By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How best to handle SES's domain validation for forwarding incoming emails

0

Hi, I'm running a custom Lightsail Ubuntu instance which is running a multi-domain virtual web server which is configured by ISPConfig. I'm trying to integrate it with SES. I am out of the SES sandbox.

My setup so far:

Incoming email goes to an S3 Bucket then I get an SNS notification which points to a URL that triggers a script on my server. On my server I have a mount point for the bucket from which my script pulls the email then injects it into Postfix using Postdrop. This way Postfix can do all the work of delivering the email to the proper accounts on the server as if the email was sent directly to it. This way my users will still be able use the ISPConfig interface to change/add/edit their email accounts.

My problem:

The issue is when an incoming email needs to forward to an outside email. Unfortunately, SES requires a validated subdomain in the MAIL FROM field, and from what I'm seeing in my mail logs, probably the From and Reply-To headers as well. Normally those fields contain the sender's email address, so that when people reply, it goes to the sender. So changing the From or Reply-To header will cause reply delivery issues.

So, how do I configure Postfix and/or SES to validate properly but keep at least the Reply-to and From headers intact? As MAIL FROM isn't really a header, just an SMTP verb, I thought to just configure Postfix to use a valid static MAIL FROM address, but from what I see in my mail logs changing just the MAIL FROM address wasn't enough for SES. It complains now about the Reply-To field being unvalidated.

Example:

I setup a redirect on my server: mike@myserver.com -> mike@yahoo.com Someone sends an email from: person@google.com to mike@myserver.com Postfix parses the email and tries to forward it to mike@yahoo.com using static credentials, but it fails authentication because the headers aren't valid. This is what is sent to SES:

MAIL FROM mailer@sub.mydomain.com

To: mike@yahoo.com

From: person@google.com

Reply-To: person@google.com

I get "Not a validated domain in Reply-To" or such in my mail log.

Thanks for any help! Mike

Topics
ComputeFront-End Web & MobileBusiness Applications
Tags
Amazon LightsailAmazon Simple Email Service
Language
English
mcaramb
asked a year ago224 views
1 Answer
0

When sending trough SES the From: and Reply-To: header must be a verified identity. In your use case the From: and/or the Reply-To: are not a verified identity

https://docs.aws.amazon.com/ses/latest/dg/creating-identities.html

AWS
SUPPORT ENGINEER
Richard W
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content