Hi Viktor, > On Oct 16, 2017, at 10:40 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: > >> 1. When using Postfix and virtual domain hosting in this fashion, is >> there any way to pass SPF when mail from a sending account is forwarded >> to another host (ie: Gmail) ? > > This requires SRS, and fairly effective anti-spam filters. Much > simpler to not support forwarding.
I did a quick search on Wikipedia and found the SRS article [1] which is fairly detailed - I will read through this over the next few days. Thanks for the tip about effective anti-spam filters. >> 2. Do I need to be concerned with a SPF SOFTFAIL from GMail when the same >> message generates a pass for DKIM (I have OpenDKIM configured and running >> correctly), and DMARC ? In this case, does a SPF SOFTAIL but a DKIM and >> DMARC pass mean that SPF is always discounted and the mail won�t be >> quarantined ? > > When the sending domain has both SPF and DKIM, you may be fine, as > Google should be able to figure out that the message is a real > hotmail message relayed through your system. However, much depends > on the details of the upstream DKIM signature and how it is processed > by Gmail. In the diagnostic messages in the message source, it appears that Google is doing that - determining that Hotmail is a valid source. It still SOFTFAILS SPF but scores DKIM OK and thus concludes DMARC is ok. Thanks, - J Sources: [1] https://en.m.wikipedia.org/wiki/Sender_Rewriting_Scheme