I am attempting to use Amazon SES as my first-hop relayhost out of Postfix, since many sites are preemptively blocking connection from my EC2-hosted mail server. I have done the DNS dance, verified my domains and DKIM, and when my instance sends mail with any address ending in @dnalounge.com in the From: line, it is accepted by the SES relayhost and delivered. That's fine.
But none of my employees can receive mail, because this happens:
"From: email@example.com; To: firstname.lastname@example.org" arrives at my mail server. The aliases file leads me to forward that message along to employee's real address, email@example.com. So then SES says:
"554 Message rejected: Email address is not verified. The following identities failed the check in region US-WEST-2: firstname.lastname@example.org"
How I fix.