[ZendTo] RFC5321.MailFrom address in notification emails

Jules Jules at Zend.To
Thu Jun 22 17:11:13 BST 2017 

Mike,

Long time no talk. Didn't you folks used to run MailScanner? :-)

The new code only uses PHP's mail() if the SMTP settings are not set in 
preferences.php.
If they are set at all, it now uses PHPmailer instead.
     https://github.com/PHPMailer/PHPMailer

On the basis that PHPMailer can do many more clever things, do you fancy 
having a read of the docs there and suggesting an improvement that I 
could make when using PHPMailer?

Thanks!
Jules.


On 22/06/2017 16:50, Mike Brudenell wrote:
> We're noticing that when someone here uploads files into Zendto but 
> mistypes the recipient's email address they're not learning of their 
> mistake: they're not seeing the Non-Delivery Report.
>
> Digging around in the mail queues shows the upload notification tried 
> to go to the invalid address, fails, and then is trying to go back to 
> a username based on the local username that Zendto is running under. 
> This isn't a valid mailbox, so the Non Delivery Report gets stuck in 
> our queues until it times out a few days later. The would-be sender 
> never sees it.
>
> I see in the the file lib/NSSDropbox.php that the deliverEmail() 
> function includes this:
>
>     return mail(
> $toAddr,
> $subject,
> $content,
> $headers // JKF Commented out for now due to security concerns ,
> // JKF Commented out for now due to security concerns
> // '-f "'.$fromAddr.'"'
>             );
>
> I assume it's to avoid forged sender addresses and/or problems with SPF.
>
> Would it be possible (whilst avoiding such security and email 
> authentication issues!) to instead:
>
>   * If the person doing the upload is logged in to Zendto (and so it
>     has got a confirmed sender email address) _and_ that email address
>     matches one of your internal domains _then_ set the
>     RFC5321.MailFrom to the confirmed sender address)
>
>   * Otherwise do as now and not set the sender address.
>
> Actually even this latter isn't ideal, as the local user account 
> Zendto is running under is quite likely not to be a valid email 
> address. Instead maybe a setting in the preferences should be used to 
> specify this?
>
> (My apologies: I can just about read PHP but don't know it 
> sufficiently to try writing anything like this myself!)
>
> Cheers,
> Mike B-)
>
> -- 
> Systems Administrator & Change Manager
> IT Services, University of York, Heslington, York YO10 5DD, UK
> Tel: +44-(0)1904-323811
>
> Web:www.york.ac.uk/it-services <http://www.york.ac.uk/it-services>
> Disclaimer:www.york.ac.uk/docs/disclaimer/email.htm 
> <http://www.york.ac.uk/docs/disclaimer/email.htm>
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM


www.Zend.To
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20170622/3d0e8460/attachment.html

More information about the ZendTo mailing list