Note: This post is heavily based on this article.
Install needed dependencies:
|
1 2 3 |
apt-get update apt-get -y install git-core build-essential apt-get -y install pkg-config libev-dev libpcre3-dev |
Install libsrs:
|
1 2 3 4 5 6 7 |
PACKAGE=libsrs2-1.0.18 wget http://www.libsrs2.org/srs/$PACKAGE.tar.gz tar xvfz $PACKAGE.tar.gz cd $PACKAGE ./configure make make install |
Install pfix-srsd:
|
1 2 3 4 5 6 |
git clone --recursive https://github.com/Fruneau/pfixtools.git cd pfixtools/common make cd ../pfix-srsd/ make make install |
Update libraries:
|
1 |
ldconfig |
Create secrets:
|
1 2 3 4 |
for i in {1..100}; do (date +%s%N | sha256sum | base64 -w0; echo ) >> /etc/postfix/pfix-srs.secrets done chmod 400 /etc/postfix/pfix-srs.secrets |
Save to /etc/default/pfix-srsd:
|
1 2 3 |
DOMAIN=mydomain.com SECRETS=/etc/postfix/pfix-srs.secrets OPTIONS=-I |
Save to /etc/init.d/pfix-srsd:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
#!/bin/sh ### BEGIN INIT INFO # Provides: pfix-srsd # Required-Start: $local_fs $remote_fs # Required-Stop: $local_fs $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: pfixtools SRS Daemon backend for Postfix ### END INIT INFO PFIXSRSD_CONFIG="/etc/default/pfix-srsd" NAME="pfix-srsd" DAEMON="/usr/local/sbin/pfix-srsd" PID_FILE="/var/run/pfix-srsd.pid" if [ -f $PFIXSRSD_CONFIG ]; then . $PFIXSRSD_CONFIG else exit 0 fi test -x $DAEMON || exit 0 case "$1" in start) echo -n "Starting Postfix SRS Daemon: $NAME" start-stop-daemon -S -q -b -p $PID_FILE -x $DAEMON -- -p $PID_FILE $OPTIONS $DOMAIN $SECRETS echo "." ;; stop) echo -n "Stopping Postfix SRS Daemon: $NAME" if [ -f $PID_FILE ]; then kill `cat $PID_FILE` rm $PID_FILE fi echo "." ;; restart) $0 stop $0 start ;; force-reload) $0 restart ;; *) echo "Usage: $0 start|stop|restart|force-reload" exit 1 ;; esac |
Enter addresses that you need to be excluded from SRS:
|
1 2 3 4 5 |
cat > /etc/postfix/pfix-no-srs.cf <<EOF webmaster@mydomain.com postmaster@mydomain.com EOF postmap /etc/postfix/pfix-no-srs.cf |
Add SRS settings to Postfix:
|
1 2 3 4 |
postconf -e 'recipient_canonical_maps = hash:/etc/postfix/pfix-no-srs.cf, tcp:127.0.0.1:10002' postconf -e 'recipient_canonical_classes = envelope_recipient' postconf -e 'sender_canonical_maps = hash:/etc/postfix/pfix-no-srs.cf, tcp:127.0.0.1:10001' postconf -e 'sender_canonical_classes = envelope_sender' |
Install pfix-srsd init script:
|
1 |
update-rc.d pfix-srsd defaults |
Apply new changes:
|
1 |
/etc/init.d/pfix-srsd restart && /etc/init.d/postfix reload |
Thanks a lot for your post! I think you should add
chmod +x /etc/init.d/pfix-srsdto make
service pfix-srsd start|stopwork~
Any idea how to set this up for multiple domains? I saw somewhere that you need to run multiple daemons and setup transport rules to route to the correct one. But I have no idea how to do that. Do you know?
Hi Josh, IIRC, all domains that Postfix accepts will be supported. Email addresses will be rewritten like
[email protected]. If you want for DOMAIN to vary, you’d probably have to do some advanced stuff, certainly involving multiple daemons, and probably involving some Postfix transport rules.any idea why this would be re-writing the
Return-Path:
but not
From: ?
