[ZendTo] Using the IMAP auth and e-mails don't show up from users' address

Jules Field Jules at Zend.To
Fri Nov 16 16:58:20 GMT 2018


Does that system pay attention to "Errors-To:"?

On 16/11/2018 14:37, Travis Zimmerman wrote:
> For what it's worth my team is pretty happy about the feature, as we get
> a consistent number of auto-replies from a system that doesn't pay
> attention to the Reply-To field.
>
> -------------------------------------------------------------------
> Travis Zimmerman    tzimmerman at fsu.edu     850-645-8030
> Linux Enterprise Applications & Systems    its-linuxadmins at fsu.edu
> Information Technology Services, Florida State University
>
> On 11/16/18 4:24 AM, Jules Field wrote:
>> Travis,
>>
>> Okay, thanks for that. I will take a look and see what I can do. I
>> would rather stick with the internaldomains.conf information than add
>> another list of domains, if it can be avoided. Few people have that
>> set to TRUE anyway, and I suspect I shouldn't have implemented it in
>> the first place, as there are other ways of avoiding the problem it
>> aims to solve.
>>
>> Cheers,
>> Jules.
>>
>> On 15/11/2018 18:16, Travis Zimmerman wrote:
>>> It's set to TRUE.
>>> [root at dropboxprd01 ~]# grep SMTPsetFromToSender
>>> /var/www/html/zendto/config/preferences.php
>>>      'SMTPsetFromToSender' => TRUE,
>>>
>>> To fix the problem for my users I just modified the line to below.
>>> if ($senderDomain !== '' &&
>>>                ( strcasecmp($senderDomain, $fromDomain) == 0 ||
>>> strcasecmp('my.fsu.edu', $fromDomain) == 0)) {
>>>
>>> If other people run into this problem, a possible general fix may be to
>>> have an array of allowed secondary domains, that match the SPF records
>>> for the SMTP server?
>>>
>>> Thanks for the help.
>>>
>>> -------------------------------------------------------------------
>>> Travis Zimmerman    tzimmerman at fsu.edu     850-645-8030
>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>> Information Technology Services, Florida State University
>>>
>>> On 11/15/18 1:04 PM, Jules Field wrote:
>>>> Travis,
>>>>
>>>> That code snippet will only be run if you have
>>>>       'SMTPsetFromToSender' => TRUE,
>>>> in preferences.php.
>>>>
>>>> The default is FALSE. What value are you using?
>>>>
>>>> Cheers,
>>>> Jules.
>>>>
>>>> On 01/11/2018 18:56, Travis Zimmerman wrote:
>>>>> I don't know if I'm reading this correctly but I think maybe the
>>>>> problem
>>>>> is having the two domains and this part of the code.
>>>>>
>>>>>               // If the sender domain and the from domain are the same
>>>>>               // (and not blank, which signifies something went
>>>>> wrong!),
>>>>>               // we can safely overwrite the From we set above, without
>>>>>               // causing SPF/DKIM/DMARC problems.
>>>>>               if ($senderDomain !== '' &&
>>>>>                   strcasecmp($senderDomain, $fromDomain) == 0)
>>>>>
>>>>> Could a possible solution be to switch from a strcasecmp to substring
>>>>> test or maybe a regex testing if the $senderDomain is part of the
>>>>> end of
>>>>> the $fromDomain? Not sure if that would cause a SPF/DKIM/DMARC
>>>>> problem.
>>>>>
>>>>> endswith($fromDomain, $senderDomain);
>>>>>
>>>>> function endswith($from, $sender) {
>>>>>         $fromlen = strlen($from);
>>>>>         $senderlen = strlen($sender);
>>>>>         if ($testlen > $strlen) return false;
>>>>>         return substr_compare($from, $sender, $fromlen - $senderlen,
>>>>> $senderlen) === 0;
>>>>> }
>>>>>
>>>>> This is just a code snippet I googled up and haven't tested.
>>>>>
>>>>> -------------------------------------------------------------------
>>>>> Travis Zimmerman    tzimmerman at fsu.edu     850-645-8030
