Pat Suwalski: > Hello, > > I'm looked in every corner of the internet for a solution to this > seemingly simple problem I'm having. > > Last week, I started signing mail with opendkim, and hope to have DMARC > fully implemented for all of my domains. > > I host dozens of domains, and send all of their mail through a single > outward-facing postfix server (we'll call it mymailserver.com). > > At this point, everything works with DKIM, but DMARC fails because > Postfix's "MAIL FROM" envelope does not match the domain name from the > numerous hosted domains. I believe "MAIL FROM" uses the $mydomain, which > in this case is "mymailserver.com".
The solution is to require that the hosted domains provide the correct envelope sender address. With submissions that use the Postfix sendmail command, that's done with the "-f" command-line option. In the case of (ugh) PHP, see "http://php.net/manual/en/function.mail.php";, the discussion of 'additional_parameters' and example #3. > Is there a simple directive to give Postfix so that it always passes > "MAIL FROM" matching the "From" for trusted hosts? It is up to the sender to provide a correct envelope and content. Wietse
