Zimbra v8.7.11.GA Forward only 554 Message rejected.

[shanmarsh28]

Hi, I hope you can help. Apologies if this has been posted somewhere before but I am struggling to see the wood from the trees today.

Zimbra for us is setup to route all outgoing emails through Amazon SES and this has been working well. However I noticed today that ALL emails that are sent via Zimbra's auto forwarding feature bounce with a 554 Message rejected: Email address is not verified.

To clarify, if a user composes a brand new email and sends it, all is OK - super! IF an email received by a mailbox which has a forwarding feature enabled, as expected Zimbra will attempt to forward but SES will bounce the email as per the error above. The forwarding feature does not appear to forward from the verified email (mailbox) address but from the original sender, Paypal or whatever it is, which is NOT allowed under SES rules. Sent emails MUST be from a verified SES domain.

Where do I go to fix this? If someone can point me in the right direction I'll be very grateful.

I initially setup SES following these instructions: https://wiki.zimbra.com/wiki/Outgoing_S ... entication

[shanmarsh28]

Anyone? Any advise please.

[shanmarsh28]

Thanks for your help everyone

After some testing, I have re-routed all outbound emails through Sendgrid rather than SES and this has worked around the problem for us.

[DualBoot]

Hello,

fisrt : this a community forum, not a Support site. So people answer when they have time and they already met this kind of problem or anything like that.
Second : after reading your problem carefully, it seems that SES allow only domain which are knwon from your server. Maybe SES uses à more restrictive policy.
Regards,

[shanmarsh28]

Hello,

fisrt : this a community forum, not a Support site. So people answer when they have time and they already met this kind of problem or anything like that.
Second : after reading your problem carefully, it seems that SES allow only domain which are knwon from your server. Maybe SES uses à more restrictive policy.
Regards,

Your reply has rattled me slightly. What your basically saying is that you offer a "Community" Edition of the server that is totally unsupported except for when members feel like replying. I can't rely in the documents because large parts of it are either not documented or marked as Incomplete. Your forum is absolutely full to the rafters with support requests which is why I decided to post my question in the first place. I use forums a lot and I don't expect people to automatically know the answer to a particular issue only that they might have a better idea than me on where to look. My knowledge of the internal workings of Zimbra is limited.

With regards to this specific issue, I am confident the problem lies within PostFix SMTP. When a message is forwarded, the from or reply addresses headers are not changed. So if email is sent to a Zimbra mailbox hello@example.com from info@paypal.com it gets forwarded as info@paypal.com. SES doesn't like this and expects the headers to be changed so the email comes from hello@example.com NOT info@paypal.com. The reason SES bans this behaviour is down to tightening of SPF and DMARC - even if the email does send it's highly likely that it will not be delivered.

Zimbra is effectively spoofing any auto forwarded emails!! I have attached a screenshot example of this. The from address SHOULD have been modified to: info@thesalon-langleypark.co.uk but wasn't.

Sendgrid doesn't appear to be that fussy when it comes to this and will attempt to send it regardless but I do expect a high(er) number of forwarded emails to bounce within Sendgrid until we find a proper solution.

[DualBoot]

Did you use zimbraPrefMailForwadingAddress ? If true Zimbra should act like the RFC822 by adding a new header field which is "resend" .
Did you try by using filter too ?

Regards,

[shanmarsh28]

Did you use zimbraPrefMailForwadingAddress ? If true Zimbra should act like the RFC822 by adding a new header field which is "resend" .
Did you try by using filter too ?

Regards,

Ahh no I didn't!

Would something like this work?

Code: Select all

zmprov ms <server> zimbraPrefMailForwadingAddress=true

Is there a place where things like this are documented? I can't find that function/directive online at all.

[DualBoot]

this attribute zimbraPrefMailForwadingAddress is set by two way :
- in the admin webui/cli
- in user account preference
But It will not answer your need because it does not add resent header unlike the action Redirect initialize in the web UI by the user.

So maybe a custom filter into the user preference could do the trick.

Regards,

[JDunphy]

With regards to this specific issue, I am confident the problem lies within PostFix SMTP. When a message is forwarded, the from or reply addresses headers are not changed. So if email is sent to a Zimbra mailbox hello@example.com from info@paypal.com it gets forwarded as info@paypal.com. SES doesn't like this and expects the headers to be changed so the email comes from hello@example.com NOT info@paypal.com. The reason SES bans this behaviour is down to tightening of SPF and DMARC - even if the email does send it's highly likely that it will not be delivered.

Perhaps this: https://serverfault.com/questions/68127 ... ia-aws-ses

I don't use SES but am interested in your solution given DMARC alignment checks these days.

[shanmarsh28]

Perhaps this: https://serverfault.com/questions/68127 ... ia-aws-ses

I don't use SES but am interested in your solution given DMARC alignment checks these days.

The link you provide is a very exact description - looks like a general postfix issue rather than something specific to Zimbra but I don't know how you could integrate that solution. I know main.cf exits as I came across it but I'm a bit nervous about editing in case I break something that I am unable to fix.

Dualboot suggested a custom filter? Whats that?