[ZendTo] Using the IMAP auth and e-mails don't show up from users' address
Jules Field
Jules at Zend.To
Fri Nov 16 09:24:02 GMT 2018
Travis,
Okay, thanks for that. I will take a look and see what I can do. I would
rather stick with the internaldomains.conf information than add another
list of domains, if it can be avoided. Few people have that set to TRUE
anyway, and I suspect I shouldn't have implemented it in the first
place, as there are other ways of avoiding the problem it aims to solve.
Cheers,
Jules.
On 15/11/2018 18:16, Travis Zimmerman wrote:
> It's set to TRUE.
> [root at dropboxprd01 ~]# grep SMTPsetFromToSender
> /var/www/html/zendto/config/preferences.php
> 'SMTPsetFromToSender' => TRUE,
>
> To fix the problem for my users I just modified the line to below.
> if ($senderDomain !== '' &&
> ( strcasecmp($senderDomain, $fromDomain) == 0 ||
> strcasecmp('my.fsu.edu', $fromDomain) == 0)) {
>
> If other people run into this problem, a possible general fix may be to
> have an array of allowed secondary domains, that match the SPF records
> for the SMTP server?
>
> Thanks for the help.
>
> -------------------------------------------------------------------
> Travis Zimmerman tzimmerman at fsu.edu 850-645-8030
> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
> Information Technology Services, Florida State University
>
> On 11/15/18 1:04 PM, Jules Field wrote:
>> Travis,
>>
>> That code snippet will only be run if you have
>> 'SMTPsetFromToSender' => TRUE,
>> in preferences.php.
>>
>> The default is FALSE. What value are you using?
>>
>> Cheers,
>> Jules.
>>
>> On 01/11/2018 18:56, Travis Zimmerman wrote:
>>> I don't know if I'm reading this correctly but I think maybe the problem
>>> is having the two domains and this part of the code.
>>>
>>> // If the sender domain and the from domain are the same
>>> // (and not blank, which signifies something went wrong!),
>>> // we can safely overwrite the From we set above, without
>>> // causing SPF/DKIM/DMARC problems.
>>> if ($senderDomain !== '' &&
>>> strcasecmp($senderDomain, $fromDomain) == 0)
>>>
>>> Could a possible solution be to switch from a strcasecmp to substring
>>> test or maybe a regex testing if the $senderDomain is part of the end of
>>> the $fromDomain? Not sure if that would cause a SPF/DKIM/DMARC problem.
>>>
>>> endswith($fromDomain, $senderDomain);
>>>
>>> function endswith($from, $sender) {
>>> $fromlen = strlen($from);
>>> $senderlen = strlen($sender);
>>> if ($testlen > $strlen) return false;
>>> return substr_compare($from, $sender, $fromlen - $senderlen,
>>> $senderlen) === 0;
>>> }
>>>
>>> This is just a code snippet I googled up and haven't tested.
>>>
>>> -------------------------------------------------------------------
>>> Travis Zimmerman tzimmerman at fsu.edu 850-645-8030
>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>> Information Technology Services, Florida State University
>>>
>>> On 11/1/18 12:33 PM, Travis Zimmerman via ZendTo wrote:
>>>> Yup, that's what I have authIMAPDomain set to already.
>>>>
>>>> -------------------------------------------------------------------
>>>> Travis Zimmerman tzimmerman at fsu.edu 850-645-8030
>>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>>> Information Technology Services, Florida State University
>>>>
>>>> On 11/1/18 12:29 PM, Jules Field wrote:
>>>>> Travis,
>>>>>
>>>>> If the students enter their entire email address (username at my.fsu.edu)
>>>>> into the ZendTo login "username" box, then set
>>>>> 'authIMAPDomain' => '',
>>>>> in preferences.php.
>>>>>
>>>>> If they just enter their username, then something more subtle is
>>>>> happening which I will need to investigate further.
>>>>>
>>>>> Please let me know if that helps.
>>>>>
>>>>> Cheers,
>>>>> Jules.
>>>>>
>>>>> On 31/10/2018 20:56, Travis Zimmerman via ZendTo wrote:
>>>>>> I realized I should mention that we are using e-mail addresses to
>>>>>> login
>>>>>> to our ZendTo service to differentiate between our two domains. Don't
>>>>>> know if that would effect how e-mails are sent. Doesn't seem to be a
>>>>>> problem for our faculty/staff (AD, username at fsu.edu), just the
>>>>>> students
>>>>>> (IMAP, username at my.fsu.edu).
>>>>>>
>>>>>> -------------------------------------------------------------------
>>>>>> Travis Zimmerman tzimmerman at fsu.edu 850-645-8030
>>>>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>>>>> Information Technology Services, Florida State University
>>>>>>
>>>>>> On 10/31/18 12:09 PM, Travis Zimmerman via ZendTo wrote:
>>>>>>> I tried to use my university's AD for the students (there is a
>>>>>>> previous
>>>>>>> e-mail I sent to the ZendTo mailing list about a week ago), but
>>>>>>> due to
>>>>>>> how our Microsoft Admins configured it they needed to use an
>>>>>>> alternate
>>>>>>> attribute.
>>>>>>>
>>>>>>> Yes. When I login to LDAP or AD and drop off a file, the e-mail
>>>>>>> sent to
>>>>>>> the recipient will show my e-mail address in the From field. If I
>>>>>>> login
>>>>>>> using the IMAP auth the From field lists the servers default e-mail
>>>>>>> from
>>>>>>> zendto.conf and the Reply-To field has the IMAP account's e-mail
>>>>>>> address.
