diff --git a/data/hooks/conf_regen/19-postfix b/data/hooks/conf_regen/19-postfix
index 3cb5cdf50..a3ad70327 100755
--- a/data/hooks/conf_regen/19-postfix
+++ b/data/hooks/conf_regen/19-postfix
@@ -10,15 +10,25 @@ do_pre_regen() {
   postfix_dir="${pending_dir}/etc/postfix"
   mkdir -p "$postfix_dir"
 
+  default_dir="${pending_dir}/etc/default/"
+  mkdir -p "$default_dir"
+
   # install plain conf files
   cp plain/* "$postfix_dir"
 
   # prepare main.cf conf file
   main_domain=$(cat /etc/yunohost/current_host)
+  domain_list=$(sudo yunohost domain list --output-as plain --quiet | tr '\n' ' ')
+
   cat main.cf \
     | sed "s/{{ main_domain }}/${main_domain}/g" \
     > "${postfix_dir}/main.cf"
 
+  cat postsrsd \
+    | sed "s/{{ main_domain }}/${main_domain}/g" \
+    | sed "s/{{ domain_list }}/${domain_list}/g" \
+    > "${default_dir}/postsrsd"
+
   # adapt it for IPv4-only hosts
   if [ ! -f /proc/net/if_inet6 ]; then
     sed -i \
@@ -34,7 +44,8 @@ do_post_regen() {
   regen_conf_files=$1
 
   [[ -z "$regen_conf_files" ]] \
-    || sudo service postfix restart
+    || { sudo service postfix restart && sudo service postsrsd restart; }
+
 }
 
 FORCE=${2:-0}
diff --git a/data/templates/postfix/main.cf b/data/templates/postfix/main.cf
index 2cb1d8d72..c38896a3f 100644
--- a/data/templates/postfix/main.cf
+++ b/data/templates/postfix/main.cf
@@ -137,8 +137,10 @@ smtpd_recipient_restrictions =
     permit
 
 # SRS
-sender_canonical_maps = regexp:/etc/postfix/sender_canonical
+sender_canonical_maps = tcp:localhost:10001
 sender_canonical_classes = envelope_sender
+recipient_canonical_maps = tcp:localhost:10002
+recipient_canonical_classes= envelope_recipient,header_recipient
 
 # Ignore some headers
 smtp_header_checks = regexp:/etc/postfix/header_checks
diff --git a/data/templates/postfix/postsrsd b/data/templates/postfix/postsrsd
new file mode 100644
index 000000000..56bfd091e
--- /dev/null
+++ b/data/templates/postfix/postsrsd
@@ -0,0 +1,43 @@
+# Default settings for postsrsd
+
+# Local domain name.
+# Addresses are rewritten to originate from this domain. The default value
+# is taken from `postconf -h mydomain` and probably okay.
+#
+SRS_DOMAIN={{ main_domain }}
+
+# Exclude additional domains.
+# You may list domains which shall not be subjected to address rewriting.
+# If a domain name starts with a dot, it matches all subdomains, but not
+# the domain itself. Separate multiple domains by space or comma.
+# We have to put some "dummy" stuff at start and end... see this comment :
+# https://github.com/roehling/postsrsd/issues/64#issuecomment-284003762
+SRS_EXCLUDE_DOMAINS=dummy {{ domain_list }} dummy
+
+# First separator character after SRS0 or SRS1.
+# Can be one of: -+=
+SRS_SEPARATOR==
+
+# Secret key to sign rewritten addresses.
+# When postsrsd is installed for the first time, a random secret is generated
+# and stored in /etc/postsrsd.secret. For most installations, that's just fine.
+#
+SRS_SECRET=/etc/postsrsd.secret
+
+# Local ports for TCP list.
+# These ports are used to bind the TCP list for postfix. If you change
+# these, you have to modify the postfix settings accordingly. The ports
+# are bound to the loopback interface, and should never be exposed on
+# the internet.
+#
+SRS_FORWARD_PORT=10001
+SRS_REVERSE_PORT=10002
+
+# Drop root privileges and run as another user after initialization.
+# This is highly recommended as postsrsd handles untrusted input.
+#
+RUN_AS=postsrsd
+
+# Jail daemon in chroot environment
+CHROOT=/var/lib/postsrsd
+
diff --git a/debian/control b/debian/control
index 256038598..3c74fea76 100644
--- a/debian/control
+++ b/debian/control
@@ -18,7 +18,7 @@ Depends: ${python:Depends}, ${misc:Depends}
  , ca-certificates, netcat-openbsd, iproute
  , mariadb-server, php-mysql | php-mysqlnd
  , slapd, ldap-utils, sudo-ldap, libnss-ldapd, unscd
- , postfix-ldap, postfix-policyd-spf-perl, postfix-pcre, procmail, mailutils
+ , postfix-ldap, postfix-policyd-spf-perl, postfix-pcre, procmail, mailutils, postsrsd
  , dovecot-ldap, dovecot-lmtpd, dovecot-managesieved
  , dovecot-antispam, fail2ban
  , nginx-extras (>=1.6.2), php-fpm, php-ldap, php-intl
diff --git a/src/yunohost/domain.py b/src/yunohost/domain.py
index 239539deb..560a6fda5 100644
--- a/src/yunohost/domain.py
+++ b/src/yunohost/domain.py
@@ -114,7 +114,7 @@ def domain_add(operation_logger, auth, domain, dyndns=False):
 
         # Don't regen these conf if we're still in postinstall
         if os.path.exists('/etc/yunohost/installed'):
-            service_regen_conf(names=['nginx', 'metronome', 'dnsmasq'])
+            service_regen_conf(names=['nginx', 'metronome', 'dnsmasq', 'postfix'])
             app_ssowatconf(auth)
 
     except Exception, e:
@@ -171,7 +171,7 @@ def domain_remove(operation_logger, auth, domain, force=False):
     else:
         raise MoulinetteError(errno.EIO, m18n.n('domain_deletion_failed'))
 
-    service_regen_conf(names=['nginx', 'metronome', 'dnsmasq'])
+    service_regen_conf(names=['nginx', 'metronome', 'dnsmasq', 'postfix'])
     app_ssowatconf(auth)
 
     hook_callback('post_domain_remove', args=[domain])