1 Topic by InformaticaTTU (edited by InformaticaTTU 2015-06-01 22:57:03)

  • InformaticaTTU
  • Member
  • Offline
  • Registered: 2014-07-21
  • Posts: 47

Topic: ALLOWED_LOGIN_MISMATCH_SENDERS ignored in latest versions

==== Required information ====
- iRedMail version: 0.9.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Linux/BSD distribution name and version: Debian Wheezy 7
- Related log if you're reporting an issue:

Jun  1 16:39:32 srv1m3 postfix/smtpd[29912]: NOQUEUE: reject: RCPT from somewhere[88.888.888.888]: 554 5.7.1 <aaa@aaa.es>: Recipient address rejected: Sender login mismatch; from=<bbb@aaa.es> to=<aaa@aaa.es> proto=ESMTP helo=<localhost>
====

Hi,

Some time ago i had troubles with this but was fixed with ALLOWED_LOGIN_MISMATCH_SENDERS. Now i've updated to latest iRedadp (1.5.0) and is failing again.
I've a php aplication that send emails to a predefined direction as the user with another account, for example.

- The user a@domain.com use the php application to send a message requesting some material.
- The php app connect to smt server using as login an user called z@domain.com and try to send the email as a@domain.com to b@domain.com
- Of course z@domain.com is trying to send an email as a@domain.com then the server answers with a "Login Missmatch" but it's supposed is allowed for that address.

If this configuration on settings.py:

....
plugins = ["reject_null_sender", "reject_sender_login_mismatch", "amavisd_wblist", "sql_alias_access_policy", "sql_user_restrictions"]
....
ALLOWED_LOGIN_MISMATCH_SENDERS = ['z@domain.com', ...]
ALLOWED_LOGIN_MISMATCH_STRICTLY = False
....

How can i fix this problem

Thanks!!

PDTA: I forgot to say that now i'm using the 1.6.0 version because had troubles with 1.5.0 version.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: ALLOWED_LOGIN_MISMATCH_SENDERS ignored in latest versions

Sorry about this trouble.

The setting (ALLOWED_LOGIN_MISMATCH_SENDERS) in settings.py is correct. Could you please turn on debug mode in iRedAPD, send one more testing email to trigger this error, then paste the debug log here? so that we can know why it doesn't work.

Reference: http://www.iredmail.org/docs/debug.iredapd.html

3 Reply by InformaticaTTU

  • InformaticaTTU
  • Member
  • Offline
  • Registered: 2014-07-21
  • Posts: 47

Re: ALLOWED_LOGIN_MISMATCH_SENDERS ignored in latest versions

ZhangHuangbin wrote:

Sorry about this trouble.

The setting (ALLOWED_LOGIN_MISMATCH_SENDERS) in settings.py is correct. Could you please turn on debug mode in iRedAPD, send one more testing email to trigger this error, then paste the debug log here? so that we can know why it doesn't work.

Reference: http://www.iredmail.org/docs/debug.iredapd.html


Yes, just now i've turned on the debug log and i was trying to find where is the problem in the python script.

Here's the log:

2015-06-01 17:48:36 DEBUG Sender: a@comain.com, SASL username: z@domain.com
2015-06-01 17:48:36 DEBUG Allowed SASL senders: z@domain.com, x@domain.com, w@domain.com
2015-06-01 17:48:36 DEBUG <-- Result: REJECT Sender login mismatch

Of course i've changed the email addresses, but it matchs the original addresses position.

Greetings!!

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: ALLOWED_LOGIN_MISMATCH_SENDERS ignored in latest versions

InformaticaTTU wrote:

Here's the log:

Could you please show me the full debug log? At least full log related to plugin 'reject_sender_login_mismatch'.

5 Reply by InformaticaTTU (edited by InformaticaTTU 2015-06-02 00:27:19)

  • InformaticaTTU
  • Member
  • Offline
  • Registered: 2014-07-21
  • Posts: 47

Re: ALLOWED_LOGIN_MISMATCH_SENDERS ignored in latest versions

ZhangHuangbin wrote:
InformaticaTTU wrote:

Here's the log:

Could you please show me the full debug log? At least full log related to plugin 'reject_sender_login_mismatch'.


