1 Topic by Xameon

  • Xameon
  • Member
  • Offline
  • Registered: 2022-08-21
  • Posts: 4

Topic: Sending email as alias with forwarding address containing delimiter

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.0 MARIADB edition.
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Ubuntu 20.04.4 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx (with Apache Reverse Proxy)
- Manage mail accounts with iRedAdmin-Pro? No (free edition only)
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello everybody,

first of all, I really like using iredmail and thank you for this easy to use and good email server management software.
I also assume that the following "problem" is probably a very rare case.

Preliminary information:
I am using the recipient delimiter feature to automatically sort emails so that emails to user1-test@example.com are delivered to user1 in the test folder.

Now to my case:

If an alias address is defined for user1, for example something@example.com and I want to use an address with delimiter of user1 (user1-something@example.com) as forwarding address, the delivery of e-mails works as desired, i.e. e-mails to something@example.com are delivered to user1 in the something folder, but sending with the alias address something@example.com is not possible for user1. (Set up as described under docs[.]iredmail[.]org/user.alias.address.html)
After a short research in the source code of iRedAPD (thanks to be open source) I suspect that it is due to the query of the MySQL database (github[.]com/iredmail/iRedAPD/blob/master/plugins/reject_sender_login_mismatch.py#L284), because there, if I understood the source code correctly, it is only checked with the "real_sasl_username". But this only covers the case when you use user1@example.com as forwarding address, without any delimiter.
To fix this, an additional query per different delimiter would be needed.

My question would therefore be whether if this is a "bug" on the part of the software, as this case may simply not have been considered or is this a desired behavior and it is not intended at all to use an address with delimiter as forwarding address of an alias address?

Have any of you encountered a similar problem and been able to fix it otherwise?
(In my opinion, in such a case, a filter rule could also be used to sort the e-mails from something@example.com, which checks the recipient address and uses it to sort the e-mails. I just wanted to avoid additional manual filter rule).

If further information is needed, I will be happy to provide it.

In any case, many thanks in advance

Best regards
Xameon

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Sending email as alias with forwarding address containing delimiter

The address extension ("-something" in your sample address) is handled by Dovecot while delivering to local mailbox, not iRedAPD.
Better show us the sample SQL commands you executed to add alias, so that i can know how to reproduce the issue.

3 Reply by Xameon

  • Xameon
  • Member
  • Offline
  • Registered: 2022-08-21
  • Posts: 4

Re: Sending email as alias with forwarding address containing delimiter

Thanks for the clarification.
I have used the following SQL command in the context of the vmail database to create the alias (with this I am not allowed to send emails as alias address):
INSERT INTO forwardings (address, forwarding, domain, dest_domain, is_alias, active) VALUES ('something@example.com', 'user1-something@example.com', 'example.com', 'example.com', 1, 1);

The following SQL will work as expected and I can send emails as alias address:
INSERT INTO forwardings (address, forwarding, domain, dest_domain, is_alias, active) VALUES ('something@example.com', 'user1@example.com', 'example.com', 'example.com', 1, 1);


ZhangHuangbin wrote:

The address extension ("-something" in your sample address) is handled by Dovecot while delivering to local mailbox, not iRedAPD.
Better show us the sample SQL commands you executed to add alias, so that i can know how to reproduce the issue.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Sending email as alias with forwarding address containing delimiter

Xameon wrote:

but sending with the alias address something@example.com is not possible for user1.

Did you get any error in Postfix or iRedAPD log files? Please show us the original log lines for troubleshooting.

5 Reply by Xameon

  • Xameon
  • Member
  • Offline
  • Registered: 2022-08-21
  • Posts: 4

Re: Sending email as alias with forwarding address containing delimiter

ZhangHuangbin wrote:
Xameon wrote:

but sending with the alias address something@example.com is not possible for user1.

Did you get any error in Postfix or iRedAPD log files? Please show us the original log lines for troubleshooting.

Yes I get an error message regarding the sender not being the same as the SMTP authenticate username.
For privacy reasons I have replaced or censored parts of the log.
If desired I can provide the uncensored part via PM.

Here are logs from the transmission attempt

Postfix-Log :

 Aug 27 14:18:19 mail postfix/submission/smtpd[20669]: Anonymous TLS connection established from ***.t-ipconnect.de[***]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (2048 bits) server-digest SHA256
Aug 27 14:18:19 mail postfix/submission/smtpd[20669]: NOQUEUE: reject: RCPT from ***.t-ipconnect.de[***]: 554 5.7.1 <anotheruser@example.com>: Recipient address rejected: Sender is not same as SMTP authenticate username; from=<something@example.com> to=<anotheruser@example.com> proto=ESMTP helo=<smtpclient.apple>
Aug 27 14:18:19 mail postfix/submission/smtpd[20669]: disconnect from ***.t-ipconnect.de[***] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 quit=1 commands=6/7

iRedAPD-Log :

 Aug 27 14:18:19 mail iredapd [***] RCPT, user1@example.com => something@example.com -> anotheruser@example.com, REJECT Sender is not same as SMTP authenticate username [sasl_username=user1@example.com, sender=something@example.com, client_name=***.t-ipconnect.de, reverse_client_name=***.t-ipconnect.de, helo=smtpclient.apple, encryption_protocol=TLSv1.3, encryption_cipher=TLS_AES_256_GCM_SHA384, server_port=587, process_time=0.0102s]
For completeness, here are also logs from a received email, without errors:

Postfix-Log :

