SRS – a beautiful technology which means you can forward your emails to Google

Background

Do you suffer from the problem that you want your emails forwarded to Google but they always end up in SPAM because of SPF Softfail issues? Even though SPF is set up perfectly? This article documents a Postfix solution called SRS. The caveat is it doesn’t work for all hosts, see note at end.

Prerequisites

A Postfix email server

It took me three years to properly solve this problem.

The solution is to use SRS

SRS rewrites the message envelope to make SPF pass.

To install SRS on Postfix is super easy. Here are the instructions:

mkdir /opt/postsrsd
cd /opt/postsrsd
apt -y install cmake
wget https://github.com/roehling/postsrsd/archive/master.zip
unzip master
cd postsrsd-master
make
make install
postconf -e "sender_canonical_maps = tcp:127.0.0.1:10001"
postconf -e "sender_canonical_classes = envelope_sender"
postconf -e "recipient_canonical_maps = tcp:127.0.0.1:10002"
postconf -e "recipient_canonical_classes = envelope_recipient"
systemctl enable postsrsd.service
service postsrsd restart
rm -r /opt/postsrsd

Here is an example of a re-write:

Dec 18 07:55:25 cp01 postfix/smtpd[3787117]: connect from mail-lf1-f51.google.com[209.85.167.51]
Dec 18 07:55:27 cp01 postfix/smtpd[3787117]: 1671BB22: client=mail-lf1-f51.google.com[209.85.167.51]
Dec 18 07:55:27 cp01 postsrsd[3787122]: srs_forward: <[email protected]> rewritten as <[email protected]>
Dec 18 07:55:27 cp01 postsrsd[3787122]: srs_forward: <[email protected]> not rewritten: Valid SRS address for <[email protected]>
Dec 18 07:55:27 cp01 postfix/cleanup[3787121]: 1671BB22: message-id=<[email protected]om>
Dec 18 07:55:27 cp01 postfix/qmgr[3666568]: 1671BB22: from=<[email protected]>, size=3041, nrcpt=1 (queue active)
Dec 18 07:55:27 cp01 postfix/smtpd[3787117]: disconnect from mail-lf1-f51.google.com[209.85.167.51] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
Dec 18 07:55:27 cp01 postfix/local[3787124]: 1671BB22: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.77, delays=0.05/0.01/0/0.71, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Dec 18 07:55:27 cp01 postsrsd[3787122]: srs_forward: <[email protected]> not rewritten: Valid SRS address for <[email protected]>
Dec 18 07:55:27 cp01 postfix/cleanup[3787121]: 21DA74D13: message-id=<[email protected]om>
Dec 18 07:55:27 cp01 postfix/local[3787124]: 1671BB22: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.79, delays=0.05/0.01/0/0.73, dsn=2.0.0, status=sent (forwarded as 21DA74D13)
Dec 18 07:55:27 cp01 postfix/qmgr[3666568]: 21DA74D13: from=<[email protected]>, size=3188, nrcpt=1 (queue active)
Dec 18 07:55:27 cp01 postfix/qmgr[3666568]: 1671BB22: removed
Dec 18 07:55:29 cp01 postfix/smtp[3787149]: connect to gmail-smtp-in.l.google.com[2a00:1450:400c:c0b::1a]:25: Network is unreachable
Dec 18 07:55:31 cp01 postfix/smtp[3787149]: 21DA74D13: to=<[email protected]>, orig_to=<[email protected]>, relay=gmail-smtp-in.l.google.com[64.233.184.27]:25, delay=4.2, delays=0.73/0.02/2.8/0.59, dsn=2.0.0, status=sent (250 2.0.0 OK 1639806931 k15si6912904wrc.161 - gsmtp)
Dec 18 07:55:31 cp01 postfix/qmgr[3666568]: 21DA74D13: removed

Caveat

Unfortunately this solution doesn’t work for all hosts. A notable exception is Afrihost, a South African based internet and hosting provider. Afrihost’s spam filter called Ucebox does not understand the rewrite and reports this:

<[email protected]>: host mx304857050.spe.ucebox.co.za[197.242.159.57] said:
    550 Sender (net) has no A, AAAA, or MX DNS records. (in reply to RCPT TO
    command)

Upon closer examination one can see this:

Dec 29 06:36:46 example postfix/qmgr[1770251]: 7847CBEAD3: from=<[email protected]>, size=398, nrcpt=1 (queue active)
Dec 29 06:36:46 example postfix/smtpd[1785566]: disconnect from localhost[127.0.0.1] helo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec 29 06:36:47 example postfix/smtp[1785573]: 7847CBEAD3: to=<[email protected]>, relay=mx304857050.spe.ucebox.co.za[197.242.159.25]:25, delay=0.81, delays=0.02/0.02/0.58/0.19, dsn=5.0.0, status=bounced (host mx304857050.spe.ucebox.co.za[197.242.159.25] said: 550 Sender (net) has no A, AAAA, or MX DNS records. (in reply to RCPT TO command))

As you can see Ucebox doesn’t understand the rewrite. So far our only solution is to turn off SRS but if we can find a way of just enabling it for @gmail. that would be a great start.

References

 

Share this article

Leave a Reply

Your email address will not be published.

Scroll to Top