Alerts being bounced back due to multiple "To" instances in email headers.

[Hammer2804]

I have installed OSSEC server on ubuntu 18.04 with postfix for sending emails using an authenticated account. I found that a normal alert sends an email perfectly, but if I add an email address for a granular alert, the email gets bounced back by ISP's with a 550 error message saying there shouldn't be more than "one" To instance in the email header. After some testing, I found there were 2 instances, the email address set in the global section and the email address set in the granular alert section. Seems the email addresses need to be added by using a coma to separate them instead of adding them using the "To" function.

Bounced back from mail server - SMTP error from remote mail server after end of data: 550 Messages should have one or no To headers, not 2.

I received the alert email set in the global section but the same email sent to the email address set in the "email_alerts" section got bounced back.

If anybody can assist, it would be really great.

[mig5]

I'm reproducing this too. Google has started rejecting those mails with duplicate To headers:

"diagnosticCode":"smtp; 550-5.7.1 [xx.xx.xx.xx] This message is not RFC 5322 compliant, the issue is:\n550-5.7.1 duplicate To headers. To reduce the amount of spam sent to Gmail,\n550-5.7.1 this message has been blocked. Please review\n550 5.7.1 RFC 5322 specifications for more information.

It's a side-topic but I find it weird UX that the 'granular emails' also get sent to the global one anyway. To my mind/method of working the global is a fallback catch-all - the granular email options should override the global..