I host a mail server, where users log in via SMTP to send email.
The current config of postfix allows every authenticated user to send emails with any sender address.
My objective is to prevent users sending mail with an other FROM: address than the sender’s own SMTP login name.
For example: if you log in with the username bob, you’re only allowed to send emails with the sender address bob#example.com.
smtpd_sender_restrictions could be a solution, but this would reject clients, who entered any other address.
A more elegant way would be to automatically rewrite all from addresses to the username they logged in with. That's, what I'm trying to achieve.
Just like Gmail, if you use it as an SMTP service to send emails, the messages are sent with the address you logged in to Gmail.
Currently the SMTP authentication is done by dovecot:
smtpd_sasl_type = dovecot
The server itself is really simple, no fancy custom per-user based stuff or multi-domain setup, just users SMTPing in, and sending emails. :-)
I know that smtp_generic_maps and sender_canonical_maps exist, but I coudn't find the way to automatically rewrite the senders address.
By automatically I mean not one-by-one in a separate file.
Thank you for your help!
Related
Community,
If a user wants to register with your website, and you want to make sure the user’s email actually exists and is being used, the practice has been to create code that sends a message to the user’s email.
Nowadays, most smtp servers require authentication to accept mail. Since u cannot know your user’s email address in advance, I would like the others to enlighten me on how they are doing their email address verification.
I already know how to authenticate my message-sending application with yahoo, (and may be gmail) but how do you verify user email in the case of unknown smtp servers at which your user might have an email address ????
since a few days our internal email info#ourdomain.com seems to go bananas and sends out emails to all sort of email addresses. Some of those emails bounce and we receive Mail Delivery Failed emails every minute.
Here is our setup:
Domain hosted at Germany's 1und1 provider
Nameserver configured on Amazon Route 53
MX server mx01.kundenserver.de and mx00.kundenserver.de
Rails application hosted on heroku
I called the support at 1und1 and they told me to set a SPF record which I did:
"v=spf1 a mx ~all"
after researching the topic via http://www.spf-record.de/
Unfortunately this did not resolve the problem.
Honestly I am cluesless now what to do to prevent this random email sending.
Our account could have been hacked but the password was already changed.
Any of your email account or script/code compromise can cause outgoing spam emails. If outgoing emails are originating from particular email account and you find large outgoing email account from particular email account, you should consider to reset the password of that email account immediately. Also, compromised email sending script/code can can cause outgoing spam.
If "from" email address on spam email is none of your existing account then "From" email address is getting authenticated from any of your existing email account for which you should inspect SMTP logs of mail server(you should have administrative access of mail server)
Mail server IP address should not be blacklisted,please check IP here :- http://mxtoolbox.com/blacklists.aspx
If IP address is blacklisted, you can request IP whitelist after you identify and fix the outgoing spam source as RBL keeps IP address blacklisted until they find the spamming activity relaxed.
SPF and PTR record should be correct so that email recipient server can trust the sender mail server.
Bounce back email and spam email header can help to identify the issue more preciously.
This happened to me before, I had a "refer a friend" feature on my website and someone use an automated script to send emails to a ton of people. My server wasn't comprised, it was just bad coding in the feature that I installed that allowed my mail server to send mail to different people on my behalf.
Since the email is coming from you, your SPF/DKIM will check out just fine.
So thing about all the points on your website that can send email and see if any of them can be compromised.
Also you'll want to do a blacklist scan, I use this service it does more then 200+ blacklist: https://www.unlocktheinbox.com/blacklist/bl/
Make sure you scan both your domain name and IP address. But before you take any action to remove yourself, you should wait 24 hours until after you fix the exploit on your system. Requesting removal and popping up again can get you permanently listed.
The scenario goes like this:
Email setup for outgoing mail server has been done with email address like help#companydomain.com(example) and configured it.
Under General settings, I have used alias domain as companydomain.com. Also I have set email aliases for each user.
Now any user has set his email as help#companydomain.com can send mails and add followers(Add followers will drop a mail to followers) and the mails are received to any email client like thunderbird .
But when other users send mail, it does not deliver to email client like thunderbird and outlook.
Pretty much confused on how to configure the outgoing email gateway server in odoo. Any suggestions would really be helpful.
When setting-up my mobile email client, I usually need to enter the SMTP relay server domain name, but why my email client need a SMTP relay server at all?
I think it can directly talk to the smtpd server (e.g. postfix) from which domain the destination Email address is, by looking up the DNS MX records. And send directly to it, why not?
Actually I have another confusion, if a smtpd server use SMTP AUTH, then how can a rely server elsewhere rely a mail to it? The rely server simply don't have the username and password necessary to transfer that mail.
Email clients use SMTP relay server to
simplify email sending (e.g. to avoid repeating delivery attempts by email client)
avoid being mistaken for spammers.
Direct email sending might be a reasonably simple option in ancient pre spam past.
SMTP AUTH is used (mainly) with email client to email server communication. SMTP server to SMTP server communication could not require SMTP AUTH without prohibiting email from "strangers". SMTP AUTH allows to accept messages from trusted clients (customers) even from IP addresses that otherwise would be blocked by DNSBL (e.g. DUL ranges).
A SMTP server these days does many more things:
Queues the emails and works on delivering them: this may not matter if you just send a single email here and there, but it's a different thing for a 500k recipients newsletter.
Retries messages than can not be delivered immediately (e.g., slow receiving server), and eventually bounces them if they cannot be delivered. According to RFC 5321 once a SMTP server accepts responsibility of an email message, it must not lose it but either deliver or return (bounce) it.
DKIM sign the message.
Route emails to go out from different sending IP addresses and host names, for deliverability purposes. (Email reputation is based a lot on sending IP addresses.)
Throttle delivery of large amounts of emails to avoid being seen as an aggressive sender and getting blocked.
Optionally, archive (or bcc) all outgoing email, for documentation or compliance purposes.
Of course you can also do all these things in your email sending application and then you don't need a SMTP server, then you wrote an SMTP server.
My goal is to create a canned email on my server and then send the email from client email addresses. To do this and not be marked as spam I understand it must come from a domain matching the from address.
There are many user email addresses I would need to send email from, all with the same domain. With cooperation from my client, could I set this up to work with one SMTP credential or would I need credentials for each and every individual user?
To clarify, if I get an SMTP server address with a un/pw from my client, would that be enough to send from:
george#example.com
martha#example.com
ted#example.com
Thanks!
It depends completely on the SMTP server you are using. Some servers will allow this, like Google's SMTP, but it will attach a Sender header to the outgoing message when the From header does not match the authenticated account.
Example:
You authenticate with joe#gmail.com
You send out with From: bill#gmail.com
The message will contain From: bill#gmail.com, but Google will attach
Sender: joe#gmail.com to the message headers.
So, it completely depends on the SMTP server and their policy.
Problem
You want to avoid joe-jobbing in your automated messages.
Your Options
It depends on how you're submitting jobs to the MTA.
If you're authenticating to a remote SMTP server for each message, then you need credentials for each user.
If you're injecting messages directly into an MTA (e.g. with the sendmail command) that is authorized to send mail for the domain, then you only need privileged access.