0

I'm trying to setup Postfix on Amazon AWS so that all emails forwarded to contact@mydomain.com will be forwarded to my personal email. I've verified my personal email address which it will be forwarding to, I've verified contact@mydomain.com, and I'm no longer in production mode.

The issue seems to be that the email addresses that write to contact@mydomain.com are not verified, obviously. And when the message comes through Amazon rejects it without forwarding to my personal email. I get a log entry like this:

Apr 20 17:33:12 ip-XX-XX-XXX-XXX postfix/smtp[17335]: E10ED1234: to=<mypersonal@gmail.com>, orig_to=<contact@mydomain.com>, relay=email-smtp.us-east-1.amazonaws.com[54.243.161.229]:25, delay=0.28, delays=0.01/0.03/0.12/0.13, dsn=5.0.0, status=bounced (host email-smtp.us-east-1.amazonaws.com[54.243.161.229] said: 554 Message rejected: Email address is not verified. (in reply to end of DATA command))

I have another email address which is also verified, and when I mail from that address to contact@mydomain.com then it successfully forwards it where I want. So the basic setup with Amazon SES is working, but I'm obviously missing something with regards to setting it up for an email forward/relay.

Any help would be much appreciated

bratsche
  • 133
  • 2
  • 7

3 Answers3

4

Took me some time to find out, but sender_dependent_relayhosts_map is your friend.

See: http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps

Basically: you define the Amazon SES recipient end-point as the requested end-point for all mail that was sent FROM your domain. All other e-mail should be sent through a regular SMTP connection outside of Amazon SES.

This basically makes the server a relaying server, but because you also restricted the sender and recipient domains based on SASL authentication, only authenticated users can send from your domain and non-authenticated users can only use the aliased and forwarded addresses.

The forwarded addresses are sent outside of SES to your (possibly) validated email addresses.

This of course opens a can of worms regarding being flagged as spammer, one of the reasons to actually have everything being sent through SES. But the e-mail is at least being forwarded from the server to the end-recipient instead of being bounced.

Michiel Uitdehaag
  • 61
  • 3
2

You should be able to make this work if you:

  • Force the From address to one from your domain (perhaps forwarded@yourdomain.com).
  • Rewrite the Reply-To header to be the sender's address.

Most mail clients will honour the Reply-To and SES will be happy with the From address.

ianjs
  • 411
  • 2
  • 6
  • Hi ianjs, I've been looking into how to deal with this but running into some blockers. I've posted another question up which deals with how to do this, if you have time to help with it: http://serverfault.com/questions/501722/conditionally-rewriting-from-and-reply-to-headers-in-postfix – bratsche Apr 22 '13 at 23:36
1

To send through Amazon SES you need to verify every email address used in email From: field so I'm afraid for your setup Amazon SES is useless because there is limit of 1000 address you can verify.

AlexD
  • 8,179
  • 2
  • 28
  • 38
  • That's disappointing. This seems like it would be a very common use-cases for anyone hosting on AWS. :( – bratsche Apr 20 '13 at 17:59
  • Would it be possible to rewrite the From: part of the message to be something like "forwards@mydomain.com", then verify forwards@mydomain.com? Is it possible to set that up to only work for my aliases, or would I be somehow opening up my system to relay messages elsewhere in a spammy way? – bratsche Apr 20 '13 at 18:04
  • You definitely can rewrite `From:` address by delivering locally to script which will forward all email with rewritten `From:` header (you can use `formail` to do this). I recommend opening new question for this. – AlexD Apr 20 '13 at 18:40
  • I'll Google around first before I open a new question. Thanks for your help, marking your answer as accepted. :) – bratsche Apr 20 '13 at 19:41
  • any chance you could help me out with my follow-up question? http://serverfault.com/questions/501722/conditionally-rewriting-from-and-reply-to-headers-in-postfix – bratsche Apr 26 '13 at 22:51