Anonymous email forwarding

AnonAddy

Last update: Jan 3, 2023

Related tags

Overview

Anonymous Email Forwarding

This is the source code for self-hosting AnonAddy.

FAQ

Why is it called AnonAddy?
Why did you make this site?
Why should I use AnonAddy?
Do you store emails?
What is a shared domain alias?
What is a standard alias?
Can I use my own domain?
Can I add a domain and also use it as a recipient?
Can I add a domain if I'm already using it for email somewhere else?
Why should I use this instead of a similar service?
Is there a browser extension?
Is there an Android app?
Is there an iOS app?
How do I add my own GPG/OpenPGP key for encryption?
Are attachments encrypted too?
Are forwarded emails signed when encryption is enabled?
What if I don't want anyone to link ownership of my aliases together?
Where is the server located?
What if I don't trust you?
What is the maximum number of recipients I can add to an alias?
What happens when I delete my account?
Does this work with any email provider?
How do I reply to a forwarded email?
I'm trying to reply/send from an alias but the email keeps coming back to me, what's wrong?
I'm trying to reply/send from an alias but it is rejected, what's wrong?
Does AnonAddy strip out the banner information when I reply to an email?
How do I send email from an alias?
Will people see my real email if I reply to a forwarded one?
Can emails have attachments?
What is the max email size limit?
What happens if I have a subscription but then cancel it?
If I subscribe will Stripe see my real email address?
How do you prevent spammers?
What do you use to do DNS lookups on domain names?
Is there a limit to how many emails I can forward?
Is there a limit to how many aliases I can create per hour?
How is my bandwidth calculated?
How many emails can I receive before I go over my bandwidth limit?
What happens if I go over my bandwidth limit in a given month?
Can I login using an additional username?
I'm not receiving any emails, what's wrong?
I'm having trouble logging in, what's wrong?
How do I know this site won't disappear next month?
What happens to AnonAddy if you die?
Is the application tested?
How do I host this myself?
Who's behind AnonAddy?
I couldn't find an answer to my question, how can I contact you?

Why is it called AnonAddy?

AnonAddy is short for "Anonymous Email Address". The word "Addy" is internet slang for email address, e.g.

"My addy is being spammed. I should've kept it private."

Why did you make this site?

I made this service after trying a few other options that do a similar thing. I was really interested in how they worked and loved the thought of protecting my real email addresses from spam.

I also wanted to address some issues with other services such as:

Proprietary closed source code
Adverts, analytics and trackers used on the sites
No option to encrypt emails using a GPG/OpenPGP key
No option for multiple recipients

I made the code open-source to show everyone what was going on behind the scenes and to allow others to help improve the application.

I use this service myself for the vast majority of sites I'm signed up to.

Why should I use AnonAddy?

There are a number of reasons you should consider using this service:

Protect your real email address from spam by simply deactivating/deleting aliases that receive unsolicited emails
Identify who has sold your data by using a different email address for every site
Protect your identity in the event of a data breach by making it difficult for hackers to cross-reference your accounts
Prevent inbox snooping by encrypting all inbound emails using GPG/OpenPGP encryption
Update where emails are forwarded without having to go through and change your email address for each site individually
Reply to forwarded emails anonymously without revealing your true email address

Do you store emails?

No I definitely do not store/save any emails that pass through the server.

What is a shared domain alias?

A shared domain alias is any alias that has a domain name that is also shared with other users. For example anyone can generate an alias with the @anonaddy.me domain. Aliases with shared domain names must be pre-generated and cannot be created on-the-fly like standard aliases.

What is a standard alias?

A standard alias is any alias that can be created on-the-fly. Automatic on-the-fly alias creation is only available for domains that are unique to you. For example, your unique username subdomain, any additional usernames or any custom domains. So if you signed up with the username "johndoe", any alias you create using @johndoe.anonaddy.com would be a standard alias (even if you've generated a UUID/Random Word one).

Can I use my own domain?

Yes you can use your own domain name so you can also have *@example.com as your aliases. To do so you simply need to add a TXT record to verify your ownership of the domain. Then you will need to add an MX record to your domain so that our server can handle incoming emails. You can then add a few other records to enable sending from your domain too.

Can I add a domain and also use it as a recipient?

No, you cannot use the same domain as a custom domain and also for a recipient on AnonAddy.

e.g if you add "example.com" as a custom domain, you cannot then add "[email protected]" as a recipient. This is because a domain cannot direct email to multiple locations simultaneously using MX records. So your email would arrive for "example.com" and then attempt to be forwarded to "[email protected]" which would create a loop.

You can instead use a subdomain for your custom domain, e.g. "mail.example.com" instead of "example.com", this would allow you to create *@mail.example.com for your aliases. More details can be found here.

Can I add a domain if I'm already using it for email somewhere else?

If you have a custom domain say example.com and you are already using it for email somewhere else e.g. ProtonMail or Namecheap then you cannot also use it simultaneously with AnonAddy.

This is because emails cannot be handled by multiple different mail servers at the same time, even if they have the same priority MX records. It can only be delivered to one mail server at a time which will typically be the MX record with the smallest number since this has the highest priority.

You can either:

Migrate your domain to AnonAddy by removing the current provider's MX records and adding AnonAddy's.
Or, if you would like to keep using your domain with your current email provider then I would recommend instead adding a subdomain of it to AnonAddy such as mail.example.com.

Using a subdomain will not interfere with your current email setup and you'll be able to create aliases *@mail.example.com through AnonAddy.

Why should I use this instead of a similar service?

Here are a few reasons I can think of:

Bring your own GPG/OpenPGP key to encrypt your forwarded emails (and the option to replace subjects)
No adverts
No analytics or trackers (just server access logs)
No third party content
Open-source application code
No limitation on the number of aliases that can be created
Generous monthly bandwidth
Multiple domains to choose for aliases (currently anonaddy.com, anonaddy.me and another 3 for paid plan users)
Ability to generate UUID and random word aliases at shared domains
Ability to add additional usernames to compartmentalise aliases
New features added regularly

Is there a browser extension?

