It’s strange (for me) that when configure email server like nextcloud (for sending messages)
It’s send as named in it (sender name)
or another config that send as online domain name .org that different for official domain.
so how to prevent that,where is the wrong in configuration?
The sender really depends on client configuration: in this case Nextcloud mail app.
It should possible to change it somewhere inside Nextcloud settings.
My Question when there is no permission of send in different email,but it’s send so what to do to prevent that from server side?
and the problem not just with nextcloud but there is another service happen the same.
I’m not using Mail in Nextcloud, even though I use Nextcloud a lot for my clients.
I am using Roundcube as Webmail.
Roundcube will use the server’s FQDN as sending domain, if not configured by the user under Roundcube -> Settings !!!
Unfortunately, the user can also make a typo or put in any bs in there (Roundcube Mail Adress).
Better to preconfigure it for each user as admin ( or simply to check if it’s what you need / want).
My 2 cents
Could it be related to this?
By default an authenticated SMTP client has no particular restrictions on setting the SMTP sender address.
To avoid the unauthorized use of email addresses and the sender address spoofing, enable the Enforce sender/login match option, available with the new Server Manager UI, under Email > Relay > Configuration > Details.
If enabled, only addresses associated to the current SMTP login are allowed.
Thanks,worked for me,
I was wondering why not activated by default ?
Thanks I was meaning of sending email using smtp to others.
I believe it need to be activated by default ? so what u think?
I’d agree but don’t know if the option (
reject_authenticated_sender_login_mismatch) would have any side effect (i.e. alias or mails from other domains).