On 06/07/2020 20:53, Viktor Dukhovni wrote:
On Mon, Jul 06, 2020 at 07:40:27PM +0000, Drew Tomlinson wrote:
I use postfix for my own domain and have been forwarding my email to
outlook.com for years. Recently, email has just been disappearing
between my server and my inbox so I set it to forward my email to
gmail.com. Shortly after, I saw some messages like these in the logs:
You're running into intentional breakage caused by SPF and DMARC.
Sadly, this means that (simple) mail forwarding no longer works
reliably.
In reading Google documentation, I learned SPF is failing. Further
reading revealed this is a common problem with forwarded email since
it is not being sent by an authorized IP address. Other articles
suggested the workaround for this is to change the "Mail From:" to
reflect my domain since I have SPF configured for it. And maybe this
is what is meant by SRS (Sender Rewriting Scheme)?
Even changing the envelope sender is not enough. With DMARC you
need to also change the "From:" header in the message.
The simplest thing to do is to encapsulate the original message
as attachment to a new message.
From: <your.address@your.domain.example>
To: <y...@gmail.com>
Subject: forwarded message from: <envelope-sender>
MIME-Version: 1.0
Content-Type: message/rfc822
Return-Path: <envelope-sender>
Received: ...
... original message header ...
... original message body
You'd need to forward your mail to a script that performs the
requisite encapsulation. There are multiple ways to do that.
Nothing directly built-in.
OP might find useful my relay-enforcer script at
https://www.timedicer.co.uk/programs/help/relay-enforcer.sh.php which
was written for precisely this situation. There is also guidance on how
to configure DSN code rewriting accordingly.
