Sender address reje...
 
Notifications
Clear all

[Solved] Sender address rejected: not logged in

21 Posts
6 Users
2 Reactions
1,485 Views
(@sharif)
Admin
Joined: 3 years ago
Posts: 593
 

@max_s

It is kind of split domain situation. Only modifying SPF and DKIM will not help us here.

Did you take a look at this:

Split Domain

Regards,

Sharif


   
ReplyQuote
(@max_s)
Joined: 1 year ago
Posts: 81
Topic starter  

@sharif

I will have a look at it. But let me ask general question. I am not completely convinced if split domain is the problem. Maybe I explain to difficult.

Same problem. Our accountant has a system where we sent invoices from. The sender address is a emailaddress originally resided on our mailserver. We sent invoices to our clients with that emailadress as the sender, straight from our online bookkeeping software. The bookkeeping mailserver is in our SPF record. Mails from bookkeeping software to clients not hosted our Carbonio Server are received.

Mails to an emailadres resided on our Carbonio is not accepted because the from address is rejected with user not logged in. 

But shouldn't this be possible ?

 

 


   
ReplyQuote
(@max_s)
Joined: 1 year ago
Posts: 81
Topic starter  

Posted by: @max_s

@sharif

I will have a look at it. But let me ask general question. I am not completely convinced if split domain is the problem. Maybe I explain to difficult.

Same problem. Our accountant has a system where we sent invoices from. The sender address is a emailaddress originally resided on our mailserver. We sent invoices to our clients with that emailadress as the sender, straight from our online bookkeeping software. The bookkeeping mailserver is in our SPF record. Mails from bookkeeping software to clients not hosted our Carbonio Server are received.

Mails to an emailadres resided on our Carbonio is not accepted because the from address is rejected with user not logged in. 

But shouldn't this be possible ?

 

 

 

Hi @anahuac, do you have any ideas ?

 


   
ReplyQuote
(@arukashi)
Joined: 2 years ago
Posts: 25
 

Hello!

I could managed this problem by this

# workaround for error Sender address rejected: not logged in
zextras@mail:~$ zmprov mcf zimbraMtaSmtpdSenderLoginMaps ""
zextras@mail:~$ zmprov mcf -zimbraMtaSmtpdSenderRestrictions reject_sender_login_mismatch

but it is huge security breach, as far as i know.

My situation is where an application uses real existing account in the mail server and try send to the server without authentication

e.g. Application -> MAIL FROM: alias1@domain.com RCPT TO: acc1@domain.com -> carbonioserver

I want to return SLM tunning back, but couldn't managed to whitelist particular senders by IP or account or whatever. Any help appreciated


   
ReplyQuote
(@arukashi)
Joined: 2 years ago
Posts: 25
 
zextras@mail:~$ zmcontrol -v
Carbonio Release 24.7.1

Did some research on the problem...

@Max_S OP, you could add you host from SPF to mynetworks in Carbonio, but it is dangerous and i would not recommend that.

Since you have SASL enabled and you try to send mail from an existing account, you reasonably got

"<account@domain.com>: Sender address rejected: not logged in;",

because this user not logged in. This is handled by reject_sender_login_mismatch in the smtpd_sender_restrictions in Postfix. So you could remove this restriction, but from that moment mail sender in your domain could be forged even by your own users. Or (this is how i solved my problem, recommended solución) you may use blacklists (don't worry about the name, it could be used as whitelist too)

zextras@mail:~$ vim /opt/zextras/conf/postfix_reject_sender
      user1@yourdomain.com OK
zextras@mail:~$ postmap /opt/zextras/conf/postfix_reject_sender
zextras@mail:~$ zmprov ms $(zmhostname) +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zextras/conf/postfix_reject_sender"
zextras@mail:~$ zmmtactl restart && zmconfigdctl restart

From now on user1@yourdomain.com will skip login checks.

zextras@mail:~$ postconf smtpd_sender_restrictions
smtpd_sender_restrictions = check_sender_access lmdb:/opt/zextras/conf/postfix_reject_sender, check_sender_access regexp:/opt/zextras/common/conf/tag_as_originating.re, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zextras/common/conf/tag_as_foreign.re

Checks are executed from left to right and blacklist comes first, then jump to recipient restrictions list if it finds MAIL FROM email in blacklist and it is followed by OK

Let me know if it helps. Maybe i missing something, i am not postfix guru whatsoever, but this works for me.

 

During my research i found something that i think should be addressed to the dev team:

I found some misconfiguration in default Carbonio installation, version printed above.

zextras@mail:~$ zmprov gcf zimbraMtaSmtpdSenderRestrictions
zimbraMtaSmtpdSenderRestrictions: reject_sender_login_mismatch

zextras@mail:~$ cat /opt/zextras/conf/zmconfigd/smtpd_sender_restrictions.cf
%%exact VAR:zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch%%
%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zextras/conf/postfix_reject_sender%%
%%contains VAR:zimbraServiceEnabled cbpolicyd^ check_policy_service inet:localhost:%%zimbraCBPolicydBindPort%%%%
%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zextras/common/conf/tag_as_originating.re%%
permit_mynetworks, reject_sender_login_mismatch
permit_sasl_authenticated
permit_tls_clientcerts
%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zextras/common/conf/tag_as_foreign.re%%

reject_sender_login_mismatch just hardcoded in the template file for sender_restrictions, manipulating variable value does not do anything.

 

 


   
Cristhiantl reacted
ReplyQuote
(@cristhiantl)
Joined: 1 year ago
Posts: 1
 
Good morning community.
I have an error in my group mail.
 
Context:
I have two mail servers with different domains
 
Server1                                            Server2
mail1server1@otherdomain.com        mail1server2@domain.com
mail2server1@otherdomain.com        mail2server2@domain.com
mail3server1@otherdomain.com        mail3server2@domain.com
 
The gruop 
 
groupserver1@otherdomain.com
mail1server1@otherdomain.com
mail1server2@domain.com
mail2server1@otherdomain.com
mail2server2@domain.com
 
When I create a group on server1 with users from server2 I get the following error:
 
<mail3server2@domain.com>: host 18.5.59.1[18.5.59.1] said: 553 5.7.1
<mail3server2@domain.com>: Sender address rejected: not logged in
(in reply to RCPT TO command)
 
The error occurs when a server2 user sends to the group and bounces that message.
 
Can you help me please, I tried Whitelist and blacklist but I keep getting it.
 
Characteristics of my server:
carbonio 24.7.1
Ubuntu 20 LTS 

   
ReplyQuote
Page 2 / 2