Greetings,
I have found an issue in the interaction between sieve vacation messages and the SPF, DKIM and DMARC email validation systems.
For example, let's say we have a message coming from a@a.com to b@b.com at a server imap.mydomain.com. The account b@b.com has a vacation rule in sieve, and that generates an autoresponse to a@a.com. Our problem begins with the definition of section-5.1 in RFC5230 https://tools.ietf.org/html/rfc5230#section-5.1. It says that the envelope-from in vacation messages should be set to <>. This is the behavior currently implemented in Dovecot.
We have recently added DMARC's authentication to our e-mail servers. DMARC needs one of the two authentication to pass, either SPF or DKIM. SPF works, but not the way DMARC needs it to. DMARC needs a valid SPF record that also matches the "From:" header. In this message, there are no envelope-from, so there are no domain to validate. This is the reason we use SRS to rewrite envelope-from (to do that we use the server address).
The last option is to use DKIM authentication.
We have clustered SMTP servers. So, in order to make a DKIM signature, the vacation message needs to be sent to the right server. That is, the server where the key to account b@b.com is available.
To do that, we are implementing a modification to Dovecot source allowing the use of the envelope-from. The modified envelope-from will be used with the Postfix option "sender_dependent_relayhost_maps" in order to choose the right cluster. This does not break RFC5230, because the use of null sender is only a recommendation.
I would like to know if a patch to the main project would be appreciated. Could you also please confirm if there are any future plans involving this feature, like an optional configuration for custom envelope-from?
Thanks in advance,
Gerson Moraes Digirati