Re: Can't reject forged sender/from address only when using AfterLogic Webmail
Not meant to offend, but Viktor, i'm still waiting for you knowledge to come around. And no, i'm not even asking you for a solution which obviously you don't know, but at least to come here and ask for excuses for you unfortunate behavior. Probably, 20 hours is enough time to read an understand through my initial question, your good friend return-path aka envelope sender is not related to the issue i exposed. Cheers, On Tue, Apr 1, 2014 at 1:06 AM, Pau Peris p...@webeloping.es wrote: I'm forwarding the email to the list which was sent to rhsoft by mistake. Thanks. Sent from my Android mobile, excuse the brevity. On Apr 1, 2014 12:42 AM, li...@rhsoft.net li...@rhsoft.net wrote: REPLY TO THE LIST Am 01.04.2014 00:16, schrieb Pau Peris: Thanks for your reply. I'm not native english speaker so, although HTML and top posting is not wellcome, i hope grammatical errors are not taken that hard. Jokes a part, I really appreciate your clarification about the return-path and envelope sender, although i'm not able to understand how it is related to the issue exposed. Maybe someone can explain it a little bit. I think the issue i'm suffering is clear. Email clients - desktop and web app ones - provide user Identity edition so one can change the sender/from address and not the envelope one. Am i right here? Following rhsoft tips i managed to reject what i underatand is called email sender forgering through the config posted on my first email of this thread. But, as I underatand, there's still a case which I do not understand at all how it is working and I think it is not related to envelope sender - check logs at gist URLs peovided af first email - where Postfix is not rejecting emails which from address shown at headers do not match login nor auth sender maps. I hope someone can explain what's happening here. Thank you so much. -- Sent from my Android mobile, excuse the brevity. On Mar 31, 2014 10:44 PM, li...@rhsoft.net mailto:li...@rhsoft.net li...@rhsoft.net mailto:li...@rhsoft.net wrote: Am 31.03.2014 19:26, schrieb Pau Peris: i really do not know what to answer to you about your last email. Anyway, as i understand envelope sender is where a computer are going to respond an email, if needed, and the from header is where people reply emails. If i'm wrong just an explanation will suffice. That said, i'm still wondering - and i do not know if anyone here is able to answer - why Mozilla Thunderbird or Roundcube get rejected when Editing the From address - at least it looks to me the From address and not the envelope sender there is no looks to me From: Pau Peris p...@webeloping.es mailto:p...@webeloping.es Sender: owner-postfix-us...@postfix.org mailto: owner-postfix-us...@postfix.org Return-Path: owner-postfix-us...@postfix.org mailto: owner-postfix-us...@postfix.org above the headers of your message, the Return-Path is the envelope On Mon, Mar 31, 2014 at 6:01 PM, Viktor Dukhovni postfix-us...@dukhovni.org mailto:postfix-us...@dukhovni.org mailto:postfix-us...@dukhovni.orgmailto: postfix-us...@dukhovni.org wrote: On Mon, Mar 31, 2014 at 05:52:33PM +0200, Pau Peris wrote: thanks a lot for your time and the great explanation, but i think that's not what i'm looking for. What i'm trying to accomplish is to make sure the from address used in the envelope is the same address used to login. I don't mind if they use a different reply to address or something similar. Well, your previous post sure seemed to imply that you wanted to restrict the From: address in the message header. Do you know what the term envelope sender address means in SMTP? I think not. I thought smtpd_sender_login_maps plus reject_unlisted_sender and reject_authenticated_sender_login_mismatch would do the trick but there's a case where login address is the same as the sender address - at least that's what it looks like after checking the mail.log - but once i get the email at Google Apps i notice the From header belongs to the forged address edited through the Identity edit form which AfterLogic Webmail provides. There you go again, talking about the header From. MAKE UP YOUR MIND! What i would like is to reject the email when the from address has been edited. I hope you can help me to get a clue here. First understand that the SMTP envelope sender address is NOT the same thing as the message header From: address
Re: Can't reject forged sender/from address only when using AfterLogic Webmail
Pau Peris: Not meant to offend, but Viktor, i'm still waiting for you knowledge to come around. And no, i'm not even asking you for a solution which obviously you don't know, but at least to come here and ask for excuses for you unfortunate behavior. Probably, 20 hours is enough time to read an understand through my initial question, your good friend return-path aka envelope sender is not related to the issue i exposed. I must take exception. Your description makes no sense to me'and I wrote Postfix. You use words that appear to be email related but it is all gibberish. Wietse
Re: Can't reject forged sender/from address only when using AfterLogic Webmail
On 01/04/2014 12:41, Pau Peris wrote: Not meant to offend, but Viktor, i'm still waiting for you knowledge to come around. And no, i'm not even asking you for a solution which obviously you don't know, but at least to come here and ask for excuses for you unfortunate behavior. This is the most fun think I've read in a very long while! Cheers, Daniele
