Koozali.org: home of the SME Server

customize from address

Offline gotagug

  • 6
  • +0/-0
customize from address
« on: June 21, 2022, 03:27:04 AM »
Hi guys,

In thunderbird, there is an option wherein you can customize the"From" address. My issue is the sme server allows the message to be sent because it has a valid username and password. Is there a way so that the sme server will not allow this scenario?

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: customize from address
« Reply #1 on: June 21, 2022, 11:54:16 AM »
Hi.

Can you be a little more specific here?

Quote
In thunderbird, there is an option wherein you can customize the"From" address

OK.

Quote
My issue is the sme server allows the message to be sent because it has a valid username and password.

SME usually allows any authenticated user to send email. I don't believe it has any relationship to the "From" setting. It is based on the user name which you can see in Thunderbird Preferences/Security/Saved logins

So you can change to any 'From' address but it won't authenticate without the correct username/password.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: customize from address
« Reply #2 on: June 21, 2022, 01:21:20 PM »
I understand the need.

While it is practical, it allow one user to impersonate another user by sending a mail from anotheruser@yourdomain.com it allows too to send a mail with a from anotheruser@anotherdomain.com unless the dmarc / dkim / spf settings prevent you to do so.


checking user is permitted to use the from email could be done at qpsmtpd level with a plugin in theory. not sure one exists to do so.

Offline gotagug

  • 6
  • +0/-0
Re: customize from address
« Reply #3 on: June 22, 2022, 04:13:44 AM »
I understand the need.

While it is practical, it allow one user to impersonate another user by sending a mail from anotheruser@yourdomain.com it allows too to send a mail with a from anotheruser@anotherdomain.com unless the dmarc / dkim / spf settings prevent you to do so.


checking user is permitted to use the from email could be done at qpsmtpd level with a plugin in theory. not sure one exists to do so.


how can i prevent the user (user@mydomain.com) from impersonating an email address (anotheruser@mydomain.com) if he has a valid username and password?

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: customize from address
« Reply #4 on: June 22, 2022, 06:12:49 AM »
by writing your own qpsmtpd plugin
and
creating using a template a config file with a username per line and all accepted email after a : and coma separated :
username:username,allowedpseudo1,allowedpseudo2,allowedgroup

the chalenge will be also to accept pseudonyms with @ and to accept all domains configured on your sme or not when creating this file.

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: customize from address
« Reply #5 on: June 22, 2022, 06:15:02 AM »
that said, when you check the header of the mail the logged user should be visible from memory or at least in your qpsmtpd log. so the one impersonating another can be found.