On 1/3/24 15:44, Bill Cole wrote:
Indeed: your solution is known as "SRS" (Sender Rewriting Scheme) and it has multiple implementations. If you forward mail, you will break SPF unless you fix the envelope sender so that it uses a domainĀ  that permits the example.org server to send for it.

OR, you could instead deliver to a POP mailbox locally and have users fetch from there instead of simply forwarding mail to them. This also avoids a completely distinct problem of places like GMail deciding that your org's mail server is a spamming service because it is forwarding spam. If users POP their mail instead of having it forwarded via SMTP, that does not happen.

On 03.01.24 19:30, Thomas Cameron wrote:
Thanks for the advice on SRS - I have set it up and it's mostly working. At least GMail accepts the emails, although it seems to be failing DKIM and DMARC tests. I'm digging into what, if anything, can be done to make PostSRSd fix this issue.

DKIM fails if the message is modified in your server (or, if DKIM failed already when it came to it)

DMARC fails if neither DKIM nor SPF succeed, where DKIM signature or the SPF record must be from the domain in From:

When you forward e-mail, SRS makes sure SPF record is from your domain, but the DKIM signature must be made by sending server, so forwarded messages without valid DKIM signature will not pass.

Many thanks for your help, it's genuinely appreciated!

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.

Reply via email to