Forward rejected by yahoo
Hi, I have the following problem if I forward an email received from yahoo to an other yahoo account the message is rejected. If I send a message from yahoo -> my server and forwarded to a google account the message is marked as spam, since is considered a spoofed. Can I fixed this adding some header? Thank you
Re: Forward rejected by yahoo
No. SPF is designed to be secure, eg you cannot add some header to bypass the authentication, then every phisher would add such a header. What you need to do, is to rewrite the FROM adress or encapsulate the email. Rewriting FROM adress can be as simple as rewriting yourn...@yahoo.com to yourn...@yourserver.tld , or even yourname.yahoo@yourserver.tld Then you host a own SPF record. The disadvantage of this method, is that it will not be possible to reply or answer on emails from your google account. You could however, since you know the domain and username, manually write the correct @yahoo.com adress in the “to” field when replying to a email. Another way, is to encapsulate the email in a new message/rfc822 container, where the outer container contains like From: forwar...@yourserver.tld To: somen...@gmail.com , Subject: Fwd: Original Subject And then the inner container contains: From: yourn...@yahoo.com To: yourn...@yourserver.tld Subject: Original Subject The advantage with this method is that you can reply to the email by replying to the inner container. This is how most email clients forward email, by encapsulating them. In most cases, a email client will either show a iframe showing the original content, a button to open the mail in a new window, or a attached file that can be opened to show the mail. Of course, its important that you do publish a own SPF record. And also, its a bad idea to forward spoofed email, since this could get your domain “blacklisted” at google, thus its a good idea to SPF and/or DKIM check any incoming email on your forwarder adress before forwarding them. From: Il Neofita Sent: Thursday, September 17, 2015 7:40 PM To: postfix-users@postfix.org Subject: Forward rejected by yahoo Hi, I have the following problem if I forward an email received from yahoo to an other yahoo account the message is rejected. If I send a message from yahoo -> my server and forwarded to a google account the message is marked as spam, since is considered a spoofed. Can I fixed this adding some header? Thank you smime.p7s Description: S/MIME Cryptographic Signature
Re: Forward rejected by yahoo
Thank you very much for the fast reply. I was looking on sieve or postfix and I do not find how I can do it. Since I believe that will be the best way to do it. Can you help me out? Thank you On Thu, Sep 17, 2015 at 1:51 PM, Sebastian Nielsen wrote: > No. > SPF is designed to be secure, eg you cannot add some header to bypass the > authentication, then every phisher would add such a header. > > What you need to do, is to rewrite the FROM adress or encapsulate the > email. > Rewriting FROM adress can be as simple as rewriting yourn...@yahoo.com to > yourn...@yourserver.tld , or even yourname.yahoo@yourserver.tld > Then you host a own SPF record. > The disadvantage of this method, is that it will not be possible to reply > or answer on emails from your google account. You could however, since you > know the domain and username, manually write the correct @yahoo.com > adress in the “to” field when replying to a email. > > Another way, is to encapsulate the email in a new message/rfc822 > container, where the outer container contains like From: > forwar...@yourserver.tld To: somen...@gmail.com , Subject: Fwd: Original > Subject > And then the inner container contains: > From: yourn...@yahoo.com > To: yourn...@yourserver.tld > Subject: Original Subject > > The advantage with this method is that you can reply to the email by > replying to the inner container. This is how most email clients forward > email, by encapsulating them. > In most cases, a email client will either show a iframe showing the > original content, a button to open the mail in a new window, or a attached > file that can be opened to show the mail. > > Of course, its important that you do publish a own SPF record. > And also, its a bad idea to forward spoofed email, since this could get > your domain “blacklisted” at google, thus its a good idea to SPF and/or > DKIM check any incoming email on your forwarder adress before forwarding > them. > > *From:* Il Neofita > *Sent:* Thursday, September 17, 2015 7:40 PM > *To:* postfix-users@postfix.org > *Subject:* Forward rejected by yahoo > > Hi, > I have the following problem if I forward an email received from yahoo to > an other yahoo account the message is rejected. > If I send a message from yahoo -> my server and forwarded to a google > account the message is marked as spam, since is considered a spoofed. > > Can I fixed this adding some header? > > Thank you >
Re: Forward rejected by yahoo
