of restarting it I now hit an error. https://www.mind-it.info/forward-postfix-spf-srs/

Starting Postfix Sender Rewriting Scheme daemon: postsrsdpostsrsd: bind_service(-r): Servname not supported for ai_socktype
failed!

Any ideas? I'm stuck :-/

Hello Timo,
please fix postinstall script according fingings here: https://groups.google.com/forum/#!topic/mailing.postfix.users/x1pMbikyFEw

I've got exactly same error after trying to "make install" compiled code. but be aware, same error will raise also for line 31 of postinstall.cmake - same "file called with inappropriate arguments" error like for line 15.

thanks!

Hi, I have sieve + dovecot + postfix with postsrsd but:

if i send e-mail to account with vacation response I had bad headers.

From: [email protected]
To:SRS0=mQhw=PU=domain.tld=[email protected]

i need change to:

From: [email protected]
To: [email protected]

this is postfix logs:

Mar 24 19:30:32 mail3 postsrsd[1577]: srs_reverse: [email protected] rewritten as [email protected]
Mar 24 19:30:32 mail3 postsrsd[1520]: srs_forward: <""> not rewritten: No at sign in sender address
Mar 24 19:30:32 mail3 postsrsd[1578]: srs_reverse: [email protected] rewritten as [email protected]
Mar 24 19:30:32 mail3 postfix/cleanup[1518]: D5F73809093F: message-id=[email protected]
Mar 24 19:30:32 mail3 postfix/qmgr[1421]: D5F73809093F: from=<>, size=847, nrcpt=1 (queue active)
Mar 24 19:30:38 mail3 postfix/smtp[1579]: D5F73809093F: to=[email protected], orig_to=[email protected], delay=5.3, delays=0.06/0.02/0.13/5.1, dsn=2.0.0, status=sent (250 OK id=1ajA1L-0008A1-1B)
Mar 24 19:30:38 mail3 postfix/qmgr[1421]: D5F73809093F: removed

Any sugesstions?

Running Red Hat 6.5
both /lib/lsb/init-functions and ${SYSCONF_DIR}/init.d/functions exist on the system
during installations sysv-lsb is selected and the installed init script is incorrect for Red Hat due too usage of log_daemon_msg
perhaps use a different approach for platform detection?

if(EXISTS "/etc/debian_version")
set ( PLATFORM "Debian")
endif(EXISTS "/etc/debian_version")

if(EXISTS "/etc/redhat-release")
set ( PLATFORM "Redhat")
endif(EXISTS "/etc/redhat-release")

When running make on a Raspberry Pi 3 Jessie following warning occurs:

CMake Warning (dev) at CMakeLists.txt:85 (get_target_property):
Policy CMP0026 is not set: Disallow use of the LOCATION target property.
Run "cmake --help-policy CMP0026" for policy details. Use the cmake_policy
command to set the policy and suppress this warning.
The LOCATION property should not be read from target "postsrsd". Use the
target name directly with add_custom_command, or use the generator
expression $<TARGET_FILE>, as appropriate.
This warning is for project developers. Use -Wno-dev to suppress it.

I ignored this warning an continued
sudo make install
and
sudo service postsrsd start
which gave me

Failed to start postsrsd.service: Unit postsrsd.service failed to load: No such file or directory.

I must be doing something wrong or overlook something here?

Hi!
I'm trying to get postsrsd to work on OpenSuSE 13.1, which is systemd based.
When I start the service all I get is: http://pastebin.com/CY9dN5gf
Starting the daemon manually with:
postsrsd -4 -f 10001 -r 10002 -d example.com -s /etc/postsrsd.secret -u nobody -D
works fine.
Any hints?
Thanks

-- Install configuration: "Release"
-- Installing: /usr/local/sbin/postsrsd
-- Installing: /usr/local/share/doc/postsrsd/README.md
-- Installing: /usr/local/share/doc/postsrsd/main.cf.ex
-- Chroot jail: /usr/local/lib/postsrsd
-- Installing: /etc/default/postsrsd
-- Installing: /etc/init.d/postsrsd
-- Generating secret key
CMake Error at postinstall.cmake:48 (file):
file called with inappropriate arguments
Call Stack (most recent call first):
cmake_install.cmake:57 (INCLUDE)

make[1]: *** [install] Error 1
make[1]: Leaving directory `/tmp/postsrsd-master/build'
make: *** [install] Error 2

Hi, this is more a question than an issue, but github seems to have no other way to ask questions.

