How to setup 'relay non-existing mailboxes only'

s4069b

I am attempting to ‘split’ email addresses off of two domains, to host some mailboxes from each domain on mailcow. The goal being to have a higher priority MX setting for Mailcow, and forward/relay/pass email for non-existing mailboxes onward to the main mail server which has a lower priority MX setting. One of the domains is an old Gsuite one and the other is a cPanel account. I have full access to DNS settings for both domains.

My mailcow mailer is setup and working with it’s own domain.

Adding a new DOMAIN in Mailcow with ‘relay non-existing mailboxes only’ seemed like the obvious next step. Done. Then I added a couple of mailboxes to that domain. The result - mail sent to an existing mailbox arrives (perfect) but mail sent to a nonexistent mailbox receives a ‘looped back on myself’ message from mailcow (that’s a fail). I assume I need to SETUP A COSTOM TRANSPORT MAP. (As a side-note -if I shutdown the Mailcow server, then incoming mail goes to the old mail server with the lower MX setting - which is desirable).

I tried editing …. “data/conf/postfix/custom_transport.pcre” (as this page suggests), and then restarted the postfix container. Result - no change… Mailcow did not appear to recognise my custom settings.

So, I tried going into configurations/configurations & details/routing and set-up a transport map there. I kept it simple and added destination: my.domain.net and Next hop: [aspmx.l.google.com]. The result is that YES email sent to a nonexistent mailbox on Mailcow forwards on to google (similar result for the cPanel server, with a similar transport map) and this is CLOSE to a solution… but NOT… read on…. (note these transports result in being SMTP and default port 25)

BUT the issue I now have is that forwarded/relayed email to google (or cPanel) fails it’s spf check because my MailCow server IP is not included in the original sending domain. Failing the test results in spam or reject based on the original sending domain’s _dmarc.

My question is how do I keep my Mailcow server IP out of the forwarded email’s spf check?

Is this something which a custom transport in “data/conf/postfix/custom_transport.pcre” would avoid? If so, then how would I set this up… as my attempts have to this point failed.

Any advice would be greatly appreciated.

s4069b

follow-up. Worked out how to use custom transport in “data/conf/postfix/custom_transport.pcre”. pcre = perl compatible regular expressions? anyway, this for example on one line in that file (then restart postfix container) will have an impact.
/my.domain.net/ relay:old.mx.net

However the final spf check at the final destination still fails because the mailcow ip address is not permitted to send for the original sender’s domain.

So, now my question is a postfix transport one. How can I get the final destination to run it’s spf check on the original sender and not on my ‘relay’ domain? is there a way to manipulate headers or something?

Or, am I completely missing something.

mailcow-helper

hi, can you guide the all settings if you have successfully achieved it?

I setup split delivery in Google workspace and started getting emails on mailcow. However on new mailcow I can’t only selecct Relay non-existing mailboces only check box. when clicked it automatically selects both checkboxes above on it.

What should be the next changes to get outgoing emails work?

mailcow-helper

I don’t know if you are facing this issue or not but my issue is:

When user does not exist on Google workspace as well as on mailcow, the email goes in loop and after some time sender gets rejection email as TOO MANY HOPS.

Looking for some solution on rejecting emails when the account is not on Google or on mailcow.