The best thing here is to set up a header filter that replaces first From: header with your adress, and first To: header with the destination gmail adress. To prevent that any spam blacklisted adresses appear, discard every to: and cc: header after this. Then you ensure the MAIL FROM in the SMTP communication with gmail, states your adress and not Yahoo’s. Add a SPF record to your domain, and then you are done. If you want to go the encapsulation way, it gets a little bit more complicated, and you need some sort of milter or post-processing filter to encapsulate the email. From: Il Neofita Sent: Thursday, September 17, 2015 8:12 PM To: Sebastian Nielsen Cc: postfix-users@postfix.org Subject: Re: Forward rejected by yahoo Thank you very much for the fast reply. I was looking on sieve or postfix and I do not find how I can do it. Since I believe that will be the best way to do it. Can you help me out? Thank you On Thu, Sep 17, 2015 at 1:51 PM, Sebastian Nielsen wrote: No. SPF is designed to be secure, eg you cannot add some header to bypass the authentication, then every phisher would add such a header. What you need to do, is to rewrite the FROM adress or encapsulate the email. Rewriting FROM adress can be as simple as rewriting yourn...@yahoo.com to yourn...@yourserver.tld , or even yourname.yahoo@yourserver.tld Then you host a own SPF record. The disadvantage of this method, is that it will not be possible to reply or answer on emails from your google account. You could however, since you know the domain and username, manually write the correct @yahoo.com adress in the “to” field when replying to a email. Another way, is to encapsulate the email in a new message/rfc822 container, where the outer container contains like From: forwar...@yourserver.tld To: somen...@gmail.com , Subject: Fwd: Original Subject And then the inner container contains: From: yourn...@yahoo.com To: yourn...@yourserver.tld Subject: Original Subject The advantage with this method is that you can reply to the email by replying to the inner container. This is how most email clients forward email, by encapsulating them. In most cases, a email client will either show a iframe showing the original content, a button to open the mail in a new window, or a attached file that can be opened to show the mail. Of course, its important that you do publish a own SPF record. And also, its a bad idea to forward spoofed email, since this could get your domain “blacklisted” at google, thus its a good idea to SPF and/or DKIM check any incoming email on your forwarder adress before forwarding them. From: Il Neofita Sent: Thursday, September 17, 2015 7:40 PM To: postfix-users@postfix.org Subject: Forward rejected by yahoo Hi, I have the following problem if I forward an email received from yahoo to an other yahoo account the message is rejected. If I send a message from yahoo -> my server and forwarded to a google account the message is marked as spam, since is considered a spoofed. Can I fixed this adding some header? Thank you smime.p7s Description: S/MIME Cryptographic Signature
Re: Forward rejected by yahoo
Thank you very much for the answer. If I modified the headers the user it will not understand why it cannot reply direct to the email. I find strange that sieve do not have an option to encapsulate the email. I will try to modify the headers in order to do some test. Thank you very much to your fast and clear response. On Thu, Sep 17, 2015 at 2:18 PM, Sebastian Nielsen wrote: > The best thing here is to set up a header filter that replaces first From: > header with your adress, and first To: header with the destination gmail > adress. > To prevent that any spam blacklisted adresses appear, discard every to: > and cc: header after this. > Then you ensure the MAIL FROM in the SMTP communication with gmail, states > your adress and not Yahoo’s. Add a SPF record to your domain, and then you > are done. > > If you want to go the encapsulation way, it gets a little bit more > complicated, and you need some sort of milter or post-processing filter to > encapsulate the email. > > *From:* Il Neofita > *Sent:* Thursday, September 17, 2015 8:12 PM > *To:* Sebastian Nielsen > *Cc:* postfix-users@postfix.org > *Subject:* Re: Forward rejected by yahoo > > Thank you very much for the fast reply. > I was looking on sieve or postfix and I do not find how I can do it. > Since I believe that will be the best way to do it. > Can you help me out? > > Thank you > > > On Thu, Sep 17, 2015 at 1:51 PM, Sebastian Nielsen > wrote: > >> No. >> SPF is designed to be secure, eg you cannot add some header to bypass the >> authentication, then every phisher would add such a header. >> >> What you need to do, is to rewrite the FROM adress or encapsulate the >> email. >> Rewriting FROM adress can be as simple as rewriting yourn...@yahoo.com >> to yourn...@yourserver.tld , or even yourname.yahoo@yourserver.tld >> Then you host a own SPF record. >> The disadvantage of this method, is that it will not be possible to reply >> or answer on emails from your google account. You could however, since you >> know the domain and username, manually write the correct @yahoo.com >> adress in the “to” field when replying to a email. >> >> Another way, is to encapsulate the email in a new message/rfc822 >> container, where the outer container contains like From: >> forwar...@yourserver.tld To: somen...@gmail.com , Subject: Fwd: Original >> Subject >> And then the inner container contains: >> From: yourn...@yahoo.com >> To: yourn...@yourserver.tld >> Subject: Original Subject >> >> The advantage with this method is that you can reply to the email by >> replying to the inner container. This is how most email clients forward >> email, by encapsulating them. >> In most cases, a email client will either show a iframe showing the >> original content, a button to open the mail in a new window, or a attached >> file that can be opened to show the mail. >> >> Of course, its important that you do publish a own SPF record. >> And also, its a bad idea to forward spoofed email, since this could get >> your domain “blacklisted” at google, thus its a good idea to SPF and/or >> DKIM check any incoming email on your forwarder adress before forwarding >> them. >> >> *From:* Il Neofita >> *Sent:* Thursday, September 17, 2015 7:40 PM >> *To:* postfix-users@postfix.org >> *Subject:* Forward rejected by yahoo >> >> Hi, >> I have the following problem if I forward an email received from yahoo to >> an other yahoo account the message is rejected. >> If I send a message from yahoo -> my server and forwarded to a google >> account the message is marked as spam, since is considered a spoofed. >> >> Can I fixed this adding some header? >> >> Thank you >> > >
Trouble with ORCPT variable IN RCPT TO command
Hi, Last weekend one of our service provider for our application upgraded there email server (Apache JAMES). And now, there telling us that the ORCPT variable is not supported. or mail bounces with this error: Sep 15 00:35:40 devsys-prod-com-mta01 postfix/smtp[23429]: D01B34127C: to=u...@provider.com, relay=10.254.254.10[10.254.254.10]:25, conn_use=11, delay=43, delays=40/3.5/0.11/0.08, dsn=5.0.0, status=bounced (host 10.254.254.10[10.254.254.10] said: 504 Unrecognized or unsupported option: ORCPT (in reply to RCPT TO command)) (10.254.254.10 is there internal mail server and we use a VPN to send directly, there email server is not available on direct internet links) I telneted to there server and tried to send commands and sure enough, it rejected the RCPT TO where there was a ORCPT variable here is what I did: MAIL FROM: RET=HDRS ENVID=QQ314159 250 2.1.0 Sender OK RCPT TO: NOTIFY=SUCCESS,DELAY ORCPT=rfc822;u...@email.com <--- this doesn’t work 504 Unrecognized or unsupported option: ORCPT RCPT TO:<> NOTIFY=SUCCESS,DELAY <--- this worked without the ORCPT. 250 2.1.5 Recipient <> OK I also tried to send a test email with postfix’s ‘sendmail’ command and got the same error in the log file. My question is, Can i strip that variable before relaying the mail to the provider’s server ? Thank you for any help on this. Jeff C. Jean-Francois Couture Administrateur Système Devsys 6775, boul. Henri-Bourassa Québec (Québec) G1H 3C6 Téléphone : (418) 977-4882 Télécopieur: (418) 977-4883 jfcout...@devsys-inf2001.com
Re: Trouble with ORCPT variable IN RCPT TO command
Jean-Francois Couture: > Last weekend one of our service provider for our application > upgraded there email server (Apache JAMES). And now, there telling > us that the ORCPT variable is not supported. SMTP servers that announce DSN support and reject ORCPT are BROKEN. You can configure Postfix to pretend that a server does not support DSN. See: http://www.postfix.org/postcon5.5/html#smtp_discard_ehlo_keyword_address_maps http://www.postfix.org/postcon5.5/html#smtp_discard_ehlo_keywords Wietse
Re: Forward rejected by yahoo
Sebastian Nielsen skrev den 2015-09-17 19:51: Then you host a own SPF record. no no no no and no SPF is not From: body header do you think about SenderID ? sid-milter test both, SenderID is depricated with a replacement of DKIM
Re: Forward rejected by yahoo
You have to setup SRS when forwarding. On 2015/9/18 星期五 1:40, Il Neofita wrote: Hi, I have the following problem if I forward an email received from yahoo to an other yahoo account the message is rejected. If I send a message from yahoo -> my server and forwarded to a google account the message is marked as spam, since is considered a spoofed. Can I fixed this adding some header? Thank you -- B. Regards, Ken Peng - k...@cloud-china.org
Initial test of postfix 3.0.2
