Thank you. I see "SPF: SOFTFAIL" in my gmail message. Authentication results: spf=softfail (google.com: domain of transitioning some_user@sender_domain does not designate MY_IP_ADDR as permitted sender)
While the message is not blocked, it is still not good to have SPF failure. Even when failure is soft. It seems that I can't fix it, right? On Mon, Sep 14, 2020 at 4:53 PM Dominic Raferd <domi...@timedicer.co.uk> wrote: > On 14/09/2020 14:31, IL Ka wrote: > > Hello. > > I have postfix running on linux box. > > > > I setup OpenDKIM with both smtpd and non_smtp milters. > > I also set my address in DNS as permitted IP for SPF. > > > > So far, so good. > > > > But I want all my mail to be forwarded to gmail. > > > > Some user sends me email from user@some_sender_domain. > > > > If I use .forward or alias, then postfix doesn't change "From" header, > > so gmail believes email was sent from @some_sender_domain. > > This domain doesn't have my box IP as permitted in DNS, so SPF failed. > > > > I can change header using headers_check. But then DKIM signature > > would be broken because some_sender_domain signed email and I changed it. > > > > It seems that I need to: > > * Change headers > > * Sign email with my DKIM > > * Forward it to gmail > > > > But milters are not applied on forwarded emails because they aren't > > locally generated (or I failed to configure it correctly?) > > > > I can fix it using custom script that reads my local email > > and sends it to gmail. > > > > But how can I do that with postfix? > > The short answer is that SPF failures do not normally matter when > forwarding to gmail. They only matter if sender uses DMARC with p=reject > *and* has not signed their email with DKIM, which is a poor and rare > practice (though not forbidden). (Forwarding to gmail should not break > the original sender's DKIM signature.) > >