[ZendTo] RFC5321.MailFrom address in notification emails

Burns, Richard H. burnsr at william.jewell.edu
Thu Jun 22 17:04:27 BST 2017 

I had this problem also so I created an email account with the zendto@ address. I can then
monitor the mailbox for bad addresses. It's not ideal but I have caught a few.

Richard Burns
Information Technology
William Jewell College

On Jun 22, 2017, at 10:53 AM, Mike Brudenell <mike.brudenell at york.ac.uk<mailto:mike.brudenell at york.ac.uk>> wrote:

We're noticing that when someone here uploads files into Zendto but mistypes the recipient's email address they're not learning of their mistake: they're not seeing the Non-Delivery Report.

Digging around in the mail queues shows the upload notification tried to go to the invalid address, fails, and then is trying to go back to a username based on the local username that Zendto is running under. This isn't a valid mailbox, so the Non Delivery Report gets stuck in our queues until it times out a few days later. The would-be sender never sees it.

I see in the the file lib/NSSDropbox.php that the deliverEmail() function includes this:

    return mail(
              $toAddr,
              $subject,
              $content,
              $headers // JKF Commented out for now due to security concerns ,
              // JKF Commented out for now due to security concerns
              // '-f "'.$fromAddr.'"'
            );

I assume it's to avoid forged sender addresses and/or problems with SPF.

Would it be possible (whilst avoiding such security and email authentication issues!) to instead:

  *   If the person doing the upload is logged in to Zendto (and so it has got a confirmed sender email address) and that email address matches one of your internal domains then set the RFC5321.MailFrom to the confirmed sender address)

  *   Otherwise do as now and not set the sender address.

Actually even this latter isn't ideal, as the local user account Zendto is running under is quite likely not to be a valid email address. Instead maybe a setting in the preferences should be used to specify this?

(My apologies: I can just about read PHP but don't know it sufficiently to try writing anything like this myself!)

Cheers,
Mike B-)

--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services<http://www.york.ac.uk/it-services>
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm<http://www.york.ac.uk/docs/disclaimer/email.htm>
_______________________________________________
ZendTo mailing list
ZendTo at zend.to<mailto:ZendTo at zend.to>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20170622/8e74a8f1/attachment-0001.html

More information about the ZendTo mailing list