We have Exim running as our MTA. When we forward mail for a user, we use SRS to ensure we do not violate the SPF policy of the sending domain.
Sometimes messages are rejected from recipients. 550-5.7.26 DMARC policy. Please contact the administrator of omnis.com domain 550-5.7.26 if this was a legitimate mail. Please visit 550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about the 550 5.7.26 DMARC initiative. In researching why this occurs, we have found some domains publish DMARC policy with instructions to reject. DMARC says either SPF must pass or DKIM must pass, along with alignment for the message to be accepted. We do not alter the message content when forwarding, no changing subject, no adding footers - nothing. SPF will not align since we modify the message envelope. We have found that some domains that have DMARC enabled use SPF, but do not sign their mail using DKIM at all. Messages we forward fail SPF alignment; and no DKIM signature from the original sender means fail fail fail. What are possible solutions to this problem? Other than contacting every sending domain that does this and try and get them to sign their mail. We have been thinking of doing this (got the idea from Wikipedia). 1) If the domain in the from header publishes DMARC record 2) Do they have DMARC set to reject? 3) The message has no DKIM signature 4) The message passes our own SPF check If those four conditions are met we were going to change the from header from: From: Happy User <u...@exmaple.com> To this: From: Happy User <u...@exmaple.com.invalid> Not happy to have to do something like this, but it will get the message past systems that are doing the DMARC check by making the sender address invalid and our SRS/SPF will still pass inbound spam checks with our own domain. We would also have to ensure there is a Reply-To: header so a user could reply to the original sender. Any comments on doing something like this? Is it stupid or perhaps there is a better way? -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
