On 3/5/26 22:23, Jayson Smith wrote:
The problem is that it seems Gmail especially doesn't like this.
This is one more example of gmail/google breaking things that are established practices.
Gmail.com publishes a dmarc policy of none meaning recipient MTAs should not take any specific action on mail that fails DMARC checks, however when gmail receives mail for a gmail.com user it appears to apply a DMARC policy of reject for mail From: the gmail.com domain and a DMARC policy of quarantine on other mail.
In general mail which is forwarded either via MTA aliases or .forward files doesn't pass SPF because the senders SPF record won't include the forwarding server.
Also, forwarded mail if DKIM signed may pass DKIM if the forwarding server makes no modification to the mail, but if the forwarding server DKIM signs its outgoing mail, the signing domain won't be aligned with the From: domain so the mail will fail DMARC.
I work around this with a script to do essentially what Mailman DMARC mitigation does. I've attached that script.
-- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
#!/usr/bin/env python3 """A preprocessor to mung From: and Reply-To: for forwarded messages. Instead of an alias directly to a gmail.com address use something like alias_name: "|/path/to/mung_forwards [email protected]" or in a .forward file just |/path/to/this_script [email protected] This script works in a Postfix environment and should work with any MTA that adds Delivered-To: headers. Save it somewhere as "mung_forwards with mode 775 """ import re import sys import email import smtplib from email.utils import parseaddr if len(sys.argv) != 2: print(f'mung_forwards, bad arg count: {len(sys.argv)}', file=sys.stderr) sys.exit(1) dest = sys.argv[1] msg = email.message_from_file(sys.stdin) dt = msg.get_all('delivered-to') if dt is None: print('mung_forwards, no delivered-to header.') sys.exit(1) odest = re.sub(' *([^@]*)@.*$', r'\1', dt[-1]) name, addr = parseaddr(msg.get('from')) if addr == '': print(f"mung_forwards, bad From: {msg.get('from')}", file=sys.stderr) sys.exit(1) if name == '': name = re.sub('@.*', '', addr) msg.replace_header('From', f'{name} via {odest} <{odest}@californiaalpineclub.org>') rt = msg.get('reply-to') if rt is None: msg['Reply-To'] = addr else: rt = str(rt) if addr not in rt: msg.replace_header('Reply-To', f'{rt}, {addr}') conn = smtplib.SMTP('localhost', 25) # Get rid of non-ascii. text = msg.as_string().encode('ascii', errors='replace') try: conn.sendmail(f'{odest}@californiaalpineclub.org', sys.argv[1], text) except Exception as e: print(f'mung_forwards.py, SMTP exception: {e}') sys.exit(1) conn.quit()
------------------------------------------------------ Mailman-Users mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/[email protected]/ https://mail.python.org/archives/list/[email protected]/ Member address: [email protected]
