Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Subaddressing with a regex ? #10

Closed
X-Ryl669 opened this issue Jul 18, 2023 · 7 comments
Closed

Subaddressing with a regex ? #10

X-Ryl669 opened this issue Jul 18, 2023 · 7 comments

Comments

@X-Ryl669
Copy link

While looking at the code, it seems subaddressing is based on the scheme "[email protected]". This reveals the actual account and is known by spammer so they drops anything after the "+" sign anyway.

Would it be possible to use a regex here to split the string instead ?

My actual email server allows to use a regex here, so it can behave like gmail is doing (ignoring any dots in the user name ("a.b" is similar to "ab") or like I prefer, using dot as a separator ("[email protected]") with spammer changing for each site I'm registering upon.

The configuration would be a pair:

  1. Regex to match against (if it matches, the subaddressing is accepted)
  2. Email account to use instead

So instead of "[email protected]", the configuration would be ("/jane\+([^@]+)@domain.org", "[email protected]")
This could allow a much more useful feature like ("/spam\.([^@]+)@domain.org", "[email protected]") that's not revealing the underlying account name.
@mdecimus
Copy link
Member

Would it help if the subaddressing character was customizable? For example:

[directory."sql".options]
#subaddressing = '+'
subaddressing = '.'

This is something that could be implemented really quick. If you need more advanced rules, an elegant way to do this is to use the SMTP address rewriting rules which are going to be released soon.

@X-Ryl669
Copy link
Author

I'm not sure it would fit. The main issue for me with the current mode is that it contains the true address/account of the user, so once the rule is known, it becomes useless (like + or . for gmail).

Changing the split's char to a dot wouldn't work here since all other email that have this char becomes invalid then ("[email protected]" and "[email protected]" both becomes "[email protected]").

I guess I'll have to wait for the address rewriting rule then. Thank you for your answer.

@mdecimus
Copy link
Member

Hi @X-Ryl669 ,

Your suggestion to use regex to perform subaddressing is now possible in Stalwart Mail Server v0.3.2. And, most importantly, this release supports address rewriting with both regular expressions and sieve scripts.

If you have any other suggestions please let me know!

@X-Ryl669
Copy link
Author

Thanks!

BTW, there's an error in the documentation's regex:

[session.to]
rewrite = [ { if = "rcpt", matches = "^([^.]+)@([^.]+)\.(.+)$", then = "${1}+${2}@${3}" }, 
            { else = false } ]"

should read

[session.to]
rewrite = [ { if = "rcpt", matches = "^([^.]+)\.([^.]+)@(.+)$", then = "${1}+${2}@${3}" }, 
            { else = false } ]"

The former would have transformed [email protected] to bob+example@com which is illogical. The latter transform [email protected] to [email protected] which would be more logical.

@mdecimus
Copy link
Member

Perhaps the example should clarify this better. That rewrite rule is converting a subdomain into a subaddress. For example, you could the MX record *.example.com pointing to your server and then convert [email protected] to [email protected] so it is accepted as a subaddress. Just an example of another way of hiding the address from spammer.

BTW, could you share the name of the SMTP server that had support for regex subaddressing?

@X-Ryl669
Copy link
Author

X-Ryl669 commented Jul 28, 2023
edited
Loading

Well, the regex in the document is still dangerous. Maybe ([^.]+)\.([^.]+)\.(.+)$ would have been better since it wouldn't match example.com.

Anyway, I'm using Haraka (which is a NodeJS based SMTP server that's easily configurable). I've configured that way.

It's quite simple to do and very useful for all the trash email address required on the web today for any service.

I'm quite satisfied with this solution, except for one PITA: it still depends on the will of the final SMTP server (my personal email is from a ISP) and my ISP silently drops email it considers as spam. Since I monitor the Haraka queue, I can prove some genuine mails are trashed and never reach my inbox or spam folder. I think this is almost illegal, and it caused many issues to me, so I want to set up my own email server from SMTP to JMAP Webmail. I know the hell it will be for my outgoing email to be accepted from major SMTP server, but I want to try it.

I'm monitoring Stalwart since many months and I think it's now time to set it up on one domain to test to see if it fits my needs.

@mdecimus
Copy link
Member

Anyway, I'm using Haraka (which is a NodeJS based SMTP server that's easily configurable). I've configured that way.

Thanks! I checked their plugins list and there are some nice ones there. Most of them can be implemented as Sieve scripts so it should be quite easy to release them as Sieve plugins.

I'm monitoring Stalwart since many months and I think it's now time to set it up on one domain to test to see if it fits my needs.

Perfect, feel free to open new issues with any other suggestions you might have.

@mdecimus mdecimus mentioned this issue Jul 8, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@X-Ryl669 @mdecimus