There is two options here, except for disabling forwarding altogether and require gmail owners to fetch instead:
Either, you replace the MAIL FROM and the "From:" altogheter with a mail adress on your system. It could be something like someuser@somedomain.invalid is rewritten to someuser.somedomain.inva...@example.org where "example.org" is the domain your server is authorative for. This is however incompatible with RFC. But it will atleast solve any SPF problems since the SPF will be validated against your domain. Remember to set up a own SPF record AND also check SPF on incoming mails.
Or you encapsulate the old mail in a new message/rfc822-container. This is the RFC way to do it. When you encapsulate, embed the original mail in a new message/rfc822 container, Containing the following headers: From: forwar...@example.org (This is a mail adress on your system, preferable the email adress the mail was originally sent to)
To: [target gmail adress mail is forwarded to] Subject: Fwd: [Original Subject] Content-Type: message/rfc822; boundary=xyz(This is how a mail client forwards a email when you ask the mail client to forward the original email as-is) In gmail, they will get the inner container as a .eml attachment inside the gmail web viewer, that can be opened to read the mail inside with "Cloud EML Viewer", or viewed locally on computer with their local email application. Some mail clients will show the inner container like a iframe, some email clients will show a button that will "expand" or "open" the inner container.
-----Ursprungligt meddelande----- From: Alex
Sent: Sunday, July 26, 2015 3:04 AM
To: postfix users list
Subject: SPF and forwarding
Hi,
I have a postfix-2.10.5 server on fedora, and have several users that
forward their mail through to gmail. This is apparently enough to
break SPF and make gmail think I'm the originator of the email,
instead of the actual sender. Consequently, gmail considers it spam
and moves it to a spam folder.
Is there anything I can do, including somehow rewriting the email, to
get gmail (and others, for that matter) to accept these forwarded
emails without considering them spam?
Can they be rewritten using our SPF information, somehow?
I've included the header (modified user/IP addresses) in case it's helpful.
Delivered-To: origu...@gmail.com
Received: by 10.13.203.214 with SMTP id n205csp587551ywd;
Sat, 25 Jul 2015 06:39:29 -0700 (PDT)
X-Received: by 10.55.25.131 with SMTP id 3mr28553330qkz.85.1437831569919;
Sat, 25 Jul 2015 06:39:29 -0700 (PDT)
Return-Path: <earl.ma...@example1.com>
Received: from orion.example.com (orion.example.com. [68.111.111.42])
by mx.google.com with ESMTPS id
f79si14214872qki.10.2015.07.25.06.39.29
for <exam...@gmail.com>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Sat, 25 Jul 2015 06:39:29 -0700 (PDT)
Received-SPF: neutral (google.com: 68.111.111.42 is neither permitted
nor denied by best guess record for domain of earl.ma...@example1.com)
client-ip=68.111.111.42;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 68.111.111.42 is neither permitted nor
denied by best guess record for domain of earl.ma...@example1.com)
smtp.mail=earl.ma...@example.com
Received: by orion.example.com (Postfix)
id 4DC19A60368; Sat, 25 Jul 2015 09:39:29 -0400 (EDT)
Delivered-To: supp...@example.com
Received: from localhost (localhost [127.0.0.1])
by juggernaut.example.com (Postfix) with ESMTP id CB94A181A9E
for <supp...@example.com>; Sat, 25 Jul 2015 09:39:28 -0400 (EDT)
X-ActualMessageSizeBytes: 41474
X-ActualMessageSize:
X-Virus-Scanned: amavisd-new at example.com
X-Spam-Flag: NO
X-Spam-Score: -0.399
X-Spam-Level:
X-Spam-Status: No, score=-0.399 tagged_above=-200 required=5
tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, LOC_CDIS_INLINE=0.1,
LOC_IMGSPAM=0.1, RDNS_NONE=0.8, RELAYCOUNTRY_LOW=0.5]
autolearn=no autolearn_force=no
Received: from relay.example1.com (relay2.example1.com [206.111.111.44])
(using TLSv1 with cipher AES128-SHA (128/128 bits))
(No client certificate requested)
by juggernaut.example.com (Postfix) with ESMTPS id 71AC0180271
for <supp...@example.com>; Sat, 25 Jul 2015 09:39:21 -0400 (EDT)
Received: from HQXCHA402.example1.com ([fe80::e4d8:XXXX:53e5:e9d2]) by
HQXCHA401.example.com ([fe80::7199:XXXX:b314:a497%25]) with mapi id
14.03.0224.002; Sat, 25 Jul 2015 06:39:19 -0700
From: Operations <o...@example1.com>
To: Support <supp...@example.com>
CC: Operations <o...@example1.com>
Subject: User List Request
Thread-Index: AdDG30D3+GNpY2bR+6PMmxGK/70Bw==
Sender: "Marsh, Earl" <earl.ma...@example1.com>
Date: Sat, 25 Jul 2015 13:39:19 +0000
Message-ID: <68fcc58030b4164e802bb27ff159fe0535e6b...@hqxcha402.example.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [172.28.53.207]
Content-Type: multipart/related;
boundary="_010_68FCC58030B4164E802BB27FF159FE0535E6B731HQXCHA402bes_";
type="multipart/alternative"
MIME-Version: 1.0
Any ideas greatly appreciated.
Thanks,
Alex
smime.p7s
Description: S/MIME Cryptographic Signature
