In general, email forwarding is the root of all evil:
- SPF verification fails at the forwarded MX.
- DKIM verification fails at the forwarded MX, if the forwarding MX doesn’t rewrite the header.
- DMARC aggregation report would not be “correct” like what the report receiver want it to be.
Some mitigation method for SPF/DKIM thing like whitelisting is included in mailcow/rspamd, but it works well without increase of false-negative only when the forwarding MX has perfect filtering solution, and everyone know that there is no perfect solution.
So, I’m wondering if I can use imapsieve in forwarded MX (mailcow) to fetch emails from forwarding MX instead of email forwarding and let them scanned by rspamd. But since the relationship architecture of rspamd and MTA, rspamd cannot scan emails fetched by imapsieve by default. Also I would need additional configuration in rspamd so that it would not increase scores when the fetched email has “To: firstname.lastname@example.org” etc.
Any idea/solutions for this? Like how to configure them easily or implementation as a mailcow function.