Yes there is an open-source browser extension available to download for Firefox and Chrome (also available on other chromium based browsers such as Brave and Vivaldi). You can use the extension to generate new aliases remotely.

Is there an Android app?

Yes, there is an excellent open-source Android app created by Stjin that is available to download from the Play Store (paid) and F-Droid (free). The developer of this app has put in a lot of time and effort so if you would like to support him please purchase the Play Store version.

There is also another open-source Android app created by KhalidWar available on the Play Store.

Is there an iOS app?

Yes, KhalidWar's open-source app from above is also available on the App Store.

How do I add my own GPG/OpenPGP key for encryption?

On the recipients page you simply need to click "Add public key" and paste in your public key data. Now all emails forwarded to you will be encrypted with your key. You should also replace the subject line of forwarded messages in your account settings as this cannot be encrypted.

Are attachments encrypted too?

Yes attachments are part of the email body and are also encrypted if you have it enabled.

Are forwarded emails signed when encryption is enabled?

Yes when you have encryption enabled all forwarded emails are signed using our [email protected] private key.

You can add this key to your own keyring so that you can verify emails have come from us.

The fingerprint of the [email protected] key is "26A987650243B28802524E2F809FD0D502E2F695" you can find the key on https://keys.openpgp.org.

What if I don't want anyone to link ownership of my aliases together?

If you're concerned that your aliases are all linked by your username e.g. @johndoe.anonaddy.com, then you have a couple of options:

You can generate UUID or random word aliases instead, these are all under a shared domain and cannot be linked to a user.
You can add additional usernames and separate your aliases under your these. e.g. you could have one username for personal stuff, another for work, another for hobbies etc.

Where is the server located?

The server is located in Amsterdam, Netherlands with Greenhost.net. Greenhost focuses greatly on privacy and security and their servers run entirely on Dutch wind energy. The backup mail server is located in Warsaw, Poland with UpCloud.

What if I don't trust you?

It's good to keep your guard up when online so you should never trust anyone 100%. I'll try my best to be as honest and transparent as I can but if you still aren't convinced you can always just fire up your own server and self-host this application. You'll need to know about server administration and PHP. You can find more information here https://github.com/anonaddy/anonaddy#self-hosting.

What is the maximum number of recipients I can add to an alias?

The limit is currently set to 10 which should suffice in the vast majority of situations.

What happens when I delete my account?

When you delete your account the following happens:

All of your recipients are deleted from the database
All of your aliases that use a shared domain e.g. @anonaddy.me are soft deleted from the database (this is to prevent any chance of another user generating the same alias in the future)
All of your other aliases are deleted from the database
All of your custom domains are deleted from the database
Your user details are deleted from the database
Your username and any additional usernames that you created are encrypted and added to a table in the database. This is to prevent anybody signing up with the same username in the future.
Any subscription information is deleted from the database

Does this work with any email provider?

Yes this will work with any provider, although I can't guarantee it won't land in spam initially.

How do I reply to a forwarded email?

Each forwarded email has a From: header set. This header will look something like this:

From: <[email protected]>

Where [email protected] is the address of the person who sent you the email and [email protected] is the alias that forwarded you the email.

All you need to do is click reply in your email client or web interface and it will automatically fill the To: field with the correct address.

To check if a reply has worked properly check in your dashboard if the reply count has been incremented for that alias.

For further details please see this help article - Replying to email using an alias.

I'm trying to reply/send from an alias but the email keeps coming back to me, what's wrong?

If you are tying to reply or send from an alias but the email keeps coming back to yourself then it is most likely because you are not sending the message from an email address that is not listed as a verified recipient on your AnonAddy account.

If you try to reply or send from an alias using an unverified email address then the message will simply be forwarded to you as it would be if it was sent by any other sender.

Please double check that you are indeed sending from a verified recipient email address by inspecting your sent items to see which address it was actually sent from.

I'm trying to reply/send from an alias but it is rejected, what's wrong?

If you see the rejection message 5.7.1 Recipient address rejected: Address does not exist then this means that the alias has either been deleted or does not yet exist (and you do not have catch-all enabled), you must restore (or create) it before you can send/reply from it.

If you see the rejection message 5.7.1 Rejected due to missing/failed DMARC policy... then it is because your AnonAddy recipient's domain either does not have a DMARC policy or it has failed DMARC checks.

This is usually because you have a verified recipient that is using your own domain which does not have a DMARC policy.

Note: This is referring to your verified recipient address on your AnonAddy account and not any of your custom domains or the email address that you are replying / sending to

When replying or sending from an alias, additional checks are carried out to ensure it is not a spoofed email. Your AnonAddy recipient's email domain must pass DMARC checks in order to protect against spoofed emails and to make sure that the reply/send from attempt definitely came from your recipient.

For example if the verified recipient on your AnonAddy account is [email protected] and you get the "missing/failed DMARC policy" rejection message then it is because the domain "example.com" does not have a DMARC policy in place.

To resolve this you simply need to add a DMARC record, for example:

Type	Host	Value
TXT	_dmarc	"v=DMARC1; p=quarantine; adkim=s"

You should also have SPF and DKIM records in place.

To learn more about DMARC please see this site - https://dmarc.org/.

If your AnonAddy recipient is with a popular mail service provider for example: Gmail, Outlook, Tutanota, Mailbox.org, Protonmail etc. then they will already have a DMARC policy in place so you do not need to take any action.

Does AnonAddy strip out the banner information when I reply to an email?

At the moment the site does not automatically strip out the "This email was sent to..." text from forwarded emails when you reply to them. You need to either remove this from the quoted text manually or set the banner information to "off" in your account settings.

How do I send email from an alias?

This works in the same way as replying to an email.

Let's say that you have the alias [email protected] and you want to send an email to [email protected].

All you need to do is enter the following in the To: field.

<[email protected]>

Note: you must send the email from a verified recipient on your account.

Then send the email exactly as you would any other. To check that the email has sent successfully, look in your dashboard at the sent count column and see if it has been incremented for that alias.

If you want an easy way to construct the correct email address that you should send to you can click "Send from" next to any alias in the web application and after entering the destination address it will display the right email address to use.

This works exactly the same for shared domain aliases, additional usernames and custom domains.