>>>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>>>> Information Technology Services, Florida State University
>>>>>
>>>>> On 11/1/18 12:33 PM, Travis Zimmerman via ZendTo wrote:
>>>>>> Yup, that's what I have authIMAPDomain set to already.
>>>>>>
>>>>>> -------------------------------------------------------------------
>>>>>> Travis Zimmerman    tzimmerman at fsu.edu     850-645-8030
>>>>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>>>>> Information Technology Services, Florida State University
>>>>>>
>>>>>> On 11/1/18 12:29 PM, Jules Field wrote:
>>>>>>> Travis,
>>>>>>>
>>>>>>> If the students enter their entire email address
>>>>>>> (username at my.fsu.edu)
>>>>>>> into the ZendTo login "username" box, then set
>>>>>>>         'authIMAPDomain' => '',
>>>>>>> in preferences.php.
>>>>>>>
>>>>>>> If they just enter their username, then something more subtle is
>>>>>>> happening which I will need to investigate further.
>>>>>>>
>>>>>>> Please let me know if that helps.
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Jules.
>>>>>>>
>>>>>>> On 31/10/2018 20:56, Travis Zimmerman via ZendTo wrote:
>>>>>>>> I realized I should mention that we are using e-mail addresses to
>>>>>>>> login
>>>>>>>> to our ZendTo service to differentiate between our two domains.
>>>>>>>> Don't
>>>>>>>> know if that would effect how e-mails are sent. Doesn't seem to
>>>>>>>> be a
>>>>>>>> problem for our faculty/staff (AD, username at fsu.edu), just the
>>>>>>>> students
>>>>>>>> (IMAP, username at my.fsu.edu).
>>>>>>>>
>>>>>>>> -------------------------------------------------------------------
>>>>>>>> Travis Zimmerman    tzimmerman at fsu.edu 850-645-8030
>>>>>>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>>>>>>> Information Technology Services, Florida State University
>>>>>>>>
>>>>>>>> On 10/31/18 12:09 PM, Travis Zimmerman via ZendTo wrote:
>>>>>>>>> I tried to use my university's AD for the students (there is a
>>>>>>>>> previous
>>>>>>>>> e-mail I sent to the ZendTo mailing list about a week ago), but
>>>>>>>>> due to
>>>>>>>>> how our Microsoft Admins configured it they needed to use an
>>>>>>>>> alternate
>>>>>>>>> attribute.
>>>>>>>>>
>>>>>>>>> Yes. When I login to LDAP or AD and drop off a file, the e-mail
>>>>>>>>> sent to
>>>>>>>>> the recipient will show my e-mail address in the From field. If I
>>>>>>>>> login
>>>>>>>>> using the IMAP auth the From field lists the servers default
>>>>>>>>> e-mail
>>>>>>>>> from
>>>>>>>>> zendto.conf and the Reply-To field has the IMAP account's e-mail
>>>>>>>>> address.
>>>>>>>>>
>>>>>>>>> -------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>> Travis Zimmerman    tzimmerman at fsu.edu 850-645-8030
>>>>>>>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>>>>>>>> Information Technology Services, Florida State University
>>>>>>>>>
>>>>>>>>> On 10/31/18 11:33 AM, Jules Field via ZendTo wrote:
>>>>>>>>>> Travis,
>>>>>>>>>>
>>>>>>>>>> If you are authenticating users against Office365, then why
>>>>>>>>>> not do
>>>>>>>>>> that with AD?
>>>>>>>>>> I don't quite see why you need to use the IMAP authenticator at
>>>>>>>>>> all.
>>>>>>>>>> If it's a separate AD forest for some reason, then that's okay,
>>>>>>>>>> ZendTo
>>>>>>>>>> will happily do 3 different AD forests with independent setups.
>>>>>>>>>>
>>>>>>>>>> So "SMTPsetFromToSender'=>TRUE" works as expected if they
>>>>>>>>>> login via
>>>>>>>>>> LDAP or AD, but doesn't if they login via IMAP?
>>>>>>>>>>
>>>>>>>>>> What we do here for the "From" address is use an address whose
>>>>>>>>>> email
>>>>>>>>>> is just automatically trashed, ie. a "no-reply" address. Then
>>>>>>>>>> automated stuff that is replying (incorrectly) to the "From:" or
>>>>>>>>>> (validly/correctly) to the envelope sender will just be thrown
