When using Postfix virtual alias maps to forward email to another domain, is it possible to have Postfix re-write the sender address exclusively for forwards to avoid SPF rejection at the final destination.
i.e. If user1@ourdomain.com has a forward configured to anotheruser@externaldomain.com, we want Postfix (running at ourdomain.com) to rewrite the sender address to user1@ourdomain.com.
Currently email sent from source@randomdomain.com to user1@ourdomain.com will be forwarded to anotheruser@externaldomain.com with the sender address staying as source@randomdomain.com, which causes an SPF rejection.
I've found in other answers such as this one that this is possible with postsrsd, however installing new software on these hosts is likely not possible.
I was initially looking into sender canonical maps, however the Postfix documentation suggests that canonical maps are not used with virtual alias maps:
Postfix address rewriting documentation:
Addresses found in virtual alias maps … are not subjected to canonical mapping, in order to avoid loops.
Is there another way to re-write the sender address which will work with virtual alias maps without installing something like postsrsd?
Best Answer
postsrsd is not difficult to set-up and it is the correct way to handle the issue because it makes clear to the receiving system that the message is a forward. By plainly rewriting the envelope sender you are taking on yourself the reputation burden of the email you are forwarding. Should you forward spam, the receiving system will blame your domain for it and lower your reputation.
This may happen anyway, even with SRS, because it depends on the receiving domain to be capable of discriminating a forwarded message from a direct message. Gmail, for example, prefers a plain forward that fails spf to an SRS forward. Go figure.
The perfect solution would be not to forward at all.