On 16 Oct 2020, at 23:51, Joey J wrote:
Hello All,
I'm trying to figure out the workaround for when a domain sends an
email to
lets say 1...@abc.com and then that is supposed to forward to b...@xyz.com
but
b...@xyz.com postfix is rejecting the message:
(Yes, names and IP's have been changed to protect the innocent)
Oct 16 23:16:12 mgw postfix/smtpd[1443]: connect from postfix.xyz.com
[152.30.131.212]
Oct 16 23:16:12 mgw postfix/smtpd[1443]: Anonymous TLS connection
established from postfix.xyz.com[152.30.131.212]: TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Oct 16 23:16:12 mgw postfix/smtpd[1443]: NOQUEUE: reject: RCPT from
postfix.xyz.com[152.30.131.212]: 554 5.7.1 <b...@xyz.com>: Recipient
address
rejected: Rejected by SPF: 152.30.131.212 is not a designated
mailserver
for noreply%40e .fiverr.com (context mfrom, on
mgw.innovativeinternet.net);
from=<nore...@e.fiverr.com> to=<b...@xyz.com> proto=ESMTP
helo=<postfix.xyz.com
Oct 16 23:16:13 mgw postfix/smtpd[1443]: disconnect from
postfix.xyz.com[152.30.131.212]
ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7
This a well-known feature of SPF: it is incompatible with traditional
transparent forwarding as done with aliases or .forward files.
The possible workarounds are:
1. If you run the destination mail server, don't enforce SPF so
strictly.
2. Rewrite the sender using SRS. There are multiple tools that will do
SRS via TCP lookup tables (e.g. PostSRSd) or milter (there appear to be
multiple variants of "srs-milter").
3. Encapsulate forwarded messages in new messages that you send with a
sender in your own domain which you can programatically convert back to
the original sender for bounces. If I was doing this I'd use MIMEDefang
(a milter that can be extended to do anything you can write Perl for)
but I'm biased.
4. Instead of forwarding, deliver locally and have the user pull their
mail to the target mailbox via POP3 or IMAP. GMail (and probably other
webmail providers) supports this. There are also tools like imapsync,
getmail, and fetchmail which one can use to pull mail from one email
account and dump it into another. The major advantages of this "pull"
model for you as the intermediate system are:
A. You aren't responsible for managing a 2-way address translation
mechanism (e.g. SRS or encapsulation) to support bounces which will
mostly end up being undeliverable anyway.
B. The receiving system won't see you as a spam source for forwarding
what they deem to be spam via SMTP.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
