1

Topic: Accepting local domain user email from external smtp source

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6
- Linux/BSD distribution name and version: CentOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====

My company, example.com, subscribes to a service provider that sends emails back to my company as user@example.com.  I want to configure iRedMail to allow incoming messages from user@example.com that originate from the service provider's system, smtp.servicecompany.com.  I added ALLOW_FORGED_SENDERS entry to reject_sender_login_mismatch.py, but it isn't working.  I'm not sure of the format.

Any ideas how to proceed?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Accepting local domain user email from external smtp source

Please append ALLOW_FORGED_SENDERS in /opt/iredapd/settings.py. Also show us original error log message in iredapd log file.

3

Re: Accepting local domain user email from external smtp source

I haved added the following line in /opt/iredapd/settings.py:

ALLOW_FORGED_SENDERS = ['user@example.com', 'smtp.servicecompany.com']

Not sure if this is correct, but it still isn't working.

error from iredapd.log
2017-04-24 17:33:09 INFO 67.238.120.217 RCPT, user@example.com -> user@example.com, REJECT Policy rejection not logged in [0.0010s]

from maillog
Apr 24 17:33:10 email postfix/smtpd[82866]: NOQUEUE: reject: RCPT from smtp.servicecompany.com[67.xxx.xxx.217]: 554 5.7.1 <user@example.com>: Recipient address rejected: Policy rejection not logged in; from=<user@example.com> to=<user@example.com> proto=ESMTP helo=<smtp.servicecompany.com>

4

Re: Accepting local domain user email from external smtp source

Could you please turn on debug mode in iredapd and show me full log related to your (NEW) testing?
FYI: http://www.iredmail.org/docs/debug.iredapd.html

5

Re: Accepting local domain user email from external smtp source

ZhangHuangbin wrote:

Could you please turn on debug mode in iredapd and show me full log related to your (NEW) testing?
FYI: http://www.iredmail.org/docs/debug.iredapd.html

Here is the section of iredapd.log

2017-04-27 16:56:05 DEBUG smtp session: request=smtpd_access_policy
2017-04-27 16:56:05 DEBUG smtp session: protocol_state=RCPT
2017-04-27 16:56:05 DEBUG smtp session: protocol_name=ESMTP
2017-04-27 16:56:05 DEBUG smtp session: client_address=67.xxx.xxx.217
2017-04-27 16:56:05 DEBUG smtp session: client_name=smtp.servicecompany.com
2017-04-27 16:56:05 DEBUG smtp session: reverse_client_name=smtp.servicecompany.com
2017-04-27 16:56:05 DEBUG smtp session: helo_name=smtp.servicecompany.com
2017-04-27 16:56:05 DEBUG smtp session: sender=user@example.com
2017-04-27 16:56:05 DEBUG smtp session: recipient=another_user@example.com
2017-04-27 16:56:05 DEBUG smtp session: recipient_count=0
2017-04-27 16:56:05 DEBUG smtp session: queue_id=
2017-04-27 16:56:05 DEBUG smtp session: instance=2f9d3.59025ae5.17ddc.9
2017-04-27 16:56:05 DEBUG smtp session: size=5904
2017-04-27 16:56:05 DEBUG smtp session: etrn_domain=
2017-04-27 16:56:05 DEBUG smtp session: stress=
2017-04-27 16:56:05 DEBUG smtp session: sasl_method=
2017-04-27 16:56:05 DEBUG smtp session: sasl_username=
2017-04-27 16:56:05 DEBUG smtp session: sasl_sender=
2017-04-27 16:56:05 DEBUG smtp session: ccert_subject=
2017-04-27 16:56:05 DEBUG smtp session: ccert_issuer=
2017-04-27 16:56:05 DEBUG smtp session: ccert_fingerprint=
2017-04-27 16:56:05 DEBUG smtp session: ccert_pubkey_fingerprint=
2017-04-27 16:56:05 DEBUG smtp session: encryption_protocol=
2017-04-27 16:56:05 DEBUG smtp session: encryption_cipher=
2017-04-27 16:56:05 DEBUG smtp session: encryption_keysize=0
2017-04-27 16:56:05 DEBUG --> Apply plugin: reject_null_sender
2017-04-27 16:56:05 DEBUG <-- Result: DUNNO
2017-04-27 16:56:05 DEBUG --> Apply plugin: reject_sender_login_mismatch
2017-04-27 16:56:05 DEBUG Not an authenticated sender (no sasl_username).
2017-04-27 16:56:05 DEBUG Sender is forged address (sender domain == recipient domain).
2017-04-27 16:56:05 DEBUG <-- Result: REJECT Policy rejection not logged in
2017-04-27 16:56:05 DEBUG Session ended.
2017-04-27 16:56:05 INFO 67.xxx.xxx.217 RCPT, user@example.com -> another_user@example.com, REJECT Policy rejection not logged in [0.0025s]

6

Re: Accepting local domain user email from external smtp source

fthorns wrote:

2017-04-27 16:56:05 DEBUG Sender is forged address (sender domain == recipient domain).

Please add your domain in /opt/iredapd/settings.py, parameter 'ALLOW_FORGED_SENDERS'.

7

Re: Accepting local domain user email from external smtp source

ZhangHuangbin wrote:
fthorns wrote:

2017-04-27 16:56:05 DEBUG Sender is forged address (sender domain == recipient domain).

Please add your domain in /opt/iredapd/settings.py, parameter 'ALLOW_FORGED_SENDERS'.

Right now it is set to
ALLOW_FORGED_SENDERS = ['user@example.com', 'smtp.servicecompany.com']

Should it be
ALLOW_FORGED_SENDERS = ['user@example.com', 'smtp.example.com']

Also, can multiple entries be made? If so, how do I add them?

8

Re: Accepting local domain user email from external smtp source

fthorns wrote:

Should it be

You should list the sender domain name here. if only one or few senders need this exception, it's better to list full sender email addresses instead for better policy.

fthorns wrote:

Also, can multiple entries be made? If so, how do I add them?

Sure. like this:

ALLOW_FORGED_SENDERS = ['domain1.com', 'domain2.com', 'domain3.com', 'user@abc.com', 'another@def.com']

iRedAPD config file is a Python source file, and "[]" is a list object.