docker-mailserver: bug report: alias code for group mail aliases

Preliminary Checks

  • I checked that all ports are open and not blocked by my ISP / hosting provider.
  • I know that SSL errors are likely the result of a wrong setup on the user side and not caused by DMS itself. I’m confident my setup is correct.
  • I searched the issue tracker but was unable to find my issue.
  • I read the extended documentation in general but found nothing to resolve the issue.
  • I read the documentation on debugging, tried the proposed steps to debug the problem, but was still unable to resolve the issue.

Affected Component(s)

Aliases setup

What happened and when does this occur?

When I tried to create group mail aliases I came into problem with adding recipient to the group. Problem appears if there’s an email account and alias to redirect mails.

What did you expect to happen?

root@mail:/# setup email list
* testuser@domain.com ( 0 / ~ ) [0%]

root@mail:/# setup alias list
[  ERROR  ]  '/tmp/docker-mailserver/postfix-virtual.cf' is empty, nothing to list
[  ERROR  ]  Aborting
root@mail:/# setup email add test1@domain.com
Enter Password: 
root@mail:/# setup email add test2@domain.com
Enter Password: 
root@mail:/# setup alias add test1@domain.com test1@other.com
root@mail:/# setup alias add test2@domain.com test2@other.com
root@mail:/# setup alias add group-1@domain.com test1@domain.com
root@mail:/# setup alias add group-1@domain.com test2@domain.com
root@mail:/# setup alias add group-2@domain.com test1@domain.com
root@mail:/# setup alias add group-2@domain.com test2@domain.com
[  ERROR  ]  'group-2@domain.com' is already an alias for recipient: 'test2@domain.com'
[  ERROR  ]  Aborting
root@mail:/#

How do we replicate the issue?

  1. setup email add test1@domain.com
  2. setup email add test2@domain.com
  3. setup alias add test1@domain.com test1@other.com
  4. setup alias add test2@domain.com test2@other.com
  5. setup alias add group-1@domain.com test1@domain.com
  6. setup alias add group-1@domain.com test2@domain.com
  7. setup alias add group-2@domain.com test1@domain.com
  8. setup alias add group-2@domain.com test2@domain.com

DMS version

v12.0.0

What operating system is DMS running on?

Linux

Which operating system version?

Docker

What instruction set architecture is DMS running on?

AMD64 / x86_64

What container orchestration tool are you using?

Docker Compose

docker-compose.yml

services:
  mailserver:
    image: ghcr.io/docker-mailserver/docker-mailserver:latest
    container_name: mailserver
    # Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
    hostname: mail.example.com
    volumes:
      - /etc/localtime:/etc/localtime:ro
    environment:
      - ENABLE_RSPAMD=1
      - ENABLE_CLAMAV=1
      - ENABLE_FAIL2BAN=1
    cap_add:
      - NET_ADMIN # For Fail2Ban to work

Relevant log output

No response

Other relevant information

Solution: https://github.com/docker-mailserver/docker-mailserver/pull/3259

What level of experience do you have with Docker and mail servers?

  • I am inexperienced with docker
  • I am rather experienced with docker
  • I am inexperienced with mail servers
  • I am rather experienced with mail servers
  • I am uncomfortable with the CLI
  • I am rather comfortable with the CLI

Code of conduct

Improvements to this form?

No response

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 18 (11 by maintainers)

Most upvoted comments

in order to be able to send mail as well. No email is stored on DMS.

As long as SPOOF_PROTECTION=0 you should be able to send as whatever user you want to, even if no account is made for it. Just have a local account that you can login as to authenticate.

I am confused by the suggestions given here, #3262 (comment), the second link shows instructions for exactly this, adding both an alias and an email address.

That was a community contributed guide, but was identified as bad advice. Most maintainers are quite busy presently as we only can work on DMS as volunteers, so this has not been revised yet unfortunately.

My use-case is to have a catch-all address (i.e. @domain.com that redirects to an external service). I feel like me and @bibiak1 are not the only ones using this feature.

I believe we identified that this was the wrong approach. Lets say you create two accounts for sending mail, while having your catch-all alias domain. Now send mail to the other account, and what will DMS do?

  • Match the catch-all and relay it to the external service?
  • Recognize a local Dovecot account was created for storing the mail and avoiding the relay?

I forget which has priority, but I think it is Dovecot, which is not what you’d probably expect / want right? (even if you’d not send mail to another account this way, another user might attempt to and expect it to work)

The alias approach for this is using the feature incorrectly in that sense AFAIK. Especially with how @bibiak1 was configuring it, and the community guide.

The suggested approach I provided to @bibiak1 was to configure your external mail account (typically Gmail) to pull email from DMS via POP3. I assume this isn’t liked for a catch-all where you allow any address, or when there are many accounts to configure retrieving mail from into a single external account, I can understand that.

How would we achieve this same functionality with the new update?

You could create your accounts and manually add add aliases to postfix-virtual.cf to bypass our setup tool. If you need to add another account later, remove that alias line and repeat. Alternatively just temporarily remove the accounts or alias config files, should achieve the same outcome.

