Email Forwarding / Aliasing - FROM Address

XtremeOwnage · April 17, 2018, 8:34pm

So, I finally got my email server up and running. I am now able to send and receive emails without issue.

I am using amazonSES as my email sender, which simplifies mysetup quite a bit.

However, I am having an issue when either setting a mail alias, or enabling forwarding.

The system will receive the email message no problem.

But, when it sends the email out, per forwarding configuration, My FROM address is being rejected.

554 Message rejected: Email address is not verified.

After doing some digging, it is using the FROM address of the original sender.

How… do i resolve this? Its obviously not good practice for my server to be forwarding email for somebody else’s domain.

XtremeOwnage · April 17, 2018, 8:36pm

Subscribing to this thread. Couldn’t find option in original post

scotwnw · April 18, 2018, 2:27pm

That reject is a reject by amazon not your email server. I tried using SES at one point and gave up. Every email address has to be added to the approved list of addresses in amazonSES setup. Which requires adding SES dns entries for that domain. Once the main domain is verified, each email address also has to be verified and added to the approved list.

XtremeOwnage · April 18, 2018, 2:43pm

I have no problem SENDING as any address in my domain.

I can use randomemailaddress@mydomain.com and it works just fine.

The problem is, when it “Forwards”, the FROM: header, is the ORIGINAL email’s address, so, it appears I am attempting to send on behalf of the original domain, and not my domain.

scotwnw · April 18, 2018, 3:04pm

Oh, so when randomemailaddress@mydomain.com tries to forward mail from a non mydomain.com address, it is doing so as if it was from original sender. Hmm.

XtremeOwnage · April 18, 2018, 3:39pm

It “may” be confused by the headers, but, from the inbox I am testing, I can send out emails just fine.

As soon as it tries to “forward” one, that is when it breaks.

Here are the logs:

Apr 18 15:31:20 postfix/smtpd[15577]: connect from MY_WORK_IP
Apr 18 15:31:20 postfix/smtpd[15577]: 9EAC71213EC: client=MY_WORK_IP
Apr 18 15:31:20 postfix/cleanup[2079]: 9EAC71213EC: message-id=<>
Apr 18 15:31:20 postfix/qmgr[1551]: 9EAC71213EC: from=MY_WORK_EMAIL@MYWORK.COM, size=456, nrcpt=1 (queue active)
Apr 18 15:31:41 postfix/local[2081]: 9EAC71213EC: to=<MY_INBOX@MY_MAIL_DOMAIN>, orig_to=<MY_EMAIL@MY_DOMAIN.COM>, relay=local, delay=20, delays=0.18/0/0/20, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Apr 18 15:31:41 postfix/cleanup[2079]: 01A5812177B: message-id=<>
Apr 18 15:31:41 postfix/qmgr[1551]: 01A5812177B: from=MY_WORK_EMAIL@MYWORK.COM, size=617, nrcpt=1 (queue active)
Apr 18 15:31:41 postfix/local[2081]: 9EAC71213EC: to=<MY_INBOX@MY_MAIL_DOMAIN>, orig_to=<MY_EMAIL@MY_DOMAIN.COM>, relay=local, delay=21, delays=0.18/0/0/20, dsn=2.0.0, status=sent (forwarded as 01A5812177B)
Apr 18 15:31:41 postfix/qmgr[1551]: 9EAC71213EC: removed
Apr 18 15:31:41 postfix/smtp[15669]: 01A5812177B: to=MY_PERSONAL_EMAIL@GMAIL.COM, orig_to=<MY_EMAIL@MY_DOMAIN.COM>, relay=AMAZON_SES, delay=0.7, delays=0.09/0.02/0.42/0.17, dsn=5.0.0, status=bounced (host AMAZON_SES said: 554 Message rejected: Email address is not verified. The following identities failed the check in region US-EAST-1: MY_WORK_EMAIL@MYWORK.COM (in reply to end of DATA command))
Apr 18 15:31:41 postfix/cleanup[2079]: B1F47121784: message-id=<20180418153141.B1F47121784@MY_MAIL_DOMAIN>
Apr 18 15:31:41 postfix/qmgr[1551]: B1F47121784: from=<>, size=3014, nrcpt=1 (queue active)
Apr 18 15:31:41 postfix/bounce[15670]: 01A5812177B: sender non-delivery notification: B1F47121784
Apr 18 15:31:41 postfix/qmgr[1551]: 01A5812177B: removed
Apr 18 15:31:42 postfix/smtp[15669]: B1F47121784: to=MY_WORK_EMAIL@MYWORK.COM, relay=AMAZON_SES, delay=0.35, delays=0.13/0/0.21/0, dsn=5.0.0, status=bounced (host AMAZON_SES said: 501 Invalid MAIL FROM address provided (in reply to MAIL FROM command))
Apr 18 15:31:42 postfix/qmgr[1551]: B1F47121784: removed

Explanation:

I am sending an email from MY_WORK_EMAIL to MY_INBOX@MyDomain, which is then forwarded to MY_PERSONAL_EMAIL.

BUT-

The “FROM” appears to be from MY_WORK_EMAIL, instead of “MY_INBOX”

scotwnw · April 18, 2018, 3:58pm

You’re not still in the sandbox testing phase are you?

“This error could apply to the “From”, “Source”, “Sender”, or “Return-Path” address. If your account is still in the sandbox, you also must verify every recipient email address except for the recipients provided by the Amazon SES mailbox simulator.”

scotwnw · April 18, 2018, 4:04pm

Not sure why its happening but a simple solution would be to add MY_WORK_EMAIL@MYWORK.COM to amazonSES as a verified email. No dns changes required. It will email that address a link to confirm you own it.

XtremeOwnage · April 18, 2018, 4:37pm

But- that would break forwarding completely.

Say, my hosted box receives an email from random person. Well, I would have to add every random person as a verified address.

I am looking for some solution that allows the FROM: header to be rewritten to match the inbox it is being forwarded from.

noisemarine · April 22, 2018, 8:30am

Perhaps this link might help shed some light on things: http://www.openspf.org/FAQ/Forwarding

The solutions contained therein may not be the silver bullet you are looking for, but the discussion may help your understanding.

XtremeOwnage · April 23, 2018, 2:49pm

Excellent, That is the response I was looking for. I had SRS in place many years back, and I had forgotten all about it. Thanks!