DKIM-Signing forwarded email

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

DKIM-Signing forwarded email

Marco Pizzoli
Hi all,
I have a postfix instance dedicated to being the main MX (IN).
I normally use other postfix instances for sending emails out (OUT).

Of course, even this "IN" instance needs to send emails out, mainly bounces.

Now I am also implementing forwarding rules: "if you receive an email destined to this address, than forward it out to this other email address". Other addresses are @gmail.com, @msn.com, etc...

In order to do that "right" I also implemented an SRS service, so to have my domain as the envelope sending address.
Now I also want to enable DKIM-signing of these outgoing emails.

Problem is:
- SRS (or at least the product I am using, postsrsd) works at the "cleanup" level, so after smtpd
- My DKIM-signing tool is a milter, so acts at smtpd time. So the email it sees is with the original sending domain and not my domain.

How can I achieve the intended behaviour?

Thank you in advance for your help

Marco


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: DKIM-Signing forwarded email

Dominic Raferd
On 5 August 2017 at 17:46, Marco Pizzoli <[hidden email]> wrote:
Hi all,
I have a postfix instance dedicated to being the main MX (IN).
I normally use other postfix instances for sending emails out (OUT).

Of course, even this "IN" instance needs to send emails out, mainly bounces.

Now I am also implementing forwarding rules: "if you receive an email destined to this address, than forward it out to this other email address". Other addresses are @gmail.com, @msn.com, etc...

In order to do that "right" I also implemented an SRS service, so to have my domain as the envelope sending address.
Now I also want to enable DKIM-signing of these outgoing emails.

Problem is:
- SRS (or at least the product I am using, postsrsd) works at the "cleanup" level, so after smtpd
- My DKIM-signing tool is a milter, so acts at smtpd time. So the email it sees is with the original sending domain and not my domain.

How can I achieve the intended behaviour?

‚ÄčI am not sure how to achieve this but, even when done, emails will continue to be rejected by the destination server if it enforces DMARC (e.g. AOL, Comcast, Hotmail, GMail, Yahoo) and if the domain/sub-domain of the original sender (in the 'From:' header, unless you rewrite this as well) has published a DMARC policy with p=reject (e.g. Yahoo, Paypal, mailing.tesco.com, Lloyds Bank, RBS, HMRC...).
Loading...