You can even use the send from feature to create an alias on the fly that does not yet exist. This only works for standard aliases or those at custom domains that behave as a catch-all.

You must generate aliases that use shared domains (e.g. [email protected]) beforehand in order to be able to send from them.

If you need to send an email to an address with an extension e.g. [email protected] then it's exactly the same method:

<[email protected]>

Just enter the extension too!

For further details please see this help article - Sending email from an alias.

Will people see my real email if I reply to a forwarded one?

No, your real email will not be shown, the email will look as if it has come from us instead. Just make sure not to include anything that might identify you when composing the reply, i.e. your full name.

Can emails have attachments?

Yes you can add attachments to emails forwarded and replies. Attachments count towards your bandwidth.

What is the max email size limit?

The max email size is currently set to 10MB (including attachments).

What happens if I have a subscription but then cancel it?

If you cancel your subscription it will remain active until the end of your current billing cycle, you will still be able to use your paid plan features until the billing cycle ends.

A few days before your billing cycle ends you will receive an email letting you know the steps you need to take to prevent the loss of any emails. Shortly after ending the following will happen:

Any custom domains will be deactivated
Any additional usernames will be deactivated
If you have any more than 2 recipients they will be deleted
Paid account settings will be reverted to default values
Any aliases using paid plan only domains will be deactivated
If you have any more than 20 aliases using a shared domain e.g. anonaddy.me they will be deactivated
If your account username has catch-all disabled then it will be enabled

You will not be able to activate any of the above again until you resubscribe.

If I subscribe will Stripe see my real email address?

No, Stripe will instead be given an alias. This alias will only be created if Stripe sends an email to it, for example if your card payment fails or if your card has expired.

How do you prevent spammers?

The following is in place to help prevent spam:

Rspamd - Fast, free and open-source spam filtering system
DNS blacklist checks - spamhaus.org
SPF, DKIM - to check the SPF record on the sender's domain
DMARC - to check for email spoofing and reject emails that fail
FQDN - the sender must be using a valid fully qualified domain name
PTR record check - if the sender has no valid PTR record it is rejected

What do you use to do DNS lookups on domain names?

The server is running a local DNS caching server to improve the speed of queries.

Is there a limit to how many emails I can forward?

Not unless you are really going to town. Each user is throttled to 200 emails per hour through the server.

Is there a limit to how many aliases I can create per hour?

Currently you are limited to creating 10 new aliases per hour on the free plan, 20 per hour on the Lite plan and 50 per hour on the Pro plan. If you try to create more than this the emails will be deferred until you are back below the limit.

How is my bandwidth calculated?

Each time a new email is received Postfix calculates its size in bytes. A column in the database is then simply incremented by that size when the email is forwarded or a reply is sent. At the start of each month your bandwidth is reset to 0.

I don't use rolling 30 day total as the only way to do this would be to log the date and size of every single email received.

Blocked emails do not count towards your bandwidth (e.g. an alias is inactive or deleted).

How many emails can I receive before I go over my bandwidth limit?

The average email is about 76800 bytes (75KB), this is roughly equivalent to 7,000 words in plain text. So the 10MB monthly allowance would be around 140 emails and the Lite plan's 50MB would be almost 700 emails.

What happens if I go over my bandwidth limit in a given month?

If you get close to your limit (over 80%) you'll be sent an email letting you know. If you continue and go over your limit the server will start discarding emails until your bandwidth resets the next month or you upgrade your plan.

Can I login using an additional username?

You can add 1 additional username as a Lite user and up to 3 additional usernames as a Pro user for totals of 2 and 4 respectively (including the one you signed up with). You can currently only login with the one that you originally signed up with.

I'm not receiving any emails, what's wrong?

Please make sure to add [email protected], [email protected] and any other aliases you use to your address book and also to check your spam folder. Make sure to mark emails from AnonAddy as safe if they turn up in spam.

If an alias has been previously deleted and you try to send email to it, the emails will be rejected with an error message - "554 5.7.1 Recipient address rejected: Address does not exist".

Check that you have not deactivated the alias, custom domain or additional username. When any of these are deactivated, emails will be silently discarded, they will not be rejected or return any error message.

The sender of the email may be failing SPF, DMARC or DNS blacklist checks resulting in the email being rejected. The sender should also have correct reverse DNS setup and use a FQDN as their hostname.

If you are forwarding emails to an icloud.com email address some users are having issues with a small number of emails being rejected (often those from Facebook).

For some reason Apple seems to think these emails are spam/phishing and returns this error message:

Diagnostic-Code: smtp; 550 5.7.1 [CS01] Message rejected due to local policy.

I have contacted Apple multiple times about this but they have not yet responded.

If you are having issues with emails being rejected as "possibly spammy" by Google, iCloud or Microsoft then please try the following steps if you can:

Replace the email subject by going to your settings in AnonAddy
Try adding a GPP key and enabling encryption. This will prevent the email's content being scanned and reduce the change of it being rejected.

I will also soon be adding an option to change the format of the display from part of the "From:" header.

If neither of the above options work then please try changing to another recipient so that you can continue to receive emails.

If you still aren't receiving emails please contact me.

I'm having trouble logging in, what's wrong?

If you are having trouble logging in it will likely fall under one of the following scenarios:

Incorrect username

Please make sure you are using your account username (e.g. johndoe) and not your email address to try to login.

Forgotten password

If you've forgotten your password you can reset it by entering your username here - https://app.anonaddy.com/password/reset

Forgotten username

If you've forgotten your username you can request a reminder by entering your email address here - https://app.anonaddy.com/username/reminder

Lost 2FA device

Please use the backup code that you were shown when you enabled 2FA.

Errors with U2F device

If you have a YubiKey and are using Windows and have an issue with your personal password/PIN you may need to reset the key using the YubiKey manager software.

How do I know this site won't disappear next month?

I am very passionate about this project. I use it myself every day and will be keeping it running indefinitely. The service also provides me with an income.

What happens to AnonAddy if you die?

I do have someone in place who can keep the service running in the event of me not being here. They are able to continue paying for the servers that host AnonAddy and the domains that it uses. All AnonAddy domains also always have over 5 years until they expire.