Thanks
Hi Elijah,
SRS changes the envelope sender (the ‘mail from’ address when communicating with SMTP servers). This correlates to the ‘Return-Path’ header field in SMTP. The ‘From’ header field is defined in the data portion of the SMTP communication. I could explain the reasons why, but explains it better than I could. Also, changing the ‘From’ header field would cause replies to break, unless ‘Reply-To’ is set (and recognized by the MUA).
thanks for the reply Ameir.
Thanks so much for the detailed notes. They’re very well laid out and they got me very far along in the process of getting pfix-srsd running.
The part I had trouble with was the secrets file. When I created it I followed the directions, but as luck would have it I had two issues:
* Too much content (100 lines vs the 10 that seemed to be the max allowed)
* Invalid content (The equals sign was included at the end of each line and had to be removed)
Once I got that fixed and followed the rest of the directions I got pfix-srsd working (at least as far as I can tell).
I also went with a fork of the main repo as the author fixed the return code for applied necessary changes to work around a bug with the option to ignore external domains.
https://github.com/driskell/pfixtools/commit/832b85cb545373f32d3bdf97dc705b2e77313115
Thanks for the valuable info. I will look into this when I have a moment and update the article accordingly. Also, it looks like the fork has been pulled into the upstream, which is great; I’m glad to see the project moving forward.
Ameir,
You’re welcome!
I’m going through and researching now how to setup multiple daemons in order to serve different domains. I understand that one daemon can serve multiple domains, but as was mentioned it sounds like the Return-Path header would be rewritten to whatever domain the single instance of pfix-srsd is operating for. While certainly acceptable in many cases, I’d like to have each domain have their own Return-Path.
I’m researching the transport rules now. Fun!
Ameir,
I’ve not made any headway in setting up multiple transport rules for a pfix-srsd multi-instance setup, but I’m running into an issue with a single setup that I was hoping to get your help with. Thanks in advance for reading this.
Setup:
* One mail server handling one domain. We’ll call it example.com.
* Outside group sends an email to a virtual alias ([email protected])
* The envelope “from” part is rewritten to the SRS’d address
* The virtual alias is expanded and the new recipient is sent a copy of the email, but …
* The remote mail server rejects the email, sending it back to the SRS’d address
* My mail server receives it and instead of decoding it interacts with it “literally” and generates a non-delivery notification.
* I would expect that notification to go to the original sender (or at the very least back to the alias address)
* Instead, it happens to match a wildcard alias entry and the addresses assigned to the wildcard alias receive the non-delivery notification.
Is that how it is supposed to work?
I have only minor differences in the configuration I’m using vs what you have in your guide:
From the /etc/default/pfix-srsd conf file:
OPTIONS=”–ignore-outside –separator + –verbose –encoding 10003 –decoding 10004″
From /etc/postfix/main.cf:
recipient_canonical_maps =
# Combined list of email addresses to NOT rewrite
hash:/etc/postfix/pfix-no-srs.cf,
# SRS decoding daemon for example.org
tcp:127.0.0.1:10004,
recipient_canonical_classes = envelope_recipient
sender_canonical_maps =
# Combined list of email addresses to NOT rewrite
hash:/etc/postfix/pfix-no-srs.cf,
# SRS encoding daemon for example.org
tcp:127.0.0.1:10003,
The /etc/postfix/pfix-no-srs.cf file contains two entries, both for [email protected] and [email protected].
I know the second one isn’t used, but it did not seem to harm anything with having it there.
Lastly, I haven’t been able to find a really great definition of the “-I” or “–ignore-outside” options. The help file mentions:
‘do not touch mails outside of “domain” in decoding mode’
but does that refer to a situation like this where the outside domain sends something in and it is SRS’d into another address? If so, then my use of that option is why the decoding did not happen and I will want to disable that option.
If that is true, why _would_ you use the option?
Thanks in advance for your help, I really appreciate it.
Hi mate. I wanted to thank you for the howto. Really appreciate the effort! 🙂