SMTP-Relais rejects sender address for system notifications

csglr · February 14, 2026, 10:17pm

What type of hardware are you using: Raspberry Pi 3, 4+
What YunoHost version are you running: YunoHost 12.1.39 (stable)
How are you able to access your server: The webadmin
SSH

Describe your issue

I am trying to configure YunoHost to send system notifications only (Alerts, system warnings, etc.) using an external SMTP relais (mailbox.org). I do not intend to receive emails on this server, and incoming mail ports (25, 587, 993) are closed at the router level.

SMTP-Relais configuration:

Host: smtp.mailbox.org
Port: 587
Authentication user: myaddress@mailbox.org
SMTP-Relais-Passwort: app-password

The TLS connection to mailbox.org is successfully established.

However, when sending a test email, delivery fails. The log shows that the message is sent using the local system sender address (e.g. user@mydomain.tld) instead of the authenticated mailbox.org address.

mailbox.org rejects the message with:

status=bounced (...) 553 5.7.1 <user@mydomain.tld>: Sender address rejected: not owned by user myaddress@mailbox.org

My goal is:

No incoming mail handling
Outgoing system notifications only
SMTP relais via mailbox.org
Proper sender address matching the authenticated relay account

What is the recommended way in YunoHost to configure the envelope sender for outgoing mail when using an external SMTP relay that enforces sender ownership?

Share relevant logs or error messages

/var/log/mail.log

2026-02-14T21:56:25.948393+00:00 ynh postfix/pickup[4339]: E772E1570: uid=54605 from=<cm+++++++++++++de>
2026-02-14T21:56:25.954369+00:00 ynh postsrsd[5635]: srs_forward: <cm+++++++++++++de> not rewritten: Domain excluded by policy
2026-02-14T21:56:25.955373+00:00 ynh postfix/cleanup[5633]: E772E1570: message-id=<20++++++++++25.E7++++++++++++++++++de>
2026-02-14T21:56:25.962714+00:00 ynh opendkim[1185]: E772E1570: DKIM-Signature field added (s=mail, d=++++++++++de)
2026-02-14T21:56:26.006140+00:00 ynh postfix/qmgr[4340]: E772E1570: from=<cm+++++++++++++de>, size=400, nrcpt=1 (queue active)
2026-02-14T21:56:26.111130+00:00 ynh postfix/smtp[5638]: connect to sm++++++++++++rg[20++++++++++++++++++++++++++96]:587: Network is unreachable
2026-02-14T21:56:26.316606+00:00 ynh postfix/smtp[5638]: Trusted TLS connection established to sm++++++++++++rg[18++++++++++96]:587: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)
2026-02-14T21:56:26.628412+00:00 ynh postfix/smtp[5638]: E772E1570: to=<c.++++++++++++++++++++rg>, re++++++++++++++++++rg[18++++++++++96]:587, delay=0.69, delays=0.07/0.06/0.42/0.13, dsn=5.7.1, status=bounced (host sm++++++++++++rg[18++++++++++96] said: 553 5.7.1 <cm+++++++++++++de>: Sender address rejected: not owned by user c.++++++++++++++++++++rg (in reply to RCPT TO command))
2026-02-14T21:56:26.651558+00:00 ynh postsrsd[5635]: srs_forward: <“”> not rewritten: No at sign in sender address
2026-02-14T21:56:26.653036+00:00 ynh postfix/cleanup[5633]: 9EFC71573: message-id=<20++++++++++26.9E++++++++++++++++++de>
2026-02-14T21:56:26.654450+00:00 ynh postfix/bounce[5639]: E772E1570: sender non-delivery notification: 9EFC71573
2026-02-14T21:56:26.654554+00:00 ynh postfix/qmgr[4340]: 9EFC71573: from=<>, size=2763, nrcpt=1 (queue active)
2026-02-14T21:56:26.654669+00:00 ynh postfix/qmgr[4340]: E772E1570: removed
2026-02-14T21:56:26.687923+00:00 ynh dovecot: lda(cm+++++++++++++de)<5643>: sieve: msgid=<20++++++++++26.9E++++++++++++++++++de>: stored mail into mailbox ‘INBOX’
2026-02-14T21:56:26.688334+00:00 ynh postfix/pipe[5640]: 9EFC71573: to=<cm+++++++++++++de>, relay=dovecot, delay=0.04, delays=0/0/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
2026-02-14T21:56:26.688391+00:00 ynh postfix/qmgr[4340]: 9EFC71573: removed

marc · February 28, 2026, 6:29pm

Hi @csglr

Did you search here?

csglr · March 2, 2026, 1:32pm

Hi @marc,

thank you very much for your help!

As far as I understand the documentation, the cleanest solution in YunoHost would be to configure Postfix to rewrite the envelope sender using smtp_generic_maps, rather than modifying individual system sender addresses.

That approach would work well for me. Do you happen to know whether this method survives a yunohost tools regen-conf without the changes being overwritten?

P.S.
Funny enough, I originally didn’t want to run a mail server on my YunoHost at all - only system notifications via an external relay. But after experimenting with it, I ended up enabling the full mail stack… and I have to admit I’m pleasantly surprised at how well it works out of the box on YunoHost!

marc · March 2, 2026, 8:44pm

I suppose it is the correct parameter, but i let you read the documentation

Yes, Yunohost won’t change your configuration file unless you force it with the proper parameters in regen-conf

Yes, Yunohost team made a great job to ease the use of web servers!

About mailbox.org, did you read this page:

https://kb.mailbox.org/en/private/e-mail/sending-e-mails-with-non-registered-mailaddresses-sender-address-rejected-not-owned-by-user/#sending-mails-with-other-sender-addresses--error-messages

Maybe a cach-all address , defined in mailbox.org, could also work?

Other possible workaround: create an alias email in mailbox.org, for root@user@mydomain.tld. Then your Postfix server would send every received email to mailbox.org