Sending with tagged sender address

[itkfm]

Prior to placing the issue, please check following: (fill out each checkbox with an X once done)

• I understand that not following or deleting the below instructions will result in immediate closure and/or deletion of my issue.
• I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• I have understood that answers are voluntary and community-driven, and not commercial support.
• I have verified that my issue has not been already answered in the past. I also checked previous issues.

Summary

When trying to send with a tagged address (e.g. [email protected] -> [email protected]), the server rejects that mail as if the address weren’t owned by the mailbox/user.

Mar  9 21:05:06 satelite postfix/smtp[28054]: 6622C184E9: to=<[email protected]>, relay=mail.example.com[x.x.x.x]:465, delay=0.06, delays=0.01/0.01/0.02/0.02, dsn=5.7.1, status=bounced (host mail.example.com[x.x.x.x] said: 553 5.7.1 <[email protected]>: Sender address rejected: not owned by user [email protected] (in reply to RCPT TO command))

Mar  9 21:09:43 satelite postfix/smtp[815]: D14C51890E: to=<[email protected]>, relay=mail.example.com[x.x.x.x]:465, delay=0.07, delays=0.02/0.01/0.01/0.03, dsn=5.7.1, status=bounced (host mail.example.com[x.x.x.x] said: 553 5.7.1 <[email protected]>: Sender address rejected: not owned by user [email protected] (in reply to RCPT TO command))

Logs

Time	Prio	Msg
03/09/2021, 9:09:44 PM	info	E405764A893: to=[email protected], relay=dovecot[172.22.1.250]:24, delay=1, delays=0.99/0.01/0.01/0.01, dsn=2.0.0, status=sent (250 2.0.0 [email protected] v58mOAjWR2BoQQAAErj2VQ Saved)
03/09/2021, 9:09:43 PM	info	E405764A893: replace: header Received: from satelite.example.com (satelite.example.com [x.x.y.y])??(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)?? key-exchange X25519 server-signature RSA-PSS (4096 bits) ser from satelite.example.com[x.x.y.y]; from=<> to=[email protected] proto=ESMTP helo=<satelite.example.com>: Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id E405764A893??for [email protected]; Tue, 9 Mar 2021 21:09:43 +0100 (CET)
03/09/2021, 9:09:43 PM	info	E405764A893: client=satelite.example.com[x.x.y.y], sasl_method=LOGIN, sasl_username=[email protected]
03/09/2021, 9:09:43 PM	info	NOQUEUE: reject: RCPT from satelite.example.com[x.x.y.y]: 553 5.7.1 [email protected]: Sender address rejected: not owned by user [email protected]; from=[email protected] to=[email protected] proto=ESMTP helo=<satelite.example.com>
03/09/2021, 9:05:58 PM	info	E034264A893: from=[email protected], size=603, nrcpt=2 (queue active)
03/09/2021, 9:05:58 PM	info	E034264A893: replace: header Received: from satelite.example.com (satelite.example.com [x.x.y.y])??(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)?? key-exchange X25519 server-signature RSA-PSS (4096 bits) ser from satelite.example.com[x.x.y.y]; from=[email protected] to=[email protected] proto=ESMTP helo=<satelite.example.com>: Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id E034264A893??for [email protected]; Tue, 9 Mar 2021 21:05:58 +0100 (CET)
03/09/2021, 9:05:58 PM	info	E034264A893: client=satelite.example.com[x.x.y.y], sasl_method=LOGIN, sasl_username=[email protected]
03/09/2021, 9:05:07 PM	info	77AEE64A89B: to=[email protected], relay=dovecot[fd4d:6169:6c63:6f77::f]:24, delay=0.92, delays=0.88/0.01/0.01/0.02, dsn=2.0.0, status=sent (250 2.0.0 [email protected] swrIFvPUR2DNPwAAErj2VQ Saved)
03/09/2021, 9:05:06 PM	info	77AEE64A89B: replace: header Received: from satelite.example.com (satelite.example.com [x.x.y.y])??(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)?? key-exchange X25519 server-signature RSA-PSS (4096 bits) ser from satelite.example.com[x.x.y.y]; from=<> to=[email protected] proto=ESMTP helo=<satelite.example.com>: Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 77AEE64A89B??for [email protected]; Tue, 9 Mar 2021 21:05:06 +0100 (CET)
03/09/2021, 9:05:06 PM	info	77AEE64A89B: client=satelite.example.com[x.x.y.y], sasl_method=LOGIN, sasl_username=[email protected]
03/09/2021, 9:05:06 PM	info	NOQUEUE: reject: RCPT from satelite.example.com[x.x.y.y]: 553 5.7.1 [email protected]: Sender address rejected: not owned by user [email protected]; from=[email protected] to=[email protected] proto=ESMTP helo=<satelite.example.com>

