Freescout allows (and defaults to) sending mails from invalid addresses if the *incoming* aliases setting is used

[DavidAnderson684]

In the "Edit mailbox settings", there is a setting "Aliases".

The description for this setting is "Aliases are other email addresses that also forward to your mailbox address."

Accordingly, we listed some aliases here. (The project had historically given out a few different contact addresses to users to receive support, so on moving to Freescout, we made these all aliases for the support mailbox).

However, a recent Freescout update (we're now on 1.8.75) has begun doing something more than is described in the setting description above:

• Providing a drop-down menu of email addresses to send replies from
• Defaulting to choosing the email address that the email was sent to (rather than the mailbox email address)

This default is wrong, but our support team were unaware of the implications of it - they carried on sending support replies without adjusting the default. As a result, the emails just remained in the Freescout queue until they timed out. This was because the SMTP settings for the outgoing email on the mailbox only allowed the mailbox's own email address to be used - not the address of any other email address that was forwarding into it.

Arguably, a setting which is labelled "Aliases are other email addresses that also forward to your mailbox address" would not be expected to cause changes to outgoing mails. In our case, doing so broke things. We don't want it to be even possible for a support agent to choose a different outgoing address, because this can't work. The SMTP password is linked only to the mailbox email address.

[Moongazer]

This depends on the mailbox server configuration. Our mail-server for example accepts any non-existing FROM address for sending, because the SMTP authentication over SSL makes sure, that only a valid account can send mails. So it trust things coming from this connection.

With this setting any alias can be configured. But one has to make sure, that there exist a mail-forwarding to the real mailbox, so people can also send mails to alias-addresses.

[DavidAnderson684]

It's perfectly valid to have incoming email aliases that are also either not allowed or not desired as outgoing aliases.

But in any case, the point is that Freescout presents an option that it describes as being to handle incoming aliases, and then uses them as outgoing addresses. We want all our outgoing mails to go from the mailbox address, which happened as desired until a recent release, and outgoing settings should not depend (much less, silently) on incoming ones.

[freescout-helpdesk]

We can disable possibility to reply from Aliases by default and add an option enabling this possibility.

@Moongazer @afawaz2 @sideshot Is this option needed for each individual mailbox or one global option enabling replying from Aliases would be enough?

[Moongazer]

We can disable possibility to reply from Aliases by default and add an option enabling this possibility.

That will be a good solution! I see this as individual mailbox setting, because mailbox A (on server A) might have a totally different alias or FROM-handling configuration than mailbox B (on server B).

[freescout-helpdesk]

"Allow to reply from aliases" option added to mailboxes in the master branch.