5

I'm trying to configure postfix as forwarder to Gmail. I've successfully configured the virtual aliases for the domains I'm hosting and that I want to redirect, but the Gmail Sender Policy Framework (SPF) verification is failing due to this:

Delivered-To: realrcpt@gmail.com
Received: by 10.25.28.147 with SMTP id c141csp88155lfc;
    Sat, 11 Oct 2014 09:08:40 -0700 (PDT)
X-Received: by 10.224.70.83 with SMTP id c19mr21300511qaj.66.1413043720159;
    Sat, 11 Oct 2014 09:08:40 -0700 (PDT)
Return-Path: <realsender@gmail.com>
Received: from mail1.mycompany.com (mail1.mycompany.com. [2604:xxxxxxx:b5c8])
    by mx.google.com with ESMTP id d63si16549011qgd.80.2014.10.11.09.08.39
    for <realrcpt@gmail.com>;
    Sat, 11 Oct 2014 09:08:40 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning realsender@gmail.com does not designate 2604:xxxxxxx:b5c8 as permitted sender) client-ip=2604:180:2:2cf::b5c

I think the problem lies in the return path. When doing email forwarding with another hoster (e.g. namecheap) that gets rewritten to this automatically:

Return-Path: <SRS0+BJjl=7C=gmail.com=realsender@eforward3e.registrar-servers.com>

Is there any way to perform such a rewrite in postfix? Thanks

Jeroen Wiert Pluimers
  • 290
  • 6
  • 14
Laurent
  • 283
  • 2
  • 7
  • You need an SPF record that includes your server. This can be configured in the DNS Settings of your Namecheap account. If you provide a domain name, I will provide an answer with SPF record recommendation. – Paul Oct 11 '14 at 17:41
  • Problem is that it's checking the SPF record on gmail, not on my domain... – Laurent Oct 11 '14 at 17:47
  • Gmail will check SPF records of all incoming mail. If you are sending mail as username@gmail.com, then there is no way to pass the SPF check, as you are not the owner of gmail.com. – Paul Oct 11 '14 at 17:49
  • 1
    It checks on the Return Path, which postfix has to rewrite. See my answer, I managed to fix it. Thanks – Laurent Oct 11 '14 at 17:54

1 Answers1

7

I fixed this with postsrsd by following this guide: https://www.mind-it.info/forward-postfix-spf-srs/

In short:

Download and compile the software

cd ~
wget https://github.com/roehling/postsrsd/archive/master.zip
unzip master
cd postsrsd-master/
make
sudo make install

Add postfix configuration parameters for postsrsd

sudo postconf -e "sender_canonical_maps = tcp:127.0.0.1:10001"
sudo postconf -e "sender_canonical_classes = envelope_sender"
sudo postconf -e "recipient_canonical_maps = tcp:127.0.0.1:10002"
sudo postconf -e "recipient_canonical_classes = envelope_recipient"

Add SRS daemon to startup

sudo chkconfig postsrsd on
# Start SRS daemon
sudo service postsrsd restart
#Reload postfix
sudo service postfix reload

https://github.com/roehling/postsrsd was still maintained in 2023 which mentions in the README.rst

If your Linux distribution has a sufficiently recent PostSRSd package, install it! Unless you need a specific new feature or bugfix from a newer version, it will be much less of a maintenance burden.

Jeroen Wiert Pluimers
  • 290
  • 6
  • 14
Laurent
  • 283
  • 2
  • 7
  • 4
    Whilst this may theoretically answer the question, [it would be preferable](http://meta.stackoverflow.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – masegaloeh Oct 11 '14 at 21:25
  • 1
    This didn't solve the problem for me, maybe I am missing something. – Steven Hook Jun 03 '20 at 20:07