Postfix with external alias rejected

Question

i have a problem with external aliases on my server. There are aliases for my users so they can retrieve mails on their personal mailaccount. For example:

user1@mydomain.com user1 user1@gmail.com
user2@mydomain.com user2 user2@yahoo.com
userB@mydomain.com userB userB@problem.com

I thought that worked fine (it did for most messages) but there are issues with specific mailservers when receiving mails that they also sent.

userA@problem.com sends a mail to userB@mydomain.com wich translates to userB@problem.com.
Postfix now tries to deliver a message from userA@problem.com to userB@problem.com.

Most external mailservers handle that fine but there are a few that reject the message because the from domain does not my my domain (or to be precise the from domain is supervised by the server itself).

Is there a way to fix this?

suggest showing the basics of your postfix configuration. It might be an error in what directives you have used. — danblack, Aug 21 '18 at 10:38
Also, the error messages and relevant log lines are necessary. — Esa Jokinen, Aug 21 '18 at 10:46
there are no error messages on our behalf. the mails are successfuly handled by our server as every other mail. — laubed, Aug 22 '18 at 12:49

009 · Answer 1 · 2022-11-02T21:58:21.623

Sorry for the late answer. I believe I had the same issue today and I resolved it by using two fixes:

configure pointer record with my server hosting provider, NOT in my DNS record.
use postfix canonical address mapping for the sender address.

I have postfix configured with Virtual Alias: mails sent to users @mydomain.com are sent to their respective gmail addresses. That worked fine, when the sender address was from another domain. The only problem was that users were unable to send emails to @mydomain from their gmail client, using the @mydomain alias. When I tested sending email from UserA gmail-account, using the UserA@mydomain alias to UserB@mydomain, the mail never reached UserB gmail account.

RESOLUTION:

1. I checked /var/log/mail.log to find that gmail was complaining about missing pointer records. I was sure my DNS settings were correct (confirmed with nslookup of the IP) and I did not know where else to look. Then I learned that the pointer records are the responsibility of the owner of the IP block. In my case, it was the service that hosted my virtual server. I checked on their portal and found the "reverse DNS name" had not been set under the "ip management" menu.

2. So after configuring the "reverse DNS name", gmail stopped complaing about pointer records. Gmail would accept the mail and send it to the recipient, BUT flagged the email as potential spam or phishing as it could not determine that the mail was actually sent from mydomain.

From /var/log/mail.log, I could see that Gmail is complaining about SPF and DKIM, but actually, the issue is with the from address: Gmail does not use the @mydomain alias in the the from address, it uses the gmail-account name. When postfix relays the message for UserB to his gmail account, the from address (UserA@gmail) does not match with the IP of the sending server (mydomainIP). I fixed this with canonical address mapping: sender_canonical_maps

/etc/postfix/sender_canonical basically has the reverse list from all my aliasses that I made in /etc/postfix/virtual This permits users to send emails with the gmail client, using the mydomain alias, even when the destination is another user in mydomain and the mail is relayed back to gmail.

http://postfix.cs.utah.edu/ADDRESS_REWRITING_README.html#canonical

BTW: Dont bother with /etc/postfix/generic I tried it, but that re-write did not fix the issue

Here is my config for reference:

File: main.cf

    # Postfix virtual ALIAS
    # map local mydomain-alias adresses to gmail mail adresses
    virtual_alias_domains = mydomain
    virtual_alias_maps = hash:/etc/postfix/virtual
    ## Canonical address mapping
    # reverse-map gmail email addresses to mydomain-alias adressses
    # to permit relay back to gmail when email is sent to and from a mydomain-alias email address
    sender_canonical_maps = hash:/etc/postfix/sender_canonical
    # ### Execute the command "sudo postmap /etc/postfix/virtual" after changing the virtual file
    # ### run postmap /etc/postfix/sender_canonical after making changes to /etc/postfix/canonical
    # ### and lastly, execute the command "sudo postfix reload"

File: /etc/postfix/virtual

    UserA@mydomain UserA@gmail.com
    ...
    etcetera 

File: /etc/postfix/sender_canonical

    UserA@gmail.com UserA@mydomain
    ...
    etcetera

Postfix with external alias rejected

1 Answers1