Mailu: Sending via an alias leaks mailbox address/login

Created on 27 Apr 2020  ·  4Comments  ·  Source: Mailu/Mailu

When a mail is sent by an alias, the mail header contains information about the original address/login.

ARC-Authentication-Results: i=1;
    example.com;
    auth=pass [email protected] [email protected]

Is there anything that can be done about that?

typbug

Most helpful comment

Hi There,

The Mailu-Project is currently in a bit of a bind! We are short on man-power, and we need to judge if it is possible for us to put in some work on this issue.

To help with that, we are currently trying to find out which issues are actively keeping users from using Mailu, which issues have someone who want to work on them — and which issues may be less important. These a less important ones could be discarded for the time being, until the project is in a more stable and regular state once again.

In order for us to better assess this, it would be helpful if you could put a reaction on this post (use the :smiley: icon to the top-right).

  • 👍️ if you need this to be able to use Mailu. Ideally, you’d also be able to test this on your installation, and provide feedback …
  • 🎉 if you find it a nice bonus, but no deal-breaker
  • 🚀 if you want to work on it yourself!
    We want to keep this voting open for 2 weeks from now, so please help out!

All 4 comments

Hi There,

The Mailu-Project is currently in a bit of a bind! We are short on man-power, and we need to judge if it is possible for us to put in some work on this issue.

To help with that, we are currently trying to find out which issues are actively keeping users from using Mailu, which issues have someone who want to work on them — and which issues may be less important. These a less important ones could be discarded for the time being, until the project is in a more stable and regular state once again.

In order for us to better assess this, it would be helpful if you could put a reaction on this post (use the :smiley: icon to the top-right).

  • 👍️ if you need this to be able to use Mailu. Ideally, you’d also be able to test this on your installation, and provide feedback …
  • 🎉 if you find it a nice bonus, but no deal-breaker
  • 🚀 if you want to work on it yourself!
    We want to keep this voting open for 2 weeks from now, so please help out!

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

I have found a solution for the problem here by adding an override.

milter_headers.conf mounted into the rspamd-container

authenticated_headers = ["authentication-results"];
skip_local = false;
skip_authenticated = false;

use = ["x-spamd-bar", "x-spam-level", "x-virus", "authentication-results"];

routines {
  authentication-results {
    add_smtp_user = false;
  }
  x-virus {
    symbols = ["CLAM_VIRUS", "FPROT_VIRUS", "JUST_EICAR"];
  }
}

Thank you for sharing the workaround. I will have a look at this. I understand you do not want to leak the main email address when sending via an alias.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

c-holtermann picture c-holtermann  ·  3Comments

hoellen picture hoellen  ·  4Comments

binaryfire picture binaryfire  ·  3Comments

gizocz picture gizocz  ·  4Comments

Yermo picture Yermo  ·  3Comments