Author: Marcelo Coelho (marcelo AT

qmail SRS patch

This is a SRS (Sender Rewriting Scheme) implementation for qmail using libsrs2.


Current version: qmail-srs-0.8.patch


Install instructions

  1. Download and install libsrs2 from
  2. Download qmail-srs-0.8.patch.
  3. Apply this patch:

    tar -xzf /path/to/qmail-1.03.tar.gz
    cd qmail-1.03
    patch -p1 < qmail-srs-0.8.patch

    And follow your qmail instalation (config, make, make setup check, ...)
  4. Configure some parameters in /var/qmail/control.

    Required parameters:

    echo srs.YOURDOMAIN > /var/qmail/control/srs_domain
    echo SECRET > /var/qmail/control/srs_secrets

    YOURDOMAIN: Replace with your domain name, e.g.
    SECRET: Replace with a random string

    Important! You MUST create a MX record for srs.YOURDOMAIN pointing to your server.

    Optional parameters:

    echo 7 > /var/qmail/control/srs_maxage
    echo 4 > /var/qmail/control/srs_hashlength
    echo 4 > /var/qmail/control/srs_hashmin
    echo = > /var/qmail/control/srs_separator
    echo 0 > /var/qmail/control/srs_alwaysrewrite

  5. Configure your SRS domain.

    echo srs.YOURDOMAIN >> /var/qmail/control/rcpthosts
    echo srs.YOURDOMAIN:srs >> /var/qmail/control/virtualdomains
    echo "| /var/qmail/bin/srsfilter" > /var/qmail/alias/.qmail-srs-default

    YOURDOMAIN: Replace with your domain name, e.g.

Configuration Parameters

Parameters in bold are required.

Parameter Description Example
srs_domain A domain to use in rewritten addresses. If not set, SRS is disabled.
srs_secrets A random string to generate and check SRS addresses. You can specify a list of secrets (one per line). The first secret in the list is used for generating new SRS addresses. All secrets on the list may be used to verify SRS addresses. foobar123
srs_maxage The maximum permitted age of a rewritten address. SRS rewritten addresses expire after a specified number of days. libsrs2 default is 21, but I believe that a week is enougth to get all bounces, so I recommend you to use 7. 7
srs_hashlength The hash length to generate in a rewritten address. The hash length is a measure of security in the SRS system; longer is more secure. 4
srs_hashmin The hash length to require when checking an address. If the hash length is increased, there may be SRS addresses from your MTA in the wild which use a shorter hash length. This parameter may be set to permit checking of hashes shorter than srs_hashlength. This parameter must be at most srs_hashlength. 4
srs_separator The separator to appear immediately after SRS[01] in rewritten addresses. This must be -, + or =. Default value is =. =
srs_alwaysrewrite Skip rcpthosts check and perform SRS rewriting for all forwarding, even when not required. This must be 0 (disabled) or 1 (enabled). Default value is 0 (disabled). 0

Environment Variables (qmail-inject only)

By default, this patch modifies qmail-inject to rewrite the envelope sender only if EXT and HOST variables are set.

You can change this behavior using the following environment variables:

More about SRS

This website is hosted by MCO2 - Hospedagem de sites