I have a number of aliases which forward to external addresses upon receipt.
For years I used MiaB’s aliases to forward it on to external hosts, but as email security has continued to tighten, that no longer works - I recently discovered that method masquerades my mail server as the original sender, meaning that, for catchall aliases in particular, my server was forwarding on spam and other crap and claiming to be the source. Bad!
I’ve since removed all of that and have tried to enable sending copies using filters in Roundcube, which, to my understanding, implements SRS so that mail will get the appropriately rewritten headers. The trouble is that I’ve never gotten this to reliably work - depending on the upstream SMTP service I use, the message either (1) gets tagged as spam or (2) the upstream service views the original source as trying to send on my behalf and blocks the message.
Ultimately, I’m sending mail intended for me to myself, so I’m not concerned about the look of the forwarded message. Is there a forwarding mechanism that completely rewrites the sender?
I’m looking for something that would be functionally the same as me receiving an email, pressing the “Forward” button in my mail client, typing in the external recipient, and pressing send.
If gmail is your receiving server for e.g. you can set a rule, forwarded messages from an email address to be placed ALWAYS in gmai’s inbox, Important, etc. Those will never be marked as spam if they have a valid DKIM, DMARC and SPF and proper html formatting.
I cannot think of any other way except running Thunderbird all the time and setting a Message filter TAG contains >> Important, Personal to avoid spam. And applying: apply filter after Junk classification.
Roundcube does not have the TAG filter
However if you this scenario as per this post: How to set up email forwarding and keep a local copy on the server:
Thanks! But this method appears to be functionally the same as what roundcube is doing. When I test it with an upstream provider like SMTP2GO, I see messages in mail.log:
to=<redacted@gmail.com>, relay=mail.smtp2go.com[176.58.103.10]:465,
delay=0.8, delays=0.09/0.13/0.35/0.24, dsn=5.0.0, status=bounced
(host mail.smtp2go.com[176.58.103.10] said:
550-From header sender domain not verified (contoso.com)
550-On your Sending > Verified Senders page
550 verify the sender domain or email to be allowed to send.
(in reply to end of DATA command))
Again, I’m specifically interested in something that would remove the external domain from the equation entirely, so that the email I’m sending appears to come from / be a copy forwarded by me.
Then I run postmap /etc/mail/generic and systemctl restart postfix and re-enabled all of my roundcube sieve filters. All of the forwarded mail from those specific addresses will have the headers rewritten to appear to come from me. Some quick testing indicates that this works!
Maybe your relay is the problem?
Absolutely, yes. If I weren’t using an SMTP relay, I wouldn’t have to play by anybody’s rules, but I host on digitalocean and I’ve grown tired of the constant fight to keep my IP able to send to massive providers like gmail, microsoft, etc. Using a relay essentially mitigates those problems for me.
You are just fooling the relay in this case.
Do you have any of the headers before the rewrite and after the rewrite. If you can anonymize them and post them here it would be nice just for comparison.
Is their any trace of the original sending servers in the headers?
I wouldn’t say that - I’m resending the message to another recipient and claiming to be who the message is from. In other words, I’ve forwarded a message.
and this part is preserved in the forwarded message:
Received: from miab.mydomain.com ([127.0.0.1]) by miab.mydomain.com with LMTP
id BDQhHSy4VGbEWwAAdtZTHg (envelope-from <username@gmail.com>)
for <user@mydomain.com>; Mon, 27 May 2024 12:43:24 -0400
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on miab.mydomain.com
I noticed that, too. I figured that it’s rewriting the sender but keeping the Gmail DKIM header, so it fails, but then it also adds mine, so it succeeds. Either way: it works and I’m happy. Thanks a million for the assist today!
If I am understanding correctly though, you need to create an entry in /etc/postfix/generic for every single sender whose emails you are forwarding ? Did I miss something?