Send mail for alias addresses #581
Comments
|
#worksAsDesigned The "still works" way to send mail from user@differentdomain is to log into roundcube with a username within differentdomain. I have witnessed (and cleaned up) systems that end up with millions of emails injected into their queues within hours of an email account getting brute forced. There is off-the-shelf software that takes advantage of this weakness in most SMTP servers and then injects spam from many not-local domains into the queue (aka: Joe job attack). That gets your mail server instantly black listed for provable impersonation. This prevents that consequence. In so doing, this change greatly reduces the collateral damage inflicted on mail systems when an email account is brute-forced. Most attempted spam injections are rejected before being queued. Perhaps an option that added an option like |
|
Yes I 100% agree that it is a good addition and work as intented However I cannot login in Roundcube with user@differentdomain since this is just an redirect in vpopmail. Since mail send to: user@differentdomain ends up in my main mailbox: user@email So the option |
I recently updated Haraka and found that sending mail for alias isn't working anymore.
Say I login to roundcube via user@email.com and I send a mail for alias@differentdomain.com it is not working anymore
([7E4999FB-B6E@haraka] Envelope domain 'differentdomain.com' doesn't match AUTH domain 'email.com').So with some research I found that this is a result of: haraka/Haraka#3265
So I added
constrain_sender=falseand it is working again.I understand the function, however can we however make the check not so restrictive?
The text was updated successfully, but these errors were encountered: