[ZendTo] Using the IMAP auth and e-mails don't show up from users' address
Jules Field
Jules at Zend.To
Wed Dec 19 11:29:57 GMT 2018
Travis,
I've finally had a chance to take a look at this.
Please can you try a tweak to your code?
It's in the same "if" condition (in NSSDropbox.php) that you pointed out
to me in one of your earlier emails below, where currently you've
changed the code to specifically allow my.fsu.edu.
if ($senderDomain !== '' &&
(strcasecmp($senderDomain, $fromDomain) == 0 ||
str_ends($fromDomain, $senderDomain))) {
Then at the end of NSSUtils.php (just above the "?>" on the very last
line will do), add this:
// Does a string end with a sub-string?
function str_ends($haystack, $needle) {
return 0 === substr_compare($haystack, $needle, -strlen($needle));
}
Does that work?
Thanks!
Jules.
On 16/11/2018 17:29, Travis Zimmerman wrote:
> Don't know about Errors-To. I just ran a test to double check that our
> current version (4.28) used the Reply-To, which it doesn't so it's
> possible that it may but I'm pretty sure I remember someone telling me
> the Talisma system didn't use Reply-To.
>
> We're going to take ZendTo version 5.15-1 live next week, so we'll see
> how things go. Sometimes files are dropped off to the Talisma system
> from external e-mail addresses, so we'll see if those bounce back to the
> default address or go to external address in the Reply-To.
>
> -------------------------------------------------------------------
> Travis Zimmerman tzimmerman at fsu.edu 850-645-8030
> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
> Information Technology Services, Florida State University
>
> On 11/16/18 11:58 AM, Jules Field wrote:
>> Does that system pay attention to "Errors-To:"?
>>
>> On 16/11/2018 14:37, Travis Zimmerman wrote:
>>> For what it's worth my team is pretty happy about the feature, as we get
>>> a consistent number of auto-replies from a system that doesn't pay
>>> attention to the Reply-To field.
>>>
>>> -------------------------------------------------------------------
>>> Travis Zimmerman tzimmerman at fsu.edu 850-645-8030
>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>> Information Technology Services, Florida State University
>>>
>>> On 11/16/18 4:24 AM, Jules Field wrote:
>>>> Travis,
>>>>
>>>> Okay, thanks for that. I will take a look and see what I can do. I
>>>> would rather stick with the internaldomains.conf information than add
>>>> another list of domains, if it can be avoided. Few people have that
>>>> set to TRUE anyway, and I suspect I shouldn't have implemented it in
>>>> the first place, as there are other ways of avoiding the problem it
>>>> aims to solve.
>>>>
>>>> Cheers,
>>>> Jules.
>>>>
>>>> On 15/11/2018 18:16, Travis Zimmerman wrote:
>>>>> It's set to TRUE.
>>>>> [root at dropboxprd01 ~]# grep SMTPsetFromToSender
>>>>> /var/www/html/zendto/config/preferences.php
>>>>> 'SMTPsetFromToSender' => TRUE,
>>>>>
>>>>> To fix the problem for my users I just modified the line to below.
>>>>> if ($senderDomain !== '' &&
>>>>> ( strcasecmp($senderDomain, $fromDomain) == 0 ||
>>>>> strcasecmp('my.fsu.edu', $fromDomain) == 0)) {
>>>>>
>>>>> If other people run into this problem, a possible general fix may
>>>>> be to
>>>>> have an array of allowed secondary domains, that match the SPF records
>>>>> for the SMTP server?
>>>>>
>>>>> Thanks for the help.
>>>>>
>>>>> -------------------------------------------------------------------
>>>>> Travis Zimmerman tzimmerman at fsu.edu 850-645-8030
>>>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>>>> Information Technology Services, Florida State University
>>>>>
>>>>> On 11/15/18 1:04 PM, Jules Field wrote:
>>>>>> Travis,
>>>>>>
>>>>>> That code snippet will only be run if you have
>>>>>> 'SMTPsetFromToSender' => TRUE,
>>>>>> in preferences.php.
>>>>>>
>>>>>> The default is FALSE. What value are you using?
>>>>>>
>>>>>> Cheers,
>>>>>> Jules.
>>>>>>
>>>>>> On 01/11/2018 18:56, Travis Zimmerman wrote:
>>>>>>> I don't know if I'm reading this correctly but I think maybe the
>>>>>>> problem
>>>>>>> is having the two domains and this part of the code.
>>>>>>>
>>>>>>> // If the sender domain and the from domain are the
>>>>>>> same
>>>>>>> // (and not blank, which signifies something went
>>>>>>> wrong!),
>>>>>>> // we can safely overwrite the From we set above,
>>>>>>> without
>>>>>>> // causing SPF/DKIM/DMARC problems.
>>>>>>> if ($senderDomain !== '' &&
>>>>>>> strcasecmp($senderDomain, $fromDomain) == 0)
>>>>>>>
>>>>>>> Could a possible solution be to switch from a strcasecmp to
>>>>>>> substring
>>>>>>> test or maybe a regex testing if the $senderDomain is part of the
>>>>>>> end of
>>>>>>> the $fromDomain? Not sure if that would cause a SPF/DKIM/DMARC
>>>>>>> problem.
>>>>>>>
>>>>>>> endswith($fromDomain, $senderDomain);
>>>>>>>
>>>>>>> function endswith($from, $sender) {
>>>>>>> $fromlen = strlen($from);
>>>>>>> $senderlen = strlen($sender);
>>>>>>> if ($testlen > $strlen) return false;
>>>>>>> return substr_compare($from, $sender, $fromlen - $senderlen,
>>>>>>> $senderlen) === 0;
>>>>>>> }
>>>>>>>
>>>>>>> This is just a code snippet I googled up and haven't tested.
>>>>>>>
>>>>>>> -------------------------------------------------------------------
>>>>>>> Travis Zimmerman tzimmerman at fsu.edu 850-645-8030
>>>>>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>>>>>> Information Technology Services, Florida State University
>>>>>>>
>>>>>>> On 11/1/18 12:33 PM, Travis Zimmerman via ZendTo wrote:
>>>>>>>> Yup, that's what I have authIMAPDomain set to already.
>>>>>>>>
>>>>>>>> -------------------------------------------------------------------
>>>>>>>> Travis Zimmerman tzimmerman at fsu.edu 850-645-8030
>>>>>>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>>>>>>> Information Technology Services, Florida State University
>>>>>>>>
>>>>>>>> On 11/1/18 12:29 PM, Jules Field wrote:
>>>>>>>>> Travis,
>>>>>>>>>
>>>>>>>>> If the students enter their entire email address
>>>>>>>>> (username at my.fsu.edu)
>>>>>>>>> into the ZendTo login "username" box, then set
>>>>>>>>> 'authIMAPDomain' => '',
>>>>>>>>> in preferences.php.
>>>>>>>>>
>>>>>>>>> If they just enter their username, then something more subtle is
>>>>>>>>> happening which I will need to investigate further.
>>>>>>>>>
>>>>>>>>> Please let me know if that helps.
>>>>>>>>>
>>>>>>>>> Cheers,
>>>>>>>>> Jules.
>>>>>>>>>
>>>>>>>>> On 31/10/2018 20:56, Travis Zimmerman via ZendTo wrote:
>>>>>>>>>> I realized I should mention that we are using e-mail addresses to
>>>>>>>>>> login
>>>>>>>>>> to our ZendTo service to differentiate between our two domains.
>>>>>>>>>> Don't
>>>>>>>>>> know if that would effect how e-mails are sent. Doesn't seem to
>>>>>>>>>> be a
>>>>>>>>>> problem for our faculty/staff (AD, username at fsu.edu), just the
>>>>>>>>>> students
>>>>>>>>>> (IMAP, username at my.fsu.edu).
