Skip to main content

How to rewrite or modify the headers for forwarded emails

Philip Perez
We want to rewrite or modify the headers of all incoming emails which are automatically forwarded to third party domains. For example: We have user1@ourdomain.com which forwards all incoming emails to user1@gmail.com In this case, what we want to achieve is to rewrite the headers like the following: FROM THIS: From: originalsender@thirdparty.com (or this could also come form the same domain) To: user1@ourdomain.com (we hope to apply also the same rule on cc and bcc mails) Cc: user2@ourdomain, others@thirdparty.com Subject: original subject TO THIS: From: "originalsender@thirdparty.com" (or the string can be the name of the original sender if available instead of the email address) To: user1@gmail.com Cc: user2@ourdomain, others@thirdparty.com (one question here is - will these send another email to these Cc email addresses or not?) Reply-to: originalsender@thirdparty.com Subject: original subject QUESTIONS: 1. Can we achieve this through Exim Configuration Manager in WHM? 2. Can we achieve this through Global Email Filters in CPANEL? 3. I've already read some threads about rewriting headers with exim filters from: While Mail Forwarding with exim, how do I rewrite the To header with true destination address Exim Specification - 33 Address rewriting 1. Forwarding and filtering in Exim https://confluence2.cpanel.net/display/CKB/How+to+Customize+the+Exim+System+Filter+File ...but where should I really start? Which file should I create or modify. Which line should I insert my code? Should I use the exim file, .forward or .filter? The main reason behind this is we are actually having issues forwarding incoming emails to third party addresses like gmail or yahoo. One of the common problems we are getting is the: "Unauthenticated email from thirdpartydomian.com is not accepted due to domain's DMARC policy." Even though we have a successful SPF and DKIM authentication in place. And lastly, is this the a recommend approach to resolve the issue or there are other ways to resolve this?

Comments

15 comments

Date Votes
  • cPanelMichael
    The main reason behind this is we are actually having issues forwarding incoming emails to third party addresses like gmail or yahoo. One of the common problems we are getting is the: "Unauthenticated email from thirdpartydomian.com is not accepted due to domain's DMARC policy." Even though we have a successful SPF and DKIM authentication in place.

    Hello, The following option under the "Mail" tab in "WHM >> Exim Configuration Manager >> Basic Editor" should address this problem: Enable Sender Rewriting Scheme (SRS) Support This option rewrites sender addresses so that the email appears to come from the forwarding mail server. This allows forwarded email to pass an SPF check on the receiving server. Thank you.
    0
  • Philip Perez
    Hello, The following option under the "Mail" tab in "WHM >> Exim Configuration Manager >> Basic Editor" should address this problem: Enable Sender Rewriting Scheme (SRS) Support This option rewrites sender addresses so that the email appears to come from the forwarding mail server. This allows forwarded email to pass an SPF check on the receiving server. Thank you.

    Hi Michael, I already enabled the SRS Support in my server. But it looks like nothing has changed in our headers. Just like what I've said, we already have a successful SPF and DKIM in place, so whenever we are forwarding emails, our SPF and DKIM always gets a PASS result in the receiving server. The main issue here is whenever we are forwarding emails coming from Yahoo! (with a very strict DMARC Policy Record "p=reject") it is being considers as SPAM (with p=reject dis=none) or being rejected with this error: "Unauthenticated email from yahoo.com (or gmail.com or linkedin.com and others) is not accepted due to domain's DMARC policy." [SIZE=3https://sendgrid.com/blog/yahoo-dmarc-update/ ...in spite of getting a PASS in SPF and DKIM authentication. GMAIL also moved to the same direction as Yahoo! [SIZE=3https://sendgrid.com/blog/gmail-dmarc-update-2016/ According to SendGrid, we should send the forwarded email with a "friendly from" address. How can we achieve this?
    0
  • cPanelMichael
    I already enabled the SRS Support in my server. But it looks like nothing has changed in our headers.

    Could you open a support ticket using the link in my signature so we can take a closer look at this? You can post the ticket number here so we can update this thread with the outcome. Thank you.
    0
  • Philip Perez
    Could you open a support ticket using the link in my signature so we can take a closer look at this? You can post the ticket number here so we can update this thread with the outcome. Thank you.

    Hi! I created a support ticket with Support Request ID No. 7659171 Thank you for your advice.
    0
  • Mike S
    Hi! I created a support ticket with Support Request ID No. 7659171 Thank you for your advice.