I have a brand new installation, from source, of Postfix 3.0.2 on Debian 7, 64-bit. I successfully did the initial local tests for postfix as described in "The Book of Postfix." (Note that I have virtual servers but have not yet configured postfix for handling them.) Then I made my first test for outbound mail to my personal gmail address and the mail.info file shows this: Sep 18 01:57:18 dedi2 postfix/smtpd[3154]: connect from mail-am1hn0254.outbound.protection.outlook.com[157.56.112.254] Sep 18 01:57:19 dedi2 postfix/smtpd[3154]: NOQUEUE: reject: RCPT from mail-am1hn0254.outbound.protection.outlook.com[157.56.112.254]: 454 4.7.1 : Relay access denied; from= to= proto=ESMTP helo= Sep 18 01:57:19 dedi2 postfix/smtpd[3154]: NOQUEUE: reject: RCPT from mail-am1hn0254.outbound.protection.outlook.com[157.56.112.254]: 454 4.7.1 : Relay access denied; from= to= proto=ESMTP helo= Sep 18 01:57:19 dedi2 postfix/smtpd[3154]: disconnect from mail-am1hn0254.outbound.protection.outlook.com[157.56.112.254] ehlo=1 mail=1 rcpt=0/2 quit=1 commands=3/5 And I have received no mail at my gmail address. Looking at the messages above I note that the address is at one of my virtual hosts but I have no user by that name (and the IP address 157.56.112.254 is not known to me. I have set up my DNS records according to advice from this mailing list. I will read more in the book tonight but hope someone can point me in the right direction while I continue to study the problem. Thanks. Best regards, -Tom
Re: Forward rejected by yahoo
If the domain has strict identity alignment set up, then From: body must match MAIL FROM, which must match the SPF record. Thats why you need to replace or encapsulate the From: aswell, incase the sender domain has strict identity aligment set up. -Ursprungligt meddelande- From: Benny Pedersen Sent: Thursday, September 17, 2015 11:26 PM To: postfix-users@postfix.org Subject: Re: Forward rejected by yahoo Sebastian Nielsen skrev den 2015-09-17 19:51: Then you host a own SPF record. no no no no and no SPF is not From: body header do you think about SenderID ? sid-milter test both, SenderID is depricated with a replacement of DKIM smime.p7s Description: S/MIME Cryptographic Signature
Re: Initial test of postfix 3.0.2
On 9/17/2015 9:17 PM, Tom Browder wrote: > I have a brand new installation, from source, of Postfix 3.0.2 on > Debian 7, 64-bit. I successfully did the initial local tests for > postfix as described in "The Book of Postfix." Please note the book is now rather dated. While the examples and general concepts are still valuable, lots of things have changed since then. The official up-to-date documentation is supplied with the source code, and also available on the postfix web page http://www.postfix.org/documentation.html At a minimum, you should review the various RELEASE_NOTES to see what has changed since the book was published. > (Note that I have > virtual servers but have not yet configured postfix for handling > them.) Then I made my first test for outbound mail to my personal > gmail address and the mail.info file shows this: > > Sep 18 01:57:18 dedi2 postfix/smtpd[3154]: connect from > mail-am1hn0254.outbound.protection.outlook.com[157.56.112.254] This is the smtpd process, which handles incoming mail. Someone who uses Microsoft services is trying to send mail to your server. > Sep 18 01:57:19 dedi2 postfix/smtpd[3154]: NOQUEUE: reject: RCPT from > mail-am1hn0254.outbound.protection.outlook.com[157.56.112.254]: 454 > 4.7.1 : Relay access denied; "Relay access denied" means that postfix is not configured to receive mail for the mygnus.com domain, and the recipient is rejected. http://www.postfix.org/BASIC_CONFIGURATION_README.html#mydestination http://www.postfix.org/VIRTUAL_README.html#canonical http://www.postfix.org/ADDRESS_CLASS_README.html http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions > from= to= proto=ESMTP > helo= more details from the rejection. > Sep 18 01:57:19 dedi2 postfix/smtpd[3154]: NOQUEUE: reject: RCPT from > mail-am1hn0254.outbound.protection.outlook.com[157.56.112.254]: 454 > 4.7.1 : Relay access denied; > from= to= proto=ESMTP > helo= A second rejected recipient... > Sep 18 01:57:19 dedi2 postfix/smtpd[3154]: disconnect from > mail-am1hn0254.outbound.protection.outlook.com[157.56.112.254] ehlo=1 > mail=1 rcpt=0/2 quit=1 commands=3/5 ... and the outlook.com client disconnects. Note these are 4xx deferrals, not 5xx rejects, so the sending client will likely retry delivery periodically over the next several days. > > And I have received no mail at my gmail address. The above logging shows attempts to receive mail. No logging here about sending mail. > > Looking at the messages above I note that the address > is at one of my virtual hosts but I have no user > by that name (and the IP address 157.56.112.254 is not known to me. > > I have set up my DNS records according to advice from this mailing list. > > I will read more in the book tonight but hope someone can point me in > the right direction while I continue to study the problem. Basic debugging info: http://www.postfix.org/DEBUG_README.html And to get help from this list: http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones
Re: Initial test of postfix 3.0.2 [SOLVED}
On Thu, Sep 17, 2015 at 9:17 PM, Tom Browder wrote: > I have a brand new installation, from source, of Postfix 3.0.2 on > Debian 7, 64-bit. I successfully did the initial local tests for > postfix as described in "The Book of Postfix." (Note that I have > virtual servers but have not yet configured postfix for handling > them.) Then I made my first test for outbound mail to my personal > gmail address and the mail.info file shows this: ... Duh, my mistake, I was using the wrong outgoing address--all worked fine with the correct address.. Sorry for the wasted bandwidth. Best, -Tom
