Join Log in
Score:0
VagrantPaladin avatar Server

How to prevent email forwarded by exim from being seen as spam

in flag
VagrantPaladin

I have recently started to look after a mail system where users can host their email with a web mail front end. One of the features provided is a function to set up forwarding.

The problem I am facing, and which people before me have faced, is that when users forward mail to another mailbox, such as their own gmail address, Google sees the email as coming from an unauthorized IP address.

I understand that this is due to the sender domain have set up SPF records with a "-all" flag, and my IP address clearly does not belong there.

Gmail, and other providers, as far as I understand it, then cannot tell the difference between an actual forwarded message, and a spoofed spam message, and then subsequently greylists the address of my server.

I cannot help but think someone else must have solved this before.

The forwarding is done using exim, so what I am looking for is a guide, or even just the right keywords to use to search for, for an answer to this issue.

119
0 + 0
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
If the problem is SPF, the only way to fix that is to update that SPF in the sender domain. There is no other way. SPF is designed exactly for such relaying to be impossible. It doesn't matter which software does forwarding and the problem certainly couldn't be solved by its configuration. Although, you can think of *masquerading* the mail, so forwarder will use "envelope from" address from *another* domain during SMTP session, this way you can still forward mail. The "From", "Reply-To" headers could be left as they were. Think also about DKIM.
0
Reply
VagrantPaladin avatar
in flag
VagrantPaladin
The SPF belongs to the original senders, and obviously there is no way for every possible sending domain to add my IP to their SPF records. I fear that changing the envelope From header will cause gmail to blacklist my IP. I believe DKIM also needs to be done at the original sender's side, unless there is a way for me to add DKIM or some such verification.
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
I meant you can't change From and Reply-To headers in the original mail, because those are likely to be protected by DKIM signature; but envelope from address you can change, and that is the addres which gets checked against SPF. So, when you relay mail to Google, you can use "synthetic" envelope address from your domain for which SPF will check, but don't change contents of the message for DKIM to verify. It is possible to configure Postfix to do so, it is called "address masquerading", but I don't know about Exim.
0
Reply
VagrantPaladin avatar
in flag
VagrantPaladin
@NikitaKipriyanov- please make an answer to this so that I can accept it.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.