Is it possible to enable the SRS rewrite only for domains that have a SPF record? For example I would like to have a rewrite when a gmail.com mail is forwarded, but not when a non SPF domain example.com mail is forwarded.

According to my postfix log all the rewrites don't look quite right - e.g.:

Mar 29 20:56:14 something postsrsd[1442]: srs_forward: <[email protected]> rewritten as <SRS0=uIZh=PZ=something.net=ossecmnew@net>

i.e. the domain name is not appearing at the end of the rewrite - just the tld (which is correct) - any ideas why this would be?

the systemd install doesn't run SRS_DOMAIN=postconf -h mydomain.
/etc/default/postsrsd states that if SRS_DOMAIN is not set it will be set to postconf -h mydomain.

I downloaded latest master, compiled and installed. Everything seems fine until I try to start the service. I always get the following error: Starting Postfix Sender Rewriting Scheme daemon: postsrsd: You must set a secret (-s) [FAILED]. I checked init scipts, config files and also /etc/postsrsd.secret everything looks fine and I can start manually on the command line.

Good morning!

My mail server has local accounts and it also forwards messages.

How is it possible to rewrite only those addresses that are in forwarded messages?

how can we check for reverse srs forgery? can you give an example as a milter or sa rule?

Hello,
I am happily implemented this SRS feature in CentOS 6 environment and I wanted to share with you redhat-like init scripts that I have created for this purpose. As I dont know how to attach it here, I maked it available here: http://www.zssos.sk/trash/postsrsd.redhat.init

Hello,

I have an little problem with starting my postfix v2.6 after implementing postsrsd.

Im working on centos 6.5, ad got error as below.

postfix/cleanup[2629]: fatal: unsupported dictionary type: tcp
postfix/master[2376]: warning: process /usr/libexec/postfix/cleanup pid 2629 exit status 1
postfix/master[2376]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling

Im almost sure that it is becouse of "sender_canonical_maps = tcp:127.0.0.1:10001 and "recipient_canonical_maps = tcp:127.0.0.1:10002" in main.cf, because in whole configuration there's only there text tcp

I tried to find how to deal with that, but unfortunatelly didnt find any topic with that kind of problem ..

Any idea how to deal with that?

Thanks in advance for any tips how to deal with that.

Best regards
Keiishi

Hi there,

I do have an enhancement suggestion: Maybe it's worth to have a variable telling that I only want to have specific domains make use of SRS. Imagine I have some distribution lists created by using postfix and redirects (e.g. [email protected]) then I maybe just want to have lists.server.com make use of SRS.

Basically a feature where I can define which domain makes use of SRS would be great.

Thanks for the good work!
Stefan

Hi,

not really an issue for you to fix but probably related to the "Known Issues" in the README: since PostSRSD handles rewriting apparently before verifying if a mail is to be accepted by postfix at all, we run into major performance bottlenecks through rewriting for anny SMTP connection. We've implemented your software on some forwarding nodes and they handle around 100k legitimate mails in 24 hours. The number of illegitimate connections is a lot higher, but rewrites are done whatsoever resulting in really poor processing performance and high CPU load.

Do you have any suggestions how to overcome this? The delays in transmission are pretty high already and we don't want to disable SRS at this point as it's quite effective.

Best
Fabian

Is the Postfix (or other mailer) Queue ID available to postsrsd ? If so, can it be included in the log ?
On a single quiet server it's not an issue, but once there's multiple servers and/or things get even mildly busy, the logs are impossible to read without thinning them out (eg with grep).
A typical workflow for me when dealing with a user "query" is to grep for what information is known (eg sender, recipient, approx time), then find the queue ID that seems to be the message best fitting the user supplied information, and then grep for that ID to find how the message passed through the system. As the queue ID isn't in the postsrsd logging, it doesn't appear in this last step.

On systems where both ipv4 and ipv6 are configured, postsrsd only listens on IPv4:

root@zre-ldap002:/opt/zimbra/common# netstat -an | grep 10001
tcp 0 0 127.0.0.1:10001 0.0.0.0:* LISTEN
root@zre-ldap002:/opt/zimbra/common# netstat -an | grep 10002
tcp 0 0 127.0.0.1:10002 0.0.0.0:* LISTEN

If IPv6 is also available, it should listen on it as well, unless -4 was passed as an option. Likewise, the reverse if -6 was passed as an option, it should only listen on the ipv6 addr and not the ipv4 addr.

