Pigeonhole Sieve Vacation Reply-To peculiarity with inbound AWS-SES
Dr. Rolf Jansen
dovecot-rj at cyclaero.com
Wed Feb 8 12:42:01 UTC 2023
> Am 08.02.2023 um 09:27 schrieb Stephan Bosch <stephan at rename-it.nl>:
>> On 8-2-2023 13:10, Dr. Rolf Jansen wrote:
>>> Am 08.02.2023 um 08:37 schrieb Stephan Bosch <stephan at rename-it.nl>:
>>>
>>> https://doc.dovecot.org/settings/pigeonhole-ext/vacation/#pigeonhole_setting-sieve_vacation_send_from_recipient
>>>
>>> On 7-2-2023 15:01, Dr. Rolf Jansen wrote:
>>>> To begin with, usage of Amazons Simple Email Service (SES) is mandatory for outgoing mails from AWS-EC2 instances. The Pro is, it does work and we may utilize email relays with high reputation for our outgoing mails at no additional costs. The Con's are that (A) SES does not relay mails with empty <> MAIL FROM addresses and (B) it fiddles with the envelope addresses of the relayed mails.
>>>>
>>>> Anyway this is out of our control, and while I could avoid (A) by switching the e-mail service provider, I still have no control over (B) because this affects replying to emails from others using AWS-SES.
>>>>
>>>> Problem A) The empty-MAIL-FROM may be effectively addressed by setting Pigeonhole’s sieve_vacation_send_from_recipient to ‚yes‘.
>> Yes that’s important for resolving problem A, and I wrote this already (s. above).
>>
>> Without my patch, problem B remains unresolved, though.
>
> Oh, right..let's say it's early here.
> Your patch seems a bit risky though. It will try to send replies to whatever is in sender, resent-from, or from header (whichever is found first in that order), without considering where it might have actually come from. Just hoping that MTA in between checks whether headers match the envelope, before it is mangled by AWS.
There is this yet undocumented commit from from 2017:
https://dovecot.org/list/dovecot-cvs/2017-August/028917.html
My guess is that this was intended to resolve problem B, but it was not effective, because the envelope sender always made it into the variable smtp_to.
My patch only finishes this new setting from 2017. With the patch in place we my switch between the two options by said new setting from 2017:
-- sieve_vacation_to_header_ignore_envelope = yes
reply to whatever is in sender, resent-from, or from header.
-- sieve_vacation_to_header_ignore_envelope = no (the default option)
reply to the envelope sender
That said, I did not do an in-deep analysis of the code of Pigeonhole. There may well be better places for fixing of sieve_vacation_to_header_ignore_envelope is falling short.
More information about the dovecot
mailing list