Re: Mail delivery from Postfix to remote IMAP

[Greg Troxel <gdt%lexort.com@localhost>]

Rhialto <rhialto%falu.nl@localhost> writes:

> The trouble with plain forwarding is that my mail server's domain name
> doesn't match the domain name in the From: header, and doesn't match the
> envelope FROM domain, and it doesn't match the SPF policy of the sender
> domain etc etc. Those are things that are checked by DKIM/DMARC/SPF.

DKIM checks the signature.
SPF checks the sending server.
DMARC doesn't check anything, but specifies that a message should be
disfavored unless either DKIM or SPF passes.

Not modifying the message is exactly the right thing to do.

> And you can't change the From: header because that is changing the mail
> (and invalidates the DKIM signature), and neither can you change the
> envelope FROM address because bounces (as far as they happen) won't work.

It's bad to change either, regardless.

> Unfortunately DKIM is designed to break forwarding... I can't think of a
> way to change an email message to make it DKIM-compliant.

You can't; that's the point.

> Mailing lists can get away with changing the From: header to something
> like "list%example.org@localhost (Rhialto via Example-List)" (and that's already
> an ugly thing to do) but that's not an option for individual mails.

I don't think they get away with it.  They do it anyway and people that
understand standards tell them they are doing it wrong.  But their
internet license is not revoked and they aren't jailed, if that's what
you mean by get away.


There's something else, which is that spam filtering is a local call, so
you can't reason "if I do X it will be ok".  It might or might not be,
and it can change  in the future.

Because of this, I think delivering to IMAP via some kind of IMAP client
delivery agent is reasonable.

The other thing to do is to tell them that they have an account on your
domain, and they can IMAP to you to get mail, and use submission to your
server to send mail, and that's that.