They would make a Twitter announcement informing all users that they would be keeping the service running. You would then be able to decide whether you'd like to continue using AnonAddy or start to update your email addresses.

Is the application tested?

Yes it has over 190 automated PHPUnit tests written.

How do I host this myself?

You will need to set up your own server with Postfix so that you can pipe the received mail to the application. You can find more information here https://github.com/anonaddy/anonaddy#self-hosting.

For those who prefer using Docker there is an image you can use here - github.com/anonaddy/docker.

Who's behind AnonAddy?

My name is Will Browning, I'm a web developer from the UK and an advocate for online privacy and open-source software. You can find me on Twitter although I don't tweet that much!

I couldn't find an answer to my question, how can I contact you?

For any other questions just send an email to - [email protected] (GPG Key)

Self Hosting

Software Requirements

Postfix (3.0.0+) (plus postfix-mysql for database queries and postfix-pcre)
PHP (8.0+) and the php-mailparse extension, the php-gnupg extension if you plan to encrypt forwarded emails, the php-imagick extension for generating 2FA QR codes
Port 25 unblocked and open
Redis (4.x+) for throttling and queues
FQDN as hostname e.g. mail.anonaddy.me
MariaDB / MySQL
Nginx
(SpamAssassin, OpenDKIM, OpenDMARC, postfix-policyd-spf-python) OR Rspamd
DNS records - MX, SPF, DKIM, DMARC
Reverse DNS
SSL/TLS Encryption - you can install a free certificate from Let’s Encrypt.

For full details please see the self-hosting instructions file.

My sponsors

Thanks to Vlad Timofeev and Patrick Dobler for supporting me by sponsoring the project on GitHub!

Thanks

Thanks to https://gitlab.com/mailcare/mailcare and https://github.com/niftylettuce/forward-email for their awesome open-source projects that helped me along the way.

License

The MIT License (MIT). Please see License File for more information.

Comments

Self-Hosted | How do I properly add a new domain?

Hello, my self-hosted anonaddy instance is working great! However, I can't seem to figure out how to add another domain.

I managed to add it into the Anonaddy config and it does show up, but whenever I try to send emails to the alias they bounce with the error: 554 5.7.1 <[email protected]>: Relay access denied

I tried to make a new DKIM key and add the domain to the trusted.hosts file, but that didn't seem to change anything.

For the DNS record I made them identical to the original domain with the only exception being that th MX record points to the original domain.

What is the right way to add a second domain to anonaddy (both DNS and config)?

opened by tommyvange 21
Error when sending from alias

I have pretty much everything working quite well. The one issue I am running into is when I try to send from the alias in the portal. It says, open email client, which for me is gmail.

I then do a test email to my fastmail account and it fails with the following error:

`Attempted Reply/Send Failed An attempt to send or reply from your alias [email protected] was just made from [email protected] which failed because it didn't pass authentication checks and could be a spoofed.

In order to send or reply from an alias there must be a valid DMARC policy present for gmail.com and your message must be permitted by that DMARC policy.

The attempt was trying to send the message to the following destination: [email protected]

If this attempt was made by yourself, then you need to make sure your recipient's domain (gmail.com) has the correct DNS records in place; SPF, DKIM and DMARC.

If this attempt was not made by you, then someone else may be attempting to send a message from your alias. Make sure you have a suitable DMARC policy in place (with p=quarantine or p=reject) along with SPF and DKIM records to protect your recipient's email address from being spoofed.`

opened by blimeybloke 19
Remove Email Banner in replies

It would be great if the Email Banner could be automatically removed in replies.

This would prevent the AnonAddy URL and (private) description from being disclosed to the recipient.

opened by HeikoBornholdt 19
Disable automatic alias creation

hi all, love the service! I have a feature to suggest: disable automatic alias creation as an option.

since this has been mostly thought of as a way to protect from spam, I clearly see a "vulnerability". if a database has been leaked and an email address compromised, say, [email protected], then a malicious actor has a certain way to spam the user behind that email address. as long as the email headers check out and emails get forwarded by anonaddy, of course, the bad actor can make up any non-existent alias to that username, e.g. [email protected] the user might disable that alias, since it fell into the hand of spammers, but the bad actor can always make up another one.

this could be solved if, as an option, a user could specify to allow incoming emails only for the user-created aliases. what do you think? thanks!

opened by piramiday 16
add the name of the alias to the forwarded mail

posted the issue on reddit, got some votes but no feedback: https://www.reddit.com/r/AnonAddy/comments/ffryws/how_do_you_use_anonaddy_relativly_new_and_not/

issue: i'm using anonaddy now for every website i register with and did the same but just with catchall and random aliases before. problem is anonaddy doesn't really make it possible to see if the sender is comprimised or not since no matter which sender sends something to a viable randomadress it gets forwarded and i have no easy way to check if an email for example from amazon hit the amazonspecific adress or if some adress got leaked and i got a fake amazon mail to another adress. currently i have to set up an inboxrule and tell my inbox to put any email for the adress i gave amazon in the amazon folder or put a label amazon on it. this way if an adress hits that doesn't get the treatment i see that its fake.

solutions: change the text in the forwarded mail to:

This email was sent to [email protected] "Amazon" from [email protected] and has been forwarded by AnonAddy Click here to deactivate this alias

or enable replacing the subjectline with the name of the alias.

the secondline would be way more obvious but might not be apreciated since it subjectlines are not pgp encrypted.

not sure about those people deactivating the text telling us that the mail was forwarded... but well being able to choose between both solutions above would work for most people i guess.

opened by HelpfulRock 16
"Check Records" says CNAME default._domainkey record not found
Hi,

When I want to "Check Records" I've got:

CNAME default._domainkey record not found. This could be due to DNS caching, please try again later.

