I have a postfix server running on an EC2 instance. I want to forward all email, via SES, to my personal inbox.
The problem: AWS only allows a FROM address that is verified in the AWS console and the FROM address in this case could be anything, for example: twitter.com. I cannot white-list my server's IP and say: "Accept all emails from this location regardless of sender" (would be a bad idea anyway)
So, I need to figure out a way to forward my email with a verified address but I do not want to lose the original sender's address.
Is there a way of doing this?
Best Answer
Based on our discussion in chat, I'm going to provide you my hackish, customized solution that will change the "FROM" address as we expect it to be, and then deliver to the original destination point but add the "Reply-To" header.
This is a very hackish approach, but should manipulate the messages as you expect before actually sending them via PostFix to where they need to go.
First, PostFix ports need to be changed. We need to change the Postfix SMTP port to something other than
25
so that our python SMTP handler we are going to set up will work on that port instead.Edit
/etc/postfix/master.cf
. You're going to be looking for a line like this:Comment out this line, and underneath that line, use this instead:
This tells Postfix that we don't want it to listen on the standard SMTP port. Restart the postfix service when you're done with this step.
Next, the Python SMTP handler which I mentioned above. This will handle incoming messages, manipulate them, and resend them to the PostFix on your system. Assuming, of course, that all mail is submitted on port 25, even locally.
This code exists on a GitHub GIST and is based off of a generic Python SMTP server code example I got somewhere (but don't remember from where sorry!), and have since manipulated.
The code is also here, it's in Python 3 in case you're curious, and is written with Python 3 as the target Python version:
Store this as
/opt/PythonAutoForwarderSMTP.py
, or whatever you want to call it. Run it with the following as root (either viasudo
or by dropping into aroot
user prompt), first, to make sure it works as we expect:Once it's confirmed running, send an email through the server. It should be picked up and give you log data from this script that a message was received and processed. You should also then see a connection on Postfix's logs, and this being delivered somewhere after Postfix. If all of this looks OK, and you process the message properly and see it with a different 'From' address wherever the mail message finally ends up, then we can work to get it to autostart now! (You can simply hit Ctrl + C to close out the python process, before continuing).
Assuming we want it to start at boot, then we need to set it up to do so.
As
root
, runcrontab -e
, and add the following to theroot
crontab:Save the crontab file. If you don't want to reboot your server, then execute the command line you just added, minus the
@reboot
part, to run the Python SMTP handler.Whether run by
cron
or not, the process that loads the Python will end up forked into the background, and also put all data output (error or otherwise in the Python console) to a log file in/var/log/PythonSMTP.log
in Append mode. That way, you can always get logs as you need to.If all works as expected, this will properly add a Reply-To header, and also adjust the "From" header in the message to be what we expect it to be. I can't guarantee this'll work properly for SPF and DKIM checking, if messages are signed, but I can say that this will properly 'preprocess' messages before using Postfix to relay them elsewhere.