1

Topic: Null sender blocked by mismatch, even though null sender is allowed

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):      0.9.9
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? YES
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi, after upgrading to iredadmin pro i noticed the "Rejected Messages" section, first of all it shows 9, but when I click it there are 145 entries.

then I see a lot of "Sender is not same as SMTP authenticate username"

https://i.imgur.com/ymNo8o8.png

I see that there's null sender, but I allowed null sender in /opt/iredapd/settings.py

# Enabled plugins.
plugins = ["wblist_rdns", "reject_sender_login_mismatch", "greylisting", "throttle", "amavisd_wblist", "sql_alias_access_policy"]
#deactivated: reject_null_sender

So, is this a bug? Or is it intentional in newest iredapd... ?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Null sender blocked by mismatch, even though null sender is allowed

This mail user is trying to send as null sender, it's like spamming.
That's why the rejection message is "sender is not same as SMTP authenticate username"

3

Re: Null sender blocked by mismatch, even though null sender is allowed

Yes but I want to allow Null sender, thats why i deactivated "reject_null_sender"

Null sender is not like spamming, it's RFC conform so it should be supported by iredmail...

4

Re: Null sender blocked by mismatch, even though null sender is allowed

If just few (smtp auth) users are allowed to send as null sender or different sender addresses, please add this line like below in /opt/iredapd/settings.py, then restart "iredapd" service:

ALLOWED_LOGIN_MISMATCH_SENDERS = ["user@domain1.com", "user2@domain2.com"]

You can allow all users under one domain by listing the domain name in above parameter:

ALLOWED_LOGIN_MISMATCH_SENDERS = ["user@domain1.com", "user2@domain2.com", "domain3.com"]

If you allow all users to do this, you have to disable plugin "reject_sender_login_mismatch".

But i don't understand why a user has to send as null sender, would you mind sharing the story?

5

Re: Null sender blocked by mismatch, even though null sender is allowed

ZhangHuangbin wrote:

If just few (smtp auth) users are allowed to send as null sender or different sender addresses, please add this line like below in /opt/iredapd/settings.py, then restart "iredapd" service:

ALLOWED_LOGIN_MISMATCH_SENDERS = ["user@domain1.com", "user2@domain2.com"]

You can allow all users under one domain by listing the domain name in above parameter:

ALLOWED_LOGIN_MISMATCH_SENDERS = ["user@domain1.com", "user2@domain2.com", "domain3.com"]

If you allow all users to do this, you have to disable plugin "reject_sender_login_mismatch".

That would allow them to send as everything they want, right?
I already use this for smarthost customers, unfortunately you can't specify which domain they're allowed to send as, or am I wrong?

For users who have their mailbox on the iredmail server I just want their own adress + null sender smile

ZhangHuangbin wrote:

But i don't understand why a user has to send as null sender, would you mind sharing the story?

e.g. outgoing NDRs or out-of-office notifications are sent as null sender

6

Re: Null sender blocked by mismatch, even though null sender is allowed

lug wrote:

That would allow them to send as everything they want, right?

Yes.

lug wrote:

I already use this for smarthost customers, unfortunately you can't specify which domain they're allowed to send as, or am I wrong?
For users who have their mailbox on the iredmail server I just want their own adress + null sender smile

You're correct. Currently iRedAPD doesn't support specifying the allowed recipients. It should be easy to improve iRedAPD to support this.

lug wrote:

e.g. outgoing NDRs or out-of-office notifications are sent as null sender

This works fine. The "reject_sender_login_mismatch" and "reject_null_sender" plugins just check the email which was sent by an authenticated user but specified as null sender. This is different.