Re: Can't reject forged sender/from address only when using AfterLogic Webmail
Wietse, exception? Don't fool man. Everyone here knows there is no exception on being at the friend side while trying to kick the new kid. Come on, let's make some sense. At your age you should know no one is going to belief this is an ... Wietse, just one more thing. Don't you think at your age you should be able, at least, to construct a sentence with some reasoning and explaining your point of view instead of trying to sell smokie words? Come on, explain the gibberish. I'm sure you can. Daniele, yeah, i'm still laughing too. Everyone here talking but no one giving reasons about their words. Hilarious joke! On Tue, Apr 1, 2014 at 2:18 PM, Daniele Nicolodi dani...@grinta.net wrote: On 01/04/2014 12:41, Pau Peris wrote: Not meant to offend, but Viktor, i'm still waiting for you knowledge to come around. And no, i'm not even asking you for a solution which obviously you don't know, but at least to come here and ask for excuses for you unfortunate behavior. This is the most fun think I've read in a very long while! Cheers, Daniele
Re: Can't reject forged sender/from address only when using AfterLogic Webmail
This is the most fun think I've read in a very long while! I agree. Pau, if you want to mail me off-list and discuss your postfix issue (in spanish), feel free to do it. But if you read this thread carefully, you'll realize that these folks have explained to you that postfix can reject sender/login mismatch on the _envelope_ sender address, not in the From: header.
Re: Can't reject forged sender/from address only when using AfterLogic Webmail
On Tue, Apr 01, 2014 at 02:32:07PM +0200, Pau Peris wrote: Come on, let's make some sense. What makes sense to me is to terminate your membership on this list, which I've done. If at some point you decide to stop posting public tantrums, you can come back, but if so, you must promise to keep your attitude in check. Good luck with your future endeavours. -- Viktor.
Re: Can't reject forged sender/from address only when using AfterLogic Webmail
On Mon, Mar 31, 2014 at 04:32:45PM +0200, Pau Peris wrote: I'm running Postfix 2.11 and I would like to reject/prevent authenticated users from sending emails with forged sender/from address. Postfix only restricts forgery of the envelope sender address. There are no features in Postfix to restrict senders to a particular RFC 2822 From: address. If you're operating a submission service where authentication is required, and for some reason you absolutely must restrict the From address, the best you can do is to configure a dedicated cleanup(8) instance for the submission servvice that discards the From header, in which case if I recall correctly, Postfix will insert a new From header with the envelope sender email address (and no full name). header_checks: /^from:/ IGNORE This breaks legitimate use of Resent-From:. Both Apple's Mail.app and mutt allow users to resend a message to another recipient in a way that preserves the original From: header so they reply to the author, (the address of the forwarding user is in Resent-From) rather than the person forwarding the mail. -- Viktor.
Re: Can't reject forged sender/from address only when using AfterLogic Webmail
Hello Viktor, thanks a lot for your time and the great explanation, but i think that's not what i'm looking for. What i'm trying to accomplish is to make sure the from address used in the envelope is the same address used to login. I don't mind if they use a different reply to address or something similar. I thought smtpd_sender_login_maps plus reject_unlisted_sender and reject_authenticated_sender_login_mismatch would do the trick but there's a case where login address is the same as the sender address - at least that's what it looks like after checking the mail.log - but once i get the email at Google Apps i notice the From header belongs to the forged address edited through the Identity edit form which AfterLogic Webmail provides. Same Identity forms exists in different webmail solutions or email desktop clients like Roundcube or Mozilla Thunderbird but don't know why After logic operates in a different way. What i would like is to reject the email when the from address has been edited. I hope you can help me to get a clue here. Thanks a lot On Mon, Mar 31, 2014 at 4:56 PM, Viktor Dukhovni postfix-us...@dukhovni.org wrote: On Mon, Mar 31, 2014 at 04:32:45PM +0200, Pau Peris wrote: I'm running Postfix 2.11 and I would like to reject/prevent authenticated users from sending emails with forged sender/from address. Postfix only restricts forgery of the envelope sender address. There are no features in Postfix to restrict senders to a particular RFC 2822 From: address. If you're operating a submission service where authentication is required, and for some reason you absolutely must restrict the From address, the best you can do is to configure a dedicated cleanup(8) instance for the submission servvice that discards the From header, in which case if I recall correctly, Postfix will insert a new From header with the envelope sender email address (and no full name). header_checks: /^from:/ IGNORE This breaks legitimate use of Resent-From:. Both Apple's Mail.app and mutt allow users to resend a message to another recipient in a way that preserves the original From: header so they reply to the author, (the address of the forwarding user is in Resent-From) rather than the person forwarding the mail. -- Viktor.