Reproduction

Create a new mailbox with default permissions.
Try to send a mail from a tagged address through this new user.

System information

Question	Answer
My operating system	Debian 10
Is Apparmor, SELinux or similar active?	Apparmor
Virtualization technlogy (KVM, VMware, Xen, etc - LXC and OpenVZ are not supported	KVM (PVE)
Server/VM specifications (Memory, CPU Cores)	8 vCores (AMD)
Docker Version (docker version)	20.10.5
Docker-Compose Version (docker-compose version)	docker-compose version 1.28.5, build c4eb3a1f
Reverse proxy (custom solution)	none

[monofox]

Cannot reproduce with a tagged sender with mailcow-dockerized from master of Wed Mar 10 15:06:32 2021:
(Test scenario: domain mimono.lan registered in mailcow, mailbox: [email protected]; sending as [email protected])

postfix-mailcow_1    | Mar 12 19:27:35 6a8507e6f72b postfix/submission/smtpd[377]: connect from unknown[a.b.c.x]
postfix-mailcow_1    | Mar 12 19:27:35 6a8507e6f72b postfix/submission/smtpd[377]: Anonymous TLS connection established from unknown[a.b.c.x]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)
postfix-mailcow_1    | Mar 12 19:27:35 6a8507e6f72b postfix/submission/smtpd[377]: 452F7140590: client=unknown[a.b.c.x], sasl_method=PLAIN, [email protected]
postfix-mailcow_1    | Mar 12 19:27:35 6a8507e6f72b postfix/cleanup[384]: 452F7140590: replace: header Received: from [a.b.c.x] (unknown [a.b.c.x])??(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)?? key-exchange X25519 server-signature RSA-PSS (4096 bits))??(No client certifi from unknown[a.b.c.x]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[a.b.c.x]>: Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 452F7140590??for <[email protected]>; Fri, 12 Mar 2021 19:27:35 +0100 (CET)
postfix-mailcow_1    | Mar 12 19:27:35 6a8507e6f72b postfix/cleanup[384]: 452F7140590: message-id=<[email protected]>
clamd-mailcow_1      | Fri Mar 12 19:27:35 2021 -> instream(172.22.1.17@52250): OK
postfix-mailcow_1    | Mar 12 19:27:35 6a8507e6f72b postfix/qmgr[349]: 452F7140590: from=<[email protected]>, size=1012, nrcpt=1 (queue active)
postfix-mailcow_1    | Mar 12 19:27:35 6a8507e6f72b postfix/submission/smtpd[377]: disconnect from unknown[a.b.c.x] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
dovecot-mailcow_1    | Mar 12 19:27:35 aa0ce4e4c484 dovecot: lmtp(32436): Connect from 172.22.1.14
dovecot-mailcow_1    | Mar 12 19:27:35 aa0ce4e4c484 dovecot: imap([email protected])<32550><fjBhCVu97t4Khwwe>: delete: box=Drafts, uid=2, msgid=<[email protected]>, size=1005
postfix-mailcow_1    | Mar 12 19:27:35 6a8507e6f72b postfix/lmtp[480]: 452F7140590: to=<[email protected]>, relay=dovecot[172.22.1.250]:24, delay=0.27, delays=0.21/0.02/0/0.04, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> qPDMHJeyS2C0fgAAUNmaMQ Saved)
postfix-mailcow_1    | Mar 12 19:27:35 6a8507e6f72b postfix/qmgr[349]: 452F7140590: removed

Do you have any kind of custom changes in postfix configuration?

