On Fri, 10 Jul 2020 at 00:44, Drew Tomlinson <d...@mykitchentable.net> wrote:
> So are you saying that changing the "Mail From" header might be
> helpful? If so, how do I do this?
I have a set up similar to yours: our own mail server with no local
mailboxes but instead forwards to various personal addresses with many
in gmail.
MAIL FROM rewriting is how I've solved this SPF validation problem. It
also addresses other problems such as the backscatter problem, since
by default your postfix would be sending bounces to the original -- in
case of spam usually fake -- envelope sender addresses which in turn
risks getting your outgoing ip blocked and is not good behaviour
anyway. This backscattering problem especially used to happen when
gmail blocked my mails similar to how I think you mentioned in another
message (our spam filters used to be more lenient than gmail's).
For the MAIL FROM rewriting, basically I just have in my outgoing instance:
canonical_classes = envelope_sender
canonical_maps = pcre:${config_directory}/canonical
with the canonical specified as:
!/.*@momocode.com/ postmaster+forw...@momocode.com
This means that we rewrite the MAIL FROM for any envelope sender that
is not in our own domain. This also means we can add our own
DKIM-signature.
Now the real challenge for me when setting this up was to separate
settings for inbound and outbound mail, e.g so that rewriting does not
happen for incoming mail unless it is also going out. This also
affects other settings such as dkim-signing vs. dkim-validation etc.
Eventually I solved these configuration problems with postmulti with a
configuration similar to as described here:
http://www.postfix.org/MULTI_INSTANCE_README.html.
I suppose one could also do it by defining different transports with
those settings in master.cf, but I found the setup with postmulti
easiest to understand and use since I'm a postfix novice.
Before implementing this, you should make sure that you understand
well the difference between MAIL FROM sender (also called envelope
sender) and From: header sender. It will also be useful to read up on
SPF, DKIM and DMARC to make sure you have a basic understanding of
them as they have much to do with how you must set up something like
this.
Regards,
Simo
