On 14/09/2020 15:09, IL Ka wrote:
On Mon, Sep 14, 2020 at 4:53 PM Dominic Raferd
<domi...@timedicer.co.uk <mailto:domi...@timedicer.co.uk>> wrote:
On 14/09/2020 14:31, IL Ka wrote:
> Hello.
> I have postfix running on linux box.
>
> I setup OpenDKIM with both smtpd and non_smtp milters.
> I also set my address in DNS as permitted IP for SPF.
>
> So far, so good.
>
> But I want all my mail to be forwarded to gmail.
>
> Some user sends me email from user@some_sender_domain.
>
> If I use .forward or alias, then postfix doesn't change "From"
header,
> so gmail believes email was sent from @some_sender_domain.
> This domain doesn't have my box IP as permitted in DNS, so SPF
failed.
>
> I can change header using headers_check. But then DKIM signature
> would be broken because some_sender_domain signed email and I
changed it.
>
> It seems that I need to:
> * Change headers
> * Sign email with my DKIM
> * Forward it to gmail
>
> But milters are not applied on forwarded emails because they aren't
> locally generated (or I failed to configure it correctly?)
>
> I can fix it using custom script that reads my local email
> and sends it to gmail.
>
> But how can I do that with postfix?
The short answer is that SPF failures do not normally matter when
forwarding to gmail. They only matter if sender uses DMARC with
p=reject
*and* has not signed their email with DKIM, which is a poor and rare
practice (though not forbidden). (Forwarding to gmail should not
break
the original sender's DKIM signature.)
> Thank you.
> I see "SPF: SOFTFAIL" in my gmail message.
>
> Authentication results:
> spf=softfail (google.com <http://google.com>: domain of transitioning
some_user@sender_domain does not designate MY_IP_ADDR as permitted sender)
>
> While the message is not blocked, it is still not good to have SPF
failure. Even when failure is soft.
>
> It seems that I can't fix it, right?
Don't worry about it. There are enough real problems to worry about.
