aws-lambda-ses-forwarder
aws-lambda-ses-forwarder copied to clipboard
mails from local domain forwarded result in a SES domain DKIM check failure
Let's say yourdomain.com
is the domain the forwarder is sending emails from, and anotherdomain.com
is another domain. Consider these cases:
-
[email protected]
sends a mail to[email protected]
. The mail is forwarded to recipients correctly without any checks failed; -
[email protected]
sends a mail to[email protected]
. The mail ends up with a DKIM(on SES domain) check failure.
After looking at the DKIM-Signature
part I found it's weird that the failed one has TWO Feedback-ID
's in the h
field. I guess it might be the cause and tried to fix the forwarding code to remove the field from the header, and it works.
But I don't know what this field means and what side-effects the removal would introduce.
Here's excerpt from the message fails DKIM validation:
Authentication-Results: mx.google.com;
dkim=fail [email protected];
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx; d=amazonses.com; t=1470162493;
h=Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Feedback-ID:Feedback-ID;
bh=cIc4+mNxsFp+dUwkGlbCwYelaS0phVkPmIICqAGQvPs=;
b=oQRKCP7Qz2BZ7rNOt64kJZLMQiAw85afNkIS0ZBezqdObXAfEINMPtrG0K+oZps2
CmPVoLW8UkSkFU4bTtaiaXYw0lsmAjXvpsipQyYQFPYN1MfEWIFQZBxTEJJEVnozkyb
M31UJ95rnkf437YCCPyFvSMsYHdmhlceK++Fk6QY=
And here is a success one after I removed the field:
Authentication-Results: mx.google.com;
dkim=pass [email protected];
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx; d=amazonses.com; t=1470166761;
h=Date:From:To:Subject:Content-Type:MIME-Version:Message-ID:Reply-To:Feedback-ID;
bh=EEznD2tyqczD8Zpld/7JgAHSIj9dxh/xhszpF4qOYyQ=;
b=cMic0Xdgjvkrr5mgutcRyVmxDw2apNOWABeTRx41q9PqrTEymFATlZObJ2kq9Bbz
X27rFRkfkT+XN6z4qwzvrXXG6VSDXnfZ4B9aM4/9ntQ9wyfjcyZXHaZlbr9i98L2qLY
cQqvz2ET1Dg7FOsOh6tCUXEMTaCbpE0xo598cN/o=