Hi Sebastian,
maybe I'm missing the point, because I didn't follow the gory details of
the discussion.
Do you want safely forward messages that are "protected" by DMARC (as
DKIM | SPF) originating outside of your server?
If you replace the original From: by the forwarder's From:, then the
final recipient can't verify the the authenticity of the message.
(Broken DKIM, absent SPF).
If you need to foward, then either at the MUA level, or if you do it on
the MTA level, use SRS to rewrite the sender information (return path).
Yes, this breaks the alignment betwenn From: and Sender:, but DKIM
should be still intact and allow the recipient a successful
verification.
I may be completly wrong with my assumptions about your issue, though.
Sebastian Nielsen via Exim-users <exim-users@???> (Di 21 Apr 2020 22:05:10 CEST):
> I really don't understand this hostility against modifying email.
> Yes, I know that it isn't RFC compliant for an MTA to modify email. But its
> surely possible, and in certain situations, good to do it.
..
> Isn't a perfect situation, but totally fine for me.
> And my mail gets deliivered with PASS/PASS/PASS on SPF/DKIM/DMARC even when
> forwarding from accounts that have aligment set to strict.
Because you changed the "origin" of the message, didn't you?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -