Join Log in
Score:0
M.R. avatar Server

Postfix Admin Email Missing From Address

gl flag
M.R.

When using the “I forgot my password” button available on /admin/users/login, all emails going to an external email address fail. For example, if the user has a password reset email of me@internalDomain the reset code is sent without issue. However, if they have a password reset email of me@externalDomain then it fails. All other types of outgoing mail to external domains are working.

enter image description here

In the mail logs, I can see that when a normal email is sent, there is a from address (<me@mydomain> -> <me@externalDomain>). When a password reset email is sent, the from address is blank (<> -> me@externalDomain).

We are also using Dovecot, SendGrid as the mail relay, and amavis as a content filter. Because of the from address being blank, SendGrid's sender authorization rejects the email. Does anyone know how to set the from address for password resets? Or what could be set up wrong to cause a blank from address in only this instance?

Mail Log

Oct 12 15:27:33 postfix-mail-server postfix/qmgr[4565]: 96547456D3: from=<>, size=1146, nrcpt=1 (queue active)
Oct 12 15:27:33 postfix-mail-server amavis[1890]: (01890-07) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1]:48680 <> -> <[email protected]>, Queue-ID: 5B2FA45699, Message-ID: <[email protected]>, mail_id: zJxeBkdG8kSz, Hits: -0.999, size: 653, queued_as: 96547456D3, 1084 ms
Oct 12 15:27:33 postfix-mail-server postfix/amavis/smtp[7971]: 5B2FA45699: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.3, delays=0.17/0.01/0/1.1, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 96547456D3)
Oct 12 15:27:33 postfix-mail-server postfix/qmgr[4565]: 5B2FA45699: removed
Oct 12 15:27:34 postfix-mail-server postfix/smtp[7976]: 96547456D3: to=<[email protected]>, relay=smtp.sendgrid.net[ipAddress]:2525, delay=0.39, delays=0.01/0.01/0.32/0.05, dsn=5.0.0, status=bounced (host smtp.sendgrid.net[ipAddress] said: 550 The from address does not match a verified Sender Identity. Mail cannot be sent until this error is resolved.

Main.cf

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2

smtpd_tls_cert_file=/etc/letsencrypt/live/ourDomain.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/ourDomain.com/privkey.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = ourDomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

relayhost = [smtp.sendgrid.net]:2525
smtp_tls_security_level = encrypt
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
header_size_limit = 4096000
smtp_sasl_security_options = noanonymous
smtputf8_enable = no

virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/virtual_mailbox_maps.cf,proxy:mysql:/etc/postfix/sql/virtual_alias_domain_mailbox_maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/virtual_alias_maps.cf,proxy:mysql:/etc/postfix/sql/virtual_alias_domain_maps.cf,proxy:mysql:/etc/postfix/sql/virtual_alias_domain_catchall_maps.cf

virtual_mailbox_base = /var/vmail
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000

smtpd_milters = unix:/var/run/rspamd/milter.sock
milter_default_action = accept

content_filter = smtp-amavis:[127.0.0.1]:10024
smtpd_proxy_options = speed_adjust

Master.cf

smtp      inet  n       -       y       -       -       smtpd

submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o content_filter=smtp-amavis:[127.0.0.1]:10026

smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o content_filter=smtp-amavis:[127.0.0.1]:10026

pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name

showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache

maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

smtp-amavis   unix   -   -   n   -   4   smtp
    -o syslog_name=postfix/amavis
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
    -o smtp_tls_security_level=none

127.0.0.1:10025   inet   n    -     n     -     -    smtpd
    -o syslog_name=postfix/10025
    -o content_filter=
    -o mynetworks_style=host
    -o mynetworks=127.0.0.0/8
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o strict_rfc821_envelopes=yes
    -o smtp_tls_security_level=none
    -o smtpd_tls_security_level=none
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_end_of_data_restrictions=
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
171
1 + 0
Score:0
Salocin avatar Server
bm flag
Salocin

check if in config.local.php $CONF['admin_email'] is set. postfixadmin uses this as sender and unfortunately has no fallback to postmaster or so if this is not set.

According to RFC 5322 section 3.6 From is one of the two mandatory headers and therefore these mails are rightly rejected.

+ 1
M.R. avatar
gl flag
M.R.
This was indeed the problem. After adding an admin email to config.local.php, the password reset button now works. Thank you!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.