[GH-ISSUE #245] reply not working when envelope-from / return-path is sent by client #782

New issue

Closed

opened 2026-03-14 10:34:03 +03:00 by kerem · 3 comments

kerem commented 2026-03-14 10:34:03 +03:00

Owner

Copy link

Originally created by @eleith on GitHub (Dec 29, 2021).
Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/245

in the documentation, anonaddy has postfix pass emails to the application as such

anonaddy unix - n n - - pipe
  flags=F user=johndoe argv=php /var/www/anonaddy/artisan anonaddy:receive-email --sender=${sender} --recipient=${recipient} --local_part=${user} --extension=${extension} --domain=${domain} --size=${size}

anonaddy's reply logic in ReceiveEmail.php depends on ${sender}

however, according to postfix's pipe documentation, ${sender} is derived from the sender envelope from (as opposed to directly using the From header).

mail clients / services that want to track bounces set the Return-Path header with an alternate email address. This email address is also referred to as the envelope-from address. Thus, when set, the ${sender} will refer to this alternate email address and not the From address.

as a result, this bounce email address will not match any valid recipients and thus all replies will fail to go through.

this issue can be worked around, if after parsing the raw email, you extract the sender using the following method

    protected function getSenderFrom()                 
    {                                                            
        $from = $this->parser->getHeader('From');     
                                                                        
        try {     
          $senderFromParsed = mailparse_rfc822_parse_addresses($from);   
          return $senderFromParsed[0]['address'];    
        } catch(\Exception $e) {  
          return $this->option('sender');                                             
        }                                
    } 

and pass that value into the various recipient verification calls used to validate and then eventually send the reply.

Originally created by @eleith on GitHub (Dec 29, 2021). Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/245 in the [documentation](https://anonaddy.com/self-hosting/), anonaddy has postfix pass emails to the application as such ``` anonaddy unix - n n - - pipe flags=F user=johndoe argv=php /var/www/anonaddy/artisan anonaddy:receive-email --sender=${sender} --recipient=${recipient} --local_part=${user} --extension=${extension} --domain=${domain} --size=${size} ``` anonaddy's reply logic in [ReceiveEmail.php](https://github.com/anonaddy/anonaddy/blob/master/app/Console/Commands/ReceiveEmail.php#L144) depends on `${sender}` however, according to [postfix's pipe documentation](http://www.postfix.org/pipe.8.html), `${sender}` is derived from the sender envelope from (as opposed to directly using the `From` header). mail clients / services that want to track bounces set the `Return-Path` header with an alternate email address. This email address is also referred to as the envelope-from address. Thus, when set, the `${sender}` will refer to this alternate email address and not the `From` address. as a result, this bounce email address will not match any valid recipients and thus all replies will fail to go through. this issue can be worked around, if after [parsing the raw email](https://github.com/anonaddy/anonaddy/blob/master/app/Console/Commands/ReceiveEmail.php#L71), you extract the sender using the following method ```php protected function getSenderFrom() { $from = $this->parser->getHeader('From'); try { $senderFromParsed = mailparse_rfc822_parse_addresses($from); return $senderFromParsed[0]['address']; } catch(\Exception $e) { return $this->option('sender'); } } ``` and pass that value into the various recipient verification calls used to validate and then eventually send the reply.

kerem closed this issue 2026-03-14 10:34:08 +03:00

kerem commented 2026-03-14 10:34:14 +03:00

Author

Owner

Copy link

@eleith commented on GitHub (Dec 29, 2021):

i would prefer a way to do this in postfix directly, but haven't found a way to do this yet.

<!-- gh-comment-id:1002814354 --> @eleith commented on GitHub (Dec 29, 2021): i would prefer a way to do this in postfix directly, but haven't found a way to do this yet.

kerem commented 2026-03-14 10:34:19 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Jan 4, 2022):

Thanks, I was aware of this but didn't think it would be an issue as the vast majority reply from an email that has the same envelope-from as the "From:" header.

I'll try to sort a fix for this soon, however since the "From:" header can easily be spoofed the server must have appropriate DMARC, SPF and DKIM checks in place if you are self-hosting. I'll check the self-hosting instructions to make sure this is added when setting up Rspamd.

<!-- gh-comment-id:1004797772 --> @willbrowningme commented on GitHub (Jan 4, 2022): Thanks, I was aware of this but didn't think it would be an issue as the vast majority reply from an email that has the same envelope-from as the "From:" header. I'll try to sort a fix for this soon, however since the "From:" header can easily be spoofed the server must have appropriate DMARC, SPF and DKIM checks in place if you are self-hosting. I'll check the self-hosting instructions to make sure this is added when setting up Rspamd.

kerem commented 2026-03-14 10:34:24 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Feb 4, 2022):

This has been fixed in the latest release v0.9.0.

<!-- gh-comment-id:1029921564 --> @willbrowningme commented on GitHub (Feb 4, 2022): This has been fixed in the latest release [v0.9.0](https://github.com/anonaddy/anonaddy/releases/tag/v0.9.0).

kerem referenced this issue 2026-03-14 11:44:28 +03:00

[GH-ISSUE #782] [Feature Request] Temporary / Burner Email Aliases #1103

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.5.0

v1.4.1

v1.4.0

v1.3.8

v1.3.7

v1.3.6

v1.3.5

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v0.14.1

v0.14.0

v0.13.13

v0.13.12

v0.13.11

v0.13.10

v0.13.9

v0.13.8

v0.13.7

v0.13.6

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.1

v0.10.0

v0.9.1

v0.9.0

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.5

v0.7.4

v0.7.3

v0.7.2

v0.7.1

v0.7.0

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.0

v0.3.0

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/anonaddy#782

No description provided.