0

I have a question which is not about the configuration but about the question what is right and what not.

The scenario: Organisation A (OrgA) has a Mailserver which is responsible for example.org. The Head of OrgA is also Head of Company B (CompB, example.com). Now the it guys from OrgA used their Postfix aliases file to forward all mails for Head.Boss@example.org to Head.Boss@example.com

Should look like this:

cat /etc/postfix/aliases
Head.Boss:Head.Boss@example.com

Now a worker of CompanyC writes an email to Head.Boss@example.org which gets "redirected" to Head.Boss@example.com. In that case the Mailserver of OrgA acts as simple mail relay, right? If CompanyC provides a SPF record and CompanyB checks this one there should be a failure because the mailserver of OrgA does not match with the SPF of the sender CompanyC.

Is it a good manner to redirect mails to external addresses like that? Or shouldn't that matter because there is no DMARC Record which tells to drop messages not matching the SPF?

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
Nico
  • 135
  • 4

2 Answers2

0

The it people at orga.com should use SRS to forward the mail. For instructions on how to set this up, see: https://jichu4n.com/posts/setting-up-dkim-and-srs-in-postfix/ . For more information, see: https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme

g_bor
  • 276
  • 1
  • 9
0

Company B (example.com) should be aware that the Organization A (example.org) is forwarding the mail. This way the mailserver of example.com could be trusted to perform the SPF/DMARC checks on behalf of the mailserver of example.org and, thus, the SPF/DMARC checks can be omitted.

While the implementation is a technical solution, this really comes to the trust relationship between the organizations in question, as well as whether potentially confidential information about Organization A should be forwarded to and held on the servers of Company B.

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129