In this thread christophe117 mentions that the postsrsd package now exists for Debian repos (mitigating the need for the more detailed build-and-configure guide here).
Both threads are closed, so this is to add step-by-step Ubuntu instructions and point out a difference between the packaged version and the built one (in case some one knows that it’s bad for some reason).
To install:
You will need SPF for the server name (as that will appear on the envelope that external servers check).
Example:
YOUR-SERVER.DOMAIN.COM. IN TXT "v=spf1 ip4:YOUR-SERVER-IP ~all"
You should backup /etc/postfix/main.cf before you start:
cp /etc/postfix/main.cf /etc/postfix/main.cf.pre-postsrsd
Then:
sudo apt update
sudo apt install postsrsd
sudo nano /etc/default/postsrsd
Set: SRS_DOMAIN=[whatever]
To be: SRS_DOMAIN=YOUR-SERVER.DOMAIN.COM
sudo systemctl restart postsrsd
sudo systemctl enable postsrsd
sudo postconf -e sender_canonical_maps=tcp:127.0.0.1:10001
sudo postconf -e sender_canonical_classes=envelope_sender
sudo postconf -e recipient_canonical_maps=tcp:127.0.0.1:10002
sudo postconf -e recipient_canonical_classes=envelope_recipient
sudo systemctl restart postfix
Verify postsrsd lookup works (gmailuser@gmail.com does not have to be real, you can just paste this):
postmap -q gmailuser@gmail.com tcp:127.0.0.1:10001
Expected result: SRS0=[some-hash]=gmail.com=gmailuser@[YOUR-SERVER.DOMAIN.COM]
Test SMTP forwarding. All mails*, including inbound and staying, forwarded, or originating on your server) should have a header like this:
Return-Path: SRS0=/Mbf=BE=[sender-from-domain]=[sender-from-before-the-ampersand]@YOUR-SERVER.DOMAIN.COM
Note that if you use telnet to test, after you do “data” you must have “From: some@email-address.com” or that hash line might turn up as the “From” address in outlook (not the “mail from” that you used).
Note also that prior to this the Return-Path would just have been the sender’s email address.
To revert (stays installed but Postfix doesn’t use it):
sudo postconf -X sender_canonical_maps
sudo postconf -X sender_canonical_classes
sudo postconf -X recipient_canonical_maps
sudo postconf -X recipient_canonical_classes
sudo systemctl restart postfix
Or:
sudo cp /etc/postfix/main.cf.pre-postsrsd /etc/postfix/main.cf
sudo systemctl restart postfix
To remove postsrsd completely:
sudo postconf -X sender_canonical_maps
sudo postconf -X sender_canonical_classes
sudo postconf -X recipient_canonical_maps
sudo postconf -X recipient_canonical_classes
sudo systemctl restart postfix
sudo systemctl stop postsrsd
sudo systemctl disable postsrsd
sudo apt remove postsrsd
sudo rm /etc/postsrsd.secret
sudo rm /etc/default/postsrsd
Notes:
* As I mentioned, all mails will have this Return-Path header rewritten, not just forwarded mails and not just outbound mails, even stuff from the outside landing in the user mailboxes who do not have forwards. It is my understanding that this is normal, a cosmetic difference, and only matters if you look at “Raw Source” or “All Header” etc. (If anyone knows otherwise, please let me know.)
You will also have logs like this for every piece of mail:
2026-03-06T08:16:02.194858-08:00 YOUR-SERVER postsrsd[4075437]: srs_forward: <SENDER-BEFORE-THE-AMPERSAND@SENDER-DOMAIN.COM> rewritten as <SRS0=cZmZ=BG=SENDER-DOMAIN.COM=SENDER-BEFORE-THE-AMPERSAND@YOUR-SERVER.YOUR-DOMAIN.COM>
2026-03-06T08:16:02.195542-08:00 YOUR-SERVER postsrsd[4075437]: srs_forward: <SRS0=cZmZ=BG=SENDER-DOMAIN.COM=SENDER-BEFORE-THE-AMPERSAND@YOUR-SERVER.YOUR-DOMAIN.COM> not rewritten: Valid SRS address for <SENDER-BEFORE-THE-AMPERSAND@SENDER-DOMAIN.COM>
This was not the design of the original make-it-from-scratch guide here. In that post Caelyn makes a cron job that gathers the domain names on your server every hour and writes that to a list and has an external postsrsd.conf file reference that list and exclude the rewrite for domains on that list.
It is my understanding that Caelyn’s version would not-rewrite the header for outbound mail originating on your server (only). Inbound mail in your user’s mailboxes would have that header rewritten the same.
The external domains file idea seems not to be available in the packaged version, at least in the version I have:
/usr/sbin/postsrsd -v
1.10
My version does have a “-X” flag to exclude a domain and it looks like if I uncomment:
#SRS_EXCLUDE_DOMAINS=.example.com,example.org
and make it like this:
SRS_EXCLUDE_DOMAINS=.domain1.com,domain2.com,domain3.com
In this file:
/etc/default/postsrsd
I get this -c /var/lib/postsrsd -X.domain1.com domain2.com domain3.com at the end of of my output from:
systemctl restart postsrsd
systemctl status postsrsd
(I don’t know what the leading “.” is for after the -X, but it is there in the commented line.)
So I assume that does the same thing.
It should thus be possible to script something similar to Caelyn’s to rewrite the line in that file and restart postsrsd on some kind of schedule (or maybe just tie it to System Settings > Virtualmin Configuration > Actions upon server and user creation > Command to run after making changes to a server). I am leery about having scripts edit actual config files though (a referenced list is one thing) and unless there turns out to be a legitimate reason to want this behavior, I am inclined to leave it be.
Ron
| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Ubuntu 24.04 |
| Virtualmin version | 8.0.1 |