I have setup a NethServer with 2 user (user1, user2). After that I installe the mail module and roundcube. All works fine. Now when I log into roundcube with user1 I can create a identity with the mail address of user2. With this I can send mails as user2. Of course if the mail gets answered to it will end up in the mailbox of user2. Nevertheless it seems the mail server only checks if the user (in my case user1) is authenticated but not if the mailadress that is used to send a mail is actually “mapped” to the logged in user.
Could anybody verify if that is really true or if I messed up the settings somewhere along the way?
Thanks in advanced for your help. This is my first post so please if I made a mistake or missed to mention something do not hesitate to correct me.
This is the expected behaviour. There is an enhancements request to add a checkbox somewhere to enforce sendder=authenticated user (I can’t find a reference to the issue now).
Thank you for your fast reply. Do I understand that correctly that there is a request for that feature? Is it possible to sponsor such a feature?
“This is the expected behaviour”? Isn’t that very problematic that user can send mails as anyone else on the server? Seems to me like a big security risk.
I am not sure if that solution would solve my particular problem. I will look into it a bit more. It would solve the problem at hand but for my purposes it will probably cause new ones.
The problem is that my users have multiple mailaddresses which they need to receive and send messages. So one user can have mutltiple addresses that they send from. As of now, they can send as all users.
Sidenote: I am open for discussion to sponsor such a feature. If there is a way to support the project in that way and fastforward a featuer I need then I am very open to it.
Thanks for your willingness, we don’t have a clear path for that.
We can try again with BountySource.
Other communities are used to set up a sort of marketplace category. Not just for development purposes but also in order to set up a new NethServer installation and support it
Thanks for the reply. I was trying bountysource. But I didn’t figure out how to open an issue and set a bounty. Seems to be complicated or well, lack of intelligence on my part. If you could open the issue regarding my mail problem I could set a bounty.
If you are willing to research the problem, come up with a solution and test the code, I will sponsor the feature.
The main issue here is how to “map” user accounts to email addresses.
Describe how you would like to have it, please.
I would like to configure Nethserver NG 7.x to allows to send mails only if the sender ("From: ") is the same of the autenticated user or he/she have some allowed identities.
that it’s seems to do what I want, but I can’t make it work.
The identities may be differents from the user’s email domain.
Example:
my account in the server is saitobenkei@domain.tld and I want to be allow to send mails from my account only if in the "From: " field I put saitobenkei@domain.tld (my e-mail address) or some identities as pippo@domain.tld, saitobenkei@anotherdomain.tld, othermail@newdomain.tld (these are only identity that I allowed to use wit my account).
This is a completely different topic, each client can use its own configuration to set the “mail from” field (which could be completely different than “From:” header inside the message).
Just to make it clear, @saitobenkei do you want to force the envelope sender to be the same as the header one? See this link for an explanation
Please, also bear in mind that web applications installed on the mail server usually don’t use any authentication for sending mail, so no forced check cannot be done unless clients can be explicitly configured to act differently.
I would like that all applications (expecially those the are a standard in the distribution) work in a coherent manner…
If I need to set up that the account you send is the same as the one with which I authenticate myself, it must work with any software provided in the distribution.
(Same applies to blocking user-level mail/groupware access from untrusted networks).