Re: Can't reject forged sender/from address only when using AfterLogic Webmail
On Mon, Mar 31, 2014 at 05:52:33PM +0200, Pau Peris wrote: thanks a lot for your time and the great explanation, but i think that's not what i'm looking for. What i'm trying to accomplish is to make sure the from address used in the envelope is the same address used to login. I don't mind if they use a different reply to address or something similar. Well, your previous post sure seemed to imply that you wanted to restrict the From: address in the message header. Do you know what the term envelope sender address means in SMTP? I think not. I thought smtpd_sender_login_maps plus reject_unlisted_sender and reject_authenticated_sender_login_mismatch would do the trick but there's a case where login address is the same as the sender address - at least that's what it looks like after checking the mail.log - but once i get the email at Google Apps i notice the From header belongs to the forged address edited through the Identity edit form which AfterLogic Webmail provides. There you go again, talking about the header From. MAKE UP YOUR MIND! What i would like is to reject the email when the from address has been edited. I hope you can help me to get a clue here. First understand that the SMTP envelope sender address is NOT the same thing as the message header From: address. -- Viktor.
Re: Can't reject forged sender/from address only when using AfterLogic Webmail
Hello Viktor, i really do not know what to answer to you about your last email. Anyway, as i understand envelope sender is where a computer are going to respond an email, if needed, and the from header is where people reply emails. If i'm wrong just an explanation will suffice. That said, i'm still wondering - and i do not know if anyone here is able to answer - why Mozilla Thunderbird or Roundcube get rejected when Editing the From address - at least it looks to me the From address and not the envelope sender - but doing through AfterLogic Webmail the Postfix mail.log show a different behavior/flow. I think that could help me to understand what's going on here, in case you know it. Last, i'm just a Web Software Engineer dealing with some Postfix requirements i try to solve/implement as fast as i can. That's why i'm here, looking for a little help from a friend. Thanks in advanced, On Mon, Mar 31, 2014 at 6:01 PM, Viktor Dukhovni postfix-us...@dukhovni.org wrote: On Mon, Mar 31, 2014 at 05:52:33PM +0200, Pau Peris wrote: thanks a lot for your time and the great explanation, but i think that's not what i'm looking for. What i'm trying to accomplish is to make sure the from address used in the envelope is the same address used to login. I don't mind if they use a different reply to address or something similar. Well, your previous post sure seemed to imply that you wanted to restrict the From: address in the message header. Do you know what the term envelope sender address means in SMTP? I think not. I thought smtpd_sender_login_maps plus reject_unlisted_sender and reject_authenticated_sender_login_mismatch would do the trick but there's a case where login address is the same as the sender address - at least that's what it looks like after checking the mail.log - but once i get the email at Google Apps i notice the From header belongs to the forged address edited through the Identity edit form which AfterLogic Webmail provides. There you go again, talking about the header From. MAKE UP YOUR MIND! What i would like is to reject the email when the from address has been edited. I hope you can help me to get a clue here. First understand that the SMTP envelope sender address is NOT the same thing as the message header From: address. -- Viktor.
