[GH-ISSUE #1073] Relaying - Recipient verification leaks destination mailbox host #897

New issue

Closed

opened 2026-02-27 11:14:09 +03:00 by kerem · 3 comments

kerem commented 2026-02-27 11:14:09 +03:00

Owner

Copy link

Originally created by @Marcel92E on GitHub (Mar 10, 2017).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/1073

Impacted versions

• Modoboa: 1.7.1
• installer used: Yes
• Webserver: Nginx

Steps to reproduce

1. Create "relay" domain and enable recipient verification
2. Send E-Mail to a non-existent user
3. Receive DSN-message

Current behavior

• Rejecting message includes host/ip of destinations mailbox server

Expected behavior

• Rejecting message just says that recipient could not be found

Video/Screenshot link (optional)

Hi,

im playing around with a test setup on a ubuntu 16.04.02 system. The installer worked fine, settings were made pretty fast but now i run into a problem. While relaying mails and verifying the existence of the destination user the error message when rejecting the mail (if the user doesnt exist) shows the ip/hostname of the final-destination server:

test@test.mydomain.com: host test-mx01.anotherdomain.com[123.123.123.123] said: 550
5.1.1 test@test.mydomain.com: Recipient address rejected: undeliverable
address: host mail.mydomain.com[111.111.111.111] said: 550 5.1.1
double-bounce@test-mx01.anotherdomain.com: Recipient address rejected: User unknown in virtual mailbox table (in reply to RCPT TO command) (in reply to RCPT TO command)

In my case i want to avoid telling the public which mx is responsible for the mailbox for that specific domain. Is there any possible way to mask the host/ip or just cut it off:

test@test.mydomain.com: host test-mx01.anotherdomain.com[123.123.123.123] said: 550
5.1.1 test@test.mydomain.com: Recipient address rejected

Is the creation of the full message hardcoded into postfix? If yes - any other way to avoid the leakage?

Thanks in advantage!

Originally created by @Marcel92E on GitHub (Mar 10, 2017). Original GitHub issue: https://github.com/modoboa/modoboa/issues/1073 # Impacted versions * Modoboa: 1.7.1 * installer used: Yes * Webserver: Nginx # Steps to reproduce 1. Create "relay" domain and enable recipient verification 2. Send E-Mail to a non-existent user 3. Receive DSN-message # Current behavior - Rejecting message includes host/ip of destinations mailbox server # Expected behavior - Rejecting message just says that recipient could not be found # Video/Screenshot link (optional) Hi, im playing around with a test setup on a ubuntu 16.04.02 system. The installer worked fine, settings were made pretty fast but now i run into a problem. While relaying mails and verifying the existence of the destination user the error message when rejecting the mail (if the user doesnt exist) shows the ip/hostname of the final-destination server: > <test@test.mydomain.com>: host test-mx01.anotherdomain.com[123.123.123.123] said: 550 5.1.1 <test@test.mydomain.com>: Recipient address rejected: undeliverable address: host mail.mydomain.com[111.111.111.111] said: 550 5.1.1 <double-bounce@test-mx01.anotherdomain.com>: Recipient address rejected: User unknown in virtual mailbox table (in reply to RCPT TO command) (in reply to RCPT TO command) In my case i want to avoid telling the public which mx is responsible for the mailbox for that specific domain. Is there any possible way to mask the host/ip or just cut it off: > <test@test.mydomain.com>: host test-mx01.anotherdomain.com[123.123.123.123] said: 550 5.1.1 <test@test.mydomain.com>: Recipient address rejected Is the creation of the full message hardcoded into postfix? If yes - any other way to avoid the leakage? Thanks in advantage!

kerem closed this issue 2026-02-27 11:14:09 +03:00

kerem commented 2026-02-27 11:14:10 +03:00

Author

Owner

Copy link

@tonioo commented on GitHub (Mar 11, 2017):

@Exiver That's a good question and to be honest, I don't know the answer. Maybe you could ask on postfix mailing list?

<!-- gh-comment-id:285853092 --> @tonioo commented on GitHub (Mar 11, 2017): @Exiver That's a good question and to be honest, I don't know the answer. Maybe you could ask on postfix mailing list?

kerem commented 2026-02-27 11:14:10 +03:00

Author

Owner

Copy link

@Marcel92E commented on GitHub (Mar 11, 2017):

@tonioo Thank you for your answer. I guess it was a little bit late yesterday when i ran into this problem. When i digged a little bit in postfix' documentation i found a solution (http://www.postfix.org/ADDRESS_VERIFICATION_README.html):

The parameter
unverified_recipient_reject_reason = Mailbox not available. Did you misspell the address?
can be used to set a custom message postfix will prompt to the sending smtp-server. You are even able to specify a custom defer code(not needed though):
unverified_recipient_defer_code = 450

and it will look like this:

test2@test.mydomain.com: host test-mx01.anotherdomain.com[123.123.123.123] said: 550
5.1.1 test2@test.mydomain.com: Recipient address rejected:
undeliverable address: Mailbox not available. Did you misspell the address?
(in reply to RCPT TO command)

