mail(tripit): send From: plans@viktorbarzin.me instead of spam@
tripit outbound (linked-email verification + trip-share invites) was sent From: spam@viktorbarzin.me. Switch the From to plans@viktorbarzin.me while keeping SMTP auth as spam@ (its password, unchanged). docker-mailserver SPOOF_PROTECTION (reject_sender_login_mismatch) requires the authed login to "own" the From; the @viktorbarzin.me catch-all does NOT grant that per-address, so add an explicit `plans@ -> spam@` virtual alias to authorize it (also keeps inbound plans@ routing to spam@ for the mail-ingest poller). tripit SMTP_FROM flips to plans@. Verified: sender-login probe (auth spam@, MAIL FROM plans@) now 250 (was 553); a real send from the tripit pod logs from=<plans@viktorbarzin.me> accepted. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
parent
bc33cd5ac4
commit
febf12bddd
2 changed files with 16 additions and 5 deletions
|
|
@ -3,3 +3,10 @@ closely-keith-generated@viktorbarzin.me vbarzin@gmail.com
|
||||||
literally-paolo-generated@viktorbarzin.me viktorbarzin@fb.com
|
literally-paolo-generated@viktorbarzin.me viktorbarzin@fb.com
|
||||||
hastily-stefanie-generated@viktorbarzin.me elliestamenova@gmail.com
|
hastily-stefanie-generated@viktorbarzin.me elliestamenova@gmail.com
|
||||||
vaultwarden@viktorbarzin.me me@viktorbarzin.me
|
vaultwarden@viktorbarzin.me me@viktorbarzin.me
|
||||||
|
|
||||||
|
# plans@ -> spam@: authorizes tripit (SMTP-authed as spam@) to send mail
|
||||||
|
# From: plans@viktorbarzin.me under docker-mailserver SPOOF_PROTECTION (the
|
||||||
|
# smtpd_sender_login_maps union exact-matches this alias to spam@; the @domain
|
||||||
|
# catch-all does NOT, so an explicit entry is required). Also keeps inbound
|
||||||
|
# plans@ routing to spam@ for the tripit mail-ingest poller.
|
||||||
|
plans@viktorbarzin.me spam@viktorbarzin.me
|
||||||
|
|
|
||||||
|
|
@ -38,15 +38,19 @@ locals {
|
||||||
PUSH_PROVIDER = "webpush"
|
PUSH_PROVIDER = "webpush"
|
||||||
LLM_MODE = "fake"
|
LLM_MODE = "fake"
|
||||||
MAIL_INGEST_ENABLED = "false"
|
MAIL_INGEST_ENABLED = "false"
|
||||||
# Outbound mail for linked-email verification — submitted via the cluster
|
# Outbound mail (linked-email verification + trip-share invites) — submitted
|
||||||
# mailserver as spam@ (which relays out via Brevo). SMTP_PASSWORD comes from
|
# via the cluster mailserver authenticated as spam@ (SMTP_USER), but sent
|
||||||
# tripit-secrets (mapped to the existing PLANS_IMAP_PASSWORD). PUBLIC_BASE_URL
|
# From: plans@viktorbarzin.me (SMTP_FROM). docker-mailserver SPOOF_PROTECTION
|
||||||
# builds the confirmation link mailed to the address.
|
# requires the login to "own" the From; an explicit plans@ -> spam@ virtual
|
||||||
|
# alias grants that (see mailserver extra/aliases.txt) and keeps inbound
|
||||||
|
# plans@ routing to spam@. Relays out via Brevo. SMTP_PASSWORD comes from
|
||||||
|
# tripit-secrets (the existing PLANS_IMAP_PASSWORD = spam@'s password).
|
||||||
|
# PUBLIC_BASE_URL builds the links mailed to recipients.
|
||||||
EMAIL_PROVIDER = "smtp"
|
EMAIL_PROVIDER = "smtp"
|
||||||
SMTP_HOST = "mailserver.mailserver.svc"
|
SMTP_HOST = "mailserver.mailserver.svc"
|
||||||
SMTP_PORT = "587"
|
SMTP_PORT = "587"
|
||||||
SMTP_USER = "spam@viktorbarzin.me"
|
SMTP_USER = "spam@viktorbarzin.me"
|
||||||
SMTP_FROM = "spam@viktorbarzin.me"
|
SMTP_FROM = "plans@viktorbarzin.me"
|
||||||
PUBLIC_BASE_URL = "https://tripit.viktorbarzin.me"
|
PUBLIC_BASE_URL = "https://tripit.viktorbarzin.me"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue