Roundcube vacation email not delivered

uliversal · March 15, 2026, 4:49pm

I’ve set up NS8 as an internal mail server (Applications Mail, Roundcube) which sends and also fetches emails by/from an external mail server (at IONOS).

I use the ns8-fetchmail implementation:

And: everything works fine. Sending emails works and also fetching emails works fine. Both internally and externally.

The only thing I’m struggling with is the Roundcube filters:

I created a vacation filter, Scope=all messages, Actions=Reply with message, Message body/subject set, also “Reply sender address” set and “My e-mail addresses” set by using “Fill with all my addresses” link (to internal@example.com).

The filter works fine for emails sent internally, the (internal) sender receives the vacation email.

The filter also works fine for emails received from an external sender.

But: the email is not sent out by NS8-mail/Postfix.

This is the verbose output of Postfix if I send an email directly to an external receiver (e.g. using Roundcube compose) [auth part removed]:

[...]
MESSAGE=> smtp.ionos.de[212.227.24.206]:587: EHLO mail.ad.example.de
MESSAGE=< smtp.ionos.de[212.227.24.206]:587: 250-smtp.ionos.de greets ###.##.###.###
MESSAGE=< smtp.ionos.de[212.227.24.206]:587: 250-ENHANCEDSTATUSCODES
MESSAGE=< smtp.ionos.de[212.227.24.206]:587: 250-PIPELINING
MESSAGE=< smtp.ionos.de[212.227.24.206]:587: 250-8BITMIME
MESSAGE=< smtp.ionos.de[212.227.24.206]:587: 250-DELIVERBY
MESSAGE=< smtp.ionos.de[212.227.24.206]:587: 250-SIZE 104857600
MESSAGE=< smtp.ionos.de[212.227.24.206]:587: 250-LIMITS RCPTMAX=1000 MAILMAX=1000
MESSAGE=< smtp.ionos.de[212.227.24.206]:587: 250-AUTH PLAIN LOGIN
MESSAGE=< smtp.ionos.de[212.227.24.206]:587: 250 HELP
[...]
MESSAGE=< smtp.ionos.de[212.227.24.206]:587: 235 Authentication succeeded
MESSAGE=> smtp.ionos.de[212.227.24.206]:587: MAIL FROM:<internal@example.de> SIZE=594
MESSAGE=> smtp.ionos.de[212.227.24.206]:587: RCPT TO:<external@test.com>
MESSAGE=> smtp.ionos.de[212.227.24.206]:587: DATA
MESSAGE=< smtp.ionos.de[212.227.24.206]:587: 250 Requested mail action okay, completed
MESSAGE=< smtp.ionos.de[212.227.24.206]:587: 250 OK
MESSAGE=> smtp.ionos.de[212.227.24.206]:587: QUIT

An this is the verbose output of Posfix when the vacation email is sent from Postfix [again auth part removed, everything before 235 Authenication succeeded exactly as above]:

[...]
MESSAGE=< smtp.ionos.de[212.227.24.202]:587: 235 Authentication succeeded
MESSAGE=> smtp.ionos.de[212.227.24.202]:587: MAIL FROM:<> SIZE=794 BODY=8BITMIME
MESSAGE=> smtp.ionos.de[212.227.24.202]:587: RCPT TO:<external@test.com>
MESSAGE=> smtp.ionos.de[212.227.24.202]:587: DATA
MESSAGE=< smtp.ionos.de[212.227.24.202]:587: 550-Requested action not taken: mailbox unavailable
MESSAGE=< smtp.ionos.de[212.227.24.202]:587: 550-Sender address is not allowed.
[...]

So the MAIL FROM is always empy - no matter what I specify in the filter in “Reply sender address” and “My e-mail addresses”.

Interesting: internally it works and the internal receiver gets an email with the correct sender address!

Does anyone have any idea what’s going wrong here?

mrmarkuz · March 15, 2026, 8:12pm

Maybe following threads are of help…

Force a sender address:

DNS configuration issue:

uliversal · March 16, 2026, 8:31am

Hey @mrmarkuz, thank you for the links!

Forcing the sender (as @pagaille suggested) now adds the MAIL FROM address, but it is set to

internal@mail.ad.example.de.localhost

where (mail.ad.example.de is the “Mail server hostname” configured in the Mail instance) and the email is blocked by IONOS again with

MESSAGE=> smtp.ionos.de[212.227.24.206]:587: MAIL FROM:<internal@mail.ad.example.de.localhost> SIZE=798 BODY=8BITMIME

It doesn’t matter which email address(es) I enter in the vacation filter.

I found some matching *.localhost entries in the /etc/postfix/master.cf and tried to change

myorigin = example.de

but with the result that again the MAIL FROM was empty.

I attached the master.cf, seems the wrong domain part comes from there.

Any futher ideas? Any processing/rewriting that the filter doesn’t do (as “normal” mail sending works)?

