I solved this particular problem (forwarding third-party email to google) using "postsrsd" https://github.com/roehling/postsrsd. SRS (Sender Rewriting Scheme) rewrites the envelope sender address so that it appears to be from your domain (allowing SPF to work). This is the scheme used by forwarders like pobox.com (which is how I learned about it :)
It has drawbacks - for example, it rewrites all email (even messages that are already from your domain). You might be able to configure around it ; I run it on a dedicated VPS so I didn't have to investigate that part. -- Harald On 16 October 2017 at 22:05, J Doe <gene...@nativemethods.com> wrote: > Hi, > > I have two questions regarding using SPF when I am using Postfix with > virtual domain hosting. > > I currently have an SPF record in my DNS: > > example.com TXT “v=spf1 ip4:1.2.3.4/32 ip6:1:2:3::4/128 ?all” > > I virtually host a domain (in this example case, example.com), that is > set to forward mail to recipients on Gmail. As an example case, if I send > an e-mail from a Hotmail account to an address on my server it then > forwards that mail to the user’s GMail e-mail address. > > Path: u...@hotmail.com — > example.com (virtual domain) — > > u...@gmail.com > > When examining the e-mail details on GMail, I receive a “SOFTFAIL” for > either the IPv4 or IPv6 of my server. Farther down in the mail I see: > > (google.com: domain of transitioning u...@hotmail.com does not designate > 1:2:3::4 as permitted sender) > > Testing mail that actually originates from the server (not forwarded > through virtual hosting), with the “mail” program shows a PASS of SPF on > GMail. > > My questions are: > > 1. When using Postfix and virtual domain hosting in this fashion, is > there any way to pass SPF when mail from a sending account is forwarded to > another host (ie: Gmail) ? > > 2. Do I need to be concerned with a SPF SOFTFAIL from GMail when the same > message generates a pass for DKIM (I have OpenDKIM configured and running > correctly), and DMARC ? In this case, does a SPF SOFTAIL but a DKIM and > DMARC pass mean that SPF is always discounted and the mail won’t be > quarantined ? > > Thanks for your help, > > - J >
