@luckow Thanks! didn't know SoGo can too, updated my post! 🙏

It would be an interesting feature to have the mailserver for a domain be able to recognize that a mailbox it is receiving for is elsewhere and redirects the connection there.

This would be at a higher level than where forwarding happens.

Just like when one moves IRL and tells the Post Office the new address.

Similar to 301/302 HTTP redirects.

@brutalbirdie ok, thank you - I've got the idea!

@girish thank you for your answer

@girish Wow that worked perfectly, thank you so much! 😊

@nebulon Thanks for helping me work through this!

@debossnow said in Cloudron on linode account Email ?:

The fact that Test emails out of my cloudron admin panel were successfully sent and the reply from my other website email was received back DOES THIS MEAN that the 3 email ports in my Linode instance are already OPEN?

I think this is most likely the case. The email was sent straight from your Cloudron server, this means linode opened up the ports.

Cloudron won't bypass linode email server ports unless you setup a relay (Email -> Select a domain -> Outbound). Please see https://docs.cloudron.io/email/#relay-outbound-mails

@jodumont said in Catch-all aliases:

@girish said in Email aliases on different domains:

inter-domain aliases

but those 2 domains (email@domain1.tld and email@domain2.tld) can't have a catchall unless I configure a mailbox for it.

Of course, otherwise where would it catch the catchall emails.

I believe it would be nice a have the possibility to have a catchall@* or at least to be able to configure the catchall@ with another domain such as catchall@domain1.tld redirected to email@domain.tld

This is a great idea though.

@girish Hi there. Thanks for checking into this for me.

I had a suspicion that the spam engine was verifying, since I did see those fields in the Spam results headers. However I think it's also useful to have Haraka add the headers as well. It would add very little overhead and will add additional detail that the spam header doesn't contain about the DKIM verification (such as which signature failed or passed, since an email can contain multiple).

In regards to DMARC. I don't believe this would be risky at all if implemented in the following manner:

No DMARC record found, take no action. DMARC found, DKIM/SPF aligned, take no action DMARC found, DKIM/SPF alignment fails, but p=none, take no action. DMARC found, DKIM/SPF alignment fails, but p=quarantine, move to spam folder DMARC found, DKIM/SPF alignment fails, p=reject, dev/null the mail. If you don't like the risk of this, push it to spam instead... or make it a cloudron option under Settings.

Thanks for listening.

Problem solved by install all three instances into one and bought a license from cloudron. Now it works 😉

@d19dotca thank you, I appreciate your quick response and correcting on the wrong topic!

I did the search indeed, but I guess it was a wrong search query 😃

@artd2019 Currently Cloudron does not offer (a documented) "whitelist" / "allow list" function, so there is no way to guarantee deliverability of an incoming email. There is a feature request for it already that I'd encourage you to upvote. Version 6.3 coming in the not too distant future is supposed to deliver on many of the email improvements users have been clamouring for (including myself).

One thing you can do if you're not already is making sure to remove those emails from the Junk / Spam folder in order for SpamAssassin to unlearn the message as spam. Eventually after a sufficient number of them, it'll learn that those emails are not spam and will decrease the BAYES probability of it being spam.

On a related topic, you may want to consider enhancing your SpamAssassin rules list from the defaults, specifically in your case the BAYES_## rules perhaps as I have offered previously in this forum.

@girish Cool, thank you kindly. It's just for incoming mail to those addresses for the time being, but I may add auto-responders from them as well at some point.

For interest, I'm setting up all sorts of automations in EspoCRM, so tasks@domain.com will create a Task record and auto-reply to confirm it's been created. Doing similar for other data objects to.

Thing is some apps store the email (just like they store username) in the database. This means that when you change the email in Cloudron, it doesn't change in the app (depends on the app). So, just to keep things easier across apps, we decided to keep login username based as much as possible (since in Cloudron, you cannot change the username, we don't have a problem).

@girish I think that would be a good change.

I also think I should have gone through the Troubleshooting document sooner 😸 :

https://docs.cloudron.io/troubleshooting/

Thanks!

@subtlecourage said in Outbound SMTP not working on my External Relay:

It says it should be coming from noreplay@domain.com, but instead it is coming from imanalias@domain.com

Can you clarify what you mean by "it says"? Is there some error/warning somewhere? Also, I assume that you have put a custom domain in fastmail and also fastmail is able to relay mail as any email address i.e <anything>@domain.com ?

@d19dotca Sadly, they do match. I'm guessing it's something with my current setup that's acting funny. I'll ignore it for now since I plan on migrating either to the new Contabo server that I got or upgrading my current one at DO to Ubuntu 20.04. I just thought it was a wrong setting on my part.

Thank you for looking into this and for sharing the custom spam rules! I know you've put a lot of time into that 👍

2443c4d7-ec13-4149-add3-28e1e7ad48ed-image.png

@d19dotca Perhaps even a per-app option, as in "Check for spam sent from this app."

@girish said in Email into apps - DNS/MX/CNAME/TXT:

You have to setup the CNAME/TXT for the root domain and not for my.example.com. You don't have to set it up for each app individually

Thank you. That was my main issue.

@girish what about just a normal organization level rights separation?
I mean - it's really two different set of roles:

1st line support, dealing with mailboxes 2nd or 3rd, making sure the system and services are up and running.

I don't need hiding anything, I just want to ensure my users can manage they mailboxes and users for they own.

For now I have to temporary give admin permissions to the 1st line and that's kind of risky...

Thanks, I have put a note in https://docs.cloudron.io/email/#autoconfigxml

There is a "Spam" filter type in next release - 6.4

@d19dotca since we had some recent timeout issue with the services view (and mail being a service here) it could be that also here the mail container or the server overall is busy during that time and thus the search queries timeout. If you see this happening again, a look into the system/box logs as well as mail service logs should reveal this then.

DNSBLs are configurable in 6.4

I just realized part of this is a duplicate of one that @marcusquinn filed earlier for Add a setting for sendmail limits per mailbox per day

For reference, Haraka has a greylisting function built in: http://haraka.github.io/plugins/greylist/ - and it works with the DNSWL / whitelist which we should enable too. That way if an IP is on the DNSWL, it automatically skips any greylisting attributes.

@girish said in Change to the DKIM record hostname in recent version, caused by new feature or from using NO-IP domain provider?:

If it was random, I was afraid there is still a possibility that they can conflict across servers

Great point - that makes sense. Thanks Girish.

Side note: I think it'd still be great for the OCD in some of us to be able to regenerate the DKIM record on demand so it not only follows the new hostname pattern in Cloudron but also generates a new key if desired too.

@nebulon thank you! worked perfectly fine and is very helpful 😄

@mdreira said in Lightmeter - Mail server delivery monitoring:

What mail server does Cloudron use? Exim?

This is what Cloudron uses for smpt: https://haraka.github.io/

@nebulon Will do, thanks!