Topic: Delivery status and read confirmation blocked due to null sender
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.7.2
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: AlmaLinux release 9.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Recipient address rejected: Policy rejection due to null sender; from=<>Our delivery status and read confirmation are being blocked via iRedAPDs "reject_null_sender" plugin. Is this a problem with old Outlook (but new ones also behave like this) or some setting, or is this possible to set in iRedMail. Outlook is authenticated normally, but "read receipts" are blocked because of this policy. If client sends too much of this receipts, they get blocked by fail2ban postfix jail. We temporary disabled "reject_null_sender", but overall this is not the best "solution". Does anybody have similar situation and managed to solve it?
ChatGPT suggested modifying iRedAPD to allow null sender for authenticated users:
Option A: Patch the plugin or use a custom version
Modify the reject_null_sender.py plugin (located in /opt/iredapd/plugins/) to allow null senders if the sender is authenticated. For example:
# Add this at the beginning of the `restriction` function
if smtp_session.get('sasl_username') and smtp_session.get('sender') == '':
# Allow authenticated users to send null sender mails
return 'DUNNO'But this means that every authenticated user can sent with null from. It also suggested to check for read receipts in body and only allow those emails to pass, but not others.
Just a proof of concept from ChatGPT:
PLUGIN_NAME = 'reject_null_sender'
def restriction(smtp_session_data, ldap_attributes=None, db_values=None):
# Bypass if sender is NOT null
if smtp_session_data.get('sender'):
return 'DUNNO'
# Step 1: Allow null sender from authenticated sessions (if needed)
if smtp_session_data.get('sasl_username'):
# Optional: further inspect if this is a read receipt
headers = smtp_session_data.get('headers', '')
if 'Disposition-Notification-To:' in headers or 'Return-Receipt-To:' in headers:
return 'DUNNO' # Allow read/delivery receipts from Outlook
# Log it but deny all others (optional, for monitoring)
return 'REJECT null sender blocked (auth but not read receipt)'
# Step 2: Unauthenticated and null sender => always reject
return 'REJECT null sender not allowed'After checking reject_null_sender.py it's strange that this never gets logged (isn't return receipt send as authenticated but with "from" null?):
if sasl_username and (not sender):
logger.info('Possible spam (authenticated as %s but sender address is null).' % sasl_username)
return SMTP_ACTIONS['reject_null_sender']What would be the best solution for this problem? Thank you very much!
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.