[itkfm]

Do you have any kind of custom changes in postfix configuration?

Not any that I’d be aware of. extra.cf only defines myhostname.
Any other places that I should look for?

Btw: just updated our mailcow instance before re-trying. Unfortunately still not working.

[waja]

Same here with latest version of mailcow. Modifications of extra.cf(because of https://community.mailcow.email/d/98-mailcow-smtp-mailgmxnet-moglich/7) here:

# cat ./data/conf/postfix/extra.cf | grep -v ^myhostname
# gmx outgoing
# See https://wiki.ubuntuusers.de/Postfix/#GMX, http://www.dirk-hagedorn.de/?page_id=789, http://www.postfix.com/SASL_README.html#client_sasl_sender
sender_dependent_relayhost_maps = hash:/opt/postfix/conf/customize/sender_relaymaps
smtp_sasl_password_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_sender_dependent.cf,hash:/opt/postfix/conf/customize/sasl_passwd
# cat ../container.conf/postfix-customize/sender_relaymaps
[email protected] [mail.gmx.net]:submission
[email protected]     [mail.gmx.net]:submission
[email protected]   [mail.gmx.de]:submission
[email protected]     [mail.gmx.de]:submission
@web.de         [mail.gmx.de]:submission
# cat ../container.conf/postfix-customize/sasl_passwd
[mail.gmx.de]:submission        289484:Ja0ohxee
[mail.gmx.net]:submission       9828471045:Cool9an4

Is there anything I can provide to bring more light into this issue?

[waja]

Same here with latest version of mailcow. Modifications of extra.cf(because of https://community.mailcow.email/d/98-mailcow-smtp-mailgmxnet-moglich/7) here:

Anyway ... even with disabling this modification, I'm not able send with tagged sender address:

May 28 15:04:13 3879a715af77 postfix/submission/smtpd[456]: warning: hostname dialin.pool.net does not resolve to address 1.2.3.4: Name or service not known
May 28 15:04:13 3879a715af77 postfix/submission/smtpd[456]: connect from unknown[1.2.3.4]
May 28 15:04:13 3879a715af77 postfix/submission/smtpd[456]: Anonymous TLS connection established from unknown[1.2.3.4] to mailcow.test.org: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
May 28 15:04:13 3879a715af77 postfix/submission/smtpd[456]: NOQUEUE: reject: RCPT from unknown[1.2.3.4]: 553 5.7.1 <[email protected]>: Sender address rejected: not owned by user [email protected]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<brotbuechse.local>
May 28 15:04:18 3879a715af77 postfix/submission/smtpd[456]: disconnect from unknown[1.2.3.4] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 quit=1 commands=6/7

[waja]

Hi,

looking deeper into this.

The relevant part of the main.cf seems to be:

smtpd_sender_login_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unlisted_sender,
  reject_unknown_sender_domain

/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf has:

# Autogenerated by mailcow
user = mailcow
password = secret
hosts = unix:/var/run/mysqld/mysqld.sock
dbname = mailcow
# First select queries domain and alias_domain to determine if domains are active.
query = SELECT goto FROM alias
  WHERE address='%s'
    AND active='1'
    AND (domain IN
      (SELECT domain FROM domain
        WHERE domain='%d'
          AND active='1')
      OR domain in (
        SELECT alias_domain FROM alias_domain
          WHERE alias_domain='%d'
            AND active='1'
      )
    )
  UNION
  SELECT logged_in_as FROM sender_acl
    WHERE send_as='@%d'
      OR send_as='%s'
      OR send_as='*'
      OR send_as IN (
        SELECT CONCAT('@',target_domain) FROM alias_domain
          WHERE alias_domain = '%d')
      OR send_as IN (
        SELECT CONCAT('%u','@',target_domain) FROM alias_domain
          WHERE alias_domain = '%d')
      AND logged_in_as NOT IN (
        SELECT goto FROM alias
          WHERE address='%s')
  UNION
  SELECT username FROM mailbox, alias_domain
    WHERE alias_domain.alias_domain = '%d'
      AND mailbox.username = CONCAT('%u','@',alias_domain.target_domain)
      AND (mailbox.active = '1' OR mailbox.active ='2')
      AND alias_domain.active='1'

Where is the part in /opt/postfix/conf/sql/mysql_virtual_sender_acl.cf allowing to send from tagged addresses for existing mail addresses? I'm overlooking this?

