<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Mike,<br>
<br>
Long time no talk. Didn't you folks used to run MailScanner? :-)<br>
<br>
The new code only uses PHP's mail() if the SMTP settings are not set
in preferences.php.<br>
If they are set at all, it now uses PHPmailer instead.<br>
<a class="moz-txt-link-freetext" href="https://github.com/PHPMailer/PHPMailer">https://github.com/PHPMailer/PHPMailer</a><br>
<br>
On the basis that PHPMailer can do many more clever things, do you
fancy having a read of the docs there and suggesting an improvement
that I could make when using PHPMailer?<br>
<br>
Thanks!<br>
Jules.<br>
<br>
<br>
<div class="moz-cite-prefix">On 22/06/2017 16:50, Mike Brudenell
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAPXCWasFyZwDYx5uzRN_WD_q_ECo=pk_payoBq_Q4nKQxbOjNA@mail.gmail.com">
<div dir="ltr">We're noticing that when someone here uploads files
into Zendto but mistypes the recipient's email address they're
not learning of their mistake: they're not seeing the
Non-Delivery Report.
<div><br>
</div>
<div>Digging around in the mail queues shows the upload
notification tried to go to the invalid address, fails, and
then is trying to go back to a username based on the local
username that Zendto is running under. This isn't a valid
mailbox, so the Non Delivery Report gets stuck in our queues
until it times out a few days later. The would-be sender never
sees it.</div>
<div><br>
</div>
<div>I see in the the file lib/NSSDropbox.php that the
deliverEmail() function includes this:</div>
<div><br>
</div>
<div>
<div><font size="1" face="monospace, monospace"> return
mail(</font></div>
<div><font size="1" face="monospace, monospace">
$toAddr,</font></div>
<div><font size="1" face="monospace, monospace">
$subject,</font></div>
<div><font size="1" face="monospace, monospace">
$content,</font></div>
<div><font size="1" face="monospace, monospace">
$headers // JKF Commented out for now due to security
concerns ,</font></div>
<div><font size="1" face="monospace, monospace">
// JKF Commented out for now due to security concerns</font></div>
<div><font size="1" face="monospace, monospace">
// '-f "'.$fromAddr.'"'</font></div>
<div><font size="1" face="monospace, monospace"> );</font></div>
<div><br>
</div>
<div>I assume it's to avoid forged sender addresses and/or
problems with SPF.</div>
<div><br>
</div>
<div>Would it be possible (whilst avoiding such security and
email authentication issues!) to instead:</div>
<div>
<ul>
<li>If the person doing the upload is logged in to Zendto
(and so it has got a confirmed sender email address) <u
style="font-weight:bold">and</u> that email address
matches one of your internal domains <u
style="font-weight:bold">then</u> set the
RFC5321.MailFrom to the confirmed sender address)<br>
<br>
</li>
<li>Otherwise do as now and not set the sender address.</li>
</ul>
<div>Actually even this latter isn't ideal, as the local
user account Zendto is running under is quite likely not
to be a valid email address. Instead maybe a setting in
the preferences should be used to specify this?</div>
</div>
<div><br>
</div>
<div>(My apologies: I can just about read PHP but don't know
it sufficiently to try writing anything like this myself!)</div>
<div><br>
</div>
<div>Cheers,</div>
<div>Mike B-)</div>
<div><br>
</div>
-- <br>
<div class="gmail_signature">
<div dir="ltr">
<div><font color="#666666">Systems Administrator &
Change Manager</font></div>
<div><font color="#666666">IT Services, University of
York, Heslington, York YO10 5DD, UK</font></div>
<div><font color="#666666">Tel: +44-(0)1904-323811</font></div>
<div><font color="#666666"><br>
</font></div>
<div><font color="#666666">Web:<span style="white-space:pre"> </span><a
href="http://www.york.ac.uk/it-services"
target="_blank" moz-do-not-send="true">www.york.ac.uk/it-services</a></font></div>
<div><font color="#666666">Disclaimer:<span style="white-space:pre"> </span><a
href="http://www.york.ac.uk/docs/disclaimer/email.htm" target="_blank"
moz-do-not-send="true">www.york.ac.uk/docs/disclaimer/email.htm</a></font></div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</pre>
</body>
</html>