But the record exists on Namecheap:

Am I missing something?
opened by crazy-max 15

Emails fail to deliver on custom domain

Hello, I have my own anonaddy instance in docker and I have added custom domain in domains tab, added DNS records to it and DNS check has succeeded. But emails sent to alias with that custom domain are not getting forwarded. (emails sent to alias with my default anonaddy domain or anonaddy username subdomain works)

Oct 09 09:03:39 mail postfix/pipe[12244]: 9E7D81240125: to=<redacted>, relay=anonaddy, delay=3.5, delays=2.5/0.01/0/0.98, dsn=5.3.0, status=bounced (Command died with status 1: "php". Command output:  In DkimSigner.php line 42:                                                                                   Symfony\Component\Mime\Crypto\DkimSigner::__construct(): Argument #1 ($pk)      must be of type string, null given, called in /var/www/anonaddy/app/CustomM     ailDriver/CustomMailer.php on line 92                                                                                                                          )
Oct 09 09:06:59 mail postfix/anvil[12241]: statistics: max cache size 1 at Oct  9 09:03:35
Oct 09 09:06:59 mail postfix/anvil[12241]: statistics: max connection count 1 for (25:8.219.32.79) at Oct  9 09:03:35
Oct 09 09:16:27 mail postfix/smtpd[12347]: connect from mail-4027.protonmail.ch[185.70.40.27]
Oct 09 09:16:27 mail postfix/cleanup[12351]: A68BB1240125: message-id=<n-redacted>
Oct 09 09:16:27 mail postfix/smtpd[12347]: A68BB1240125: client=mail-4027.protonmail.ch[185.70.40.27]
Oct 09 09:16:27 mail postfix/smtpd[12347]: disconnect from mail-4027.protonmail.ch[185.70.40.27] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Oct 09 09:16:27 mail postfix/qmgr[1070]: A68BB1240125: from=<redacted>, size=2529, nrcpt=1 (queue active)
Oct 09 09:16:28 mail postfix/smtpd[12347]: connect from localhost[127.0.0.1]
Oct 09 09:16:28 mail postfix/smtpd[12347]: C9E601240130: client=localhost[127.0.0.1]
Oct 09 09:16:28 mail postfix/cleanup[12351]: C9E601240130: message-id=<redacted>
Oct 09 09:16:28 mail postfix/qmgr[1070]: C9E601240130: from=<redacted>, size=12066, nrcpt=1 (queue active)
Oct 09 09:16:28 mail postfix/smtpd[12347]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Oct 09 09:16:29 mail postfix/cleanup[12351]: 0678C1240134: message-id=<redacted>
Oct 09 09:16:29 mail postfix/bounce[12361]: A68BB1240125: sender non-delivery notification: 0678C1240134
Oct 09 09:16:29 mail postfix/pipe[12352]: A68BB1240125: to=<redacted>, relay=anonaddy, delay=1.7, delays=0.39/0.01/0/1.3, dsn=5.3.0, status=bounced (Command died with status 1: "php". Command output:  In DkimSigner.php line 42:                                                                                   Symfony\Component\Mime\Crypto\DkimSigner::__construct(): Argument #1 ($pk)      must be of type string, null given, called in /var/www/anonaddy/app/CustomM     ailDriver/CustomMailer.php on line 92                                                                                                                          )
Oct 09 09:16:29 mail postfix/qmgr[1070]: 0678C1240134: from=<>, size=4943, nrcpt=1 (queue active)
Oct 09 09:16:29 mail postfix/qmgr[1070]: A68BB1240125: removed
Oct 09 09:16:31 mail postfix/qmgr[1070]: C9E601240130: removed
Oct 09 09:16:37 mail postfix/smtp[12362]: 0678C1240134: to=<redacted>, relay=mail.protonmail.ch[185.70.42.128]:25, delay=8.5, delays=0/0.01/6.3/2.2, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4MlbyW3gFvz9vNQ4)
Oct 09 09:16:37 mail postfix/qmgr[1070]: 0678C1240134: removed
crond: USER anonaddy pid 12363 cmd php /var/www/anonaddy/artisan schedule:run --no-ansi --no-interaction
   INFO  No scheduled commands are ready to run.  
Oct 09 09:16:31 mail postfix/smtp[12360]: C9E601240130: to=<redacted>, relay=redacted:25, delay=2.3, delays=0.06/0.01/0.96/1.3, dsn=2.0.0, status=sent (250 OK id=1ohSQA-00FO0w-2A)

opened by ririko5834 14

Links are misconfigured

Hi, From time to time I have issues with links sent through AnonAddy. The links are invalid when I click them, and I saw that some of the dots in the URL are doubled, e.g. https://www.domain..com/email?e=JXkKl49H8xTHLpLq3cRl4RFfogdRojsxthdswwWFvSJtZZnSb9eNnNQ5dK7iprp3

Thanks Stefan

opened by stefanschramek 14
Encrypt replies to forwarded emails?

Hello!

Firstly, I love this service! I use ProtonMail and have PGP-encrypted emails set up using my PM keys. I'd also like to encrypt any replies I happen to send, but I'm not sure how I should set that up. Any help would be greatly appreciated!

opened by chiraag-nataraj 13
Email formatting issue

All my emails which has pgp encryption enabled seems to be broken. The emails dont load right. I am using same pgp provided by email provider and used to encrypt via pgp and render emails fine. Now it shows emails as it doesnt have any formatting or css. I want to confirm whats causing the issue before disabling pgp

opened by Gottarocket 12
[BUG] WebAuthn failed on iOS 14.5 or above

After trying to login in in iOS 14.5 or above, the error message "The operation either timed out or was not allowed." is displayed.

WebAuthn works for other sites.

opened by dingwen07 12
Dropdown Menu is partially hidden.

Hello Anonaddy Team.

I've been using Anonaddy Email Forwarding for about 1month. All the features look good, but there's only one that I want it to be fixed.

I'm not sure that you intended. But I think it's not following the user-friendly design. However, I really love Anonaddy. Please forgive me to give you bad feedback.

Thanks

opened by dinodev0101 0
aa-verify dns record issue

Hi @willbrowningme, Hope you're doing well.

We've talked about using Anonaddy as a third party element in a project (this PR was followed by the very conversation we had last week) that I needed to auto verify new recipients.

I'm encountering another issue here. The create domain api is essentially useless because the aa-verify value is being generated on the fly (in UI). So practically we can not create any new domain from api unless we have the aa-verify value.

I'm not sure if I got this right. What is your thoughts on this ?

