So I had an objective to create a mailing server with one DKIM key which would serve as mailing server for contact forms … Idea is, that you don’t need multiple DKIM keys as mail is sent from single domain, but in the same time, it should add reply-to header with primary email address so that when reply to this mail, user will send to real mail address.
I had problem rewriting From header and add reply-to header with primary mail address at the same time. I then discovered that you can’t define From in header_checks multiple times. Only first one will be processed. At first, I had an idea that first rule would add reply-to header with primary mail, then second rule would rewrite primary address with new domain part.
My wish was also, that first (user) part of email address should be kept and rewrote with new domain. I used sender_canonical for rewriting domain, but still no luck. In mail headers there was still old From mail and DKIM was not signed as domain didn’t match. What did the trick was adding local_header_rewrite_clients. This allowed postfix to rewrite headers to authenticated users and those defined in mynetworks.
Here is the whole configuration:
main.cf:
### rewrite domain & add reply-to & rewrite message-id
local_header_rewrite_clients = permit_sasl_authenticated, permit_mynetworks
canonical_classes = envelope_sender, header_sender
canonical_maps = regexp:/etc/postfix/sender_canonical
header_checks = regexp:/etc/postfix/header_checks
header_checks:
/^From:\s*(.*<)?([^@]+)@([^>]+)>?/ PREPEND Reply-To: <${2}@${3}>
/^Message-Id:\s+<(.*?)@([^>]+)>/ REPLACE Message-Id: <${1}@newdomain.com>
sender_canonical:
/^<?([^@]+)@[^> ]+>?$/ ${1}@newdomain.com
DKIM SigningTable:
*@newdomain.com newdomain.com
Then define your hostname of mailing server in your application to use as mailing service. In my case, user has to authenticate. If you send mail from username@mydomain.com, reply-to header with the same address would be added, From would be replaced with username@newdomain.com and DKIM would be successfully signed with newdomain.com. If end user replyes to this mail, Return-to is defined and mail would be sent to primary address username@mydomain.com and not non-existing username@newdomain.com.
Recent Comments