[SPF fail] Using mail alias for a parked domain that forwards to an external domain fails

5 posts / 0 new
Last post
#1 Tue, 04/03/2018 - 05:27
sekijr

[SPF fail] Using mail alias for a parked domain that forwards to an external domain fails

I have a domain parked on my server: mydomain.com

The domain was delegated from another server along with migrated mailboxes. With the request of the domain owner we decided to do some mail cleanup and a few of the mailboxes got deleted and instead mail aliases have been set with forwarding to their own private emails (such as Gmail, Yahoo etc)

So here's the setup:

John Smith used to have a mailbox on old server: john.smith@mydomain.com Due to mailbox housekeeping process after delegating domain to a new server (with Virtualmin) an alias has been set:

john.smith@mydomain.com -> jsmith@onet.pl Mail forwarding alias details has only checked one option: "Yes, forward to addresses" (and jsmith@onet.pl in the box below)

The mail.log:

40B7325416C2: to=<jsmith@onet.pl>, orig_to=<john.smith@mydomain.com>, relay=mx.poczta.onet.pl[213.180.147.146]:25, delay=1.2, delays=0.03/0.01/1/0.12, dsn=5.7.1, status=bounced (host mx.poczta.onet.pl[213.180.147.146] said: 554 5.7.1 <jsmith@onet.pl>: Recipient address rejected: Spf check: fail (in reply to RCPT TO command))

Now I know that is strictly related to SPF so here's my SPF record:

v=spf1 a mx a:mydomain.com ip4:1.2.3.4 ip6:123:123:123:123:123:123 ?all

My question is: Is there any workaround to deliver the emails? Has anyone solved such problem?

Tue, 04/03/2018 - 12:40
tpnsolutions
tpnsolutions's picture

Hi,

Forwarding email to an external email address breaks SPF validation. There is presently no workaround with Postfix along with a few other email servers.

Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Tue, 04/03/2018 - 19:07
Diabolico
Diabolico's picture

Free Gmail account allows you up to 5 POP3 pull setups, e.g. you can setup 5 different email accounts and then Gmail will use POP3 to pull all the emails but leaving the originals to appropriate email accounts. This is good for many reasons but to say few of most important:

1. In case the primary email account start receiving large amount of spam in case of forwarding your IP will be flagged for blacklist. This is because your server is actually sending all that spam regardless what was the original source. By using Gmail pull option this isnt the case because the request is coming from Gmail itself.

2. Enjoy the spam-filters/antivirus from Gmail and possibly turn off Spamassasin and ClamAV on your server to get more resources for something else.

3. You will not have such problems as described on your first post.

Now i'm not sure if others (Yahoo, Hotmail, etc.) have same options like Gmail but is worth to check and if they do, then you sort this problem for most/all free email providers.

P.S. In Gmail go to "Gear icon" on top right part of your Gmail -> Settings -> Accounts and Import (tab) -> Check mail from other accounts: -> press on "Add a mail account" and follow the instructions. Tested and it works 100% with email accounts created in Virtualmin.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Tue, 04/10/2018 - 06:14
sekijr

Thank you both for your answers.

I have found a different solution - SPF:SRS Works like a charm! :)

Tue, 05/28/2019 - 05:23
anahata
anahata's picture

Sorry to revive an old thread, but how do you use SPF:SRS in Virtualmin/postfix?

Anahata www.treewind.co.uk West Yorkshire, UK

Topic locked