On 1/3/24 15:44, Bill Cole wrote:
Indeed: your solution is known as "SRS" (Sender Rewriting Scheme)
and it has multiple implementations. If you forward mail, you will
break SPF unless you fix the envelope sender so that it uses a
domainĀ that permits the example.org server to send for it.
OR, you could instead deliver to a POP mailbox locally and have
users fetch from there instead of simply forwarding mail to them.
This also avoids a completely distinct problem of places like GMail
deciding that your org's mail server is a spamming service because
it is forwarding spam. If users POP their mail instead of having it
forwarded via SMTP, that does not happen.
On 03.01.24 19:30, Thomas Cameron wrote:
Thanks for the advice on SRS - I have set it up and it's mostly
working. At least GMail accepts the emails, although it seems to be
failing DKIM and DMARC tests. I'm digging into what, if anything, can
be done to make PostSRSd fix this issue.
DKIM fails if the message is modified in your server (or, if DKIM failed
already when it came to it)
DMARC fails if neither DKIM nor SPF succeed, where DKIM signature or the SPF
record must be from the domain in From:
When you forward e-mail, SRS makes sure SPF record is from your domain, but
the DKIM signature must be made by sending server, so forwarded messages
without valid DKIM signature will not pass.
Many thanks for your help, it's genuinely appreciated!
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
