Both instances are utilizing RewriteEnvelopeFromWhenForwarding=1
Let says i have 2 accounts, ruud@home.com and ruud@work.com and both these accounts are setup with SPF, DKIM and DMARC, for both accounts I have setup (automatic) forwarding to my gmail account
If i now send a mail from ruud@home.com to ruud@work.com the message is successfully forwarded to my gmail account,
If i in gmail open the source <show original> it reports:
Code: Select all
SPF: PASS with IP x.x.x.x (@work.com IP)
DKIM: 'PASS' with domain home.com
DMARC: 'PASS'
Code: Select all
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@work.com header.s=s2024 header.b=VPZcTMjN;
dkim=pass header.i=@home.com header.s=mail header.b=cHedygYj;
spf=pass (google.com: domain of ruud@work.com designates x.x.x.x as permitted sender) smtp.mailfrom=ruud@work.com;
dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=home.com
Authentication-Results: mx.google.com;
dkim=pass header.i=@work.nl header.s=s2024 header.b=VPZcTMjN;
dkim=pass header.i=@home.nl header.s=mail header.b=cHedygYj;
spf=pass (google.com: domain of ruud@work.com designates x.x.x.x as permitted sender) smtp.mailfrom=ruud@work.com;
dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=home.com
Code: Select all
SPF: PASS with IP x.x.x.x (@home.com IP)
DKIM: 'PASS' with domain home.com
DMARC: 'FAIL'
Code: Select all
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@home.com header.s=mail header.b=ZmMaLHCv;
dkim=neutral (body hash did not verify) header.i=@work.com header.s=s2024 header.b=pTF9N56E;
spf=pass (google.com: domain of ruud@home.com designates x.x.x.x as permitted sender) smtp.mailfrom=ruud@home.com;
dmarc=fail (p=QUARANTINE sp=REJECT dis=NONE) header.from=work.com
Authentication-Results: mx.google.com;
dkim=pass header.i=@home.com header.s=mail header.b=ZmMaLHCv;
dkim=neutral (body hash did not verify) header.i=@work.com header.s=s2024 header.b=pTF9N56E;
spf=pass (google.com: domain of ruud@home.com designates x.x.x.x as permitted sender) smtp.mailfrom=ruud@home.com;
dmarc=fail (p=QUARANTINE sp=REJECT dis=NONE) header.from=work.com
I also looked at the DKIM signing source, although code not 100% the same due to int to size_t conversion on 64-bit (5.7) the code is functional identical
For both directions, the incoming mail reports DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF in SA
There is no difference in DKIM/SPF alignment or method (both using relaxed/relaxed) between the 2 instances...
Weird huh? I am clueless why this happens....anyone got an idea?