    Was a solution found for this? We have a similar setup, using sendgrid too. I would have expected more people asking for a solution to this, considering the increased strict DMARC/SPF usage however to my surprise there isn't a standard posted solution anywhere online. I would think this would be a 'standard' rewrite rule that would work for every server in such a configuration (such as a external relay server like Sendgrid).
    0
  • andersondeda
    I have exactly the same problem. External relay, the problem occurs when our user creates a forwarder off the server, the message is forwarded through the original FROM, even with SRS enabled, however, to use the external relay it is necessary to make those adjustments in the following sessions Section: AUTH Section: ROUTERSTART Section: POSTMAILCOUNT Section: TRANSPORTSTART
    0
  • DennisMidjord
    Did anyone manage to find a solution for this?
    0
  • anderson.deda
    Hello good morning, The resource is called SRS and it will do the work you need done.
    0
  • DennisMidjord
    SRS is already enabled on all of our servers. We need forwarded emails to appear as if they come from the user that forwards them. The "From" header will keep the original value, even though SRS has been enabled.
    0
  • cPRex Jurassic Moderator
    I'm not exactly sure how to reproduce this issue. I have a cPanel account with an email forwarder (the actual email account doesn't exist - only the forwarder is created) and when I send an email it reaches the server, hits the forwarder, gets sent to the forwarding address, and the sender shows as the original sender value in my inbox without me doing anything special with the server. Here is a transaction from Gmail to forwarder to external email address showing this:
    Message hitting my server from Gmail: 2022-08-08 15:33:31 1oL8VI-00BVLY-H1 H=mail-qv1-f50.google.com [209.85.219.50]:33538 Warning: "SpamAssassin as username detected message as NOT spam (0.0)" 2022-08-08 15:33:31 1oL8VI-00BVLY-H1 <= username@gmail.com H=mail-qv1-f50.google.com [209.85.219.50]:33538 P=esmtps X=TLS1.3:TLS_AES_128_GCM_SHA256:128 CV=no S=4114 id=CA+9-gBAmNxhKfxPgg55Woof_Avz_3o8GXG4nsOpfBfFR5HS0oQ@mail.gmail.com T="Test" for forwarder@domain.com 2022-08-08 15:33:31 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1oL8VI-00BVLY-H1 2022-08-08 15:33:31 1oL8VI-00BVLY-H1 SMTP connection identification D=domain.com O=forwarder@domain.com E=forward-recipient@externaldomain.com M=1oL8VI-00BVLY-H1 U=username ID=1002 B=redirect_resolver Message seeing the forwarder: 2022-08-08 15:33:31 1oL8VI-00BVLY-H1 Sender identification U=user D=domain.com S=forwarder@domain.com Message being sent to the external address: 2022-08-08 15:33:31 1oL8VI-00BVLY-H1 SMTP connection outbound 1659987211 1oL8VI-00BVLY-H1 domain.com forward-recipient@externaldomain.com 2022-08-08 15:33:32 1oL8VI-00BVLY-H1 [144.160.235.144] SSL verify error: certificate name mismatch: DN="/C=US/ST=Texas/L=Dallas/O=AT&T Services, Inc./CN=alph768.prodigy.net" H="al-ip4-mx-vip2.prodigy.net" 2022-08-08 15:33:48 1oL8VI-00BVLY-H1 => forwarder-recipient@externaldomain.com (forwarding-address@domain.com) R=dkim_lookuphost T=dkim_remote_smtp H=al-ip4-mx-vip2.prodigy.net [144.160.235.144] X=TLS1.2:AES256-GCM-SHA384:256 CV=no C="250 2.0.0 278JXVqB097401 Message accepted for delivery"2022-08-08 15:33:48 1oL8VI-00BVLY-H1 Completed
    0
  • DennisMidjord
    and the sender shows as the original sender value in my inbox without me doing anything special with the server.

    Hello Rex. That's what we're seeing as well. Scenario: user1@domain.com is an non-existing account. It's only a forwarder. This forwards emails to user2@gmail.com or something similar. We have a client that wants this to happen: When anotheruser@somedomain.com sends an email to user1@domain.com, the email should appear as coming from user1@domain.com once it gets forwarded to user2@gmail.com. Is that possible at all?
    0
  • cPRex Jurassic Moderator
    Ah, so you *want* it to appear like it's sent from the forwarder then, right?
    0
  • DennisMidjord
    Exactly - even though I see a few issues with that. One of the bigger issues would be that it makes spotting phishing emails a lot harder.
    0
  • cPRex Jurassic Moderator
    I don't have a way to change the behavior of the "From" address for a forwarder. Instead of using a forwarder for this situation, it might be best to create an actual email account for the forwarder and use a filter. We have details on this process here:
    0
  • DennisMidjord
    Alright, thanks for letting me know :-)
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post