Be careful if you plan to start rewriting the RFC5322.From header. If the message has had a DKIM signature applied to it that header's content will almost certainly be covered by the signature to detect tampering/alterations such as you're proposing, and you'll be invalidating it; this might give you problems delivering to sites that validate DKIM signatures. So you'll likely have to sign it again yourself, possibly also using ARC to confirm the authenticity chain.
Without knowing your situation it sounds like you're trying to do the same sort of thing as mailing lists do: send out messages originating from senders (list contributors) from arbitrary domains? You have to be careful with these, especially if the sender's domain has a DMARC policy other than "none" in place. This requires the one or both of the standard SPF and DKIM tests to pass *and* for the domain being considered to align with that in the RFC5321.From header in order for DMARC to consider it an acceptable pass. Modern mailing list manager software handles this by rewriting the RFC5322.From header to use its own domain, which it can then DKIM-sign it using its own keys. In passing, SRS rewrites the RFC5321.MailFrom address (sender address in the SMTP envelope) not the RFC5322.From or Sender headers. Any change to the Sender header will likely be a byproduct, I think. Cheers, Mike B-) On 18 March 2018 at 19:21, Pete Schaefers via Exim-users < [email protected]> wrote: > When Amazon SES receives mail is validates the From: against verified > domains and addresses. If it does not find it valid it drops the mail and > returns error 554. (See last couple posts in this thread for more info if > desired: https://forums.aws.amazon.com/message.jspa?messageID=745028# > 745028 ) > > I am running a hosting server with cPanel and EXIM. I had hoped that SRS > would fix this denial by changing the Sender: header and SES would accept > it, but apparently SES ignores that, and still rejects. Amazon seems > hesitant to address this, so I'm looking for other ways to address it. > > The one that seems best to me would be to rewrite the From: header to one > that will validate (that of on sending server rather than the off server > original). I would only want to do that when the mail is a forward, > original sender is off server, and the recipient is off server. This would > also mean making sure the Replyto: was set to the original sender, I would > think. > > I have only a little experience with EXIM rewrites, and the syntax of the > config file, so I'm looking for some help in programming the logic of this > rewrite. > > Does this seem like a good approach, or am I missing something easier, > such as re-configuring something already built in to EXIM about how it > treats forward From: addresses? > > Thanks in advance for anyone's contribution. > > -Pete > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ > -- Systems Administrator & Change Manager IT Services, University of York, Heslington, York YO10 5DD, UK Tel: +44-(0)1904-323811 Web: www.york.ac.uk/it-services Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