### begin of main.cf ###

#
# Alpine defaults (postconf -n)
#

command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd /  & sleep 5
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/readme
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
unknown_local_recipient_reject_code = 550
maximal_queue_lifetime = 120h
#
# Debug config flags
#
debug_delivery =
debug_rewrite =

#
# Local overrides
#
compatibility_level = 3.6
inet_protocols = all
myhostname = mail.ad.example.de
alias_maps =
alias_database =
mynetworks = 127.0.0.1/32 10.5.4.0/24 cidr:$meta_directory/mynetworks.cidr
debug_peer_list = ${debug_delivery?{$mynetworks}:{}}
message_size_limit = 100000000

#
# Address/transport routing maps
#
virtual_alias_domains = example.de,ad.example.de
virtual_alias_maps =
  sqlite:$meta_directory/aliases.cf
  sqlite:$meta_directory/userforwards.cf
  proxy:ldap:$meta_directory/laddgroupmembers.cf
  proxy:ldap:$meta_directory/laddusers.cf

virtual_mailbox_domains = mail.ad.example.de.localhost
virtual_mailbox_maps = inline:{{ vmail@mail.ad.example.de.localhost = vmail }}, proxy:ldap:$meta_directory/laddusers-origin.cf
virtual_transport = lmtp:unix:/var/lib/umail/lmtp
relay_domains =
transport_maps = sqlite:$meta_directory/relaydest.cf
recipient_delimiter = +

# Never use local transport, set "mydestination" to empty string:
mydestination =
myorigin = mail.ad.example.de.localhost

#
# Address verification (memory DB)
#
unverified_recipient_reject_code = 550
unverified_recipient_reject_reason = ${debug_rewrite?{}:{lookup failed}}
address_verify_map =
address_verify_positive_expire_time = 24h
address_verify_positive_refresh_time = 8h
address_verify_negative_cache = yes
address_verify_negative_expire_time = 2h
address_verify_negative_refresh_time = 15m
address_verify_cache_cleanup_interval = 4h
double_bounce_sender = double-bounce@mail.ad.example.de

#
# Relay authentication rules, SMTP server passwords and TLS policy
#
default_transport = smtp
relayhost = [smtp.ionos.de]:587
smtpd_sender_login_maps =
  unionmap:{
    sqlite:$meta_directory/senderlogin.cf
    proxy:ldap:$meta_directory/laddgroupmembers.cf
  }

smtp_sasl_password_maps = sqlite:$meta_directory/relaycredentials.cf,
sender_dependent_relayhost_maps = sqlite:$meta_directory/relaysender_nexthop.cf,
sender_dependent_default_transport_maps = sqlite:$meta_directory/relaysender_transport.cf,
smtp_sender_dependent_authentication = no
smtp_tls_policy_maps = sqlite:$meta_directory/tlspolicy.cf,
smtp_sasl_security_options =
smtp_sasl_auth_enable = yes

#
# Mail archive (spy)
#
always_bcc =

#
# Restrictions
#
smtpd_relay_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination,
  check_recipient_access sqlite:$meta_directory/internal_access.cf,
  check_recipient_access inline:{{ mail.ad.example.de.localhost = REJECT access denied }, { ad.example.de = REJECT access denied }, },

smtpd_recipient_restrictions =
  reject_non_fqdn_recipient,
  check_recipient_access inline:{{ mail.ad.example.de.localhost = reject_unverified_recipient }},

#
# TLS configuration
#

# Client
smtp_tls_loglevel = 1
smtp_tls_security_level = may

# Server
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_chain_files = /etc/ssl/postfix/fullchain.pem
smtpd_tls_received_header = yes
smtpd_tls_auth_only = yes

#
# Mail filter
#
smtpd_milters = inet:127.0.0.1:11332

#
# SMTPUTF8 support NethServer/dev#7264
#
smtputf8_enable = no

### end of main.cf ###

#
# Additional configuration for SASL authentication
#
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/lib/umail/auth
smtpd_sasl_security_options = noanonymous

# BEGIN Included directives from /etc/postfix/main.cf.d/*.cf:
# END Included directives from /etc/postfix/main.cf.d/*.cf:

/etc/postfix #

BTW: the users are configured in Samba (Domain ad.example.de) with email addresses, .e.g. internal@example.de.

uliversal · March 16, 2026, 9:49am

In addition to forcing the MAIL FROM (see above) I now added a generic rewrite rule to

/etc/postfix/main.cf.d/generic

which is

@mail.ad.example.de.localhost   @example.de

and the vacation email is sent from internal@example.de successfully.

(I followed the instructions here: NS8 Postfix change sender mail address - #3 by strauch)

But I don’t know if this should be the solution…

mrmarkuz · March 16, 2026, 1:28pm

Yes, I think it is a possible solution for smarthosts that are restricted to specific sender domains.