>>>>>>>>>>
>>>>>>>>>> -------------------------------------------------------------------
>>>>>>>>>>
>>>>>>>>>> Travis Zimmerman tzimmerman at fsu.edu 850-645-8030
>>>>>>>>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>>>>>>>>> Information Technology Services, Florida State University
>>>>>>>>>>
>>>>>>>>>> On 10/31/18 12:09 PM, Travis Zimmerman via ZendTo wrote:
>>>>>>>>>>> I tried to use my university's AD for the students (there is a
>>>>>>>>>>> previous
>>>>>>>>>>> e-mail I sent to the ZendTo mailing list about a week ago), but
>>>>>>>>>>> due to
>>>>>>>>>>> how our Microsoft Admins configured it they needed to use an
>>>>>>>>>>> alternate
>>>>>>>>>>> attribute.
>>>>>>>>>>>
>>>>>>>>>>> Yes. When I login to LDAP or AD and drop off a file, the e-mail
>>>>>>>>>>> sent to
>>>>>>>>>>> the recipient will show my e-mail address in the From field.
>>>>>>>>>>> If I
>>>>>>>>>>> login
>>>>>>>>>>> using the IMAP auth the From field lists the servers default
>>>>>>>>>>> e-mail
>>>>>>>>>>> from
>>>>>>>>>>> zendto.conf and the Reply-To field has the IMAP account's e-mail
>>>>>>>>>>> address.
>>>>>>>>>>>
>>>>>>>>>>> -------------------------------------------------------------------
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Travis Zimmerman tzimmerman at fsu.edu 850-645-8030
>>>>>>>>>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>>>>>>>>>> Information Technology Services, Florida State University
>>>>>>>>>>>
>>>>>>>>>>> On 10/31/18 11:33 AM, Jules Field via ZendTo wrote:
>>>>>>>>>>>> Travis,
>>>>>>>>>>>>
>>>>>>>>>>>> If you are authenticating users against Office365, then why
>>>>>>>>>>>> not do
>>>>>>>>>>>> that with AD?
>>>>>>>>>>>> I don't quite see why you need to use the IMAP authenticator at
>>>>>>>>>>>> all.
>>>>>>>>>>>> If it's a separate AD forest for some reason, then that's okay,
>>>>>>>>>>>> ZendTo
>>>>>>>>>>>> will happily do 3 different AD forests with independent setups.
>>>>>>>>>>>>
>>>>>>>>>>>> So "SMTPsetFromToSender'=>TRUE" works as expected if they
>>>>>>>>>>>> login via
>>>>>>>>>>>> LDAP or AD, but doesn't if they login via IMAP?
>>>>>>>>>>>>
>>>>>>>>>>>> What we do here for the "From" address is use an address whose
>>>>>>>>>>>> email
>>>>>>>>>>>> is just automatically trashed, ie. a "no-reply" address. Then
>>>>>>>>>>>> automated stuff that is replying (incorrectly) to the
>>>>>>>>>>>> "From:" or
>>>>>>>>>>>> (validly/correctly) to the envelope sender will just be thrown
>>>>>>>>>>>> away.
>>>>>>>>>>>> Any human-generated replies will go to the right user.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks for the info about the option you need to pass to
>>>>>>>>>>>> O365. I
>>>>>>>>>>>> guess
>>>>>>>>>>>> that's going to need yet another preferences.php setting.
>>>>>>>>>>>>
>>>>>>>>>>>> Cheers,
>>>>>>>>>>>> Jules.
>>>>>>>>>>>>
>>>>>>>>>>>> On 31/10/2018 14:49, Travis Zimmerman via ZendTo wrote:
>>>>>>>>>>>>> I configured the IMAP authentication to allow my university's
>>>>>>>>>>>>> students
>>>>>>>>>>>>> to login to our ZendTo server, but when they drop off files
>>>>>>>>>>>>> the
>>>>>>>>>>>>> From
>>>>>>>>>>>>> field is showing the e-mail address configured in zendto.conf
>>>>>>>>>>>>> instead of
>>>>>>>>>>>>> the student's address. The student's address ends up in the
>>>>>>>>>>>>> Reply-To
>>>>>>>>>>>>> field, which normally wouldn't be a problem except sometimes
>>>>>>>>>>>>> automated
>>>>>>>>>>>>> systems reply back to the drop off e-mails and they ignore the
>>>>>>>>>>>>> Reply-To.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have SMTPsetFromToSender => TRUE, users that login via LDAP
>>>>>>>>>>>>> or AD
>>>>>>>>>>>>> appear to work as expected.