I'm doing some testing on a virtualised network of vagrant boxes using postsrsd to implement srs, and I have it working and able to send emails with re-written return paths to external mailservers. The box doing the forwarding is installed and configured by the same automation as our production forwarders. When I un-comment the SRS_EXCLUDE_DOMAINS list in /etc/default/postsrsd and enter domains I'm testing through there, restarting both postsrsd and postfix, just to be sure, I still see the the domain on the exclude list being re-written. I'm wondering if the fact it's a virtual network is causing a problem, but I don't see why that should interfere in this, the server behaves normally in every other way. Is there some step in using that list that I am missing or unaware of, or what should I check into to find the problem? I've not been successful finding anything helpful in logs, if someone could point me in the right direction to look I'd appreciate it.

Hey folks!

I am running postsrsd and I noticed that on some servers the binary seems to spawn child procs:

├─postsrsd───7*[postsrsd]

(pstree output) - on some other system it does not behave like this. Is this normal? When does the daemon spawn childs?

Cheers,
Chris.

If the setting SRS_EXCLUDE_DOMAINS is defined with multiple domains separated by spaces OpenSRSD will fail to start. Separating them by commas does work, it then works as expected.

I'm running a postfix+dovecot+mysql with virtual domains, and ran into problems with using postsrsd rewriting absolutely every e-mail going through it, like this:
Jul 6 07:02:02 cs12986 postfix/smtpd[18361]: connect from smtp.zagruzka.com[194.85.19.154]
Jul 6 07:02:02 cs12986 postfix/smtpd[18361]: Anonymous TLS connection established from smtp.zagruzka.com[194.85.19.154]: TLSv1 with cipher AES256-SHA (256/256 bits)
Jul 6 07:02:02 cs12986 postgrey[24863]: action=pass, reason=triplet found, client_name=smtp.zagruzka.com, client_address=194.85.19.154, sender=[email protected], recipient=[email protected]
Jul 6 07:02:02 cs12986 postfix/smtpd[18361]: C9ED17BE538: client=smtp.zagruzka.com[194.85.19.154]
Jul 6 07:02:02 cs12986 postsrsd[18573]: srs_forward: [email protected] rewritten as [email protected]
Jul 6 07:02:02 cs12986 postfix/cleanup[18572]: C9ED17BE538: message-id=53b8bc2a.cvFkybUdtXpFIqQg%[email protected]
Here we have an external e-mail coming to a local virtual mailbox. Why is it rewriting the sender's address?
Is this intended behavior, and all local domains should be added to SRS_EXCLUDE_DOMAINS?

I installed PostSRS per the directions in the README and am getting:

# service postsrsd start
Failed to start postsrsd.service: Unit postsrsd.service failed to load: No such file or directory.

I'm using

# cat /etc/*-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=15.10
DISTRIB_CODENAME=wily
DISTRIB_DESCRIPTION="Ubuntu 15.10"
NAME="Ubuntu"
VERSION="15.10 (Wily Werewolf)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 15.10"
VERSION_ID="15.10"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"

I built with

# cmake -DINIT_FLAVOR=upstart ../
# make
# make install

Any idea why the install is not work?

Hello and best wishes for the new year!

Although I've installed postsrsd (from master) in the past without problems, I faced a problem today, installing it on a fresh Ubuntu 14.04.3 again from master repo.

Postsrsd would not start.

I've searched around a bit and landed on #26. But it didn't help me at all.

I started to check the new scripts with the scripts of another installation, and I've found a difference in the upstart script:

exec /usr/sbin/postsrsd -f "$SRS_FORWARD_PORT" -r "$SRS_REVERSE_PORT" -d "$SRS_DOMAIN" -s "$SRS_SECRET" -a "$SRS_SEPARATOR" -u "$RUN_AS" -c "$CHROOT" -X "$SRS_EXCLUDE_DOMAINS"

I've noticed a space between each parameter that wasn't there in the old script. So I've removed the spaces to read:

exec /usr/sbin/postsrsd -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -a"$SRS_SEPARATOR" -u"$RUN_AS" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS"

and postsrsd started without problems! No other changes were made.

Regards,
Thanasis.

Hello Timo,

I installed postsrsd (1.1-1~raring) from your repository at https://launchpad.net/~roehling/+archive/ubuntu/stable on a Debian stable.
postsrsd runs fine but sometimes it crashes with the following syslog entry:

postsrsd[3992]: Poll failure: Interrupted system call

Is this a known bug, or should I inspect my system for errors?

Thanks for your effort!
Klaus