We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Restrict sender address to account address
Restrict sender address to account address
Hi,
I installed the latest release of vestacp on an Ubuntu 16.04 host.
I created a mail domain alice.com with a mailbox [email protected].
Then I logged in to Roundcube and created an Identity with [email protected] and tried to send an e-mail to myself from bob.net.
Unfortunately this worked!
vestacp / exim4 has absolutely no knowledge about the domain bob.net.
I searched for restricting the sender address to the login name of the mailbox, but couldn't find a working solution.
Can you help me with the ACL for exim4?
I installed the latest release of vestacp on an Ubuntu 16.04 host.
I created a mail domain alice.com with a mailbox [email protected].
Then I logged in to Roundcube and created an Identity with [email protected] and tried to send an e-mail to myself from bob.net.
Unfortunately this worked!
vestacp / exim4 has absolutely no knowledge about the domain bob.net.
I searched for restricting the sender address to the login name of the mailbox, but couldn't find a working solution.
Can you help me with the ACL for exim4?
Re: Restrict sender address to account address
1. Could you provide the headers of a such e-mail?
2. Kindly connect e-mail client (Outlook, Thunderbird) to your Vesta remotely and try to repeat the sending of such e-mail.
I believe that you can change the return address (not From field).
Also the problem is that Roundcube is connecting locally, so it has different restrictions that if you connect via e-mail client. Because RC connects to localhost:<smtp_port> and e-mail client to <external_ip>:<smtp_port>
To check my idea you may change the RC configuration to use external_ip of server.
2. Kindly connect e-mail client (Outlook, Thunderbird) to your Vesta remotely and try to repeat the sending of such e-mail.
I believe that you can change the return address (not From field).
Also the problem is that Roundcube is connecting locally, so it has different restrictions that if you connect via e-mail client. Because RC connects to localhost:<smtp_port> and e-mail client to <external_ip>:<smtp_port>
To check my idea you may change the RC configuration to use external_ip of server.
Re: Restrict sender address to account address
Unfortunately it worked in both cases.
Headers when sent from Roundcube (IP addresses and receiver address changed, but not the sender address)
And here is the data from an e-mail sent via Thunderbird on Mac and an Identity spoofing your username with vestacp.com domain:
Headers when sent from Roundcube (IP addresses and receiver address changed, but not the sender address)
Code: Select all
Delivered-To: [email protected]
Received: by 10.223.149.67 with SMTP id 61csp453791wrs;
Fri, 28 Jul 2017 07:30:07 -0700 (PDT)
X-Received: by 10.28.149.209 with SMTP id x200mr5579959wmd.91.1501252207172;
Fri, 28 Jul 2017 07:30:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1501252207; cv=none;
d=google.com; s=arc-20160816;
b=Pnw1mKeRhTwf09GtjglRZE9dvbNzYoQ6yn3JImVEqVAwrWcKCBFJ7yH/n1W6Oy62Wj
TaQZ83T2OwwMuSIOySG9hgcycPYwO33aRbzwT984AM7zoSItjpPREj38SIQXaZmdNrtS
zXJXsPRmpDHf5k8J452WyzexV3eRT1nCtEBVzW2fbasvBaSja2+qo0tOevXn9wma0H2J
VI9OXnK/dm/zfGqT6rAlKNtDveHqbO+hF1IZr6KayFIbfKbrKkCMzG5FTGJJS4jxdUAO
tPZce2ugr9kLdtdeaPVf8EejQwUz/EUjUxNKH1cJSbZwxnTTRT3QNl/GVATMPS1v3GRi
SGAw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=user-agent:message-id:from:date:content-transfer-encoding
:mime-version:subject:to:arc-authentication-results;
bh=tVeSTmmtJW/9yfRyp/+vhS+mMQJf3kFPyqy3tFpewbI=;
b=AbZWat3DJIh6gn7nXFJ2k24Z8JcR+zw0Jxh5CeS5jtXCtl84cD3tKgjqoCJObXawnI
0gaRO+zCv1wMttMTgSVfCGNkdmlPVkRUfBXpvEJ1fiKGXUGogtOe39ZQm1S+0ALPgJXd
CUjolEALq0aVAjDqynqkXxmaUrNCUcbLr+WmIhV6JT8Ng2A4WjEFTe5Rw6Hzs7ntaole
a/fkeQ3XqPMa18Lw8m9KdAzvpTBUyxraT65RzDjR1DpumLvQ+S7ickrEXEPZ7VNPMo1n
r6d9zSERIoMUyM6OC/bnE3xqPTUrC6blKLuH6FCDdo9K2LtsBPdVWhU6Zogl0AZO0KdH
hhdw==
ARC-Authentication-Results: i=1; mx.google.com;
spf=neutral (google.com: 148.17.22.57 is neither permitted nor denied by domain of [email protected]) [email protected]
Return-Path: <[email protected]>
Received: from mail.outgoing.smtp.example.com (outgoing.smtp.example.com. [148.17.22.57])
by mx.google.com with ESMTPS id g59si21520718wrd.348.2017.07.28.07.30.07
