On 6/27/22 17:15, Derek B. Noonburg wrote:
> On Thu, 23 Jun 2022 20:13:10 -0400
> Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
>
>> On Thu, Jun 23, 2022 at 02:43:02PM -0700, Derek B. Noonburg wrote:
>>
>>> I'm running postfix to handle email for several users. One of them
>>> has a .forward file that points to a gmail address. Gmail's servers
>>> are rejecting some email for various causes ("low reputation of
>>> sending domain", SPF failures).
>>>
>>> The problem is that postfix then bounces the email back to the
>>> (likely forged) sender, which means my server is sending
>>> backscatter.
>>>
>>> What I'd like to do is silently drop any email that's rejected by
>>> the target of a .forward file. Is there some way to configure
>>> postfix to do that? Or some better way of handling this problem?
>>
>> If you can convince the user to surrender the alias management to you,
>> then you instead configure:
>>
>>
>> owner-user: user
>> user: some.a...@gmail.com
>>
>> And presto magic, email to gmail will be forwarded with an envelope
>> sender address that no longer fails SPF checks. DKIM should continue
>> to work, because the message content will not be modified in transit.
>
> Can you elaborate a little bit on exactly what this does? From
> aliases(5): "when an alias exists for owner-name, this will override
> the envelope sender address, so that delivery diagnostics are directed
> to owner-name". If I understand correctly, the current situation is
> that email received for "user" is forwarded to "some.a...@gmail.com"
> with the original envelope sender. And with this change, it's still
> forwarded to gmail, but with the envelope sender set to
> "user@mydomain". Do I have that right?
>
> That would fix gmail's SPF rejections, but probably not the other
> rejections. Or wait -- is gmail rejecting based solely on the envelope
> sender address?
>
> Will this work in conjunction with the virtual alias table? I.e., if I
> have virtual aliases like this:
>
> f...@example.com user
> b...@example.com user
>
> then the owner-user / user aliases are processed after the virtual
> alias, yes?
>
> I think the big problem here (as Bob Proulx pointed out) is that the
> forwarded mail is spam. For my own email, I do spam filtering on a
> different machine (i.e., after postfix has delivered it). I'm handling
> email for a few friends, one of whom is effectively using gmail to do
> spam filtering. I think the real fix is going to be to stop forwarding
> email like this, and completely change the way email is processed for
> this user.rspamd might be an option for this. -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
