1 Topic by pbf343

  • pbf343
  • Member
  • Offline
  • Registered: 2013-05-30
  • Posts: 243

Topic: SalesFoce.com mail blocked - ? iredapd & reject_sender_login_mismatch

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

Not getting e-mail from SalesForce.com.   Believe it is result of the SalesForce.com application sending e-mail out using the value in the "From" field as the user account hosted on the iRedMail system.  So, being rejected by iRedMail.

Recipient address rejected: Policy rejection not logged in (in reply to RCPT TO command))

Enabled plugins.
# - Plugin name is file name which placed under 'plugins/' directory,
#   without file extension '.py'.
# - Plugin names MUST be seperated by comma.
plugins = ['reject_null_sender', 'reject_sender_login_mismatch', 'amavisd_wblist', 'sql_alias_access_policy', 'sql_user_restrictions']

So would this allow those messages into the system for delivery? 

ALLOWED_LOGIN_MISMATCH_SENDERS = ['the_email_domain_name_hosted_on_iredmail_system.tld']

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: SalesFoce.com mail blocked - ? iredapd & reject_sender_login_mismatch

*) Turn on debug mode in iRedAPD, then reproduce this issue and paste related log (in /var/log/iredapd.log) here.
*) Is salesforce.com hosted on your server? Was this email sent by your salesforce.com account? Why specify a email address hosted on your server as sender?

3 Reply by pbf343

  • pbf343
  • Member
  • Offline
  • Registered: 2013-05-30
  • Posts: 243

Re: SalesFoce.com mail blocked - ? iredapd & reject_sender_login_mismatch

ZhangHuangbin wrote:

*) Turn on debug mode in iRedAPD, then reproduce this issue and paste related log (in /var/log/iredapd.log) here.

Will collect some data and report back. 


ZhangHuangbin wrote:

*) Is salesforce.com hosted on your server? Was this email sent by your salesforce.com account? Why specify a email address hosted on your server as sender?

No.
Email originated from salesforce.com server with the "From" value as our hosted user email address. 
Not sure why they used such email but it appears that it may be common practice. 


SalesForce.com is another operation that hosts their own applications globally.  Apparently, they make it standard practice, or at least that is the impression I've gotten so far, to use the users email address for their alerts system. So the user logs into the sytem, sets up some criteria of workflows and then can exit the system or be in it.  When these workflow triggers are executed, they send out emails using the domain name (user_one@domain.tld) which we host in iRedMail system.

Given the error code,  I was thinking it is related to this:  reject_sender_login_mismatch in the plugins.
Is that accurate.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: SalesFoce.com mail blocked - ? iredapd & reject_sender_login_mismatch

pbf343 wrote:

Email originated from salesforce.com server with the "From" value as our hosted user email address. 

This is spam because it uses a fake sender address. Is it possible to change this sender address?

pbf343 wrote:

Given the error code,  I was thinking it is related to this:  reject_sender_login_mismatch in the plugins.
Is that accurate.

Correct.
If sender address is hosted on localhost, sender must login (smtp auth) to send email.

5 Reply by pbf343

  • pbf343
  • Member
  • Offline
  • Registered: 2013-05-30
  • Posts: 243

Re: SalesFoce.com mail blocked - ? iredapd & reject_sender_login_mismatch

ZhangHuangbin wrote:
pbf343 wrote:

Email originated from salesforce.com server with the "From" value as our hosted user email address. 

This is spam because it uses a fake sender address. Is it possible to change this sender address?

I believe it is but like many client, they seem to think it is our fault/issue that SalesForce wants to spoof the address.  Yeah, huh. 

So the other part of the question is whether this would allow that "one domain" on our system to permit it?
ALLOWED_LOGIN_MISMATCH_SENDERS = ['the_email_domain_name_hosted_on_iredmail_system.tld']

ZhangHuangbin wrote:
pbf343 wrote:

Given the error code,  I was thinking it is related to this:  reject_sender_login_mismatch in the plugins.
Is that accurate.

Correct.
If sender address is hosted on localhost, sender must login (smtp auth) to send email.

Ok so a possible question and/or feedback for you is the following. 

So, the salesforce workflow shows the message as user A is sending the email to user A, B, C, D on the same domain.  However, the block seems to be triggered by user B's account and not user A.  I'm not sure if that is relevant to your Plugin code or more an artifact but thought I would share it.