Thanks, Jan.

[waja]

Looking with postalias into this:

root@1d445eaecd07:/# postalias -q [email protected] mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf
root@1d445eaecd07:/# postalias -q [email protected] mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf
[email protected]

Is this the expected way?

[monofox]

@waja i have a different understanding.

According to postfix manual:

EMAIL ADDRESS EXTENSION
       When a mail address localpart contains the optional recipient delimiter
       (e.g., user+foo@domain), the  lookup  order  becomes:  user+foo@domain,
       user@domain, domain, user+foo@, and user@.

So if you use user+foo and it does not find anything, it should automatically try user

[waja]

@monofox thanks for this pointer. I looked now for this and http://www.postfix.org/virtual.5.html has written the following:

ADDRESS EXTENSION
When a mail address localpart contains the optional recipient delimiter
(e.g., user+foo@domain), the lookup order becomes: user+foo@domain,
user@domain, user+foo, user, and @Domain.

The propagate_unmatched_extensions parameter controls whether an
unmatched address extension (+foo) is propagated to the result of table
lookup.

Looks like I should verify propagate_unmatched_extensions.

root@1d445eaecd07:/# postconf propagate_unmatched_extensions
/usr/sbin/postconf: warning: /opt/postfix/conf/master.cf: undefined parameter: smtpd_last_auth
propagate_unmatched_extensions = canonical, virtual

I'm still wondering as it seems I'm the only one facing this issue and postfix is running without any modifcations.

Anyway ... with alias addresses it's the same:

root@1d445eaecd07:/# postalias -q [email protected] mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf
root@1d445eaecd07:/# postalias -q [email protected] mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf
[email protected]

I'm out of ideas at the moment. :(

[monofox]

@waja

The postalias -q output is the same for me (with tags no result, without there is a result), but sending is possible for me.

propagate_unmatched_extensions is set for me to the same value:
propagate_unmatched_extensions = canonical, virtual

For me, i'm testing with a clear mailbox + tag as well as alias + tag (no domain alias).

What would be interesting, if you enable the smtp debug in postfix. In the past, if i had to do this, i used debug_peer_list and looked into the log file.

[waja]

You can guess what? In #4022 (comment) it was broken. Now (running latest master) it seems to work. Yesterday Jun 5 17:47:49 it was still failing. (when I was also running the latest master) This is very unsatisfying as I'm not able to reproduce that causes the problem and fixed it.

Looking into https://github.com/mailcow/mailcow-dockerized/commits/master/data/conf/postfix/master.cf I see 51e3521, 05f6e28 and 28ab998. But I don't see what can cause this hassle.

But now I have a nice debug logfile. :)

[waja]

Hmmm .... okay ... it has todo with my local configuation.

I've another user [email protected], where I disabled sender check for domain test.org and alias. When activating this, sending for my tagged sender addresses fails. When disabling this, tagged sender adresses for (at least test.org) works.

The debug log is attached. @andryyy any idea?

postfix.log

[waja]

Okay .... this does only happen when [email protected] has Allow to send as checked "Disable sender check for domain *" or "Disable sender check for domain test.org". Any suggestions how to solve this?

[monofox]

Okay .... this does only happen when [email protected] has Allow to send as checked "Disable sender check for domain *" or "Disable sender check for domain test.org". Any suggestions how to solve this?

To understand your test case - you've a user [email protected] and with that user you tried to send a mail from [email protected] to [email protected]?

How is the [email protected] linked to it? Because in smtpd_sender_login_maps (mysql_virtual_sender_acl) it finds [email protected] for [email protected]. Seems like postfix thinks, that [email protected] belongs to [email protected] and not to the logged in user [email protected].

