mirror of
https://github.com/anonaddy/anonaddy.git
synced 2026-04-25 06:05:55 +03:00
[GH-ISSUE #275] Sending from alias does not work when sending from same postfix/rspam as anonaddy instance #800
Labels
No labels
bug
pull-request
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/anonaddy#800
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @returntoreality on GitHub (Mar 7, 2022).
Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/275
Anonaddy requires DMARC_POLICY_ALLOW, which is not generated in rspamd for local or authenticated senders since SPF is not checked. This means that local or authenticated sender cannot send via their aliases. As a workaround I changed the line in milter_headers.conf to
if (task:has_symbol('DMARC_POLICY_ALLOW') or task:has_symbol('DKIM_SIGNED')) then. This whitelists any locally DKIM signed domains as well.@makua104 commented on GitHub (Mar 11, 2022):
Can you provide more information and an example of what you're trying to do?
@returntoreality commented on GitHub (Mar 11, 2022):
My setup is the following:
I have a mailserver for the maildomain.net and I send mail for a.maildomain.net to annonaddy. The annonaddy user register with their maildomain.net email and can then use a.maildomain.net to receive mails for aliases. What does not work is sending from an alias using the "Send From" feature where you get a destination address like myalias+destinaton=destinationdomain.net@a.maildomain.net. When trying to send an email to this address, the user gets an email "Someone tried to send mails from your alias" (or something along those lines). Since sending from an alias requires a valid DMARC and the policy needs to allow this sender. The problem is, that the check for a valid DMARC policy in rspam requires that both SPF and DKIM were checked (which is what you would want). When receiving emails directly from an authenticated user, the SPF check is not done (which is also what you would want) and in turn the DMARC policy is not checked. And because the header for dmarc-policy-allow is then not set by rspamd, anonaddy rejects the forwarding.
@makua104 commented on GitHub (Mar 11, 2022):
To make sure I understand:
example.comin the SELF-HOSTING guide isa.maildomain.netmyalias+destinaton=destinationdomain.net@a.maildomain.netSomeone tried to send mails from your aliasIs this correct?
@returntoreality commented on GitHub (Mar 11, 2022):
Correct
@makua104 commented on GitHub (Mar 11, 2022):
Okay a few more questions:
myalias+destinaton=destinationdomain.net@a.maildomain.netbeing sent from?@willbrowningme commented on GitHub (Mar 11, 2022):
Are you self-hosting AnonAddy or talking about the hosted app.anonaddy.com?
@returntoreality commented on GitHub (Mar 12, 2022):
@willbrowningme commented on GitHub (Mar 14, 2022):
@returntoreality thanks for the info, I didn't anticipate people would be sending from the same mail server as an authenticated user. I'll look into updating the docs and config to allow for that.
@willbrowningme commented on GitHub (Aug 24, 2023):
Is this still an issue?
@ilyadel commented on GitHub (Mar 25, 2024):
I have this issue on my fresh selfhosted instance (docker last release 1.0.9)
Edit : finally, I'm not sure that's I had the same issue, I was able to solve mine by changing MAIL_FROM_ADDRESS= on my addy.env to an address other than the one I use as "recipient" (I can't explain what happened exactly).