Skip to content
Postfix SRS forwarding agent
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Release v1.1.1 Feb 22, 2019
Makefile Release v1.1.1 Feb 22, 2019 Fix spelling mistake in readme Feb 22, 2019


Postfix SRS forwarding agent.


Postforward is a mail forwarding utility which aims to compliment the Postfix Sender Rewriting Scheme daemon (PostSRSd).

The downside of using PostSRSd is that all mail is naively rewritten, even when no forwarding is actually performed. Such rewritten Return-Path addresses may confuse sieve scripts and other mail filtering software.

This is where Postforward comes in. Instead of rewriting all incoming mail regardless of final destination, mail systems may be configured to pipe mail into Postforward only when forwarding needs to happen, leaving non-forwarded mail unaltered by PostSRSd. Postforward will rewrite envelope addresses for piped mail using PostSRSd itself and re-inject these messages back into the queue, destined for the forwarding recipient(s).

Project status

This software is actively maintained but considered feature-complete. No changes or new features are planned except as required to fix any potential issues that may come up in the future.


I no longer provide pre-compiled binaries for small-time projects of mine so you will have to build from sources yourself. If you have an up-to-date Go toolchain installed on your system this is as simple as:

go get -d
cd ~/go/src/

This will create a binary called postforward which may be installed on the target server(s). Go applications are statically linked by default so no additional dependencies are needed.

The makefile also contains targets to build native packages for FreeBSD and Debian-based operating systems (make freebsd and make debian respectively). These require fpm to be installed.


Postforward relies on mail being delivered via stdin so this implies delivery using Postfix's local(8) or pipe(8) delivery agents. One such method may be achieved by configuring a pipe forward in /etc/aliases:

forwarder: "|/usr/local/bin/postforward"

(Note: when running PostSRSd on a different host or port, use the --srs-addr flag to set the correct address here.)

In, configure recipient_canonical_maps and recipient_canonical_classes as recommended by PostSRSd but do not set sender_canonical_maps or sender_canonical_classes.

Beware that Postforward expects to be called for a single recipient at a time (although it can forward to multiple recipients at once) so be sure to set transport_destination_recipient_limit to 1 when using it with the pipe(8) daemon. See also SINGLE-RECIPIENT DELIVERY.

The postfix local(8) delivery agent uses a highly sanitized environment for executed processes for security reasons. Depending on your operating system, the default $PATH setting may be too strict for postforward to locate the sendmail binary (Debian/Ubuntu are known to have this issue). If this is the case for you, a custom $PATH may be set by supplying the --path argument. For example: --path /usr/sbin:/sbin:/usr/bin:/bin

Note that in case of process errors, postfix bounces emails with the full process argument string in the DSN message which could leak internal information such as the forwarding address. This is default postfix behavior for the local and pipe delivery agents.

If this is undesirable, local_delivery_status_filter may be configured with a PCRE map such as the following to hide this information (omit the $2 in the final entry to also strip command output):

/^(2\S+ deliver(s|ed) to file).+/    $1
/^(2\S+ deliver(s|ed) to command).+/ $1
/^(\S+ Command died with status \d+):.*(\. Command output:.*)/ $1$2


Using Postforward introduces additional overhead caused by forking of processes which wouldn't happen with direct use of PostSRSd. Unless you are forwarding very large volumes of mail this extra overhead is likely negligible in relation to the total processing cost of a complete email transaction.

Postforward takes care not to buffer entire messages in memory and is therefore safe to use on very large emails. Only message headers are buffered in memory for processing, body content is streamed directly into sendmail.


Postforward is offered under the 2-Clause BSD license. See LICENSE.txt for the full license text.



You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.