Topic: Mail alias / SMTP AUTH problem ?

- iRedMail version (check /etc/iredmail-release): 1.6.2
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: Ubuntu 22.04.2 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
[ I have used fake mail and domain names for now, can share the actual messages and domains involved if need be ;-) )
I have configured a VPS I rent where I installed iRedMail. It handles mail for my domain, 'domain.be'. My main mailaddress there is me@domain.be. I can send and receive mails without problems, from various clients, all working well and quite easy to setup.

I have a domain at Gandi.net (other.be) that allows me to install mail aliases. I have configured one 'me@other.be' that points to 'me@domain.be'. To be clear, this has nothing to do with my server setup.

My problem is that when I sent a mail from me@domain.be (my mail server) to me@other.be (on Gandi) it never arrives and I eventually get an 'undelivered mail' message back from gandi that it couldn't deliver to the me@domain.be. domain.be has spf, dmarc and dkim set up that all pass, and only SMTP AUTH is used so not sure where the error message comes from.

This is the mail system at host mslow1.mail.gandi.net.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<me@domain.be>: host domain.be[x.y.z.w] said: 554 5.7.1
    <me@domain.be>: Recipient address rejected: SMTP AUTH is required for
    users under this sender domain (in reply to RCPT TO command)


Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.


Re: Mail alias / SMTP AUTH problem ?

FYI https://docs.iredmail.org/errors.html#r … der-domain


Re: Mail alias / SMTP AUTH problem ?

Thx for the quick reply.

I tried adding the ALLOWED_FORGED_SENDERS in /opt/iredapd/settings.py and restarted the service, but to no avail.

I actually saw that page before but my intent is not to forge the address (benign or not), eg I do not need that the mail seems to be sent from 'me@other.be'. We define (on Gandi) me@other.be to be an alias to multiple adresses, one of which is me@domain.be (we use this for a small nonprofit, for example). Mail to me@other.be is coming from me@domain.com (that is the intent) but I myself no longer get it.

In that sense it is more akin to what is mentioned here:
https://forum.iredmail.org/topic14387-s … -list.html

but adding CHECK_SPF_IF_LOGIN_MISMATCH = True also noes not help.

I enabled the various debugging options in dovecot.conf but can't see where the mail would bounce.
Is there more logging I can enable to see what is going on ?


Re: Mail alias / SMTP AUTH problem ?

apologies, ALLOWED_FORGED_SENDERS needs to be ['me@domain.com'] of course (blush).
That does the trick...


Re: Mail alias / SMTP AUTH problem ?

I also updated my spf record for 'domain.be' with '... include:mail.gandi.net'.
This seems to work, but when I disable the ALLOWED_FORGED_SENDERS and set CHECK_SPF_IF_LOGIN_MISMATCH = True mail is rejected again.

Am I doing something wrong ?

Is one of the methods (the forger_senders or the spf) preferred ?

SPF seems to be ok:
Received-SPF: pass (spool4: domain of domain.be designates as permitted sender) client-ip=; envelope-from=me@domain.be; helo=mx.server.be;
Authentication-Results: spool.mail.gandi.net;
    dkim=pass header.d=mx.server.be header.s=dkim header.b=szBGkZF1;
    dmarc=pass (policy=none) header.from=domain.be;
    spf=pass (spool.mail.gandi.net: domain of me@domain.be designates as permitted sender) smtp.mailfrom=me@domain.be


Re: Mail alias / SMTP AUTH problem ?

roel wrote:

I also updated my spf record for 'domain.be' with '... include:mail.gandi.net'.

I guess you should include "gandi.net" instead of "mail.gandi.net".