Softfail forwarding mails to Gmail

13 posts / 0 new
Last post
#1 Wed, 08/14/2013 - 18:28
marciano

Softfail forwarding mails to Gmail

Hello,

I've set a general rule for a user to "deliver to inbox" and to forward all incoming mail to a gmail account

Because a strange delay on sending forwarded email to gmail inbox I've read the headers of messages they deliver and found this

>Received-SPF: softfail (google.com: domain of transitioning
> sender_name@sender_domain.com does not designate nnn.nnn.nnn.nnn as
> permitted sender) client-ip=nnn.nnn.nnn.nnn;
>
> Authentication-Results: mx.google.com;
> spf=softfail (google.com: domain of transitioning sender_name@sender_domain.com does not designate nnn.nnn.nnn.nnn as
> permitted sender) smtp.mail=sender_name@sender_domain.com

where nnn.nnn.nnn.nnn is my server IP

It is true that "sender_name@sender_domain.com does not designate nnn.nnn.nnn.nnn as permitted sender"
But I am not sending mails in name or him, I'm just forwarding a mail he sent to me.

It seems that there's a problem with the header Postfix creates when forwarding incoming mails.

Can you help me to see what the problem is?

Thank you

Wed, 08/14/2013 - 19:17
andreychek

Howdy,

Unfortunately, it doesn't matter what's going on behind the scenes -- if your server initiates a connection to another server in order to send an email (whether it's being forwarded or not) -- your server is considered a sending server.

If that domain is setup to use SPF, you'll need to add your server's IP address as an allowed sender.

That's actually a feature -- otherwise, a server could "fake" an email being forwarded, thus bypassing SPF.

-Eric

Wed, 08/14/2013 - 20:00 (Reply to #2)
marciano

Hi Eric,

But I cannot ask every people who send me an email to add my IP as an allowed sender!

Is there another way (changing the headers?) to avoid softfail?

Thank you

M

Thu, 08/15/2013 - 01:08
Locutus

It is the purpose of SPF to limit the IP addresses that are allowed to send mail from a certain domain. If the domain of the email you are forwarding has SPF enabled, you have to have your mail server IP listed at the domain's SPF record, there's no way around that. Anything else would defeat the whole purpose of SPF and you could once more send email (and spam) from any faked domain you want.

A possible solution would be rewriting the headers to indicate the mail is *from" you (I.e. a domain on your server), and put a notice in the headers or body that it's a forward from someone else. I'd need to do some research though how to achieve that with Postfix.

Fri, 08/16/2013 - 15:01 (Reply to #4)
marciano

Locutus,

You gave me a clue on my other recent question about to only forward some incoming mails from server: procmail

The same link you suggested contains


Q: I know how to forward a message using an ! action, but that doesn't let me modify the message I forward. Is there a way to do that?

A: Typically, you want to add or change a header. This sounds like formail. The only thing that remains then is to actually send it off. You can of course filter first and then send (see next question), but you might as well do both in one fell swoop (unless you also want the modified message in your normal mail stream; again, see the next question for more).

:0c
* ^TO_sales@pizzazz\.tm\>
* ! ^X-Loop: sales@mundane\.domain\.net
| formail -k -X "From:" -X "Subject:" \
-I "To: sales@mundane.domain.net" -X "To:" \
-I "X-Loop: sales@mundane.domain.net" -X "X-Loop:" \
| $SENDMAIL $SENDMAILFLAGS -t

This is almost like a real-world example. It will (a) trim down the headers considerably, sparing only the From: and Subject: of the original. Then (b) we add some headers of our own (remember to extract them with -X too!), and (c) the results are handed to Sendmail. The -t option means the To: (and Cc: etc) lines in the actual message contain the recipient's address.

If formail won't do the modifications you want, you are of course to replace it with whatever you fancy. The basic pattern is the same, anyway: pipe to the program which "fixes" the message, then pipe the results to Sendmail.

If the results don't contain suitable headers, or might contain e.g. your own address, you should take care to tell Sendmail explicitly who to send it to, rather than rely on sendmail -t.

I never have worked on procmail settings.
Would this sample be enough or should I care on something else using Postfix?
Thank you

Fri, 08/16/2013 - 17:25
Locutus

I don't have first-hand experience with "formail", but it seems to be useful for the job, yeah, so you might want to give it a try. :)

Sun, 08/18/2013 - 11:50 (Reply to #6)
marciano

Hello,

/home/user/.procmailrc

:0c
* !^FROM_MAILER
* ^From: .*aaa | bbb | ccc.*
! ^X-Loop: user@gmail\.com
| formail -k -X "From:" -X "Subject:" \
-I "To: user@gmail.com" \
-I "X-Loop: user@gmail.com"
:0
* ^From: .*aaa | bbb | ccc.*
$DEFAULT

This works good. All incoming mail whose From contains aaa, bbb or ccc is forwarded to that gmail account and no softfail error is in mail header.
If I not misunderstand
-I "X-Loop: user@gmail.com" adds this header
and
! ^X-Loop: user@gmail\.com prevents looping if a bounce occurs. Mail headers containing user@gmail.com are not forwarded

The problem is I also get in my server (not in gmail) a second "undeliverable mail"

The mail system

<"^X-Loop:"@my-name-server.com> (expanded from <"^X-Loop:">): unknown user:
"^x-loop:"

I dont know what to correct to avoid that.
Thank you

Mon, 08/19/2013 - 15:44 (Reply to #7)
marciano

I also saw that squirrelmail filters to move some incoming mail to custom dirs must be deleted.
They are executed before .procmailrc rules so I had to add that rule in that script.

Tue, 08/20/2013 - 18:19
marciano

I think there's a bug in procmailrc editor.

I choose Condition for Filter -> Based on regular expression
Apply to message body

<"\^X-Loop:"@my-name-server.com>

It writes ok the code but when I go again to the list of filters it is listed as "Smaller than 0 bytes" filter and it opens as titled

Tue, 08/20/2013 - 20:18
marciano

You are not going to believe me if I tell you that
* ^From: .*aaa | bbb | ccc.*
does not catch the first option 'aaa'
I had to change to
* ^From: .*foo | aaa | bbb | ccc.*
and the all three option filters are recognized

Wed, 08/21/2013 - 09:04
marciano

More info: a couple of mails that do not match * ^From: .foo | aaa | bbb | ccc. are also forwarded

Wed, 08/21/2013 - 09:19
Locutus

Since in Procmail the matching lines are perl regular expressions, the right syntax for your purpose (if you intend to forward everything that contains "aaa", "bbb" or "ccc" anywhere in the sender address) would be:

* ^From: .*(aaa|bbb|ccc).*

Alternatives need to be in round brackets, and don't put and spaces between the pipes.

Wed, 08/21/2013 - 16:28
marciano

Thanks Locutus.
I also found that the line
! ^X-Loop: user@gmail\.com
lacks a starting asterisk

Topic locked