Thank you.
I see "SPF: SOFTFAIL" in my gmail message.

Authentication results:
spf=softfail (google.com: domain of transitioning some_user@sender_domain
does not designate MY_IP_ADDR as permitted sender)

While the message is not blocked, it is still not good to have SPF failure.
Even when failure is soft.

It seems that I can't fix it, right?



On Mon, Sep 14, 2020 at 4:53 PM Dominic Raferd <domi...@timedicer.co.uk>
wrote:

> On 14/09/2020 14:31, IL Ka wrote:
> > Hello.
> > I have postfix running on linux box.
> >
> > I setup OpenDKIM with both smtpd and non_smtp milters.
> > I also set my address in DNS as permitted IP for SPF.
> >
> > So far, so good.
> >
> > But I want all my mail to be forwarded to gmail.
> >
> > Some user sends me email from user@some_sender_domain.
> >
> > If I use .forward or alias, then postfix doesn't change "From" header,
> > so gmail believes email was sent from @some_sender_domain.
> > This domain doesn't have my box IP as permitted in DNS, so SPF failed.
> >
> > I can change header using headers_check. But then DKIM signature
> > would be broken because some_sender_domain signed email and I changed it.
> >
> > It seems that I need to:
> > * Change headers
> > * Sign email with my DKIM
> > * Forward it to gmail
> >
> > But milters are not applied on forwarded emails because they aren't
> > locally generated (or I failed to configure it correctly?)
> >
> > I can fix it using custom script that reads my local email
> > and sends it to gmail.
> >
> > But how can I do that with postfix?
>
> The short answer is that SPF failures do not normally matter when
> forwarding to gmail. They only matter if sender uses DMARC with p=reject
> *and* has not signed their email with DKIM, which is a poor and rare
> practice (though not forbidden). (Forwarding to gmail should not break
> the original sender's DKIM signature.)
>
>

Reply via email to