On 1/3/24 15:44, Bill Cole wrote:
Indeed: your solution is known as "SRS" (Sender Rewriting Scheme) and it
has multiple implementations. If you forward mail, you will break SPF
unless you fix the envelope sender so that it uses a domainĀ that
permits the example.org server to send for it.
OR, you could instead deliver to a POP mailbox locally and have users
fetch from there instead of simply forwarding mail to them. This also
avoids a completely distinct problem of places like GMail deciding that
your org's mail server is a spamming service because it is forwarding
spam. If users POP their mail instead of having it forwarded via SMTP,
that does not happen.
Thanks for the advice on SRS - I have set it up and it's mostly working.
At least GMail accepts the emails, although it seems to be failing DKIM
and DMARC tests. I'm digging into what, if anything, can be done to make
PostSRSd fix this issue.
Many thanks for your help, it's genuinely appreciated!
Thomas
