Hi Thomas, On Tue, Jan 02, 2024 at 04:24:37PM -0600, Thomas Cameron via users wrote: > I built email servers for a non-profit I volunteer for. If email comes into > the server for presid...@myassociation.org, I would normally just create an > alias in /etc/aliases so that emails to president@ get forwarded to the > president's "real" email address, say presidents_real_em...@gmail.com.
This causes your server to pass on email without changing envelope sender, so your server is purporting to be whoever the email is originally from. Any email authentication measure working on the envelope sender, such as SPF, will then fail, as your server is indistinguishable from a random host forging the original sender's domain. > How can I make this work? Is there a good way to use something like > /etc/aliases to forward emails to the domain I manage to another recipient? > Or is there something better I can do? You need to give up on /etc/aliases for external routing of email unless you control all the original sender domains and can for example add your server IPs to its authentication mechanisms (e.g. SPF). Since you probably can't do that for any recipient domain that expects to receive Internet email, you need to either: - Implement Sender Rewriting Scheme (SRS) so that your server takes responsibility for forwarded emails with its own envelope sender. https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme Or: - Have your users collect their your-org email by some means other than SMTP, such as running an IMAP server and having them view both their gmail mailbox and their your-org inbox in one place (I have no idea if that is feasible with gmail). Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
