On Mon, Jun 27, 2022 at 02:15:18PM -0700, Derek B. Noonburg wrote:
> > If you can convince the user to surrender the alias management to you,
> > then you instead configure:
> >
> >
> > owner-user: user
> > user: some.a...@gmail.com
> >
> > And presto magic, email to gmail will be forwarded with an envelope
> > sender address that no longer fails SPF checks. DKIM should continue
> > to work, because the message content will not be modified in transit.
>
> Can you elaborate a little bit on exactly what this does? From
> aliases(5): "when an alias exists for owner-name, this will override
> the envelope sender address, so that delivery diagnostics are directed
> to owner-name". If I understand correctly, the current situation is
> that email received for "user" is forwarded to "some.a...@gmail.com"
> with the original envelope sender. And with this change, it's still
> forwarded to gmail, but with the envelope sender set to
> "user@mydomain". Do I have that right?
Correct.
> That would fix gmail's SPF rejections, but probably not the other
> rejections. Or wait -- is gmail rejecting based solely on the envelope
> sender address?
Yes, or DMARC failure based on invalid DKIM signatures, but those should
survive simple forwarding (which does not mess with the message content
beyond adding Received headers).
> Will this work in conjunction with the virtual alias table? I.e., if I
> have virtual aliases like this:
>
> f...@example.com user
> b...@example.com user
>
> then the owner-user / user aliases are processed after the virtual
> alias, yes?
Only if "$myorigin" is listed in mydestination, otherwise you have
to add an explicit "@some.local.domain" suffix to the RHS "user".
> I think the big problem here (as Bob Proulx pointed out) is that the
> forwarded mail is spam.
For that you need generally effective anti-spam filters. A decent RBL,
plus a milter that is not half bad at rejecting most junk during the
SMTP connection. Otherwise forwarding is likely to get your system
a bad reputation... If you can't filter spam effectively, don't forward
mail.
> For my own email, I do spam filtering on a different machine (i.e.,
> after postfix has delivered it). I'm handling email for a few
> friends, one of whom is effectively using gmail to do spam filtering.
> I think the real fix is going to be to stop forwarding email like
> this, and completely change the way email is processed for this user.
See above.
--
Viktor.
