Allow sending from alias sub-addresses (Recipient Delimiter)ย #7057
Description
Summary
I am migrating from a custom Postfix/Dovecot setup where I use a combination of aliases and recipient delimiters (e.g., + or .) for service-specific tracking.
Example Scenario:
- Recipient Delimiter:
. - Alias:
anon@example.comโ forwards tomail@mydomain.com - Sub-addresses used:
anon.service1@example.com,anon.service2@example.com, etc.
While mailcow handles receiving for these sub-addresses perfectly, it fails on sending. Even if the user is authorized to send as anon@example.com, attempting to send as anon.service1@example.com results in:
"Sender address rejected: not owned by user mail@mydomain.com".
Mailcow should handle sending and receiving symmetrically regarding alias sub-addressing. If a user has "Send as" permissions for an alias, they should automatically be authorized to send from any sub-address derived from that alias (i.e., any address that resolves to the alias after stripping the recipient delimiter).
Currently, the only workaround is to disable sender checks for the entire domain in the mailbox settings. This is a security regression as it bypasses the fine-grained sender authorization that mailcow otherwise provides.
If a fully automated symmetrical implementation is too complex, a viable alternative would be to allow wildcards in the sender ACLs (e.g., anon.*@example.com). This would provide the necessary flexibility while still maintaining better security than disabling sender checks entirely.
Motivation
This feature would bring mailcow's outbound logic in line with Postfix's inbound recipient_delimiter behavior, allowing for seamless use of dynamic sub-addresses without manual alias creation or disabling global security checks.
Additional context
Note on my configuration:
I have configured . as the delimiter in postfix/extra.cf and dovecot/extra.conf, as the default + is often rejected by poorly implemented web forms. However, this issue is independent of the specific character used; it can be reproduced using the default + delimiter as well.