I guess this one can be closed ;-)

<!-- gh-comment-id:285861794 --> @Marcel92E commented on GitHub (Mar 11, 2017): @tonioo Thank you for your answer. I guess it was a little bit late yesterday when i ran into this problem. When i digged a little bit in postfix' documentation i found a solution (http://www.postfix.org/ADDRESS_VERIFICATION_README.html): The parameter `unverified_recipient_reject_reason = Mailbox not available. Did you misspell the address?` can be used to set a custom message postfix will prompt to the sending smtp-server. You are even able to specify a custom defer code(not needed though): ` unverified_recipient_defer_code = 450` and it will look like this: > <test2@test.mydomain.com>: host test-mx01.anotherdomain.com[123.123.123.123] said: 550 5.1.1 <test2@test.mydomain.com>: Recipient address rejected: undeliverable address: Mailbox not available. Did you misspell the address? (in reply to RCPT TO command) I guess this one can be closed ;-)

kerem commented 2026-02-27 11:14:10 +03:00

Author

Owner

Copy link

@tonioo commented on GitHub (Mar 11, 2017):

@Exiver Great :)

<!-- gh-comment-id:285862379 --> @tonioo commented on GitHub (Mar 11, 2017): @Exiver Great :)

kerem referenced this issue 2026-02-27 11:20:40 +03:00

[PR #897] [MERGED] add license title #2044

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

fix/sievefilters-allow-email-in-rule-name

dependabot/npm_and_yarn/frontend/axios-1.15.0

translations_04c0b653215cb5fa48ab101eae1a1917_ja_JP

translations_5d93982e9fd6dab991db4faf93ce9ded_ja_JP

fix/login-issue-3995

fix/sievefilters-issues

add-vitepress-openapi

2974-dmarc-empty-email

2.3.x

updated-doc-2.3.0

feature/OIDC

delete-all-alarms

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_af_ZA

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ar

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ca

1.x

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_sk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_tr

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_es_ES

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_uk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_zh_CN

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_de_DE

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_da_DK

1.8.x

1.7.x

1.6.x

1.4.x

1.3.x

1.2.x

2.8.2

2.8.1

2.8.0

2.7.2

2.7.1

2.7.0

2.6.5

2.6.4

2.6.3

2.6.2

2.6.1

2.6.0

2.5.1

2.5.0

2.4.11

2.4.10

2.4.9

2.4.8

2.4.7

2.4.6

2.4.5

2.4.4

2.4.3

2.4.2

2.4.1

2.4.0

2.3.6

2.3.5

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.3.0-beta.4

2.3.0-beta.3

2.3.0-beta.2

2.3.0-beta.1

2.2.4

2.2.3

2.2.2

2.2.1

2.2.0

2.1.2

2.1.1

2.1.0

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

2.0.0-beta.3

2.0.0-beta.2

2.0.0-beta.1

1.17.0

1.16.1

1.16.0

1.15.0

1.14.0

1.13.1

1.13.0

1.12.2

1.12.1

1.12.0

1.11.1

1.11.0

1.10.7

1.10.6

1.10.5

1.10.4

1.10.3

1.10.2

1.10.1

1.10.0

1.9.1

1.9.0

1.8.3

1.8.2

1.8.1

1.8.0

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.3

1.6.2

1.6.1

1.6.0

1.5.3

1.5.2

1.5.1

1.5.0

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.5

1.3.4

1.2.2

1.3.3

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.2.0-rc2

1.2.0-rc1

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.1

1.0.0

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8.8

0.8.7

0.8.6.1

0.8.6

0.8.5

0.8.4

0.8.3

0.8.3-rc1

0.8.2

0.8.1

0.8

0.8-rc2

0.8-rc1

0.7.2

0.7.1

0.7

0.6.1

0.6

0.5

0.3

0.2

0.1

Labels

Clear labels   

bug

  

bug

  

dependencies

  

design

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

feedback-needed

  

help-needed

  

help-needed

  

installer

  

invalid

  

looking-for-sponsors

  

modoboa-contacts

  

new-ui

  

new-ui

  

pr

  

pull-request

Mirrored from GitHub Pull Request

  

pyconfr

  

python

  

question

  

security

  

stale

  

webmail

  

wontfix

No labels

bug

bug

dependencies

design

documentation

duplicate

enhancement

enhancement

enhancement

feedback-needed

help-needed

help-needed

installer

invalid

looking-for-sponsors

modoboa-contacts

new-ui

new-ui

pr

pull-request

pyconfr

python

question

security

stale

webmail

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/modoboa-modoboa#897

No description provided.