I am attempting to use Amazon SES as my first-hop relayhost out of Postfix, since many sites are preemptively blocking connection from my EC2-hosted mail server. I have done the DNS dance, verified my domains and DKIM, and when my instance sends mail with any address ending in @dnalounge.com in the From: line, it is accepted by the SES relayhost and delivered. That's fine.
But none of my employees can receive mail, because this happens:
"From: firstname.lastname@example.org; To: email@example.com" arrives at my mail server. The aliases file leads me to forward that message along to employee's real address, firstname.lastname@example.org. So then SES says:
"554 Message rejected: Email address is not verified. The following identities failed the check in region US-WEST-2: email@example.com"
How I fix.