for <[email protected]>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 28 Jul 2017 07:30:07 -0700 (PDT)
Received-SPF: neutral (google.com: 148.17.22.57 is neither permitted nor denied by domain of [email protected]) client-ip=148.17.22.57;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 148.17.22.57 is neither permitted nor denied by domain of [email protected]) [email protected]
Received: from incoming.smtp.example.com (incoming.smtp.example.com [185.121.137.16])
by mail.outgoing.smtp.example.com (Postfix) with ESMTPS id C67E01051
for <[email protected]>; Fri, 28 Jul 2017 16:30:06 +0200 (CEST)
Received: from admin by incoming.smtp.example.com with local (Exim 4.86_2)
(envelope-from <[email protected]>)
id 1db6HG-0007oA-Ki
for [email protected]; Fri, 28 Jul 2017 14:30:06 +0000
To: [email protected]
Subject: My world
X-PHP-Originating-Script: 0:rcube.php
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Fri, 28 Jul 2017 16:30:06 +0200
From: gecube_ru <[email protected]>
Message-ID: <[email protected]>
X-Sender: [email protected]
User-Agent: Roundcube Webmail/1.2-beta
X-Spam-Status: No, score=0.0 required=5.0 tests=UNPARSEABLE_RELAY
autolearn=ham version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
mail.outgoing.smtp.example.com
is broken
Code: Select all
Delivered-To: [email protected]
Received: by 10.223.149.67 with SMTP id 61csp473791wrs;
Fri, 28 Jul 2017 07:50:39 -0700 (PDT)
X-Received: by 10.28.180.8 with SMTP id d8mr5601795wmf.161.1501253439004;
Fri, 28 Jul 2017 07:50:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1501253438; cv=none;
d=google.com; s=arc-20160816;
b=uVvfPB3OQYQxaU2MHV7C3+8GFzClzSHUn0MPwGOuWtjEMNPux1GTrpBm4bLLOPDpfm
6t0dizxhY76XoKz+lKU1aripjB8I7FYDrW6AaPH9ILjOYeSOqaVOrZ8V7j22YzRyEsnz
ijbjB3iM2GczKi/Tg7kS62SpGbTCfT8yGf5W+KfIpJ0KrrYI7H0G4aCGCXc8zo6EIPOQ
ck6+Wk2Md6icD/aEErbWrEswFPpAcZJRYAz30g4YLdYh+2LZecGezORxTq0/hxChHahU
oymQBOcuRD2rwMIn647g10qIypickkBTHsIPTwh5IDlTDpdJgxamF4Z3aY1P7zojLqKK
AVYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:mime-version:user-agent:date:message-id
:subject:from:to:arc-authentication-results;
bh=x7oRf4tDhfrWxg9Bs9xRFBtn8/Vrhxd1aRwKC9Y0tOo=;
b=PZqGxNwiWiOXDz+uEwsCitakhggd8+1IKBIS3sUIOxoYIGmsCugb0PADC4pnqujEIa
FwE6XIPJPd2+du9YUfdyZz3B2QOduhfldae+Wl7uwa/k6qM/NFgGrzOW+V8EYXECn/Je
BeUqm+KkmRcNzpG3xcMlGGTqJw1MNmH6GHovTwQ+YoumylbmLJVaMgXkSChaCjmbSMMw
67REfm2NcNZlmNP6/28ErmzYWAHLS8/Pb3FO/Ev2befjR3vY5b/65+QjU3xf7gvMj3or
Fedk5r1+uUqd2cu9l3g/OsDQFAMs5+6ko7gk9RczdhGIBxoUr93uKNRRfQdDzve004xR
JnEg==
ARC-Authentication-Results: i=1; mx.google.com;
spf=neutral (google.com: 185.121.137.16 is neither permitted nor denied by domain of [email protected]) [email protected]
Return-Path: <[email protected]>
Received: from outgoing.smtp.example.com (outgoing.smtp.example.com. [185.121.137.16])
by mx.google.com with ESMTPS id p123si341608wmd.269.2017.07.28.07.50.38
for <[email protected]>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 28 Jul 2017 07:50:38 -0700 (PDT)
Received-SPF: neutral (google.com: 185.121.137.16 is neither permitted nor denied by domain of [email protected]) client-ip=185.121.137.16;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 185.121.137.16 is neither permitted nor denied by domain of [email protected]) [email protected]
Received: from [194.230.159.207] (helo=Maurawan.fritz.box)
by outgoing.smtp.example.com with esmtpa (Exim 4.86_2)
(envelope-from <[email protected]>)
id 1db6b8-00087U-5p
for [email protected]; Fri, 28 Jul 2017 14:50:38 +0000
To: [email protected]
From: gecube_ru <[email protected]>
Subject: Test with Thunderbird
Message-ID: <[email protected]>
Date: Fri, 28 Jul 2017 16:50:38 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0)
Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Does it work?
Re: Restrict sender address to account address
Please attach your exim configuration file.
Or download it to pastebin and share here the link to it
Or download it to pastebin and share here the link to it
Maybe... I can imagine that this may be default behaviour in some configurations. Because you already authenticated yourself with e-mail address as login and passwordUnfortunately it worked in both cases.
Re: Restrict sender address to account address
I uploaded the complete /etc/exim4 folder (without /etc/exim4/domains/*) to https://schulze.uno/tmp/exim4.zip
Re: Restrict sender address to account address
Any news to the configuration?