I can make another PR that returns the value of aa-verify or maybe a better approach if you have any.

opened by mehradsadeghi 0
[bug] New/Edit Rule page layout glitches
On the self hosted Anonaddy the modal for adding/editing Rules shows some glitches.

The Text Input field for the Condition value is very small. It's impossible to see what you type in it.

Also the Text Input field for the Action value is quite small. It only fits 4 characters.

The Actions fieldset does not fit into the modal when selecting "set the banner information location to" in the "Then" drop down list Here are example screenshots:

Anonaddy version: 0.13.12 Browser: Chrome 108.0.5359.99 on Windows 11
opened by buxm 1
[Feature Request] Replace reverse address with recipient address when replying to email
I mean a reverse alias is an address like this. I am not sure what it is called: [email protected].

When replying to a forwarded email, that address may be automatically included. It looks something like this.

Hello, this is a test reply. -------- Original Message -------- On Dec 1, 2022, 12:30 AM, hello at example.com <[email protected]> wrote: ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛ Hello, please reply to this message.

This may cause confusion when the person to whom you are replying sees this reply.
Because the address to which you are replying ([email protected])
is not the address of the person to whom you are replying ([email protected]).

I would like the ability to replace that address with the address of the person to whom you are replying.

PS. SimpleLogin seems to have this feature, but I like AnonAddy :D
opened by jbas23 1
Anonaddy Bitwarden support: Created alias does not adhere to custom default alias type in AA

Likely I need to link this on bitwardens mobile device repo, but wanted it here to0, in case anonaddy config settings influence the way BW works with it?

In order to get domain-45g@ format aliases from the BW android mobile app is that a BW or a AA change pls?

Thanks

opened by mannp 5

Releases(v0.13.13)

v0.13.13(Dec 16, 2022)
Fixed #400 (and https://github.com/anonaddy/docker/issues/187)

Source code(tar.gz)
Source code(zip)
v0.13.12(Nov 17, 2022)
Reduced the number of queries made in ReceiveEmail

Improved email banner automatic removal

Fixed issue where emails with no subject were being forwarded with the class name as the subject e.g. Forward Email

Source code(tar.gz)
Source code(zip)
v0.13.11(Nov 3, 2022)
Email banner is now removed automatically from replies (email must have been forwarded after today) - #253

Improved the look of the email banner

Source code(tar.gz)
Source code(zip)
v0.13.10(Nov 2, 2022)
Fixed an issue that was causing problems with mail templates relating to a change that was introduced in Laravel - https://github.com/laravel/framework/issues/44637

Updated PGP/Inline tooltip to provide a better explanation

Source code(tar.gz)
Source code(zip)
v0.13.9(Oct 11, 2022)
Fixed issue where replies and sends were coming from the admin email ([email protected]) - closes #340

Node version 14 or greater required

Source code(tar.gz)
Source code(zip)
v0.13.7(Aug 24, 2022)
Fixed invalid recipient bug when creating a new alias - closes #327

Source code(tar.gz)
Source code(zip)
v0.13.6(Aug 23, 2022)
Updated to Vue 3

Added API token details end point - https://app.anonaddy.com/docs/#api-token

Added a new auth flow that will allow an API token to be automatically created and retrieved using a username and password. This will make logging into the browser extension easier in the future

Source code(tar.gz)
Source code(zip)
v0.13.5(Aug 8, 2022)
Added inline encryption (PGP/Inline) option for each recipient. This will only encrypt and forward the plain text of a message so only enable if you are sure.

Added protected headers, this will hide the email subject and replace it with "...", it means the message subject is also encrypted in the message body. Many mail clients including Mozilla Thunderbird are able to automatically decrypt and display the original message subject when an email arrives.

Source code(tar.gz)
Source code(zip)
v0.13.4(Aug 2, 2022)
Added version to anonaddy.php config file for the Docker image

Added extra stateful domain to sanctum.php config for the Docker image

Fixed incorrect recipient "key" tooltip - closes https://github.com/anonaddy/docker/issues/155

Source code(tar.gz)
Source code(zip)
v0.13.3(Aug 1, 2022)
Added fallback to ANONADDY_VERSION environment variable for Docker image, thanks @crazy-max.

Source code(tar.gz)
Source code(zip)
v0.13.2(Jul 30, 2022)
Fix app-version undefined array key error in Docker image, closes https://github.com/anonaddy/docker/issues/156

Source code(tar.gz)
Source code(zip)
v0.13.1(Jul 29, 2022)
Upgraded to Laravel Sanctum v3

Upgrade to Laravel UI v4

Added expiry option when creating API tokens - 1 day, 1 week, 1 month, 1 year or no expiry

Fixed issue where messages that have attachments with an invalid content type were not forwarded

Source code(tar.gz)
Source code(zip)
v0.13.0(Jul 21, 2022)
Changes

This release migrates from Laravel Passport to Laravel Sanctum for API authentication.

Note

Upgrading to this release will drop all Laravel Passport database tables and you will need to re-create your new Sanctum API tokens from the settings page.

After upgrading you can safely remove the following from your .env file:

PASSPORT_PERSONAL_ACCESS_CLIENT_ID=client-id-value PASSPORT_PERSONAL_ACCESS_CLIENT_SECRET=unhashed-client-secret-value
Source code(tar.gz)
Source code(zip)
v0.12.3(Jul 15, 2022)
Removed the exception thrown in the GitVersionHelper class as it was causing issues with the Docker image - https://github.com/anonaddy/docker/issues/142

Source code(tar.gz)
Source code(zip)

v0.12.2(Jul 13, 2022)

Fixed issue with Sender: header being passed through which was changing the envelope from address

If you wish to enable TLS for the local SMTP connections you can update your .env file as follows:

# The from name to be used for outgoing email notifications from AnonAddy
MAIL_FROM_NAME=Example
# The from address to be used for outgoing email notifications from AnonAddy
[email protected]
MAIL_DRIVER=smtp
MAIL_HOST=mail.example.com
MAIL_PORT=25
MAIL_ENCRYPTION=tls
MAIL_EHLO_DOMAIN=mail.example.com
MAIL_VERIFY_PEER=true

Where MAIL_EHLO_DOMAIN is the same value as your mail server's hostname.