>>>>>>>
>>>>>>> -------------------------------------------------------------------
>>>>>>> Travis Zimmerman tzimmerman at fsu.edu 850-645-8030
>>>>>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>>>>>> Information Technology Services, Florida State University
>>>>>>>
>>>>>>> On 10/31/18 11:33 AM, Jules Field via ZendTo wrote:
>>>>>>>> Travis,
>>>>>>>>
>>>>>>>> If you are authenticating users against Office365, then why not do
>>>>>>>> that with AD?
>>>>>>>> I don't quite see why you need to use the IMAP authenticator at
>>>>>>>> all.
>>>>>>>> If it's a separate AD forest for some reason, then that's okay,
>>>>>>>> ZendTo
>>>>>>>> will happily do 3 different AD forests with independent setups.
>>>>>>>>
>>>>>>>> So "SMTPsetFromToSender'=>TRUE" works as expected if they login via
>>>>>>>> LDAP or AD, but doesn't if they login via IMAP?
>>>>>>>>
>>>>>>>> What we do here for the "From" address is use an address whose
>>>>>>>> email
>>>>>>>> is just automatically trashed, ie. a "no-reply" address. Then
>>>>>>>> automated stuff that is replying (incorrectly) to the "From:" or
>>>>>>>> (validly/correctly) to the envelope sender will just be thrown
>>>>>>>> away.
>>>>>>>> Any human-generated replies will go to the right user.
>>>>>>>>
>>>>>>>> Thanks for the info about the option you need to pass to O365. I
>>>>>>>> guess
>>>>>>>> that's going to need yet another preferences.php setting.
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>> Jules.
>>>>>>>>
>>>>>>>> On 31/10/2018 14:49, Travis Zimmerman via ZendTo wrote:
>>>>>>>>> I configured the IMAP authentication to allow my university's
>>>>>>>>> students
>>>>>>>>> to login to our ZendTo server, but when they drop off files the
>>>>>>>>> From
>>>>>>>>> field is showing the e-mail address configured in zendto.conf
>>>>>>>>> instead of
>>>>>>>>> the student's address. The student's address ends up in the
>>>>>>>>> Reply-To
>>>>>>>>> field, which normally wouldn't be a problem except sometimes
>>>>>>>>> automated
>>>>>>>>> systems reply back to the drop off e-mails and they ignore the
>>>>>>>>> Reply-To.
>>>>>>>>>
>>>>>>>>> I have SMTPsetFromToSender => TRUE, users that login via LDAP
>>>>>>>>> or AD
>>>>>>>>> appear to work as expected.
>>>>>>>>>
>>>>>>>>> BTW I am using the IMAP authentication with Office365 and in
>>>>>>>>> order to
>>>>>>>>> get it to login correctly I had to change the imap_open line.
>>>>>>>>> $mbox = @imap_open('{'.$this->_imapServer.'}INBOX', $uname,
>>>>>>>>> $password,
>>>>>>>>> OP_READONLY,1,array('DISABLE_AUTHENTICATOR' => 'PLAIN'));
>>>>>>>>>
>>>>>>>>> So don't know if you want to add this to the documentation
>>>>>>>>> somewhere or
>>>>>>>>> incorporate into the NSSIMAPAuthenticator code.
>>>>>>>>>
>>>>>>>>> -------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>> Travis Zimmerman tzimmerman at fsu.edu 850-645-8030
>>>>>>>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>>>>>>>> Information Technology Services, Florida State University
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> ZendTo mailing list
>>>>>>>>> ZendTo at zend.to
>>>>>>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwICAg&c=HPMtquzZjKY31rtkyGRFnQ&r=TZ3x4Nnv5Pp03uwRWF9UlLOaC296m8a1MGVEkWJljsg&m=5u9mHQwWyo_tYTeW__SOzvefpnCjf4YQxPsJSnNZ3t0&s=2lT413dnsMw6bu9-9TLNGGhRMyhC3YK11szRGuK1xtw&e=
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> Jules
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> ZendTo mailing list
>>>>>>> ZendTo at zend.to
>>>>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwIGaQ&c=HPMtquzZjKY31rtkyGRFnQ&r=TZ3x4Nnv5Pp03uwRWF9UlLOaC296m8a1MGVEkWJljsg&m=nldSAFYLL3YRHIJw6WEEK5gmzqlolpYwjz642dolMxk&s=YAnfXHzTncnerKooAJbUFFL3V98t9jArpAfFUJ5gayo&e=
>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> ZendTo mailing list
>>>>>> ZendTo at zend.to
>>>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwIDaQ&c=HPMtquzZjKY31rtkyGRFnQ&r=TZ3x4Nnv5Pp03uwRWF9UlLOaC296m8a1MGVEkWJljsg&m=EiTV262ezFwuAy6LGUFPUno8qF0iVenx_KHgRL1WHtY&s=0aGdNoswD33mWO4qa5w4pK81g2LF4T9cIta1vV5sc4c&e=
>>>>>>
>>>>>>
>>>>> Jules
>>>>>
>>>> _______________________________________________
>>>> ZendTo mailing list
>>>> ZendTo at zend.to
>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwIGaQ&c=HPMtquzZjKY31rtkyGRFnQ&r=TZ3x4Nnv5Pp03uwRWF9UlLOaC296m8a1MGVEkWJljsg&m=ld_nfLvQazOI2Hz4g6p83F5PAuKFj1vbMR6469-svR4&s=G0UK4iFGrD_R80gfAF6IOhT77OtJbOoEg9rFALMy70M&e=
>>>>
>> Jules
>>
Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
'Always do sober what you said you'd do drunk. That will teach you
to keep your mouth shut.' - Ernest Hemingway
www.Zend.To
Twitter: @JulesFM
More information about the ZendTo
mailing list