John Stoffel via Postfix-users:
> >>>>> "Wietse" == Wietse Venema via Postfix-users <postfix-users@postfix.org>
> >>>>> writes:
>
> > John Stoffel:
> >> >>>>> "Wietse" == Wietse Venema via Postfix-users
> >> >>>>> <postfix-users@postfix.org> writes:
> >>
> >> > Postfix lists are run by Mailman3, configured to replace the From:
> >> > addres with the list address; Mailman3 then unconditionally adds
> >> > the original From: addres to Reply-to:. This is standard Mailman
> >> > damage control for DMARC.
> >>
> >> Is there any simple way to do this for a regular postfix setup where I
> >> need to forward some emails to a gmail.com or other account?
>
> > It may be possible with a Milter in the mail receiving path. Sort-of
> > the opposite of what I described for undoig DMARC.
>
> > Otherwise, 'forward as an attachment' is a common mail reader
> > feature.
>
> Sorry, I wasn't clear in my ask. I have some virtual user emails
> which I simply forward off to their @gmail.com accounts. And they're
> starting to bounce a bit more.
>
> Been working to get DKIM on my side working, but something is broken
> there and I need to spend some time tracking down the issue.
>
> main.cf:
>
> virtual_alias_maps = hash:/etc/postfix/virtual-alias-maps
>
> virtual-alias-maps:
>
> f...@stoffel.org: b...@gmail.com
>
>
> I'd like to re-write emails to @gmail.com to update the header. But
> maybe first I need to get DKIM working properly.
So you want to forward some messages with DMARC mitigation (From:
header address in your domain, which address would that be?), with
a new envelope address in your domain (same as From: header?), with
a new DKIM signature on behalf of your domain, and blessed by your
SPF policy.
That may be possible with a 'null' SMTP-based content filter (a
Postfix SMTP client thath connects directly to a Postfix SMTP server)
and one or more after-filter Milters that implement the DMARC header
mitugation, SPF sender envelope mitigation, and that sign with DKIM.
Untested example:
main.cf:
virtual_alias_maps = hash:/etc/postfix/virtual-alias-maps
transport_maps = hash:/etc/postfix/transports
virtual-alias-maps:
f...@stoffel.org: b...@gmail.com
transports:
gmail.com: dmarc-mitigation:
master.cf:
# SMTP service after a null filter.
dmarc-mitigation unix - - - - - smtpd
# Milters that implement DMARC and SPF mitigation, and sign with DKIM
-o { smtpd_milters = inet:127.0.0.1:10028 ... }
# Override transport_maps and other routing
-o {content_filter = smtp: }
# Override main.cf address mapping and header/body_checks
-o { receive_override_options = no_address_mappings,
no_header_body_checks }
# Override main.cf smtpd_mumble_restrictions
-o { smtpd_client_restrictions = }
-o { smtpd_helo_restrictions = }
-o { smtpd_sender_restrictions = }
-o { smtpd_recipient_restrictions = permit_mynetworks reject }
-o { smtpd_relay_restrictions = }
-o { smtpd_data_restrictions = }
-o { smtpd_end_of_data_restrictions = }
# Override other smtpd_xxx main.cf settings below.
An alternative would be to deliver email for gmail.com etc. to a
program (new code) that generates a new message with the original
as an attachment. Then, you can reuse the DKIM signing code that
already exists for local submissions.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
