purelymail-issues icon indicating copy to clipboard operation
purelymail-issues copied to clipboard
verified publisher icon ScottPeterJohnson

best practice for sending from a routing alias

Open ebblake opened this issue 2 years ago • 4 comments

I've just switched to purelymail.com, and it is mostly doing what I need. However, I just ran into a situation that previously worked with my previous MX host (gandi.net) that failed under purelymail.

Back-story: since I administer my own domain, I love that I can create as many aliases as I want. More importantly, I have distinct mailboxes; including one for mail to me, and one for mail to my wife. So one of my first tasks was to tie my own domain to my purelymail account (names changed below to prevent spam), and create two mailboxes: [email protected], [email protected]. Then I created a routing rule that distributes mail sent to [email protected] to redirect to '[email protected],[email protected]'. So far, so good - this matches what gandi.net let me do by setting up the 'both' alias tied to both the 'me' and the 'wife' mailbox - incoming mail to that address is copied to both our inboxes, where we can each mark the mail read on our own terms. But when I then tried to send an email claiming to be 'From: [email protected]', I got an error from smtp.purelymail.com stating "SMTP session failed: 530 5.7.1 You ([email protected]) are not authorized to send mail as [email protected]". This was something I used to be able to do without any effort with my previous MX (although it could conceivably have been a case of my SPF rules being too lax - and I have no idea if I could have sent mail as [email protected] under their old setup).

I'm guessing I could set up a dummy '[email protected]' inbox plus a per-box sieve filter that redirects all incoming mail to split out to both intended recipient boxes, as well as configure neomutt so that when the intended From: alias is both@, then log in to SMTP under the '[email protected]' username rather than the '[email protected]' username - but I didn't find anything in the docs mentioning that. And that doesn't scale - while it would let me choose which alias I use in my outgoing mails, my wife can't easily send mails from the same alias without duplicating the dual-SMTP login setup on her preferred email setup, as well as setting up a password into the [email protected] account that we can both share.

Even better, it would be nice if the validation for what From: lines I'm able to use in outgoing mail could look at existing routing rules, and/or if the account admin could list permitted sending aliases associated with each mailbox. Since I already have a routing rule in place, it would be awesome if, while logged in as '[email protected]', I can send mail as either '[email protected]' or as '[email protected]' (either because [email protected] is included as one of the recipients in the [email protected] routing entry, or because I added '[email protected]' as a permitted sender alias to the '[email protected]' mailbox), but NOT send mail as '[email protected]'. Likewise, when my wife logs in as '[email protected]', it would be awesome if she can send mail as '[email protected]' or '[email protected]', but not as '[email protected]'. That would be a code change rather than a best-practice documentation change, so I can understand if it is harder to implement, but I hope I'm presenting the case well enough.

ebblake avatar Dec 01 '23 22:12 ebblake

TLDR fully, but I think you can set up that at Account -> Sending Address Restrictions. You don't need a real user named both, just your two normal users and add two records beside the Default Purelymail Rules, one for each real user with Matching user name both and select your example.com domain in the lower dropdown. This will let both users send email in their names as usual and also with a From header [email protected]. Should look like this: example (It's a bit misleading as the UI says Matching user name but in this case both is not a user.)

terba avatar Dec 31 '23 16:12 terba

That looks like it does what I wanted. I was looking under Users, not Account, which explains why I couldn't find it. It may still be worth adding better documentation, but since the feature appears to work, I'm also okay if this gets closed.

ebblake avatar Jan 17 '24 03:01 ebblake

Sorry for the late reply (I'm extra slow at Github issues it seems). As terba pointed out, controlling who can send as what is what the Send As is for. It is a bit awkwardly under the Account section, I might have to rethink how it's laid out.

Usually though you have to enable Send As restrictions before the system will ever give you a "You are not authorized to send as" error for an address you own on any user account you own, so probably you enabled it at some point and forgot or didn't realize what it did?

(It's a bit misleading as the UI says Matching user name but in this case both is not a user.)

The verbiage is pretty unsatisfying. In "address@domain", address is usually the "local part"- but if I put that down, nobody would know what it meant. But "user" can be misunderstood as an actual user too. In this case I guess it can just say "Matching"...

ScottPeterJohnson avatar Jan 17 '24 09:01 ScottPeterJohnson

I think I realized what it did when I enabled it as part of first creating my account (I very much don't want my wife spoofing my email address, and I'm sure she doesn't want me spoofing hers), but I failed to realize the knock-on consequences (as long as aliases aren't automatically supported by the default rules, then I need to manually add additional rules duplicating what aliases I've installed, so that we can both send as '[email protected]'). Changing the UI to say "Matching..." would make sense to me.

ebblake avatar Jan 26 '24 15:01 ebblake