Would be interesting to see the result of the SQL. Could imagine, that he has a problem to find the '*' entry prior the other.

[waja]

nope.

My test case is:

[email protected] is just a(nother) mailbox configured on the system.

FROM: [email protected]
TO: [email protected]
SMTP SASL auth: [email protected]

When the mailbox user [email protected] is configured to Allow to send as checked "Disable sender check for domain *" or Allow to send as checked "Disable sender check for domain test.org", the testcase fails:

Jun  6 16:18:55 a8b3d65d6611 postfix/submission/smtpd[540]: dict_proxy_lookup: table=mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf flags=lock|fold_fix|utf8_request [email protected] -> status=0 [email protected]
Jun  6 16:18:55 a8b3d65d6611 postfix/submission/smtpd[540]: maps_find: smtpd_sender_login_maps: proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf(0,lock|fold_fix|utf8_request): [email protected] = [email protected]
Jun  6 16:18:55 a8b3d65d6611 postfix/submission/smtpd[540]: mail_addr_find: [email protected] -> [email protected]
Jun  6 16:18:55 a8b3d65d6611 postfix/submission/smtpd[540]: NOQUEUE: reject: RCPT from unknown[2003:b22a:940d:a638:9925:7e3f:75b7:8c18]: 553 5.7.1 <[email protected]>: Sender address rejected: not owned by user [email protected]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<smtpclient.apple>

If the mailbox user [email protected] is NOT configured to Allow to send as checked "Disable sender check for domain *" or "Disable sender check for domain test.org", the testcase succeeds. Even when allowing sending for any other domain except * or test.org it works.

Looks like the address lookup is clashed somehow.

[monofox]

Confirm @waja

SELECT goto FROM alias
  WHERE address='[email protected]'
    AND active='1'
    AND (domain IN
      (SELECT domain FROM domain
        WHERE domain='test.org'
          AND active='1')
      OR domain in (
        SELECT alias_domain FROM alias_domain
          WHERE alias_domain='test.org'
            AND active='1'
      )
    )
  UNION
  SELECT logged_in_as FROM sender_acl
    WHERE send_as='@test.org'
      OR send_as='[email protected]'
      OR send_as='*'
      OR send_as IN (
        SELECT CONCAT('@',target_domain) FROM alias_domain
          WHERE alias_domain = 'test.org')
      OR send_as IN (
        SELECT CONCAT('user+test','@',target_domain) FROM alias_domain
          WHERE alias_domain = 'test.org')
      AND logged_in_as NOT IN (
        SELECT goto FROM alias
          WHERE address='[email protected]')
  UNION
  SELECT username FROM mailbox, alias_domain
    WHERE alias_domain.alias_domain = 'test.org'
      AND mailbox.username = CONCAT('user+test','@',alias_domain.target_domain)
      AND (mailbox.active = '1' OR mailbox.active ='2')
      AND alias_domain.active='1'

+---------------------+
| goto                |
+---------------------+
| [email protected] |
+---------------------+

If its executed with user instead of user+test

SELECT goto FROM alias
  WHERE address='[email protected]'
    AND active='1'
    AND (domain IN
      (SELECT domain FROM domain
        WHERE domain='test.org'
          AND active='1')
      OR domain in (
        SELECT alias_domain FROM alias_domain
          WHERE alias_domain='test.org'
            AND active='1'
      )
    )
  UNION
  SELECT logged_in_as FROM sender_acl
    WHERE send_as='@test.org'
      OR send_as='[email protected]'
      OR send_as='*'
      OR send_as IN (
        SELECT CONCAT('@',target_domain) FROM alias_domain
          WHERE alias_domain = 'test.org')
      OR send_as IN (
        SELECT CONCAT('user','@',target_domain) FROM alias_domain
          WHERE alias_domain = 'test.org')
      AND logged_in_as NOT IN (
        SELECT goto FROM alias
          WHERE address='[email protected]')
  UNION
  SELECT username FROM mailbox, alias_domain
    WHERE alias_domain.alias_domain = 'test.org'
      AND mailbox.username = CONCAT('user','@',alias_domain.target_domain)
      AND (mailbox.active = '1' OR mailbox.active ='2')
      AND alias_domain.active='1'

Result:

+---------------------+
| goto                |
+---------------------+
| [email protected]       |
| [email protected] |
+---------------------+

Its because of the OR send_as='*' . For the tagged user it will never find an entry. If you don't have an entry with @test.org and also not with the *, postfix will search for the untagged variant and will succeed (thats why its working for me, but not for you).