You could alias specific accounts and have your “admin” account to login DMS and send mail as any email address from the catch-all domain (technically any domain).

setup alias add @domain.com my.account@other.com
setup alias add user1@domain.com user1@other.com

setup account add me@domain.com
# send as user1 from me@domain.com account
+3
polarathene on May 15, 2023

TL;DR: I think this is not a bug, but a misunderstanding? I am aware of one page in our docs where this kind of example is given and might have been referenced by @bibiak1 ?

If not I’d like a more concrete example of when this isn’t a bad idea.

https://github.com/docker-mailserver/docker-mailserver/blob/1076aac37d3e30e921f3917b7eb35b461904d1c4/target/bin/addalias#L34-L36

root@mail:/# setup email add test1@domain.com
root@mail:/# setup email add test2@domain.com
root@mail:/# setup alias add test1@domain.com test1@other.com
root@mail:/# setup alias add test2@domain.com test2@other.com

Why are you adding mail accounts as aliases? I don’t think we’re meant to allow for treating a mail account as an alias like that.

You want group-1 and group-2 aliases to both receive mail and send it to the test1 and test2 aliases or mail accounts? Or you expect to receive on DMS and store for their domain.com mail accounts there, and also relay to their @other.com?

Alias groups to both test mail accounts, and the external @other.com, but don’t alias the mail account? Maybe I am mistaken, but it doesn’t make sense to me why mail account and alias would overlap like this?

I see that we have this example in docs, and perhaps that is incorrect (it was a community contributed example from years ago). Our docs on aliases does not align with support for a mail account as an alias.

I remember working on the alias refactor and being very thorough on making that correct. I’m curious if it’s really a bug, or the failure is correctly preventing it? (albeit not preventing mail accounts as aliases)

+2
polarathene on Sep 5, 2023

I came across this issue when looking at the changelog for 12.1.0. I, too, have been using this feature forever – it was actually the reason I switched to DMS. My use-case is to have a catch-all address (i.e. @domain.com that redirects to an external service). In most cases, #3270 doesn’t break this functionality, but there are some addresses where I have overridden the aliases and they have a matching account (i.e. user1@domain.com exists both as an alias and as an email account) in order to be able to send mail as well. No email is stored on DMS.

An example of this setup would be:

setup alias add @domain.com my.account@other.com
setup alias add user1@domain.com user1@other.com
setup account add me@domain.com
setup account add user1@domain.com

This has been working flawlessly for the last few years.

I am confused by the suggestions given here, https://github.com/docker-mailserver/docker-mailserver/issues/3262#issuecomment-1508619730, the second link shows instructions for exactly this, adding both an alias and an email address. How would we achieve this same functionality with the new update?

I feel like me and @bibiak1 are not the only ones using this feature.

Thank you for all the development throughout the years!

+1
diogotcorreia on May 14, 2023

I do not want gmail to login to the server to get emails

Why? With all due respect, we proposed a valid and working solution - if you do not want to take it, then don’t. If you do not trust Gmail, why use it in the first place? Please remember, this issue tracker is not for personal support, but for bugs or feature requests.

+1
georglauterbach on Apr 17, 2023

Please follow procedure to replicate the issue

I won’t, because as I already said, we do not support

root@mail:/# setup email add test1@domain.com
Enter Password: 
root@mail:/# setup alias add test1@domain.com test1@other.com

No point in going on. But thank you very much for making us aware of this flaw.

DMS says that I’m not able to add alias because recipient is part of it - which is untruth

This is indeed weird, but not a surprise because we are already in an undefined state when executing the commands above.

#3270 will resolve this. Then you can look over this issue again, properly read the feedback from @polarathene and apply it.

+1
georglauterbach on Apr 17, 2023

I am still not convinced. This:

root@mail:/# setup email add test1@domain.com
Enter Password: 
root@mail:/# setup email add test2@domain.com
Enter Password: 
root@mail:/# setup alias add test1@domain.com test1@other.com
root@mail:/# setup alias add test2@domain.com test2@other.com

is definitely something we do not support, as @polarathene said.

Your summary:

Summary: my patch is needed

is inadequate. There have been many issues in the past with people proposing a fix when the issue was somewhere else, so we need to investigate this thoroughly. I agree with @polarathene:

Why are you adding mail accounts as aliases? I don’t think we’re meant to allow for treating a mail account as an alias like that.

You want group-1 and group-2 aliases to both receive mail and send it to the test1 and test2 aliases or mail accounts? Or you expect to receive on DMS and store for their domain.com mail accounts there, and also relay to their @other.com?

Alias groups to both test mail accounts, and the external @other.com, but don’t alias the mail account? Maybe I am mistaken, but it doesn’t make sense to me why mail account and alias would overlap like this?

We need you to answer this first.

+1
georglauterbach on Apr 14, 2023
Read more comments on GitHub
← docker-mailserver: [BUG] opendmarc rejects mails that should be passed (SPF)
docker-mailserver: bug report: existing rspamd DKIM private key files are owned by dovenull instead of _rspamd user →