Solved: Postfix / Snappymail - how to set mailidentity to group mail alias

wbk · December 27, 2023, 9:26pm

Hi all,

I have a problem replying to email using an identity with an emailaddress from another account.

My YunoHost server

Hardware: computer at home
YunoHost version:
- yunohost version: 11.2.8.2 (stable)
- yunohost-admin version: 11.2.3 (stable)
- moulinette version: 11.2 (stable)
- ssowat version: 11.2 (stable)
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : not especially

Description of my issue

To keep everyone informed of the things happening in the family, I used to have ‘group forward’ mailboxes when some of my mail still lived at my domain hoster.

The construction would be, for example:

pianomail@domain.tld would be the contact for the music teacher. Mails sent to that address would not be kept in the mailbox, but forwarded to my daughter, my wife, parents, and me, so that we would all know if a lesson was cancelled or anything.
in my case it would be forwarded to piano_w@domain.tld, for example
my mail clients have identities set up, so that if I replied to an email addressed to pianomail@domain.tld , it would pick that identity and set reply-to to pianomail@domain.tld

The last bit (specific identity per contact) is to prevent my mail from leaking, and to be able to pinpoint data leaks with some certainty.

I thought to copy the configuration by creating a new account per mailbox at the other side, and set forwarding email addresses as usual.

That works: I receive mails in my personal mailbox that are sent to such a ‘group’ mailaddress.

The thing that does not work though, is replying to mail using identities. The email address that I use after al, is an alias mailaddress from another user.

I think groups: add mail-aliases management #1539 might help me out.

Add yunohost user group add-mailalias and remove-mailalias commands to add/remove mail aliases to groups. Nails sent to those aliases are dispatched to all members of the group.

In that scenario, if I understand correctly:

I could delete the empty forwarding accounts that only exist for grouping email
replace the accounts by usergroups.
Then I can add the necessary email addresses to these groups (the addresses where people send their mail)
And add the actual receiving users to the group
- that only works for users on this Yunohost
- users on another Yunohost would get an empty forwarding account on this Yunohost; that forwarding user account will become member of the usergroup

I’ll be testing next whether this allows my user to use the mail aliases from the usergroup for sending mail via an identity.

Sorry for the long story. I hope the context is somewhat clear, and that someone can give a suggestion in this case (maybe it is totally the wrong way to solve this problem, because I overlook another solution)

wbk · December 28, 2023, 1:38pm

So far, so good.

Replying to the ‘forwarded’ mail using the groupalias-address does not work though: Postfix says

NOQUEUE: reject: RCPT from domain.tld[fe80::b2de:ebff:fe5a:2668]: 553 5.7.1 <pianomail@domain.tld>: Sender address rejected: not owned by user piano_w; from=<pianomailo@domain.tld> to=<teacher@musicschool.tld> p
roto=ESMTP helo=<domain.tld>

I am allowed to use the groupalias as reply-to in the identity, but in that case the sender is still my own address and the identity is not selected automatically (there is no match on the email address, after all)

This problem is closely related to my earlier question regarding aliases within the same account.

Yesterday I turned out to be testing with the wrong address. What I learned I can bring into practice now, by adding the file ldap-groups.cf as smtpd_sender_login_map in main.cf:

smtpd_sender_login_maps=
   # Regular Yunohost accounts
   ldap:/etc/postfix/ldap-accounts.cf,
   # test: add the groups file, to see whether it works for group alias mail addresses in identities
   ldap:/etc/postfix/ldap-groups.cf,
   # Extra maps for app system users who need to send emails
   hash:/etc/postfix/app_senders_login_maps

The mail disappears when clicking “Send”, and the NOQUEUE message does not appear:

Dec 28 13:29:48 domain postfix/smtpd[1345832]: D20F02BE0637: client=domain.tld[fe80::b2de:ebff:fe5a:2668], sasl_method=PLAIN, sasl_username=wbk
Dec 28 13:29:48 domain postsrsd[1345839]: srs_forward: <pianomail@domain.tld> not rewritten: Domain excluded by policy
Dec 28 13:29:48 domain postfix/cleanup[1345838]: D20F02BE0637: message-id=<c3eeb7a417eae33374beed27d723aa2ea7c73c93@domain.tld>

I don’t know what to make of the not rewritten: Domain excluded by policy line, but that is for another time.

The mail arrives on the other end “as expected” (hoped, actually ) and the ‘from’ and ‘reply-to’ addresses match what I set in the identity.

Aleks · December 28, 2023, 3:23pm

Quick read but it sounds like we could legit add this in the core

system · January 27, 2024, 3:23pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.