Sender address reje...
 
Notifications
Clear all

[Solved] Sender address rejected: not logged in

21 Posts
6 Users
2 Reactions
1,478 Views
(@max_s)
Joined: 1 year ago
Posts: 81
Topic starter  

We have created an emailaccount on our server. Lets say account@domain.com. If we send an email from outbound.protection.outlook.com with that emailaddress to any other mail@domain.com blocks the mail. The message is;

<account@domain.com>: Sender address rejected: not logged in;

We already have a SPF record but mails are still rejected.

Is it possible to allow outbound.protection.outlook.com to sent mails on behalf of domain.com this per domain, or even better, per mailaccount ?


   
Quote
(@max_s)
Joined: 1 year ago
Posts: 81
Topic starter  

Hi @sharif,

Do you have a quick setting or fix for this ?

 


   
ReplyQuote
(@anahuac)
Joined: 2 years ago
Posts: 328
 

If I got it right you're trying to send an email from outbound.protection.outlook.com using the user that is set in your Carbonio.... without authenticate.... right?

So account@domain.com is in Carbonio and you're trying to send a mail from outbound.protection.outlook.com using it... that's not suppose to work. So my 1st impression is that Carbonio is doing it right.

If you wish to use another server to send messages using your Carbonio, it must authenticate.

If I got it wrong just forget about it and please elaborate more.

Regards

 


   
ReplyQuote
(@stefanodavid)
Joined: 3 years ago
Posts: 227
 

I tend to agree with anahuac here. Probably it should be the other way around: you should ask admins of outbound.protection.outlook to allow users from domain.com to be able to send messages on their behalf...


   
anahuac reacted
ReplyQuote
(@sharif)
Admin
Joined: 3 years ago
Posts: 593
 

@max_s 

Hi,

Could you please help me understand the scenario.

So the outbound.protection.outlook is your relay host configured in Carbonio CE for external outbound email, am I getting it right?

And outbound.protection.outlook is add to your SPF/TXT records of the mentioned domain, is it so?

Therefore, while sending email with the following flow:

Carbonio CE --> outbound.protection.outlook --> Internet --> Remote SMTP Server 

You are getting "<account@domain.com>: Sender address rejected: not logged in;"

Regards,

Sharif


   
ReplyQuote
(@max_s)
Joined: 1 year ago
Posts: 81
Topic starter  

Hi @sharif,

No, we don't have a relay host configure in Carbonio CE. We have a domain setup "domain.com" in our Carbonio server "mail.carbonioserver.xyz". Now someone with emailaddress "user@domain.com" is using Outlook.com to mail and uses the the following route.

Outlook.com  --> Internet --> Remote SMTP Server

We have in SPF record 

v=spf1 a mx  include:spf.protection.outlook.com  ~all

So sending mails from Outlook.com to domains not hosted on our mailserver works fine due to the SPF record. But sending mail from Outlook.com to any user for any domain on our mailserver will be rejected with 

"<account@domain.com>: Sender address rejected: not logged in;"

The person is not logged in and is not sending from our mailserver but from Outlook.com.

I understand what @anahuac and @stefanodavid are saying (sorry for late reply guys) but if thats not possible, what use is a SPF record? Or am I confusing the role of a SPF record?

 

 


   
ReplyQuote
(@sharif)
Admin
Joined: 3 years ago
Posts: 593
 

@max_s 

Hi,

What @anahuac and @stefanodavid are saying is right. But I think here what is happening is that your Carbonio CE server has strict anti-spoofing policies, it may reject emails that appear to come from a domain that is expected to be hosted by the server itself but are sent from an external service (like Outlook.com).

Regards,

Sharif


   
ReplyQuote
(@sharif)
Admin
Joined: 3 years ago
Posts: 593
 

@max_s 

Also, could you please check if this helps or not:

su - zextras
carbonio prov mcf +zimbraMtaSmtpdSenderRestrictions "permit_sasl_authenticated"

 

Regards,

Sharif


   
ReplyQuote
(@max_s)
Joined: 1 year ago
Posts: 81
Topic starter  

@sharif 

I just modified it from "reject_sender_login_mismatch" to "permit_sasl_authenticated" and will check it and let you know.


