Thank you all. This is how I fixed it (after Bill Cole's email): I needed to substitute envelope (MAIL FROM:) to match my address, but the message (along with it's headers) shouldn't be touched.
sender_canonical_classes = envelope_sender # Only change envelope, not body sender_canonical_maps = regexp:/etc/postfix/sender_canonical_map # In this file I change envelope address to my domain. Google is now perfectly happy with both SPF and DKIM. Shouldn't we add this recipe to the official postfix documentation? On Mon, Sep 14, 2020 at 4:31 PM IL Ka <kazakevichi...@gmail.com> wrote: > Hello. > I have postfix running on linux box. > > I setup OpenDKIM with both smtpd and non_smtp milters. > I also set my address in DNS as permitted IP for SPF. > > So far, so good. > > But I want all my mail to be forwarded to gmail. > > Some user sends me email from user@some_sender_domain. > > If I use .forward or alias, then postfix doesn't change "From" header, > so gmail believes email was sent from @some_sender_domain. > This domain doesn't have my box IP as permitted in DNS, so SPF failed. > > I can change header using headers_check. But then DKIM signature > would be broken because some_sender_domain signed email and I changed it. > > It seems that I need to: > * Change headers > * Sign email with my DKIM > * Forward it to gmail > > But milters are not applied on forwarded emails because they aren't > locally generated (or I failed to configure it correctly?) > > I can fix it using custom script that reads my local email > and sends it to gmail. > > But how can I do that with postfix? > > Ilya. >