Source code(tar.gz)
Source code(zip)

v0.12.1(Jul 12, 2022)
Messages with invalid Message-IDs can now be forwarded

Fixed "Sender" header type

Source code(tar.gz)
Source code(zip)
v0.12.0(Jul 7, 2022)
Updates

This release has breaking changes, please see below.

Upgrade from Laravel 8 to Laravel 9

Swiftmailer has been deprecated so this upgrade has meant migrating over to Symfony mailer which has proved quite tricky

Upgrade to v3 of Laravel WebAuthn (closes #298)

PHP 8.1 is now required due to requirements of Laravel WebAuthn

Breaking Changes

PHP v8.1 is now the minimum version required so you will need to install this on your server by running the following commands:

sudo apt install php8.1-fpm php8.1-common php8.1-mysql php8.1-dev php8.1-gmp php8.1-mbstring php8.1-dom php8.1-gd php8.1-imagick php8.1-opcache php8.1-soap php8.1-zip php8.1-cli php8.1-curl php8.1-mailparse php8.1-gnupg php8.1-redis -y

You must then update the user & group in /etc/php/8.1/fpm/pool.d/www.conf to the user that your web application is run by, in the self-hosting instructions I used a user called johndoe:

user = johndoe group = johndoe listen.owner = johndoe listen.group = johndoe

Restart php8.1-fpm to reflect the changes.

sudo service php8.1-fpm restart

You will also need to update your web application's Nginx config e.g. /etc/nginx/conf.d/example.com.conf:

location ~ \.php$ { fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; include fastcgi_params; }

Changing from php8.0-fpm.sock to php8.1-fpm.sock. Then restart nginx:

sudo service nginx restart

Once you've done the above you can update the application by running the usual commands found at the end of the self-hosting instructions.
Source code(tar.gz)
Source code(zip)
v0.11.2(Apr 16, 2022)
Closed #215 and #240

Updated data returned by API to make endpoints consistent

Source code(tar.gz)
Source code(zip)
v0.11.1(Mar 14, 2022)
Fixed #277, updated code column type from string to text.

Source code(tar.gz)
Source code(zip)

v0.11.0(Mar 2, 2022)

Updates

This release has breaking changes, please see below (It is recommended to backup your database before upgrading to this version)
The additional_usernames table has been renamed usernames
The main account username has been moved from the users table to the usernames table
Any one of your usernames can now be used to login to your account

Motivation for this update

Reduces the number of database queries for each incoming email
Allows a user to login with any of their usernames (previously it was just the main one they signed up with)
Allows a user to deactivate their main account username as they could with additional usernames previously
Will allow the user to update their account's default username in the future
Moves usernames structure to be inline with the current recipients structure

Breaking Changes

Update required to /etc/postfix/mysql-virtual-alias-domains-and-subdomains.cf

user = anonaddy
password = your-database-password
hosts = 127.0.0.1
dbname = anonaddy_database
query = SELECT (SELECT 1 FROM usernames WHERE '%s' IN (CONCAT(username, '.example.com'))) AS usernames, (SELECT 1 FROM domains WHERE domain = '%s' AND domain_verified_at IS NOT NULL) AS domains LIMIT 1;

Notice the removal of the SELECT query for the users table and the fact that the additional_usernames table has been renamed to usernames. You can view the difference here.

Update required to the check_access stored procedure (this can be updated from the command line sudo mysql -u root -p)

DELIMITER $$

USE `anonaddy_database`$$

DROP PROCEDURE IF EXISTS `check_access`$$

CREATE PROCEDURE `check_access`(alias_email VARCHAR(254) charset utf8)
BEGIN
    DECLARE no_alias_exists int(1);
    DECLARE alias_action varchar(30) charset utf8;
    DECLARE username_action varchar(30) charset utf8;
    DECLARE domain_action varchar(30) charset utf8;
    DECLARE alias_domain varchar(254) charset utf8;

    SET alias_domain = SUBSTRING_INDEX(alias_email, '@', -1);

    # We only want to carry out the checks if it is a full RCPT TO address without any + extension
    IF LOCATE('+',alias_email) = 0 THEN

        SET no_alias_exists = CASE WHEN NOT EXISTS(SELECT NULL FROM aliases WHERE email = alias_email) THEN 1 ELSE 0 END;

        # If there is an alias, check if it is deactivated or deleted
        IF NOT no_alias_exists THEN
            SET alias_action = (SELECT
                IF(deleted_at IS NULL,
                'DISCARD',
                'REJECT Address does not exist')
            FROM
                aliases
            WHERE
                email = alias_email
                AND (active = 0
                OR deleted_at IS NOT NULL));
        END IF;

        # If the alias is deactivated or deleted then increment its blocked count and return the alias_action
        IF alias_action IN('DISCARD','REJECT Address does not exist') THEN
            UPDATE
                aliases
            SET
                emails_blocked = emails_blocked + 1
            WHERE
                email = alias_email;

            SELECT alias_action;
        ELSE
            SELECT
            (
            SELECT
                CASE
                    WHEN no_alias_exists
                    AND catch_all = 0 THEN "REJECT Address does not exist"
                    WHEN active = 0 THEN "DISCARD"
                    ELSE NULL
                END
            FROM
                usernames
            WHERE
                alias_domain IN ( CONCAT(username, '.example.com')) ),
            (
            SELECT
                CASE
                    WHEN no_alias_exists
                    AND catch_all = 0 THEN "REJECT Address does not exist"
                    WHEN active = 0 THEN "DISCARD"
                    ELSE NULL
                END
            FROM
                domains
            WHERE
                domain = alias_domain) INTO username_action, domain_action;

            # If all actions are NULL then we can return 'DUNNO' which will prevent Postfix from trying substrings of the alias
            IF username_action IS NULL AND domain_action IS NULL THEN
                SELECT 'DUNNO';
            ELSEIF username_action IN('DISCARD','REJECT Address does not exist') THEN
                SELECT username_action;
            ELSE
                SELECT domain_action;
            END IF;
        END IF;
    ELSE
        # This means the alias must have a + extension so we will ignore it
        SELECT NULL;
    END IF;
 END$$

DELIMITER ;

Notice again the removal of the SELECT query for the users table and that the additional_usernames table has been renamed to usernames. You can view the difference here.

