Email server - SMTP test fails to detect typos in the "from" address

[Golffies]

Steps to reproduce

1. Log into NextCloud as administrator
2. Open Basic settings
3. Go to "Email server" section
4. Populate the fields of the web form with the credentials for your email server (SMTP)
5. Make use of the NextCloud administrator's email address as the "from address"
6. Make use of the SMTP server of the mail provider which NextCloud administrator's email address is hosted on
7. Make a typo in the "from address" field, in such a way that the admin@domain address is faulty, i.e. actually unknown by the mail provider
8. Test your setup by clicking the "send mail" button
9. Retrieve the confirmation e-mail from the external mailbox of the NextCloud administrator, which makes you think that all is OK
10. Observe that no user, other than the administrator, receive mails from NextCloud.

Expected behaviour

NextCloud would better to allow testing the SMTP setup against other addresses than the single one of the administrator. It would help to detect the typo, which actually prevents the SMTP server to deliver outgoing mails.

Actual behaviour

NextCloud cannot deliver outgoing emails to other users than the administrator. Unfortunately, the above mentioned test is done to the single one working email address. In that particular case, the positive test is fooling the administrator, making him / her to think that the SMTP feature is correctly configured, when it is not.

As a consequence, users never receive reset passwords or calendar notification emails. However, from the point of view of the administrator, the SMTP set up has been confirmed to be working.

The problem may be tracked down to a particular setup of the SMTP server by the mail service provider:

• a rule 1 prevents to be delivered all mails originating from an email address not belonging to the mail service provider; this is the reason for outgoing mails originating from the faulty administrator's email address not to be delivered;

• a rule 2 alleviates rule 1 in case the destination email address belongs to the mail service provider; this is the reason for all mails directed to the administrator's address to be delivered, whatever the originating email address might be;

• as the testing of the SMTP setup is done from the administrator address to the administrator address, it fails to detect that particular failure in the SMTP configuration.

Server configuration

Operating system:
Ubuntu 16.04.5 LTS

Web server:
Apache/2.4.18 (Ubuntu)

Database:
mysql 5.7.24

PHP version:
PHP 7.0.32

Nextcloud version: (see Nextcloud admin page)
NextCloud 14.0.3.0

Updated from an older Nextcloud/ownCloud or fresh install:
Updated

Where did you install Nextcloud from:
nextcloud-12.0.2.tar.bz2

Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

Enabled:
  - accessibility: 1.0.1
  - activity: 2.7.0
  - bruteforcesettings: 1.1.0
  - calendar: 1.6.3
  - cloud_federation_api: 0.0.1
  - comments: 1.4.0
  - contacts: 2.1.6
  - dav: 1.6.0
  - deck: 0.4.1
  - federatedfilesharing: 1.4.0
  - federation: 1.4.0
  - files: 1.9.0
  - files_pdfviewer: 1.3.2
  - files_sharing: 1.6.2
  - files_texteditor: 2.6.0
  - files_trashbin: 1.4.1
  - files_versions: 1.7.1
  - files_videoplayer: 1.3.0
  - firstrunwizard: 2.3.0
  - gallery: 18.1.0
  - groupfolders: 1.3.3
  - impersonate: 1.1.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.2.0
  - nextcloud_announcements: 1.3.0
  - notifications: 2.2.1
  - oauth2: 1.2.1
  - password_policy: 1.4.0
  - provisioning_api: 1.4.0
  - serverinfo: 1.4.0
  - sharebymail: 1.4.0
  - support: 1.0.0
  - survey_client: 1.2.0
  - systemtags: 1.4.0
  - theming: 1.5.0
  - twofactor_backupcodes: 1.3.1
  - updatenotification: 1.4.1
  - weather: 1.5.4
  - workflowengine: 1.4.0
Disabled:
  - admin_audit
  - drawio
  - encryption
  - files_external
  - richdocuments
  - user_external
  - user_ldap

Nextcloud configuration:

Config report

``` { "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "cloud.***REMOVED SENSITIVE VALUE***" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "overwrite.cli.url": "https:\/\/cloud.***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "14.0.3.0", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "maintenance": false, "theme": "", "loglevel": 2, "mail_smtpmode": "smtp", "mail_smtpauthtype": "LOGIN", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtpauth": 1, "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "587", "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "mail_smtpsecure": "tls", "updater.release.channel": "production" } } ```

Are you using external storage, if yes which one: local/smb/sftp/...
No

Are you using encryption: yes/no
No

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
No

Client configuration

Browser:
Firefox Quantum 63

Operating system:
OS.X 10.13.6

[nextcloud-bot]

GitMate.io thinks possibly related issues are #11219 (SMTP ), #5087 (Typo within test mail), #6767 (secure cookie fails penetration tests), #2162 (Email validation fails in multiple locations), and #2271 (Allow multiple SMTP servers ).