Sending from other addresses

I’m having trouble allowing an account to send from other addresses. I see the ability to do this in the alias setup page, but it seems to do the opposite of what I need – I don’t want one address to send to multiple addresses, I want multiple addresses to send from a single account.

I have various processes that occasionally send mail from their respective user names – munin, monit, www-data, root, etc – and I’m trying to allow them all to send through one account. So I’ve set up a real root account (so it can be authenticated against) and also a root alias for the other names (which according to the page should allow this account to also send from these names).

But I’m facing this confusing message:

250 2.1.0 Ok
RCPT TO:<>    
553 5.7.1 <>: Sender address rejected: not owned by user

So despite successfully authenticating with this account, it can’t send email from its own address?!

I can see that there’s a potential for some kind of mail loop here, and that it might require a separate account (e.g. root2) to authenticate with, and a separate alias pointing at it but that’s really cumbersome. Also, having set up this alias, I don’t want to it to act in the other direction – sending mail to the “real” account name should not result in it expanding to the alias list, but I don’t see any way to prevent that.

How should I set this up?

Create a user email for root.

Create aliases for munin, monit, and www-data.

I tested the above and failed:

So I redid my test using a ‘normal’ user name. i.e. NOT root, and it worked just fine … so I am going to suggest to try using some other user name.

In your first example, that looks the wrong way around to me. The thing that I’m trying to take advantage of is that “Any mail listed in the Forwards To box can send mail claiming to be from the alias address” - but I’m trying to send from the alias address, not the address that forwards, so those need to be the other way around – but that doesn’t really make much sense for an alias definition. I don’t see that allowing sending from a different address should involve any forwarding at all.

Gmail (for a change!) does this right: you can define alias addresses for an account, and you can both send and receive as them using the host account’s credentials, but these are defined entirely separately to forwards.

While it’s possible that using a different user name might be possible, it’s not always possible. These names are generated from the username that owns the process, and often there is no option to override and call it something else when sending email. Even if I have aliases defined locally on the sending server (like www-data: root), it forwards the message, but it retains the original username and doesn’t help here.

I thought of another option - switching to a manual address list (“I’ll enter the mail users that can send mail claiming to be from the alias address.”), which sounds like it would make sense, but MIAB prevents that from working because it wants those addresses to be real user accounts and not aliases. So near yet so far!

It may look that way to you, but it is exactly what you are needing. If you wish to PM me an email address I can send examples.

Under the hood, you ARE sending from the address that the alias forwards to as that address is the only real email account. However, you are sending using an identity (alias) which is allowed to send from the email account. So your terminology is a bit off, or MiaB’s terminology - or both.

But regardless of terminology, the result is the same … emails appear to be sent from the ‘alias’ address which is the address you are trying to ‘send’ from.

Sometimes, it is possible. In some instances the sending username is configurable in the various conf files. However more times than not, it is not configurable.

What is your actual goal here? If you are sending these emails to some address other than a Google, Microsoft, or Verizon based recipient I have found that it works very well to just allow postfix on the server to send the mails rather than relaying to a Mail-in-a-Box install with a relay. You will of course need to update your SPF record to show that server as a permitted sender.

Note, if you have unsupported modifications on your MiaB server, then all bets are off. So if this is from the same server as MiaB, good luck!

This is effectively just a client. I have a bunch of servers that can generate status messages and I don’t want them sending email directly, but to relay through our central MIAB so that it can take care of DKIM in particular, but also allow us to restrict what we have in SPF. This means of course that no modifications to MIAB are involved.

I have one account defined on MIAB that’s used for this, and I want to use that single account to allow sending from multiple from addresses. So when the www-data user on one of these servers wants to send an email, it submits a message to its own local postfix server, which is configured to relay the message using the root@ account on our MIAB. Authentication works fine, but it rejects the from address above. I’ve not been able to find an alias config on MIAB that allows this to work.

It may be that postfix is the wrong tool to use for the relaying (it’s certainly painful to configure). It might be better to use something simpler like SSMTP or MSMTP, but I don’t think they would solve the from address problem on the MIAB side.

The point that I made earlier is that I think you are failing due to the choice of sending user … create a DIFFERENT email account other than root and use it! DO NOT USE root@mydomain.tld.

I am using the reporting server’s name as the subdomain, so the actual sending account is root@servername.mydomain.tld. It’s not using MIAB’s domain directly, though MIAB is also handling mydomain.tld as normal.

Ok, if you do not want to take my advice that is fine.

I duplicated your set up and it did NOT work.

I changed the user that you’d use for the postfix>MiaB Smtp to a different username and it worked.

Have a nice day!

OK, I set up a completely different new account (status@), deleted the root@ account, then set up the alias, and it’s doing the same as before. Any alternative from addresses are rejected.