On Thu, 23 Jun 2022 20:13:10 -0400
Viktor Dukhovni <[email protected]> wrote:
> On Thu, Jun 23, 2022 at 02:43:02PM -0700, Derek B. Noonburg wrote:
>
> > I'm running postfix to handle email for several users. One of them
> > has a .forward file that points to a gmail address. Gmail's servers
> > are rejecting some email for various causes ("low reputation of
> > sending domain", SPF failures).
> >
> > The problem is that postfix then bounces the email back to the
> > (likely forged) sender, which means my server is sending
> > backscatter.
> >
> > What I'd like to do is silently drop any email that's rejected by
> > the target of a .forward file. Is there some way to configure
> > postfix to do that? Or some better way of handling this problem?
>
> If you can convince the user to surrender the alias management to you,
> then you instead configure:
>
>
> owner-user: user
> user: [email protected]
>
> And presto magic, email to gmail will be forwarded with an envelope
> sender address that no longer fails SPF checks. DKIM should continue
> to work, because the message content will not be modified in transit.
Can you elaborate a little bit on exactly what this does? From
aliases(5): "when an alias exists for owner-name, this will override
the envelope sender address, so that delivery diagnostics are directed
to owner-name". If I understand correctly, the current situation is
that email received for "user" is forwarded to "[email protected]"
with the original envelope sender. And with this change, it's still
forwarded to gmail, but with the envelope sender set to
"user@mydomain". Do I have that right?
That would fix gmail's SPF rejections, but probably not the other
rejections. Or wait -- is gmail rejecting based solely on the envelope
sender address?
Will this work in conjunction with the virtual alias table? I.e., if I
have virtual aliases like this:
[email protected] user
[email protected] user
then the owner-user / user aliases are processed after the virtual
alias, yes?
I think the big problem here (as Bob Proulx pointed out) is that the
forwarded mail is spam. For my own email, I do spam filtering on a
different machine (i.e., after postfix has delivered it). I'm handling
email for a few friends, one of whom is effectively using gmail to do
spam filtering. I think the real fix is going to be to stop forwarding
email like this, and completely change the way email is processed for
this user.
- Derek
