From 83ea1faf84ea00edc0eef9597542648ff88dc5a4 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 21 Jan 2008 07:05:19 +0000 Subject: [PATCH] * (bug 12655) Added $wgUserEmailUseReplyTo config option to put sender address in Reply-To instead of From for user-to-user emails. This protects against SPF problems and privacy-leaking bounce messages when using mailers that set the envelope sender to the From header value. --- RELEASE-NOTES | 4 ++++ includes/DefaultSettings.php | 10 ++++++++++ includes/SpecialEmailuser.php | 32 ++++++++++++++++++++++++++++++-- 3 files changed, 44 insertions(+), 2 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 351cc919ad..08567dcd50 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -136,6 +136,10 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * (bug 10049) Prefix index search and namespaces in Special:Withoutinterwiki * (bug 12668) Support for custom iPhone bookmark icon via $wgAppleTouchIcon * Add option to include templates in Special:Export. +* (bug 12655) Added $wgUserEmailUseReplyTo config option to put sender + address in Reply-To instead of From for user-to-user emails. + This protects against SPF problems and privacy-leaking bounce messages + when using mailers that set the envelope sender to the From header value. === Bug fixes in 1.12 === diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index e39f20b512..429d98e415 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -509,6 +509,16 @@ $wgEnableEmail = true; */ $wgEnableUserEmail = true; +/** + * Set to true to put the sending user's email in a Reply-To header + * instead of From. ($wgEmergencyContact will be used as From.) + * + * Some mailers (eg sSMTP) set the SMTP envelope sender to the From value, + * which can cause problems with SPF validation and leak recipient addressses + * when bounces are sent to the sender. + */ +$wgUserEmailUseReplyTo = false; + /** * Minimum time, in hours, which must elapse between password reminder * emails for a given account. This is to prevent abuse by mail flooding. diff --git a/includes/SpecialEmailuser.php b/includes/SpecialEmailuser.php index 7104c525da..e965cf51ea 100644 --- a/includes/SpecialEmailuser.php +++ b/includes/SpecialEmailuser.php @@ -143,15 +143,43 @@ class EmailUserForm { } function doSubmit() { - global $wgOut, $wgUser; + global $wgOut, $wgUser, $wgUserEmailUseReplyTo; $to = new MailAddress( $this->target ); $from = new MailAddress( $wgUser ); $subject = $this->subject; if( wfRunHooks( 'EmailUser', array( &$to, &$from, &$subject, &$this->text ) ) ) { + + if( $wgUserEmailUseReplyTo ) { + // Put the generic wiki autogenerated address in the From: + // header and reserve the user for Reply-To. + // + // This is a bit ugly, but will serve to differentiate + // wiki-borne mails from direct mails and protects against + // SPF and bounce problems with some mailers (see below). + global $wgEmergencyContact; + $mailFrom = new MailAddress( $wgEmergencyContact ); + $replyTo = $from; + } else { + // Put the sending user's e-mail address in the From: header. + // + // This is clean-looking and convenient, but has issues. + // One is that it doesn't as clearly differentiate the wiki mail + // from "directly" sent mails. + // + // Another is that some mailers (like sSMTP) will use the From + // address as the envelope sender as well. For open sites this + // can cause mails to be flunked for SPF violations (since the + // wiki server isn't an authorized sender for various users' + // domains) as well as creating a privacy issue as bounces + // containing the recipient's e-mail address may get sent to + // the sending user. + $mailFrom = $from; + $replyTo = null; + } - $mailResult = userMailer( $to, $from, $subject, $this->text ); + $mailResult = UserMailer::send( $to, $mailFrom, $subject, $this->text, $replyTo ); if( WikiError::isError( $mailResult ) ) { $wgOut->addHTML( wfMsg( "usermailererror" ) . $mailResult); -- 2.20.1