Embedded web form rejects valid email domains (client-side validation)

Technical assistance
1

Infos:

  • Used Zammad version: ii zammad 6.5.2-1768823021.67f668c1.noble amd64 Zammad is a web based open source helpdesk/customer support system
  • Used Zammad installation type: (source, package, docker-compose, …) * Package installation (Linux server, NGINX reverse proxy)
  • Operating system: Ubuntu Server (production system)
  • Browser + version: * Chrome (latest), Firefox (latest), Edge (latest) — issue reproducible across browsers

Expected behavior:

    • The embedded Zammad web form should accept any valid email address when submitting a ticket.
  • Email addresses, multiple email domains should be accepted.
  • The form should submit successfully and create a ticket and customer if the user does not already exist.

Actual behavior:

    • The embedded web form rejects non-main email addresses .
  • The email input field immediately turns red and the form cannot be submitted.
  • No network request (form_submit) is sent.
  • No error message is shown, only client-side validation styling.
  • This happens even though:
    • The email address format is valid
    • Domain-based assignment is enabled
    • An organization exists for the domain alternative domain
    • No custom email validation exists in the HTML or form.js

Steps to reproduce the behavior:

    1. Open the embedded Zammad web form (/request)
    2. Enter a valid name and message
    3. Enter an email address with a non-primary domain, e.g. user@domain#2.com
    4. Observe that the email field turns red immediately
    5. The form cannot be submitted and no request is sent

Additional notes:
• main domain email addresses work
• HTML input has no pattern or domain restriction
• Custom form.js contains no domain validation
• Organizations for both domains exist
• Domain-based assignment is enabled for both organizations
• Issue appears to be enforced by backend form configuration returned to the embedded form

2

Sorry but what field in what part of the interface are you talking about exactly?

What domain format are you using? Is it really domain#other.tld…?

3

https://imgur.com/a/BdwKNbk

Here is what the form is like and it’s the email section that does not accept any domain other than what is used on th Using the Zammad Form function and form.js for modifying the fields. The @mk-kliniken.com domain is being rejected and being detected as a robot even though it’s a legitimate email domain. So I tested with @gmail.com and several other domains and it’s accepting it. What is it that I need to change in order for it to accept this domain? Is there any way I can whitelist it?

4

No, you cannot whitelist that. Zammad looks for MX records. That is the case for the domain you’ve shared. The only thing that caught my attention is the priority of 300 (which I think is quite high). This shouldn’t be an issue though - Zammad does not filter for it.

I double checked with the microwave (Claude) and it did tell me the same.
A side note: If your public and local resolver are different (e.g. you use the same public domain internally too, but with different DNS records especially WITHOUT a MX record, then this would explain your issue).

5

Would you recommend I bypass it on the Zammad server and do:

sudo nano /etc/systemd/resolved.conf

[Resolve]
DNS=1.1.1.1 8.8.8.8
FallbackDNS=9.9.9.9

sudo systemctl restart systemd-resolved
sudo systemctl restart zammad

Otherwise I can go into our Domain Controller and modify the internal zone and an MX record on that domain if it doesn’t exist already, but I’m not sure which would be best and less disruptive.

6

If your Zammad-System does not require other internal DNS records, this is definitely the easiest way to do it, yes. Zammad just verifies the record, it does not use it for sending. (Just in case, if that’s relevant to you)