   
ReplyQuote
(@max_s)
Joined: 1 year ago
Posts: 81
Topic starter  

@sharif 

Modified and restarted zmcontrol but still not accepting mail.


   
ReplyQuote
(@sharif)
Admin
Joined: 3 years ago
Posts: 593
 

@max_s 

Could you please tell us more? like how does outlook.com authenticate?
How you have configured the mail flow?

Regards,

Sharif


   
ReplyQuote
(@max_s)
Joined: 1 year ago
Posts: 81
Topic starter  

@sharif 

 

I understand, I will ask the guys who configured outlook.com about this and let you know, probably tomorrow.

 

Thanks in advance!

 

 


   
ReplyQuote
(@max_s)
Joined: 1 year ago
Posts: 81
Topic starter  

Hi @sharif,

In the DNS for domain.xyz we have two dkim records. One for our mailserver and one is setup for 365. In our SPF record we included the mailserver of microsoft 365 by including the spf.protection.outlook.com.

v=spf1 a mx  include:spf.protection.outlook.com  ~all

 

In Carbonio CE we setup two mailaccounts for domain.xyz. lets say user1@domain.xyz and user2@domain.xyz.

user2@domain.xyz is a forward to user2@domainxyz.onmicrosoft.com

user2@domain.xyz is sending mail from microsoft 365 environment without authentication on our Carbonio CE server. But in my opinion this should not be nescessary because of the dkim and spf combination. (please correct me if I am wrong here)

 

Mails from user2@domain.xyz to other global users are accepted and is received due to the dkim and spf settings. But mails from user2@domain.xyz to user1@domain.xyz are blocked by our mailserver.

"<user2@domain.xyz>: Sender address rejected: not logged in;"

 

This setup used to work with zimbra before migrating domain.xyz to Carbonio CE. I know that is not a guarantee that it should work now 😉

 

 

 

 


   
ReplyQuote
(@max_s)
Joined: 1 year ago
Posts: 81
Topic starter  

Posted by: @max_s

Hi @sharif,

In the DNS for domain.xyz we have two dkim records. One for our mailserver and one is setup for 365. In our SPF record we included the mailserver of microsoft 365 by including the spf.protection.outlook.com.

v=spf1 a mx  include:spf.protection.outlook.com  ~all

 

In Carbonio CE we setup two mailaccounts for domain.xyz. lets say user1@domain.xyz and user2@domain.xyz.

user2@domain.xyz is a forward to user2@domainxyz.onmicrosoft.com

user2@domain.xyz is sending mail from microsoft 365 environment without authentication on our Carbonio CE server. But in my opinion this should not be nescessary because of the dkim and spf combination. (please correct me if I am wrong here)

 

Mails from user2@domain.xyz to other global users are accepted and is received due to the dkim and spf settings. But mails from user2@domain.xyz to user1@domain.xyz are blocked by our mailserver.

"<user2@domain.xyz>: Sender address rejected: not logged in;"

 

This setup used to work with zimbra before migrating domain.xyz to Carbonio CE. I know that is not a guarantee that it should work now 😉

 

 

 

 

 

Hi @anahuac

You have any idea ? 

 


   
ReplyQuote
(@max_s)
Joined: 1 year ago
Posts: 81
Topic starter  

In short,

Whenever we send an e-mail from an application or script (within spf records) with a sender emailadress known to our Carbonio CE server to a mailbox on our Carbonio Server we get this user not logged in error.

So I guess @sharif is right when mentioning this

" But I think here what is happening is that your Carbonio CE server has strict anti-spoofing policies, it may reject emails that appear to come from a domain that is expected to be hosted by the server itself but are sent from an external service (like Outlook.com). "

 

The question is how to soften these anti-spoofing policies so it accepts the mails.


   
ReplyQuote
Page 1 / 2