>>>>>>>>>>>>>
>>>>>>>>>>>>> BTW I am using the IMAP authentication with Office365 and in
>>>>>>>>>>>>> order to
>>>>>>>>>>>>> get it to login correctly I had to change the imap_open line.
>>>>>>>>>>>>> $mbox = @imap_open('{'.$this->_imapServer.'}INBOX', $uname,
>>>>>>>>>>>>> $password,
>>>>>>>>>>>>> OP_READONLY,1,array('DISABLE_AUTHENTICATOR' => 'PLAIN'));
>>>>>>>>>>>>>
>>>>>>>>>>>>> So don't know if you want to add this to the documentation
>>>>>>>>>>>>> somewhere or
>>>>>>>>>>>>> incorporate into the NSSIMAPAuthenticator code.
>>>>>>>>>>>>>
>>>>>>>>>>>>> -------------------------------------------------------------------
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Travis Zimmerman tzimmerman at fsu.edu 850-645-8030
>>>>>>>>>>>>> Linux Enterprise Applications & Systems
>>>>>>>>>>>>> its-linuxadmins at fsu.edu
>>>>>>>>>>>>> Information Technology Services, Florida State University
>>>>>>>>>>>>>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> ZendTo mailing list
>>>>>>>>>>>>> ZendTo at zend.to
>>>>>>>>>>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwICAg&c=HPMtquzZjKY31rtkyGRFnQ&r=TZ3x4Nnv5Pp03uwRWF9UlLOaC296m8a1MGVEkWJljsg&m=5u9mHQwWyo_tYTeW__SOzvefpnCjf4YQxPsJSnNZ3t0&s=2lT413dnsMw6bu9-9TLNGGhRMyhC3YK11szRGuK1xtw&e=
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>> Jules
>>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> ZendTo mailing list
>>>>>>>>>>> ZendTo at zend.to
>>>>>>>>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwIGaQ&c=HPMtquzZjKY31rtkyGRFnQ&r=TZ3x4Nnv5Pp03uwRWF9UlLOaC296m8a1MGVEkWJljsg&m=nldSAFYLL3YRHIJw6WEEK5gmzqlolpYwjz642dolMxk&s=YAnfXHzTncnerKooAJbUFFL3V98t9jArpAfFUJ5gayo&e=
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> ZendTo mailing list
>>>>>>>>>> ZendTo at zend.to
>>>>>>>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwIDaQ&c=HPMtquzZjKY31rtkyGRFnQ&r=TZ3x4Nnv5Pp03uwRWF9UlLOaC296m8a1MGVEkWJljsg&m=EiTV262ezFwuAy6LGUFPUno8qF0iVenx_KHgRL1WHtY&s=0aGdNoswD33mWO4qa5w4pK81g2LF4T9cIta1vV5sc4c&e=
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> Jules
>>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> ZendTo mailing list
>>>>>>>> ZendTo at zend.to
>>>>>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwIGaQ&c=HPMtquzZjKY31rtkyGRFnQ&r=TZ3x4Nnv5Pp03uwRWF9UlLOaC296m8a1MGVEkWJljsg&m=ld_nfLvQazOI2Hz4g6p83F5PAuKFj1vbMR6469-svR4&s=G0UK4iFGrD_R80gfAF6IOhT77OtJbOoEg9rFALMy70M&e=
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>> Jules
>>>>>>
>>>> Jules
>>>>
>> Jules
>>
Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
'We face neither East nor West: we face forward.' - Kwame Nkrumah
www.Zend.To
Twitter: @JulesFM
More information about the ZendTo
mailing list