FS#49488 - {wiki} email settings lead to bounced emails

Attached to Project: Arch Linux
Opened by Ingo Albrecht (indigo) - Friday, 27 May 2016, 21:42 GMT
Last edited by Florian Pritz (bluewind) - Monday, 30 May 2016, 15:16 GMT
Task Type Bug Report
Category Web Sites
Status Closed
Assigned To Pierre Schmitz (Pierre)
Florian Pritz (bluewind)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:

I experienced a number of email bounces from SPF at the destination. These happened after an email was sent via the wiki's internal functionality to mail another wiki-user. The wiki functionality about sending notifications for changes in watched articles is not affected.

This lead to a comparison of email headers and it turns out the "email a user" function inserts the email address registered to the user as FROM/RETURN-PATH, while the notification uses the webmaster@

This difference is exactly what is described at [1], bullet point 2:

"Another concern is that some mailers (like sSMTP) will use the From address as the SMTP envelope sender (the generator of the email message) as well. For open sites, this can cause email messages to be penalized for SPF violations (since the wiki server isn't authorized to send messages on behalf of other domains), as well as creating a privacy issue, as bounces containing the recipient's email address may get sent to the sending user."

Hence, I am sssuming this is the reason behind the bounces. So, please set
$wgUserEmailUseReplyTo
in LocalSettings.php to "True".


Additional info:
[1] https://www.mediawiki.org/wiki/Manual:$wgUserEmailUseReplyTo
[2] Log of self-sent email (attached)

Steps to reproduce:

Not all ISPs bounce like that, yahoo and gmx do, gmail gets through. So, to test you need to pick one that is known to.
This task depends upon

Closed by  Florian Pritz (bluewind)
Monday, 30 May 2016, 15:16 GMT
Reason for closing:  Fixed
Comment by Florian Pritz (bluewind) - Monday, 30 May 2016, 14:14 GMT
I've changed the setting. Can you please test if it works as expected?
Comment by Ingo Albrecht (indigo) - Monday, 30 May 2016, 15:14 GMT
Yes, it arrived right away.[1] log attached

To me this can be closed - thanks for the quick fix!

In parallel to this, I contacted the ISP via a webform they provide. I received their general SPF info enclosed [2]. I attach it, since I have seen you deal with the topic on the mailing list.

Loading...