verifying sender domains

SMTP email proxy and relay server

Brought to you by: graeme_walker

#42 verifying sender domains

Milestone: Next Release (example)

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2025-04-29

Created: 2025-04-27

Creator: Jay

Private: No

Fantastic product, really impressed. We use it to accept legacy apps that typically send unauthenticated email and relay messages to M365. If you could offer a support contract would be happy to look into paying for this.

The issue I have is that we have a half a dozen email domain that we user, it would be good to have a simple verifier listing several approved domain names. I'm sure we aren't allow as typically most orgs have half a dozen domains that legacy apps (which we cant modify) need to send out.

Discussion

Graeme Walker - 2025-04-28

Thanks for your kind comments. I'm not completely clear what you are after though. Do you need to check the envelope-from address (ie. MAIL FROM) and reject the message if the domain part is not in the approved list? Or perhaps do a mapping from the legacy app's envelope-from address to one that is allowed?

If emailrelay is doing simple store-and-forward you can use a "--filter" script (or "--client-filter") to check any part of an email message, including submitter's IP address, EHLO domain, envelope-from address, "From:", "Sender:" and "Reply-to:" headers. The filter can also choose between multiple accounts to use when forwarding to (eg) M365. Which of those is relevant in your case?

I can't offer support on a contractual basis, but this as this is open source you just need to find someone with the relevant skill set. There might even be some subscribers to these tickets who would be interested. What country are you in?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jay - 2025-04-28

Thanks Graeme, I basically forwarding messages onwards via a smarthost (M365) and I just need to reject any message if the domain part is not in the approved list. Unfortunately I have to use Windows, do you have any example scripts I can use ( PowerShell would be preferable) .

Thanks in advance

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Graeme Walker - 2025-04-29

I've attached a javascript (or rather MS JScript) filter script. I normally use perl for scripting and I've never taken to powershell, I'm afraid.

The script examines the envelope-from address and all envelope-to addresses and then rejects the message if any domain is not in the hard-coded list.

You will need to edit the list of allowed domains and possibly delete either the 'check envelope-from' section or the 'check envelope-to' section depending on your requirements.

emailrelay-check-address-domains.js

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jay - 2025-04-29

Many thanks Graeme

PS Would it make sense to have a section on the website to list a list of common scripts, such as the one you developed?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.