Hi. When an email is forwarded using a sieve forwarder (set up in Roundcube), it seems that SRS doesn't re-write the from address, as I would expect. This means SPF fails at the destination server because it checks the original sender domain's SPF, but the sending IP is the server that's done the forwarding (my server). Is there a way to fix this? Thanks
Sieve forwarding, SRS and SPF
- Thread starter jigster
- Start date
saragih566
New member
- Joined
- Sep 1, 2025
- Messages
- 3
this is a tricky one — forwarding + SPF doesn’t always play nicely, especially without using SRS. From what I know:
forwarding messages usually breaks SPF because the email ends up being sent from the forwarding server (which isn’t listed in the original domain’s SPF). SRS (sender rewriting scheme) fixes that by rewriting the envelope sender so the mail looks “legit” from the forwarder’s domain, making SPF checks pass.
If directadmin could integrate SRS for forwarded emails by default (or allow users to enable it), that might solve a lot of SPF-fail headaches.
forwarding messages usually breaks SPF because the email ends up being sent from the forwarding server (which isn’t listed in the original domain’s SPF). SRS (sender rewriting scheme) fixes that by rewriting the envelope sender so the mail looks “legit” from the forwarder’s domain, making SPF checks pass.
If directadmin could integrate SRS for forwarded emails by default (or allow users to enable it), that might solve a lot of SPF-fail headaches.
zEitEr
Super Moderator
You might check this https://forum.directadmin.com/threads/dovecot-exim-sieve-dmarc-policy-error.80066/#post-394368 post and the thread as well https://forum.directadmin.com/threads/dovecot-exim-sieve-dmarc-policy-error.80066/
Do not take it as a guidance, but just as food for thought.
Do not take it as a guidance, but just as food for thought.
I'm still trying to figure out the best way to get sieve forwarding to pass SPF checks. One thing that works is to edit (or create) /etc/dovecot/conf.d/99-imap-sieve.conf and add:
I think it would be better handled by SRS/Exim, the same way Directadmin handles forwarders (which correctly triggers SRS so SPF passes).
In /etc/exim.conf we have:
The Directadmin forwarder is triggering lookuphost_forward_router but the sieve forwarding is not and uses lookuphost. Wondering if it's possible to change the above somehow so that sieve forwarding also triggers lookuphost_forward_router? Any ideas? Thanks
But this is not ideal.
I think it would be better handled by SRS/Exim, the same way Directadmin handles forwarders (which correctly triggers SRS so SPF passes).
In /etc/exim.conf we have:
The Directadmin forwarder is triggering lookuphost_forward_router but the sieve forwarding is not and uses lookuphost. Wondering if it's possible to change the above somehow so that sieve forwarding also triggers lookuphost_forward_router? Any ideas? Thanks
zEitEr
Super Moderator
Just a raw idea without testing and diving any deeper yet:
1. add a custom header for routed emails with Sieve
2. check existence of the header in exim and change router depending on the header