 Aug 27 14:24:17 mail postfix/smtpd[20791]: Anonymous TLS connection established from ***[***]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug 27 14:24:18 mail postfix/smtpd[20791]: 4MFG8y0JYhzRhYj: client=***[***]
Aug 27 14:24:18 mail postfix/cleanup[20802]: 4MFG8y0JYhzRhYj: message-id=<***>
Aug 27 14:24:18 mail postfix/qmgr[7880]: 4MFG8y0JYhzRhYj: from=<anotheruser@example.com>, size=2076, nrcpt=1 (queue active)
Aug 27 14:24:18 mail postfix/smtpd[20791]: disconnect from ***[***] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Aug 27 14:24:23 mail postfix/10025/smtpd[20809]: connect from localhost[127.0.0.1]
Aug 27 14:24:23 mail postfix/10025/smtpd[20809]: 4MFG932xvCzRhk8: client=localhost[127.0.0.1]
Aug 27 14:24:23 mail postfix/cleanup[20802]: 4MFG932xvCzRhk8: message-id=<***>
Aug 27 14:24:23 mail postfix/qmgr[7880]: 4MFG932xvCzRhk8: from=<anotheruser@example.com>, size=2630, nrcpt=1 (queue active)
Aug 27 14:24:23 mail postfix/10025/smtpd[20809]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Aug 27 14:24:23 mail amavis[10625]: (10625-01) Passed CLEAN {RelayedInbound}, [***]:21189 [***] <anotheruser@example.com> -> <user1-something@example.com>, Queue-ID: 4MFG8y0JYhzRhYj, Message-ID: <***>, mail_id: 2Vr02HRZYOHZ, Hits: -0.209, size: 2073, queued_as: 4MFG932xvCzRhk8, dkim_sd=***, 4797 ms, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,DKIM_VALID_EF=-0.1,SCC_BODY_SINGLE_WORD=0.001,SPF_HELO_NONE=0.001,SPF_PASS=-0.001,T_SCC_BODY_TEXT_LINE=-0.01]
Aug 27 14:24:23 mail postfix/amavis/smtp[20804]: 4MFG8y0JYhzRhYj: to=<user1-something@example.com>, orig_to=<something@example.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.7, delays=0.87/0.01/0.02/4.8, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4MFG932xvCzRhk8)
Aug 27 14:24:23 mail postfix/qmgr[7880]: 4MFG8y0JYhzRhYj: removed
Aug 27 14:24:23 mail postfix/pipe[20810]: 4MFG932xvCzRhk8: to=<user1-something@example.com>, relay=dovecot, delay=0.18, delays=0.02/0.02/0/0.13, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 27 14:24:23 mail postfix/qmgr[7880]: 4MFG932xvCzRhk8: removed

iRedAPD-Log :

 Aug 27 14:24:17 mail iredapd [***] RCPT, anotheruser@example.com -> something@example.com, DUNNO [sasl_username=, sender=anotheruser@example.com, client_name=***, reverse_client_name=***, helo=***, encryption_protocol=TLSv1.2, encryption_cipher=ECDHE-RSA-AES256-GCM-SHA384, server_port=25, process_time=0.0417s]
Aug 27 14:24:18 mail iredapd [***] END-OF-MESSAGE, anotheruser@example.com -> something@example.com, DUNNO [recipient_count=1, size=1860, process_time=0.0043s]

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Sending email as alias with forwarding address containing delimiter

Did a quick test, and here's the conclusion.

*) iRedAPD is a Postfix SMTP Access Policy server, Postfix doesn't give iRedAPD the address with delimiter and extension (user1+something@example.com), hence iRedAPD can not query SQL with same address extension.

*) Possible solution is, update the SQL statement in iRedAPD to query forwarding address with wildcard address extension, like this:

SELECT address FROM forwardings
WHERE
    address='something@example.com'
    AND (forwarding='user1@example.com' OR forwarding LIKE 'user1+%@example.com')
    AND is_alias=1
LIMIT 1

I just found column "forwarding" doesn't have SQL index, so this may cause sql performance issue if you have many records in "forwardings" table, but adding index manually should avoid this concern.

USE vmail;
ALTER TABLE forwardings ADD INDEX forwarding (forwarding);

Will add this index in next iRedMail release.

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Sending email as alias with forwarding address containing delimiter

UPDATE: this issue has been fixed in latest iRedAPD development code.
https://github.com/iredmail/iRedAPD/com … 59da1dc4ff

WARNING: you must add missing SQL index mentioned in above post to avoid sql performance concern.

8 Reply by Xameon (edited by Xameon 2022-08-30 00:36:23)

  • Xameon
  • Member
  • Offline
  • Registered: 2022-08-21
  • Posts: 4

Re: Sending email as alias with forwarding address containing delimiter

Thank you very much.
I have tested the latest development code of iRedAPD and can also confirm that this is working with address extension and email sending as alias is now possible.

One last thing: If I understand it correctly (a quick test seems to have confirmed this) this only applies to address extensions which use a '+' as delimiter. But since all alias addresses are created manually anyway, all delimiters serve the same purpose, and another delimiter is rather intended to circumvent possible blocking of the '+' character on web pages, I don't see any problems here.
You should only take care to use the '+' explicitly as a delimiter in this case.
(Maybe a small note on the documentation page about creating alias addresses makes sense here.)

From my side this post can be closed.

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Sending email as alias with forwarding address containing delimiter

iRedMail uses '+' as delimiter by default, although some email systems use other char or even use multiple delimiter, but that's too hard to be compatible with all systems.