You might try with following query in /opt/postfix/conf/sql/mysql_virtual_sender_acl.cf

SELECT goto FROM alias
  WHERE address='%s'
    AND active='1'
    AND (domain IN
      (SELECT domain FROM domain
        WHERE domain='%d'
          AND active='1')
      OR domain in (
        SELECT alias_domain FROM alias_domain
          WHERE alias_domain='%d'
            AND active='1'
      )
    )
  UNION
  SELECT logged_in_as FROM sender_acl
    WHERE (NOT INSTR('%s', '+') AND send_as='@%d')
      OR send_as='%s'
      OR (NOT INSTR('%s', '+') AND send_as='*')
      OR send_as IN (
        SELECT CONCAT('@',target_domain) FROM alias_domain
          WHERE alias_domain = '%d')
      OR send_as IN (
        SELECT CONCAT('%u','@',target_domain) FROM alias_domain
          WHERE alias_domain = '%d')
      AND logged_in_as NOT IN (
        SELECT goto FROM alias
          WHERE address='%s')
  UNION
  SELECT username FROM mailbox, alias_domain
    WHERE alias_domain.alias_domain = '%d'
      AND mailbox.username = CONCAT('%u','@',alias_domain.target_domain)
      AND (mailbox.active = '1' OR mailbox.active ='2')
      AND alias_domain.active='1'

The above SQL is checking with INSTR if its a tagged address and will skip check on domain / * rule.

[waja]

@monofox Oh, I missed your message. I'll have a look into it over the weekend and will give feedback. Many thanks!

[andryyy]

We should evaluate a proper fix. Perhaps a piped map in Postfix can help too. Like stopping after a given result.

[waja]

I'll have a look into it over the weekend and will give feedback. Many thanks!

hmm ... is there a way to override the /opt/postfix/conf/sql/mysql_virtual_sender_acl.cf for testing? Even if I mount it as bind mount from the outside of the container, it's replaced by the one that's generated on startup.

[monofox]

I'll have a look into it over the weekend and will give feedback. Many thanks!

hmm ... is there a way to override the /opt/postfix/conf/sql/mysql_virtual_sender_acl.cf for testing? Even if I mount it as bind mount from the outside of the container, it's replaced by the one that's generated on startup.

If i do it, i go into the container

docker-compose exec postfix-mailcow 'bash'

change file and make a

postfix reload

[waja]

Temporary lookup failure

Looks like that didn't worked. But have to dig further when back at home with debugging mode.

[waja]

You might try with following query in /opt/postfix/conf/sql/mysql_virtual_sender_acl.cf

Looks like sending mail fails in this case in general because of a syntax error:

Jun 13 14:13:48 93f4266904d6 postfix/submission/smtpd[892]: resolve_clnt: `[email protected]' -> `[email protected]' -> transp=`lmtp' host=`inet:dovecot:24' rcpt=`[email protected]' flags= class=virtual
Jun 13 14:13:48 93f4266904d6 postfix/submission/smtpd[892]: ctable_locate: install entry key [email protected][email protected]
Jun 13 14:13:48 93f4266904d6 postfix/submission/smtpd[892]: extract_addr: in: <[email protected]>, result: [email protected]
Jun 13 14:13:48 93f4266904d6 postfix/proxymap[883]: warning: mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf: query failed: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')      OR send_as='[email protected]'      OR (NOT INSTR('[email protected]', '...' at line 1

postfix.log

[monofox]

You might try with following query in /opt/postfix/conf/sql/mysql_virtual_sender_acl.cf

Looks like sending mail fails in this case in general because of a syntax error:

Jun 13 14:13:48 93f4266904d6 postfix/submission/smtpd[892]: resolve_clnt: `[email protected]' -> `[email protected]' -> transp=`lmtp' host=`inet:dovecot:24' rcpt=`[email protected]' flags= class=virtual
Jun 13 14:13:48 93f4266904d6 postfix/submission/smtpd[892]: ctable_locate: install entry key [email protected][email protected]
Jun 13 14:13:48 93f4266904d6 postfix/submission/smtpd[892]: extract_addr: in: <[email protected]>, result: [email protected]
Jun 13 14:13:48 93f4266904d6 postfix/proxymap[883]: warning: mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf: query failed: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')      OR send_as='[email protected]'      OR (NOT INSTR('[email protected]', '...' at line 1

postfix.log

Yes, copy & paste error. The ( was missing after WHERE. See updated sql at #4022 (comment)

[waja]

Okay ... that works well.

Now I'm asking me, how I can implement a temporary workaround. Using a script works well to replace the config and reload postfix inside the container manually. Placing this script inside /hooks/ should execute it when /docker-entrypoint.sh is running. But it seems /docker-entrypoint.sh is not running on startup. Is there a way to run a script after /opt/postfix.sh was running?

[monofox]

Okay ... that works well.

Now I'm asking me, how I can implement a temporary workaround. Using a script works well to replace the config and reload postfix inside the container manually. Placing this script inside /hooks/ should execute it when /docker-entrypoint.sh is running. But it seems /docker-entrypoint.sh is not running on startup. Is there a way to run a script after /opt/postfix.sh was running?

As i've also mailman integrated by me, i had to override some existing variables in extra.cf. In theory, you could do the same for your mysql_virtual_sender_acl.cf. Place in the folder, just give a different name and override smtpd_sender_login_maps variable (and remember to remove it again, when there is an official solution)

[waja]

@andryyy can this tried to get fixed? Do you need any more information on this? It's hard to keep the workaround functional if mysql_virtual_sender_acl.cf is diverting away (eg. #4155).

[waja]

Hi,

I just wanted to report that this is broken again with my changes 6 weeks ago, I've to dig into it later when got some free time.

[andryyy]

It was probably just overwritten. I will try to find a proper fix. Sorry.

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[waja]

Hmmm… I don‘t wanna getting annoying… but is there a chance getting this fixed? Is there anything that I can do to increase the chance? :/

[waja]

Just wanted to notice you, that it looks like this issue seems to be not an issue anymore at least with 8116bf5: I removed the workaround mentioned in #4022 (comment), in my main.cf there is the stock smtpd_sender_login_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf config active and I was able to send a mail with FROM: [email protected].

[milkmaker]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[internetfreak]

What is the current state of this? This feature would be useful sometimes, especially since you cannot create an alias pointing to a tagged mail address. I'd like to send mails from a tagged address such that if the recipient responds, it's automatically sorted instead of always having to use my main mail address (one more example: Github allows comments via mail, but only from addresses on your account and I have a tagged address stored in my account)
I'm running a standard unmodified cow, only updating it from time to time

[waja]

As I stated in #4022 (comment), this seems to be fixed and is no issue anymore (at least on my setup).

[internetfreak]

Just updated to the latest available mailcow. Still getting "not owned by $mailbox", so no, for me it still doesn't work natively

[waja]

Updated to latest master and no issue to send mail from [email protected] while [email protected] is a real mailbox and even when [email protected] is an alias.

[internetfreak]

There must be something I'm doing wrong then or which must be misconfigured, here's the error from thunderbird:

And this is what the log says for postfix:

NOQUEUE: reject: RCPT from xxxxxxx.de[x.x.x.x]: 553 5.7.1 [email protected]: Sender address rejected: not owned by user [email protected]; from=[email protected] to=[email protected] proto=ESMTP helo=<[x.x.x.x]>

As far as I am aware I have no modifications running aside from extra.cf which sets myhostname, IPv4 as preferred and a new message size to allow larger uploads. I have confirmed that I am on the latest tag released a few days ago