Here's whole log when i try to send that email:

2015-06-01 18:20:32 DEBUG Connect from 127.0.0.1, port 60882.
2015-06-01 18:20:32 DEBUG smtp session: request=smtpd_access_policy
2015-06-01 18:20:32 DEBUG smtp session: protocol_state=RCPT
2015-06-01 18:20:32 DEBUG smtp session: protocol_name=ESMTP
2015-06-01 18:20:32 DEBUG smtp session: client_address=.......
2015-06-01 18:20:32 DEBUG smtp session: client_name=......staticIP.rima-tde.net
2015-06-01 18:20:32 DEBUG smtp session: reverse_client_name=........staticIP.rima-tde.net
2015-06-01 18:20:32 DEBUG smtp session: helo_name=localhost
2015-06-01 18:20:32 DEBUG smtp session: sender=sender@domain.com
2015-06-01 18:20:32 DEBUG smtp session: recipient=destination@domain.com
2015-06-01 18:20:32 DEBUG smtp session: recipient_count=0
2015-06-01 18:20:32 DEBUG smtp session: queue_id=
2015-06-01 18:20:32 DEBUG smtp session: instance=504.556c8650.c6b8.0
2015-06-01 18:20:32 DEBUG smtp session: size=0
2015-06-01 18:20:32 DEBUG smtp session: etrn_domain=
2015-06-01 18:20:32 DEBUG smtp session: stress=
2015-06-01 18:20:32 DEBUG smtp session: sasl_method=LOGIN
2015-06-01 18:20:32 DEBUG smtp session: sasl_username=loginuser@domain.com
2015-06-01 18:20:32 DEBUG smtp session: sasl_sender=
2015-06-01 18:20:32 DEBUG smtp session: ccert_subject=
2015-06-01 18:20:32 DEBUG smtp session: ccert_issuer=
2015-06-01 18:20:32 DEBUG smtp session: ccert_fingerprint=
2015-06-01 18:20:32 DEBUG smtp session: ccert_pubkey_fingerprint=
2015-06-01 18:20:32 DEBUG smtp session: encryption_protocol=
2015-06-01 18:20:32 DEBUG smtp session: encryption_cipher=
2015-06-01 18:20:32 DEBUG smtp session: encryption_keysize=0
2015-06-01 18:20:32 DEBUG --> Apply plugin: reject_null_sender
2015-06-01 18:20:32 DEBUG <-- Result: DUNNO
2015-06-01 18:20:32 DEBUG --> Apply plugin: reject_sender_login_mismatch
2015-06-01 18:20:32 DEBUG Sender: sender@domain.com, SASL username: loginuser@domain.com
2015-06-01 18:20:32 DEBUG Allowed SASL senders: loginuser@domain.com, other@domain.com, thethird@domain.com
2015-06-01 18:20:32 DEBUG <-- Result: REJECT Sender login mismatch
2015-06-01 18:20:32 INFO [.....] RCPT, sender@domain.com -> destination@domain.com, REJECT Sender login mismatch
2015-06-01 18:20:32 DEBUG Session ended

Greetings!!

PDTA: Please hide the report button tongue

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: ALLOWED_LOGIN_MISMATCH_SENDERS ignored in latest versions

Confirmed, it's a bug in iRedAPD-1.5.0 and latest development version. here's patch to fix it:

diff -r 34bbf2dad80d plugins/reject_sender_login_mismatch.py
--- a/plugins/reject_sender_login_mismatch.py    Sat May 30 12:24:45 2015 +0800
+++ b/plugins/reject_sender_login_mismatch.py    Tue Jun 02 00:32:49 2015 +0800
@@ -149,9 +149,10 @@
 
     if allowed_senders:
         logging.debug('Allowed SASL senders: %s' % ', '.join(allowed_senders))
-        if not (sasl_username in allowed_senders or sasl_sender_domain in allowed_senders):
-            logging.debug('REJECT: Sender is not allowed to send email as other user (ALLOWED_LOGIN_MISMATCH_SENDERS).')
-            return reject
+        if sasl_username in allowed_senders or sasl_sender_domain in allowed_senders:
+            return SMTP_ACTIONS['default']
+        else:
+            logging.debug('Sender is not allowed to send email as other user (ALLOWED_LOGIN_MISMATCH_SENDERS).')
 
     # Check alias domains and user alias addresses
     if is_strict or allow_list_member:

Please let me know whether or not it works for you.

7 Reply by InformaticaTTU

  • InformaticaTTU
  • Member
  • Offline
  • Registered: 2014-07-21
  • Posts: 47

Re: ALLOWED_LOGIN_MISMATCH_SENDERS ignored in latest versions

Working wink

Thanks!!