1 Topic by Quack66 (edited by Quack66 2021-01-16 01:01:56)

  • Quack66
  • Member
  • Offline
  • Registered: 2017-05-18
  • Posts: 38

Topic: Allow custom FROM in own network

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):  1.3.2 PGSQL edition
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

We have a webserver which send email using the FROM noreply@domain.com and TO user1@domain.com

The issue is we get the following error:

 550 5.1.1 <noreply@domain.com>: Recipient address rejected: User unknown in virtual mailbox table (in reply to RCPT TO command))

We have multiple services that set the FROM to our domain. Right now we can't do something like apache@domain.com and the only way to make it work is to set the FROM apache@servers.domain.com

Is there a way to make it work but only for our own network since I don't want everybody to spoof our mail. Do I need to add an account or alias for each custom FROM I want to have ?

Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by goodcoffee

  • goodcoffee
  • Member
  • Offline
  • Registered: 2020-11-23
  • Posts: 22

Re: Allow custom FROM in own network

I may be reading that wrong, but it appears to be complaining about the recipient (RCPT TO)
Can you send email to user1@domain.com from other servers?  (e.g. is there only a problem when sending to user1 from the webserver?)

3 Reply by Quack66 (edited by Quack66 2021-01-18 23:05:23)

  • Quack66
  • Member
  • Offline
  • Registered: 2017-05-18
  • Posts: 38

Re: Allow custom FROM in own network

goodcoffee wrote:

I may be reading that wrong, but it appears to be complaining about the recipient (RCPT TO)
Can you send email to user1@domain.com from other servers?  (e.g. is there only a problem when sending to user1 from the webserver?)


I can send mails to user1@domain.com correctly. It seems when I use a custom FROM I need to have it in my users or aliases but was wondering if there is an easier alternative since I'm not looking to create aliases for all my servers.

4 Reply by Shnoulle

  • Shnoulle
  • Member
  • Offline
  • Registered: 2020-12-27
  • Posts: 31

Re: Allow custom FROM in own network

Maybe something here ?
https://docs.iredmail.org/allow.certain … .user.html

(didn't test)

5 Reply by Quack66

  • Quack66
  • Member
  • Offline
  • Registered: 2017-05-18
  • Posts: 38

Re: Allow custom FROM in own network

Shnoulle wrote:

Maybe something here ?
https://docs.iredmail.org/allow.certain … .user.html

(didn't test)

Yeah I saw that. Unfortunately this assume the address you are trying to send FROM already exist as a user which is what I'm trying to avoid since I don't want to create users for all my servers emails.

6 Reply by Shnoulle

  • Shnoulle
  • Member
  • Offline
  • Registered: 2020-12-27
  • Posts: 31

Re: Allow custom FROM in own network

See https://docs.iredmail.org/manage.iredap … strictions

ALLOWED_FORGED_SENDERS = []

?

7 Reply by Quack66

  • Quack66
  • Member
  • Offline
  • Registered: 2017-05-18
  • Posts: 38

Re: Allow custom FROM in own network

Unfortunately that doesn't work either. Right now the only way I have to make it work is to create an alias, set postmaster as the only member and restrict only the members to be able to send email to this alias (which is nobody since postmaster is not a user account). Then I can send an email using the alias as the FROM and since iredmail see that the email exist it let it pass.

It works but it's not optimal.

8 Reply by Quack66 (edited by Quack66 2021-01-22 00:29:22)

  • Quack66
  • Member
  • Offline
  • Registered: 2017-05-18
  • Posts: 38

Re: Allow custom FROM in own network

I found it !

The issue was in the postfix main.cf file the following setting was set:

smtpd_reject_unlisted_sender = yes

which overwrite anything set in:

# Sender restrictions
smtpd_sender_restrictions =
    permit_sasl_authenticated
    check_sender_access pcre:/etc/postfix/sender_access.pcre
    reject_sender_login_mismatch
    permit_mynetworks
    reject_unknown_sender_domain
    reject_non_fqdn_sender
    reject_unlisted_sender

The default for smtpd_reject_unlisted_sender is no but in our iredmail install it was set to yes which overwrite anything set by smtpd_sender_restrictions. Removing it (which set it back to the default no) now authorize a custom sender from our network.

9 Reply by Shnoulle

  • Shnoulle
  • Member
  • Offline
  • Registered: 2020-12-27
  • Posts: 31

Re: Allow custom FROM in own network

And finally : you allow specific sender via ALLOWED_FORGED_SENDERS = [] ?

I have a near issue : i need to allow 2 different email account to use a specific sender.

For information (with LDAP) : https://docs.iredmail.org/ldap.user.mai … rding.html allow this specific user to send email as other user.

10 Reply by Quack66 (edited by Quack66 2021-01-22 00:07:22)

  • Quack66
  • Member
  • Offline
  • Registered: 2017-05-18
  • Posts: 38

Re: Allow custom FROM in own network

No I didn't need to mess with the ALLOWED_FORGED_SENDERS. In your case you might need to. My understanding is that it's used when you want a user to send mail as another one but without the need to authenticate as the other user.

EDIT: Changed smtpd_sender_restrictions in my other post for some more security