Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

[resolved] Allow Header Spoofing - How is this intented to be used??

The help message says that it is generally used when sending mail from aliases of this mail box.
I do not understand this immediately.
I have an email called which has,
Do I add the 3 emails as separate emails in Admin Panel -> Emails with the alias in Email Address field and in Username?
Or should I just add a single email with Email Address and Username as and check "Allow Header Spoofing"?
If so, where do I specify the aliases to be used?


  • Enabling "Allow Header Spoofing" allows email to be sent via the SMTP setup in that address..

    If you want to use an email address to be able to send or receive mail.... you would configure it in osTicket.
    So if you want to send or receive mail using,, and then you need to set them up.

    As an example if I wanted to setup a in osTicket, but I dont want to setup SMTP settings for this address. [Use case 1: non routing return email.  Use Case 2: the mail server requires SMTP auth but since alias1@ is an alias and not an account you would not be able to use SMTP auth to send email].  Allowing spoofing on another address means that osTicket will attempt to spoof the email hgeaders when sending an email so that it can use a non-existent or aliased email address as the FROM address.
  • Thanks for the explanation.
    But will it send the email with spoofed From address using System Default SMTP settings? Or php's mail()?
  • Is there a setting where we can specify an email to be an alias and can we specify which SMTP settings to use? Because, I have a email which has as alias.
    I just in Email Address field and use (or also works) as SMTP username and use realaccount's password. I did not enable Allow Header Spoofing. I guess I'm not understanding stuff. :(
  • My installation has 5 emails configured.
    One of those has SMTP settings, and it my base email that I used to send/receive.
    All my other configured emails get sent through this connection, because I allow header spoofing on it.
  • I did not think of it like this because I was subconsciously wondering what would happen if 2 or more emails have set to allow header spoofing so though there must be some other use for it. Anyways, it doesn't matter which setting it uses, the email is gonna be delivered! Your explanation clears things up. Thanks!
  • Very welcome. :)  I'll close this thread and mark it as resolved.
This discussion has been closed.