>>>>>>>>>> away.
>>>>>>>>>> Any human-generated replies will go to the right user.
>>>>>>>>>>
>>>>>>>>>> Thanks for the info about the option you need to pass to O365. I
>>>>>>>>>> guess
>>>>>>>>>> that's going to need yet another preferences.php setting.
>>>>>>>>>>
>>>>>>>>>> Cheers,
>>>>>>>>>> Jules.
>>>>>>>>>>
>>>>>>>>>> On 31/10/2018 14:49, Travis Zimmerman via ZendTo wrote:
>>>>>>>>>>> I configured the IMAP authentication to allow my university's
>>>>>>>>>>> students
>>>>>>>>>>> to login to our ZendTo server, but when they drop off files the
>>>>>>>>>>> From
>>>>>>>>>>> field is showing the e-mail address configured in zendto.conf
>>>>>>>>>>> instead of
>>>>>>>>>>> the student's address. The student's address ends up in the
>>>>>>>>>>> Reply-To
>>>>>>>>>>> field, which normally wouldn't be a problem except sometimes
>>>>>>>>>>> automated
>>>>>>>>>>> systems reply back to the drop off e-mails and they ignore the
>>>>>>>>>>> Reply-To.
>>>>>>>>>>>
>>>>>>>>>>> I have SMTPsetFromToSender => TRUE, users that login via LDAP
>>>>>>>>>>> or AD
>>>>>>>>>>> appear to work as expected.
>>>>>>>>>>>
>>>>>>>>>>> BTW I am using the IMAP authentication with Office365 and in
>>>>>>>>>>> order to
>>>>>>>>>>> get it to login correctly I had to change the imap_open line.
>>>>>>>>>>> $mbox = @imap_open('{'.$this->_imapServer.'}INBOX', $uname,
>>>>>>>>>>> $password,
>>>>>>>>>>> OP_READONLY,1,array('DISABLE_AUTHENTICATOR' => 'PLAIN'));
>>>>>>>>>>>
>>>>>>>>>>> So don't know if you want to add this to the documentation
>>>>>>>>>>> somewhere or
>>>>>>>>>>> incorporate into the NSSIMAPAuthenticator code.
>>>>>>>>>>>
>>>>>>>>>>> -------------------------------------------------------------------
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Travis Zimmerman    tzimmerman at fsu.edu 850-645-8030
>>>>>>>>>>> Linux Enterprise Applications & Systems its-linuxadmins at fsu.edu
>>>>>>>>>>> Information Technology Services, Florida State University
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> ZendTo mailing list
>>>>>>>>>>> ZendTo at zend.to
>>>>>>>>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwICAg&c=HPMtquzZjKY31rtkyGRFnQ&r=TZ3x4Nnv5Pp03uwRWF9UlLOaC296m8a1MGVEkWJljsg&m=5u9mHQwWyo_tYTeW__SOzvefpnCjf4YQxPsJSnNZ3t0&s=2lT413dnsMw6bu9-9TLNGGhRMyhC3YK11szRGuK1xtw&e=
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> Jules
>>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> ZendTo mailing list
>>>>>>>>> ZendTo at zend.to
>>>>>>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwIGaQ&c=HPMtquzZjKY31rtkyGRFnQ&r=TZ3x4Nnv5Pp03uwRWF9UlLOaC296m8a1MGVEkWJljsg&m=nldSAFYLL3YRHIJw6WEEK5gmzqlolpYwjz642dolMxk&s=YAnfXHzTncnerKooAJbUFFL3V98t9jArpAfFUJ5gayo&e=
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> ZendTo mailing list
>>>>>>>> ZendTo at zend.to
>>>>>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwIDaQ&c=HPMtquzZjKY31rtkyGRFnQ&r=TZ3x4Nnv5Pp03uwRWF9UlLOaC296m8a1MGVEkWJljsg&m=EiTV262ezFwuAy6LGUFPUno8qF0iVenx_KHgRL1WHtY&s=0aGdNoswD33mWO4qa5w4pK81g2LF4T9cIta1vV5sc4c&e=
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> Jules
>>>>>>>
>>>>>> _______________________________________________
>>>>>> ZendTo mailing list
>>>>>> ZendTo at zend.to
>>>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwIGaQ&c=HPMtquzZjKY31rtkyGRFnQ&r=TZ3x4Nnv5Pp03uwRWF9UlLOaC296m8a1MGVEkWJljsg&m=ld_nfLvQazOI2Hz4g6p83F5PAuKFj1vbMR6469-svR4&s=G0UK4iFGrD_R80gfAF6IOhT77OtJbOoEg9rFALMy70M&e=
>>>>>>
>>>>>>
>>>> Jules
>>>>
>> Jules
>>

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'People will believe a big lie sooner than a little one, and if you
  repeat it frequently enough people will sooner or later believe
  it.' - Walter Langer

www.Zend.To
Twitter: @JulesFM




More information about the ZendTo mailing list