I'm using a Postfix mail server to forward personal mails from an EC2 instance to a Gmail account.
To prevent Google from considdering me a source of spam I have set up
all the smtpd_relay_restrictions
in /var/postfix/main.cf
. I have
installed and set up Spamassasin and Postgrey for spam control and greylisting. I have set up TLS (with the
snakeoil certs for now), and the SPF records for my domain all yield
example.com. 3600 IN TXT "v=spf1 mx include:_spf.google.com -all"
after reading docs and StackOverflow.
Everything is working and I get mails for all three domains. However, when I inspect the mail headers of mails that have passed through my Postfix as well as Google I allways see headers like the following:
Received-SPF: neutral (google.com: 1.2.3.4 is neither permitted nor denied by domain of bounce-mc.us11_45970521.602249-info=example.com@mail191.atl171.mcdlv.net) client-ip=1.2.3.4;
Authentication-Results: mx.google.com;
dkim=pass [email protected];
spf=neutral (google.com: 1.2.3.4 is neither permitted nor denied by domain of bounce-mc.us11_45970521.602249-info=example.com@mail191.atl171.mcdlv.net) smtp.mailfrom=bounce-mc.us11_45970521.602249-info=example.com@mail191.atl171.mcdlv.net
(1.2.3.4
and example.com
are substitutes for my IP and my domain)
Is this something I need to worry about or is that just unavoidable noise you get when you forward mail? Will Google react at some point and ban me from internet?
I have considered setting up some form of SRS but I believe Best practices for forwarding mail to Gmail discourages one from that.
I know this (forwarding mail to Google) is not an unusual set up and I realise my concerns are not unique, so I wonder what other people suggest.
Cheers Mats
Added This is my reply to Peter's answer, below
Hi Peter. Thanks for your reply. I configured SPI and forwarding for my EC2 mail server. This worked fine to a degree. However, Google filtered out a good deal of spam, as expected. I also started to get mail notifications that they noticed that my server sent spam to Google users (me) they started to block my server for periods of time.
To have mail forwarding work on Gmail I have found out that you'd also need the full sender-rewriting-DKIM setup and as my mail server project started to snow ball (with all the extra modules and config) I resorted to a mail forwarding with my DNS provider. This means that the spam filtering is downgraded as quite a few, formerly targeted, spam mails now get passed GMail's (ans my own SpamAssasin) filtering.
My conclusion is that you need to go all the way (SPI + rewriting + DKIM) if you want a solution like this to work with EC2 (or equivalent) and GMail. This isn't my current solution, but I might set it up one day if I get the time. The advantage would be the Bayesian learning of a Spam Assasin of my own.
Cheers