1

Topic: Send email from alias address

======== Required information ====
- iRedMail version: 0.9.2
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
====

Sending emails as another sender than sasl authentricated is not allowed. As read a few times in this forum it might be good to allow sending from known aliases. Is this implemented in iRedMail Pro?

If not how about this solution from another user posted:

vi /etc/postfix/mysql/sender_login_maps.cf

query = SELECT mailbox.username FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.enablesmtp=1 AND mailbox.active=1 AND domain.backupmx=0 AND domain.active=1
UNION
SELECT goto as username FROM alias WHERE alias.address='%s' and alias.domain='%d' and alias.active=1

Is this an acceptable solution? It seems to work here.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Send email from alias address

This is implemented if you switch to iRedAPD for sender restrictions, in the sender_login_mismatch.py plugin.
iRedAPD is included in all iRedMail installations.

3

Re: Send email from alias address

For more details, please check file /opt/iRedAPD-1.6.0/plugins/reject_sender_login_mismatch.py on your server.

4 (edited by Peter 2015-06-18 17:37:40)

Re: Send email from alias address

Good to know, thank you.

I did remove reject_sender_login_mismatch from smtpd_sender_restrictions and added reject_sender_login_mismatch to the plugin. Case 2) says:

Set whether or not strictly allow sender to send as one of user alias addresses. Default is True.

ALLOWED_LOGIN_MISMATCH_STRICTLY = True
ALLOWED_LOGIN_MISMATCH_STRICTLY = False

This variable is missing in /opt/iredapd/settings.py and I added it. Tried both True / False but didn't work when sending an email as "alias sender address":

5.7.1 <test@testxxx.xx>: Recipient address rejected: Sender login mismatch.

5

Re: Send email from alias address

Did turn on debug mode of iredapd...

Accounts
email account: test@testxxx.ch
alias: alias@testxxx.ch

Debug

DEBUG --> Apply plugin: reject_sender_login_mismatch
DEBUG Sender: alias@testxxx.ch, SASL username: test@testxxx.ch
DEBUG Apply strict restriction (ALLOWED_LOGIN_MISMATCH_STRICTLY=True).
DEBUG SQL: query alias domains: SELECT alias_domain FROM alias_domain
    WHERE alias_domain=testxxx.ch' AND target_domain='testxxx.ch''
    LIMIT 1
DEBUG SQL query result: None
DEBUG No alias domain found.
DEBUG <-- Result: REJECT Sender login mismatch

Table alias_domain is empty. Alias definitions are in table alias, arn't they?

6

Re: Send email from alias address

I'm afraid that you misunderstand 'user alias address' here.

*) You're talking about a standalone mail alias account, defined in SQL table `vmail.alias` (with column `islist=1`). iRedAPD doesn't check this.

*) 'user alias address' is, for example, you have mail domain 'primary.com', and add 'second.com` as an alias domain name to 'primary.com', now user `user-ABC@primary.com` has an alias address `user-ABC@second.com`. `user-ABC@second.com` is a user alias address. iRedAPD works with this.

7 (edited by Peter 2015-06-19 00:24:33)

Re: Send email from alias address

Yes, I mean user alias and not domain alias. A few users asked about this feature and one user reported this change:

vi /etc/postfix/mysql/sender_login_maps.cf

query = SELECT mailbox.username FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.enablesmtp=1 AND mailbox.active=1 AND domain.backupmx=0 AND domain.active=1
UNION
SELECT goto as username FROM alias WHERE alias.address='%s' and alias.domain='%d' and alias.active=1

We do have some team adresses. First I created an email account for each adress but we didn't like two things:

- to many isolated mailboxes in thunderbird, roundcube and other mail clients
- if somebody read or deleted emails it was marked as read or was deleted in all others inbox (that's how IMAP works but it's not good for our team workflow)

We decided to forward team adresses to each user address. We don't need to create an account in iredmail for team address only an alias and it works. But when it comes to send emails with another identity (sender = team address) it gets refused.

8

Re: Send email from alias address

ZhangHuangbin wrote:

*) You're talking about a standalone mail alias account, defined in SQL table `vmail.alias` (with column `islist=1`). iRedAPD doesn't check this.

Update: i checked iRedAPD source code and this is supported with setting 'ALLOWED_LOGIN_MISMATCH_LIST_MEMBER = True'. Sorry about my mistake in last reply.

[I guess i'm getting old since i cannot remember the code i wrote. maybe my mistake is not the bad memory, but didn't check source code before reply.]

9

Re: Send email from alias address

Brilliant, it works! Though debug says something else:

2015-06-18 19:05:58 DEBUG --> Apply plugin: sql_alias_access_policy
2015-06-18 19:05:58 DEBUG SQL: query access policy: SELECT accesspolicy, goto, moderators
            FROM alias
            WHERE
                address='test@testxxxx.ch'
                AND address <> goto
                AND active=1
            LIMIT 1

2015-06-18 19:05:58 DEBUG SQL: record: None
2015-06-18 19:05:58 DEBUG <-- Result: DUNNO (Not a mail alias account)

In fact it should query alias@testxxx.ch (alias@ is the sender address and test@ is the authenticated user )...

To conclude:

read /opt/iRedAPD-1.6.0/plugins/reject_sender_login_mismatch.py

vi /opt/iredapd/settings.py
ALLOWED_LOGIN_MISMATCH_LIST_MEMBER = True

# parameter ALLOWED_LOGIN_MISMATCH_STRICTLY has no influence


[ I know what you mean about getting older ;-) ]

10

Re: Send email from alias address

Peter wrote:

In fact it should query alias@testxxx.ch (alias@ is the sender address and test@ is the authenticated user )...

You mean it's a bug in iRedAPD? Are you running iRedAPD-1.6.0?

11

Re: Send email from alias address

No it's not a bug!

There is more than one sql query in the log for one submission but I saw only the last one in the terminal. Here is the correct part:

DEBUG --> Apply plugin: reject_sender_login_mismatch
DEBUG Sender: alias@testxxx.ch, SASL username: test@testxxx.ch
DEBUG Apply strict restriction (ALLOWED_LOGIN_MISMATCH_STRICTLY=True).
DEBUG Apply list/alias member restriction (ALLOWED_LOGIN_MISMATCH_LIST_MEMBER=True).
DEBUG SQL: query alias domains: SELECT alias_domain FROM alias_domain
                         WHERE alias_domain='testxxx.ch' AND target_domain='testxxx.ch'
                         LIMIT 1
DEBUG SQL query result: None
DEBUG No alias domain found.
DEBUG SQL: query members of alias account: SELECT goto FROM alias
                         WHERE address='alias@testxxx.ch'
                         LIMIT 1
DEBUG SQL query result: ('test@testxxx.ch,another@testxxx.ch')
DEBUG Sender (test@testxxx.ch) is member of mail alias (alias@testxxx.ch).
DEBUG <-- Result: DUNNO

Thanks for your help, it works like expected!

You can close this topic.