I have a postfix instance dedicated to being the main MX (IN).
I normally use other postfix instances for sending emails out (OUT).
Of course, even this "IN" instance needs to send emails out, mainly bounces.
Now I am also implementing forwarding rules: "if you receive an email destined to this address, than forward it out to this other email address". Other addresses are @gmail.com, @msn.com, etc...
In order to do that "right" I also implemented an SRS service, so to have my domain as the envelope sending address. Now I also want to enable DKIM-signing of these outgoing emails.
- SRS (or at least the product I am using, postsrsd) works at the "cleanup" level, so after smtpd
- My DKIM-signing tool is a milter, so acts at smtpd time. So the email it sees is with the original sending domain and not my domain.
How can I achieve the intended behaviour?
I am not sure how to achieve this but, even when done, emails will continue to be rejected by the destination server if it enforces DMARC (e.g. AOL, Comcast, Hotmail, GMail, Yahoo) and if the domain/sub-domain of the original sender (in the 'From:' header, unless you rewrite this as well) has published a DMARC policy with p=reject (e.g. Yahoo, Paypal, mailing.tesco.com, Lloyds Bank, RBS, HMRC...).