Cannot send emails with SPOOF_PROTECTION=1

## Context


I have an OpenLDAP server ([osixia/openldap](https://hub.docker.com/r/osixia/openldap/) with the [postfix-book.schema](https://github.com/variablenix/ldap-mail-schema/blob/master/postfix-book.schema) added manually - seems like the version from your repository is [a bit different](https://www.diffchecker.com/tYsK8ILf), but this shouldn't change anything regarding this issue), with a user called `uid=momarqua` and `mail=moritz.marquardt@obelix.example.org`. The filters in `docker-compose.yml` are set as follows:

```yaml
LDAP_QUERY_FILTER_USER: (&(mail=%s)(mailEnabled=TRUE))
LDAP_QUERY_FILTER_GROUP: (&(mailGroupMember=%s)(mailEnabled=TRUE))
LDAP_QUERY_FILTER_ALIAS: (&(mailAlias=%s)(mailEnabled=TRUE))
LDAP_QUERY_FILTER_DOMAIN: (&(|(mail=*@%s)(mailalias=*@%s)(mailGroupMember=*@%s))(mailEnabled=TRUE))
DOVECOT_USER_FILTER: (&(objectClass=PostfixBookMailAccount)(|(mail=%u)(mailalias=%u)(uid=%n)))
DOVECOT_PASS_FILTER: (&(objectClass=PostfixBookMailAccount)(|(mail=%u)(mailalias=%u)(uid=%n)))
DOVECOT_PASS_ATTRS: uid=user,userPassword=password
SASLAUTHD_LDAP_FILTER: (&(|(mail=%U)(mailalias=%U)(uid=%U))(mailEnabled=TRUE))
```

I can receive emails without issues, I can send emails without issues, but as soon as I set `SPOOF_PROTECTION=1`, an error occurs.

## Expected Behavior
I should be able to send email as `moritz.marquardt@obelix.example.org`, or at least as any of `momarqua@obelix.example.org`, `moritz.marquardt@example.org` or `momarqua@example.org`, obviously given that I change the `mail` attribute in LDAP to the corresponding address.

## Actual Behavior

I get the following error message:

```
Dec 14 21:52:07 mail postfix/submission/smtpd[1751]: NOQUEUE: reject: RCPT from
port-1-2-3-4.dynamic.as20676.net[1.2.3.4]: 553 5.7.1 <moritz.marquardt@obelix.
example.org>: Sender address rejected: not owned by user momarqua@example.org;
from=<moritz.marquardt@obelix.example.org> to=<test@example.com> proto=ESMTP
helo=<[10.0.0.130]>
```

## Possible Fix

The workaround I'm using is to just disable `SPOOF_PROTECTION`, which obviously isn't a fix at all.

## Steps to Reproduce


TBD

## Your Environment

* Amount of RAM available: 24 GB (~20 GB free)
* Mailserver version used: `tvial/docker-mailserver:latest` pulled on 2019-12-15
* Docker version used: `18.09.6, build 481bc77`
* Environment settings relevant to the config: see **Context** above
* Any relevant stack traces ("Full trace" preferred): see **Actual Behaviour** above
* Also see #892 for a similar issue from 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Cannot send emails with SPOOF_PROTECTION=1 #1340

Context

Expected Behavior

Actual Behavior

Possible Fix

Steps to Reproduce

Your Environment

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Cannot send emails with SPOOF_PROTECTION=1 #1340

Description

Context

Expected Behavior

Actual Behavior

Possible Fix

Steps to Reproduce

Your Environment

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions