Postfix forwarding - SPF issues - Sender rewrite

When using Postfix virtual alias maps to forward email to another domain, is it possible to have Postfix re-write the sender address exclusively for forwards to avoid SPF rejection at the final destination.

i.e. If [email protected] has a forward configured to [email protected], we want Postfix (running at ourdomain.com) to rewrite the sender address to [email protected].

Currently email sent from [email protected] to [email protected] will be forwarded to [email protected] with the sender address staying as [email protected], which causes an SPF rejection.

I've found in other answers such as this one that this is possible with postsrsd, however installing new software on these hosts is likely not possible.

I was initially looking into sender canonical maps, however the Postfix documentation suggests that canonical maps are not used with virtual alias maps:

Postfix address rewriting documentation:

Addresses found in virtual alias maps ... are not subjected to canonical mapping, in order to avoid loops.

Is there another way to re-write the sender address which will work with virtual alias maps without installing something like postsrsd?

Solution 1:

postsrsd is not difficult to set-up and it is the correct way to handle the issue because it makes clear to the receiving system that the message is a forward. By plainly rewriting the envelope sender you are taking on yourself the reputation burden of the email you are forwarding. Should you forward spam, the receiving system will blame your domain for it and lower your reputation.

This may happen anyway, even with SRS, because it depends on the receiving domain to be capable of discriminating a forwarded message from a direct message. Gmail, for example, prefers a plain forward that fails spf to an SRS forward. Go figure.

The perfect solution would be not to forward at all.