Forward mails to other host and port with same domain

[pbek]

Hi there, thank you for this great service!

Is it possible to forward emails to another host (in conjunction with the forward-email-port setting) without rewriting the domain? If I am using forward-email=mx2.domain.com for my domain domain.com, then emails like test@domain.com will be rewritten to test@mx2.domain.com, but I want them stay the same.

Scenario: using forwardemail as backup mx to a host with blocked port 25

Thank you very much!

[niftylettuce]

So you're asking if forward-email=someotherdomain.com will work in combination with forward-email-port? Yes. Emails don't get rewritten (we don't rewrite FROM/TO or anything, just the envelope/MAILFROM in SMTP).

[pbek]

But I just tried it on https://forwardemail.net and mails to user@domain.com got rewritten to user@someotherdomain.com when talking to my backup mx at someotherdomain.com (and thus my mail server rejected them).

[niftylettuce]

Can you share the rejection message and the original raw email? niftylettuce@gmail.com works

We don't rewrite FROM/TO or any headers in the email, just the envelope - so if it's getting rejected, it might be due to SPF or DKIM or DMARC failing and your server is rejecting because of that.

[pbek]

Jan 8 13:13:42 mail postfix/smtpd[2125]: NOQUEUE: reject: RCPT from unknown[172.18.0.1]: 550 5.7.23 <pbek@mx2.bekerle.com>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=srs0=d091=gm=protonmail.com=patrizio.bekerle@forwardemail.net;ip=172.18.0.1;r=<UNKNOWN>; from=<SRS0=d091=GM=protonmail.com=patrizio.bekerle@forwardemail.net> to=<pbek@mx2.bekerle.com> proto=ESMTP

The error was indeed a SPF message, but the pbek@mx2.bekerle.com in the error message got me confused. (btw. thank you for the very fast response)

[pbek]

So you say that the message wasn't sent to pbek@mx2.bekerle.com, but the original email address?

[niftylettuce]

It gets forwarded at the SMTP level to the new host

[niftylettuce]

Did you need help fixing the SPF issue? Also the SRS rewrite won't happen anymore in the very near future so that will be another less headache

[pbek]

I want to use mail.bekerle.com as main mail server and mx2.bekerle.com as backup mx (both for all qownnotes.org mails). mx2.bekerle.com has a blocked port 25, so postfix runs on port 1025.

For qownnotes.org I now have these MX records (mail.bekerle.com will have priority 5 again later, just for testing I gave forwardemail a lower priority):

qownnotes.org.          299     IN      MX      50 mail.bekerle.com.
qownnotes.org.          299     IN      MX      10 mx1.forwardemail.net.
qownnotes.org.          299     IN      MX      20 mx2.forwardemail.net.

I've these txt entries:

qownnotes.org.          300     IN      TXT     "v=spf1 a mx a:mail.bekerle.com a:mx2.bekerle.com include:spf.forwardemail.net ~all"
qownnotes.org.          300     IN      TXT     "forward-email=mx2.bekerle.com"
qownnotes.org.          300     IN      TXT     "forward-email-port=1025"

Formerly I just had v=spf1 mx ~all as spf entry.

But I still get these log entries on the mx2.bekerle.com server when I send a mail to pbek@qownnotes.org:

Jan  8 21:46:19 mail policyd-spf[966]: 550 5.7.23 Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=srs0=0fa1=gm=tugraz.at=patrizio.bekerle@forwardemail.net;ip=172.18.0.1;r=<UNKNOWN>
Jan  8 21:46:19 mail postfix/smtpd[956]: NOQUEUE: reject: RCPT from unknown[172.18.0.1]: 550 5.7.23 <pbek@mx2.bekerle.com>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=srs0=0fa1=gm=tugraz.at=patrizio.bekerle@forwardemail.net;ip=172.18.0.1;r=<UNKNOWN>; from=<SRS0=0fa1=GM=tugraz.at=patrizio.bekerle@forwardemail.net> to=<pbek@mx2.bekerle.com> proto=ESMTP helo=<mx1.forwardemail.net>

And I still see a to=<pbek@mx2.bekerle.com> in the log entry.

[pbek]

In the Undelivered Mail Returned to Sender mail I got:

<pbek@qownnotes.org>: host mx1.forwardemail.net[138.197.213.185] said: 550
    Error for mx2.bekerle.com of "Can't send mail - all recipients were
    rejected: 550 5.7.23 <pbek@mx2.bekerle.com>: Recipient address rejected:
    Message rejected due to: SPF fail - not authorized. Please see
    http://www.openspf.net/Why?s=mfrom;id=srs0=0fa1=gm=tugraz.at=patrizio.bekerle@forwardemail.net;ip=172.18.0.1;r=<UNKNOWN>"
    (in reply to end of DATA command)

Again it looks like the mail was relayed to pbek@mx2.bekerle.com instead of pbek@qownnotes.org.

[niftylettuce]

You have to include Forward Email on both domains (SPF wise), and on the second domain you have to include the first domain in the SPF record. Since the priority is 50 and mx1 and mx2 are not failing (aka they are responding), it will always go to mx1 or mx2, and never mail.bekerle.com.

[pbek]

Thank you for your answer!

You have to include Forward Email on both domains (SPF wise)

So I'll try to add it also to mail.bekerle.com?
But my initial question still remains for me. Seeing to=<pbek@mx2.bekerle.com> in the logs makes me think the email got relayed to pbek@mx2.bekerle.com instead of pbek@qownnotes.org (like it should). Is that a thing forwardmail does because of my TXT entry "forward-email=mx2.bekerle.com"? My initial question was if I can use "forward-email=mx2.bekerle.com" so forwardmail will ask mx2.bekerle.com (on port 1025) to deliver an email to pbek@qownnotes.org. 😁

Since the priority is 50 and mx1 and mx2 are not failing (aka they are responding), it will always go to mx1 or mx2, and never mail.bekerle.com.

Yes, thank you. I'm not actively using qownnotes.org for email at the time. I have those priorities set to test forwardmail.

[pbek]

You have to include Forward Email on both domains (SPF wise)
So I'll try to add it also to mail.bekerle.com?

Still the same SPF error. 😅

[kkplein]

This ticket is closed, but I am seeing exactly the same. Emails are delivered to my home emailserver, but not with the original address, but with a rewritten domain that my emailserver is not accepting mail for. I have found another service that behaves as you would expect: dynu.com
But it would be so nice if forwardemail could behave the same, as I really don't see why the current behaviour would be beneficial to anyone. (why would the domain ever need to be rewritten, I only need to receive the IDENTICAL email on a different port)

[titanism]

Can you share the rejection message and the original raw email?

We don't rewrite FROM/TO or any headers in the email, just the envelope - so if it's getting rejected, it might be due to SPF or DKIM or DMARC failing and your server is rejecting because of that.

@kkplein we don't rewrite anything here - can you share the raw source headers to show what you mean?