Source code(tar.gz)
Source code(zip)

v0.10.1(Feb 24, 2022)
Added option to allow/disallow each recipient the ability to reply/send from your aliases

Added option in settings to generate a new backup code whilst keeping current 2FA method #231

Added email notification when account's default recipient is updated

Source code(tar.gz)
Source code(zip)
v0.10.0(Feb 11, 2022)
Fixed webauthn config after upgrade to v2

Added check for X-AnonAddy-Dmarc-Allow header added by Rspamd custom routine (see below)

Potentially breaking changes

If you are still running OpenDMARC / OpenDKIM and not Rspamd then this update will likely break your ability to reply/send from aliases as the above header will not be present. I recommend migrating to Rspamd if possible since it has many more features and is extremely fast.

Rspamd config update required

Please update /etc/rspamd/local.d/milter_headers.conf so that is looks like this:

use = ["authentication-results", "remove-headers", "spam-header", "add_dmarc_allow_header"]; routines { remove-headers { headers { "X-Spam" = 0; "X-Spamd-Bar" = 0; "X-Spam-Level" = 0; "X-Spam-Status" = 0; "X-Spam-Flag" = 0; } } authentication-results { header = "X-AnonAddy-Authentication-Results"; remove = 0; } spam-header { header = "X-AnonAddy-Spam"; value = "Yes"; remove = 0; } } custom { add_dmarc_allow_header = <<EOD return function(task, common_meta) if task:has_symbol('DMARC_POLICY_ALLOW') then return nil, {['X-AnonAddy-Dmarc-Allow'] = 'Yes'}, {['X-AnonAddy-Dmarc-Allow'] = 0}, {} end return nil, {}, {['X-AnonAddy-Dmarc-Allow'] = 0}, {} end EOD; }

The custom routine we've created add_dmarc_allow_header will simply add a header to messages that have the DMARC_POLICY_ALLOW symbol present Rspamd. We will use this to only allow replies / sends from aliases that are explicity permitted by their DMARC policy, in order to prevent anyone spoofing any of your recipient's email addresses.

The previous check just for the X-AnonAddy-Spam header was not enough since many major email providers have a DMARC policy of p=none such as Gmail and Hotmail. This means there is a chance your recipient address could be spoofed.
Source code(tar.gz)
Source code(zip)
v0.9.1(Feb 9, 2022)
Upgraded laravel-webauthn to v2

Added X-AnonAddy-Original-Reply-To-Header header on forwarded emails - the original unaltered Reply-To: header

Added Sender header on forwarded emails - the original unaltered Sender: header

Fixed small bug in app/Rules/VerifiedRecipientId.php

Source code(tar.gz)
Source code(zip)
v0.9.0(Feb 4, 2022)
Added new headers to forwarded messages; X-AnonAddy-Authentication-Results - this gives information on SPF, DKIM and DMARC checks for the original message. X-AnonAddy-Original-Envelope-From - the original envelope from address. X-AnonAddy-Original-From-Header - the original unaltered From: header.

Fixed #245 by using the From: header (if available) for verification on replies/sends from aliases

Added an email notification when an attempt is made to send/reply from an alias which fails authentication checks

Replies/sends from aliases will now fail if they do not pass authentication checks and have the spam header added by Rspamd, this is to prevent anyone else "spoofing" one of your recipients and being able to send messages from your aliases

Updated SELF-HOSTING.md as below

Changes required to Rspamd config files (self-hosting instructions update)

Now let's setup the handling of DMARC for incoming messages, create a new file /etc/rspamd/local.d/dmarc.conf and enter the following inside:

actions = { quarantine = "add_header"; reject = "reject"; }

Here we are telling Rspamd to add a header to any message that fails DMARC checks and has a policy of p=quarantine and to reject any message that fails DMARC checks with a policy p=reject. You can change reject to "add_header"; too if you would still like to see these messages.

Next we'll configure the headers to add, create a new file /etc/rspamd/local.d/milter_headers.conf and enter the following inside:

use = ["authentication-results", "remove-headers", "spam-header"]; routines { remove-headers { headers { "X-Spam" = 0; "X-Spamd-Bar" = 0; "X-Spam-Level" = 0; "X-Spam-Status" = 0; "X-Spam-Flag" = 0; } } authentication-results { header = "X-AnonAddy-Authentication-Results"; remove = 0; } spam-header { header = "X-AnonAddy-Spam"; value = "Yes"; remove = 0; } }

The authentication results header will give information on whether the message passed SPF, DKIM and DMARC checks and the spam header will be added if it fails any of these.
Source code(tar.gz)
Source code(zip)
v0.8.10(Jan 14, 2022)
Upgraded to Tailwind v3

Added sort option to aliases API endpoint

Added active filter to aliases API endpoint

Source code(tar.gz)
Source code(zip)
v0.8.9(Dec 9, 2021)
Added alias stats to account details endpoint

Added pagination by default to GET aliases endpoint (100 per page by default)

Source code(tar.gz)
Source code(zip)
v0.8.8(Dec 3, 2021)
Fixed the text view on replies and sends

Added original To and CC headers X-AnonAddy-Original-To and X-AnonAddy-Original-Cc to forwarded emails

Added email type options to rules so you can select whether they run on forwards, replies and sends

Source code(tar.gz)
Source code(zip)
v0.8.7(Nov 2, 2021)
Added support for inline images #210

Don't add plain text if email is html only #221

Added alias email to delete and forget alias modals to make sure you do not delete/forget the wrong one

Source code(tar.gz)
Source code(zip)
v0.8.6(Oct 14, 2021)
Added mailto: link to send from an alias contructor

Increased descriptions limit from 100 to 200 chars for aliases, domains and additional usernames

Source code(tar.gz)
Source code(zip)
v0.8.5(Oct 6, 2021)
Updated hashing algorithm for verify user/recipient URL

Removed duplicate CSS properties

Source code(tar.gz)
Source code(zip)