Re: Can't reject forged sender/from address only when using AfterLogic Webmail
Am 31.03.2014 19:26, schrieb Pau Peris: i really do not know what to answer to you about your last email. Anyway, as i understand envelope sender is where a computer are going to respond an email, if needed, and the from header is where people reply emails. If i'm wrong just an explanation will suffice. That said, i'm still wondering - and i do not know if anyone here is able to answer - why Mozilla Thunderbird or Roundcube get rejected when Editing the From address - at least it looks to me the From address and not the envelope sender there is no looks to me From: Pau Peris p...@webeloping.es Sender: owner-postfix-us...@postfix.org Return-Path: owner-postfix-us...@postfix.org above the headers of your message, the Return-Path is the envelope On Mon, Mar 31, 2014 at 6:01 PM, Viktor Dukhovni postfix-us...@dukhovni.org mailto:postfix-us...@dukhovni.org wrote: On Mon, Mar 31, 2014 at 05:52:33PM +0200, Pau Peris wrote: thanks a lot for your time and the great explanation, but i think that's not what i'm looking for. What i'm trying to accomplish is to make sure the from address used in the envelope is the same address used to login. I don't mind if they use a different reply to address or something similar. Well, your previous post sure seemed to imply that you wanted to restrict the From: address in the message header. Do you know what the term envelope sender address means in SMTP? I think not. I thought smtpd_sender_login_maps plus reject_unlisted_sender and reject_authenticated_sender_login_mismatch would do the trick but there's a case where login address is the same as the sender address - at least that's what it looks like after checking the mail.log - but once i get the email at Google Apps i notice the From header belongs to the forged address edited through the Identity edit form which AfterLogic Webmail provides. There you go again, talking about the header From. MAKE UP YOUR MIND! What i would like is to reject the email when the from address has been edited. I hope you can help me to get a clue here. First understand that the SMTP envelope sender address is NOT the same thing as the message header From: address
Re: Can't reject forged sender/from address only when using AfterLogic Webmail
I'm forwarding the email to the list which was sent to rhsoft by mistake. Thanks. Sent from my Android mobile, excuse the brevity. On Apr 1, 2014 12:42 AM, li...@rhsoft.net li...@rhsoft.net wrote: REPLY TO THE LIST Am 01.04.2014 00:16, schrieb Pau Peris: Thanks for your reply. I'm not native english speaker so, although HTML and top posting is not wellcome, i hope grammatical errors are not taken that hard. Jokes a part, I really appreciate your clarification about the return-path and envelope sender, although i'm not able to understand how it is related to the issue exposed. Maybe someone can explain it a little bit. I think the issue i'm suffering is clear. Email clients - desktop and web app ones - provide user Identity edition so one can change the sender/from address and not the envelope one. Am i right here? Following rhsoft tips i managed to reject what i underatand is called email sender forgering through the config posted on my first email of this thread. But, as I underatand, there's still a case which I do not understand at all how it is working and I think it is not related to envelope sender - check logs at gist URLs peovided af first email - where Postfix is not rejecting emails which from address shown at headers do not match login nor auth sender maps. I hope someone can explain what's happening here. Thank you so much. -- Sent from my Android mobile, excuse the brevity. On Mar 31, 2014 10:44 PM, li...@rhsoft.net mailto:li...@rhsoft.net li...@rhsoft.net mailto:li...@rhsoft.net wrote: Am 31.03.2014 19:26, schrieb Pau Peris: i really do not know what to answer to you about your last email. Anyway, as i understand envelope sender is where a computer are going to respond an email, if needed, and the from header is where people reply emails. If i'm wrong just an explanation will suffice. That said, i'm still wondering - and i do not know if anyone here is able to answer - why Mozilla Thunderbird or Roundcube get rejected when Editing the From address - at least it looks to me the From address and not the envelope sender there is no looks to me From: Pau Peris p...@webeloping.es mailto:p...@webeloping.es Sender: owner-postfix-us...@postfix.org mailto: owner-postfix-us...@postfix.org Return-Path: owner-postfix-us...@postfix.org mailto: owner-postfix-us...@postfix.org above the headers of your message, the Return-Path is the envelope On Mon, Mar 31, 2014 at 6:01 PM, Viktor Dukhovni postfix-us...@dukhovni.org mailto:postfix-us...@dukhovni.org mailto:postfix-us...@dukhovni.orgmailto: postfix-us...@dukhovni.org wrote: On Mon, Mar 31, 2014 at 05:52:33PM +0200, Pau Peris wrote: thanks a lot for your time and the great explanation, but i think that's not what i'm looking for. What i'm trying to accomplish is to make sure the from address used in the envelope is the same address used to login. I don't mind if they use a different reply to address or something similar. Well, your previous post sure seemed to imply that you wanted to restrict the From: address in the message header. Do you know what the term envelope sender address means in SMTP? I think not. I thought smtpd_sender_login_maps plus reject_unlisted_sender and reject_authenticated_sender_login_mismatch would do the trick but there's a case where login address is the same as the sender address - at least that's what it looks like after checking the mail.log - but once i get the email at Google Apps i notice the From header belongs to the forged address edited through the Identity edit form which AfterLogic Webmail provides. There you go again, talking about the header From. MAKE UP YOUR MIND! What i would like is to reject the email when the from address has been edited. I hope you can help me to get a clue here. First understand that the SMTP envelope sender address is NOT the same thing as the message header From: address