Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Delegated mailbox with SOGo gives "Recipient address rejected: Sender is not same as SMTP authenticate username" #202

Open
ouitec opened this issue Jan 4, 2023 · 3 comments

Comments

@ouitec
Copy link

ouitec commented Jan 4, 2023

Hello,

When activating Mailbox delegation under SOGo from [email protected] for [email protected]

Capture d’écran 2023-01-04 à 16 23 03

then I connect to SOGo with [email protected] and use the automated available from "[email protected]" and get this error when sending to [email protected] :

Capture d’écran 2023-01-04 à 12 38 55

Error :

5.7.1 <[email protected]>: Recipient address rejected: Sender is not same as SMTP authenticate username

REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER:

  • iRedMail version (check /etc/iredmail-release): 1.6.1 OPENLDAP edition.
  • Deployed with iRedMail Easy or the downloadable installer? downloadable installer
  • Linux/BSD distribution name and version: Centos 8
  • Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
  • Web server (Apache or Nginx): NGINX
  • Manage mail accounts with iRedAdmin-Pro? Yes
  • [IMPORTANT] Related original log or error message is required if you're experiencing an issue.

sogo.log :

2023-01-04 15:27:16.227 sogod[160453:160453] SMTP: STARTTLS successfully performed
2023-01-04 15:27:16.240 sogod[160453:160453] SMTP(RCPT TO) error: 5.7.1 <[email protected]>: Recipient address rejected: Sender is not same as SMTP authenticate username
Jan 04 15:27:16 sogod [160453]: [ERROR] <0x0x55730d2bb6b0[SOGoMailer]> Could not connect to the SMTP server smtp://127.0.0.1:587/?tls=YES&tlsVerifyMode=allowInsecureLocalhost
Jan 04 15:27:16 sogod [160453]: X.X.X.X "POST /SOGo/so/[email protected]/Mail/0/folderDrafts/newDraft1672842134-1/send HTTP/1.0" 405 144/142 0.062 - - 28K - 19

dovecot.log :

Jan  4 15:10:20 mail dovecot[1074]: auth: Debug: auth client connected (pid=0)
Jan  4 15:10:20 mail dovecot[1074]: auth: Debug: client in: AUTH#0111#011PLAIN#011service=smtp#011nologin#011lip=127.0.0.1#011rip=127.0.0.1#011secured
Jan  4 15:10:20 mail dovecot[1074]: auth: Debug: client passdb out: CONT#0111
Jan  4 15:10:20 mail dovecot[1074]: auth: Debug: client in: CONT#0111#011cC5tZWRpbmFAb3VpdGVjLmZyAHAubWVkaW5hQG91aXRlYy5mcgA6QXJmOTEyUG9yTDQh (previous base64 data may contain sensitive data)
Jan  4 15:10:20 mail dovecot[1074]: auth: Debug: ldap([email protected],127.0.0.1): Performing passdb lookup
Jan  4 15:10:20 mail dovecot[1074]: auth: Debug: ldap([email protected],127.0.0.1): bind search: base=o=domains,dc=domains,dc=com filter=(&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=smtpsecured)(|([email protected])(&(enabledService=shadowaddress)([email protected]))))
Jan  4 15:10:20 mail dovecot[1074]: auth: Debug: ldap([email protected],127.0.0.1): result: [email protected]; mail unused
Jan  4 15:10:20 mail dovecot[1074]: auth: Debug: ldap([email protected],127.0.0.1): Finished passdb lookup
Jan  4 15:10:20 mail dovecot[1074]: auth: Debug: auth([email protected],127.0.0.1): Auth request finished
Jan  4 15:10:20 mail dovecot[1074]: auth: Debug: client passdb out: OK#0111#[email protected]

maillog :

Jan  4 15:10:20 mail postfix/submission/smtpd[167907]: connect from localhost[127.0.0.1]
Jan  4 15:10:20 mail postfix/submission/smtpd[167907]: discarding EHLO keywords: CHUNKING
Jan  4 15:10:20 mail postfix/submission/smtpd[167907]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Jan  4 15:10:20 mail postfix/submission/smtpd[167907]: discarding EHLO keywords: CHUNKING
Jan  4 15:10:20 mail postfix/submission/smtpd[167907]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <[email protected]>: Recipient address rejected: Sender is not same as SMTP authenticate username; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<localhost>
Jan  4 15:10:20 mail postfix/submission/smtpd[167907]: lost connection after RCPT from localhost[127.0.0.1]
Jan  4 15:10:20 mail postfix/submission/smtpd[167907]: disconnect from localhost[127.0.0.1] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 commands=5/6
@iredmail iredmail closed this as completed Jan 7, 2023
@ouitec
Copy link
Author

ouitec commented Jan 7, 2023

Hello,

I knew this documentation indeed. But this in not answering the issue.

This is allready aenabled :
ALLOWED_LOGIN_MISMATCH_LIST_MEMBER = True

About adding :
ALLOWED_LOGIN_MISMATCH_SENDERS = ['[email protected]']

  1. A manual modification is needed by administrators each time a user want to give a delegation to another user, this in not trivial at all.
  2. Using SMTP, this will allow those users to send a mail with any from address, this is absolutely not possible in our case and not really professional in any other case because of possibility of identity usurpation.

Postfix should read a permit sender list from SOGo database.

Don't you want to add this feature ?

@iredmail
Copy link
Owner

iredmail commented Jan 14, 2023

  • A manual modification is needed by administrators each time a user want to give a delegation to another user, this in not trivial at all.
  • Using SMTP, this will allow those users to send a mail with any from address, this is absolutely not possible in our case and not really professional in any other case because of possibility of identity usurpation.

You're right. We should improve iRedAPD to query SQL/LDAP to get such (per-user) allowed senders in future release.

Postfix should read a permit sender list from SOGo database.

Don't you want to add this feature ?

  • I think the most ideal way to implement such feature is improving iRedAPD plugin reject_sender_login_mismatch.py, not Postfix.
  • Yes we're interested in implementing it in iRedAPD. Contributions are welcome. :)

@iredmail iredmail reopened this Jan 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants