Unable to normalize the sender address. Seems to break sender verification with Outlook, or something?

[reivilibre]

Describe the bug

This is a complicated issue, but I'm having trouble sending e-mail from [email protected] to [email protected].

Neither of those use Maddy (as far as I know!) but [email protected] is set to redirect to [email protected].

[email protected] goes to an Exim server (I think), which then redirects to the 'right place' — for most new people, this is the MS Outlook inbox that's part of the university's Office365 deal, but for me, I have it configured to go to [email protected]. (Some departments, such as department.university.tld have it going to another server and this server handles the rewriting for them.)

MS Outlook is configured to believe that it is authoritative for @myuniversity.tld so I also had to configure an Outlook forwarding rule to redirect [email protected] to [email protected] within Outlook (otherwise e-mail sent from Outlook goes to Outlook and not the university's authoritative server, since I also have an Outlook inbox). [ I think this is a broken setup but the university disagreed when I tried to point it out to them. ]

Since a few days ago (since about last week), it turns out that my e-mails to [email protected] are going missing, silently.

The only line of text that I get in the log (even with debug logging) is:

maddy[3317963]: smtp: MAIL FROM error (deferred)        {"msg_id":"","rcpt":"[email protected]","reason":"Unable to normalize the sender address","smtp_code":553,"smtp_enchcode":"5.1.7","smtp_msg":"Unable to normalize the sender address"}

I send e-mail using the Outlook exchange server.

I thought that a bounce might be being generated but then getting denied by my maddy server, so I told Outlook to keep a copy of any forwarded e-mail.

I then get a bounce e-mail like:

A security check at department.myuniversity.tld failed due to misconfigured settings at myuniversity.tld.

How to Fix It

The recipient's email server at department.myuniversity.tld performed a security check against your message and the check failed. To fix this, forward this non-delivery report (NDR) to your email admin.

This sounds like a university configuration issue, but: nobody else has this issue as far as I know, and I have the following message underneath that:

Reported error: 550 5.7.363 Remote server returned sender verification failed -> 550 Verification failed for <[email protected]>;Called: 79.143.178.141;Sent: RCPT TO:<[email protected]>;Response: 553 5.1.7 Unable to normalize the sender address;Sender verify failed

DSN generated by: | CWXP265MB3752.GBRP265.PROD.OUTLOOK.COM
Remote server: | ****.***.myuniversity.tld

I can't honestly say if this is an issue with Maddy or not but I was hoping you might have some idea? It seems like it's trying to probe something but I'm really out of my depth here.

Steps to reproduce

• Have a terribly convoluted system like the above

I honestly don't think this is easy to reproduce, there's so much going on >.<.

Configuration file

Edit: https://drop.q.tanukitsu.net/EdjKczdA

Environment information

maddy 0.4.3+cd1d527 linux/amd64 go1.14.7

default config: /etc/maddy/maddy.conf
default state_dir: /var/lib/maddy
default runtime_dir: /run/maddy

[foxcpp]

Oh snap, the log message does not include the actual sender address it fails to normalize.
Might Outlook be sending bounces using empty address as FROM? That's a bad bug at maddy side then if it fails to handle this... Most likely this is the case.

[reivilibre]

What I don't understand is why there's a bounce in the first place :|.

I have opened a ticket with the University IT services, but wouldn't get too optimistic about that.

This whole situation occurs when I send e-mail from Outlook to a system not involving Maddy at all; it obviously seems to be trying to check something but what? ...

[reivilibre]

The most important issue is that internet mail standards (defined in formal documents called RFCs) require servers to accept mail with an empty sender address, which is part of the mechanism of sender verification and bouncing of messages

I saw this in a search result for 'outlook sender verification empty mail from', belonging to this page: http://www.sussex.ac.uk/its/help/faq?faqid=1101

I suspect you are more knowledgeable about this than me from here, though

[reivilibre]

When a mail message is received by the Sussex mail server it makes a call-out back to the sender's mail server to see if it will accept bounced email for the sender's address.

aahh....

I suppose department.myuniversity.tld must have recently configured something like this. They receive a lot of spam to mailing lists so it would make sense that they tried to do something to avoid it.