Hi, Johannes -
Firstly, don't change the contents of the To or CC headers! The message
might have been digitally signed and authenticated using a technology such
as DKIM. This protects various key headers as well as the message body and
the attachments. If you change any of them you will break the signature and
cause further delivery problems.
Instead you just want to change the MAIL FROM (sender) address in the SMTP
envelope so it uses an email address within your own domain. The best way
of doing this is *not* to set it to one of your user's email addresses.
Instead use SRS (Sender Rewriting Scheme) to encode the original sender's
address into a specially formatted address that ends with "@' and your own
domain name. The site you forward the message onward to will then check the
MAIL FROM address against your SPF policy instead of that belonging to the
original sender.
SRS is good because if there's a problem delivering the message further on
it will come back to your mail service (because your domain is now in the
MAIL FROM of the envelope). You'll then be able to undo the SRS-rewritten
address to retrieve that of the original sender so you can relay the
delivery failure back to them.
Something to watch out for…
If the original sender's email domain is protected using DMARC then you
might still hit problems. This is because whilst SPF now passes, it'll
still fail DMARC's tighter SPF requirements — that the domain name in the
MAIL FROM address aligns with ("is similar to") that in the "From" header.
Hopefully the original sender's site won't just be relying on their SPF
record though, but also DKIM-signing their messages. So as long as you
don't break that signature (by altering the Fro/To/Cc headers!) things will
likely be OK and your relayed message will get through.
As for how to use the *return_path* — just assign the email address you
want to become the new MAIL FROM in the envelope to it. It's all described
in Exim's extensive documentation. :-)
Cheers,
Mike B-)
On Wed, 9 Sep 2020 at 15:38, Johannes Vogel via Exim-users <
exim-users@???> wrote:
> Hi
>
> Am 07.09.20 um 13:23 schrieb Jeremy Harris via Exim-users:
> > On 06/09/2020 21:04, Johannes Vogel via Exim-users wrote:
> >> When I forward an address to an @bluewin.ch address, they bring back an
> >> error like this:
> >>
> >> SMTP error from remote mail server after end of data:
> >> 554 5.2.0 sc971: SPF hard fail
> > Yes, SPF breaks forwarding.
> >
> > Option "return_path" on the transport:
> >
> >
> http://exim.org/exim-html-current/doc/html/spec_html/ch-generic_options_for_transports.html
>
> Thank you for the hint! But I don't know what content I should assign.
>
> In my example I'd like to set the to address of the forwarded mail.
>
> original message: mike@??? --> lisa@???
> new envelope: lisa@??? --> lisa@???
> new mail header: mike@??? --> lisa@???
>
> Is the information of the original to address at this moment available?
> Does this solve my problem with SPF?
>
> Best regards,
> Johannes
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
--
*My normal working days are Tuesdays, Wednesdays and Thursdays.*
Systems Administrator working in Teaching & Learning
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811
Email Disclaimer:
www.york.ac.uk/about/legal-statements/email-disclaimer/
Web:
www.york.ac.uk/it-services
Disclaimer:
www.york.ac.uk/docs/disclaimer/email.htm
