I am setting up a mail server on my VPS and in order to prevent spam and being marked as spam I have enabled SPF, DKIM and DMARC. However, I do not want to host my own mailbox, so I forward the incoming mail to external mail accounts, e.g. Gmail. The problem with forwarding is that it breaks the SPF check. This can be fixed by using SRS, which rewrites the senders address to match the mail server's.
When sending mail, I have configured Gmail to send the mail through my mail server. In that case SPF, DKIM and DMARC will pass, but only if SRS is disabled, otherwise SRS will cause the sending address domain to no longer match with the FROM header domain, which is a requirement for DMARC to pass.
So my question is, how can I enable SRS when forwarding, but prevent it from being enabled when sending?
Here is some more context. The mail server is running Ubuntu 12.04 LTS and is using the following software:
- Postfix 2.9.6
- OpenDKIM 2.6.8
- OpenDMARC 1.3.1
- PostSRSD (latest master from GitHub)
As I understood it, there are mail clients out there that require the PTR, MX, EHLO, and mail banner to refer to the same domain. And because I use my VPS for more than just a mail server I have chosen to set these to the hostname of my VPS, let's say vps.tld.
To enable PostSRSD you have to add the following lines to /etc/postfix/main.cf
:
sender_canonical_maps = tcp:127.0.0.1:10001
sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:127.0.0.1:10002
recipient_canonical_classes = envelope_recipient, header_recipient
But that would enable SRS in the general case, not only when forwarding. It seems that this is a common use case of a mail server, so I hope there is a solution for this.
EDIT:
Here is the output of postconf -n
as requested:
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
milter_default_action = accept
mydestination = vps.tld, localhost
mydomain = vps.tld
myhostname = vps.tld
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
non_smtpd_milters = $smtpd_milters
recipient_canonical_classes = envelope_recipient, header_recipient
recipient_canonical_maps = tcp:127.0.0.1:10002
recipient_delimiter = +
sender_canonical_classes = envelope_sender
sender_canonical_maps = tcp:127.0.0.1:10001
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:8893
virtual_alias_domains = domain1.tld domain2.tld domain3.tld
virtual_alias_maps = hash:/etc/postfix/virtual