Index: trunk/phase3/includes/SpecialEmailuser.php
===================================================================
--- trunk/phase3/includes/SpecialEmailuser.php (revision 30013)
+++ trunk/phase3/includes/SpecialEmailuser.php (revision 30014)
@@ -143,15 +143,43 @@
}
function doSubmit() {
- global $wgOut, $wgUser;
+ global $wgOut, $wgUser, $wgUserEmailUseReplyTo;
$to = new MailAddress( $this->target );
$from = new MailAddress( $wgUser );
$subject = $this->subject;
if( wfRunHooks( 'EmailUser', array( &$to, &$from, &$subject, &$this->text ) ) ) {
+
+ if( $wgUserEmailUseReplyTo ) {
+ // Put the generic wiki autogenerated address in the From:
+ // header and reserve the user for Reply-To.
+ //
+ // This is a bit ugly, but will serve to differentiate
+ // wiki-borne mails from direct mails and protects against
+ // SPF and bounce problems with some mailers (see below).
+ global $wgEmergencyContact;
+ $mailFrom = new MailAddress( $wgEmergencyContact );
+ $replyTo = $from;
+ } else {
+ // Put the sending user's e-mail address in the From: header.
+ //
+ // This is clean-looking and convenient, but has issues.
+ // One is that it doesn't as clearly differentiate the wiki mail
+ // from "directly" sent mails.
+ //
+ // Another is that some mailers (like sSMTP) will use the From
+ // address as the envelope sender as well. For open sites this
+ // can cause mails to be flunked for SPF violations (since the
+ // wiki server isn't an authorized sender for various users'
+ // domains) as well as creating a privacy issue as bounces
+ // containing the recipient's e-mail address may get sent to
+ // the sending user.
+ $mailFrom = $from;
+ $replyTo = null;
+ }
- $mailResult = userMailer( $to, $from, $subject, $this->text );
+ $mailResult = UserMailer::send( $to, $mailFrom, $subject, $this->text, $replyTo );
if( WikiError::isError( $mailResult ) ) {
$wgOut->addHTML( wfMsg( "usermailererror" ) . $mailResult);
Index: trunk/phase3/includes/DefaultSettings.php
===================================================================
--- trunk/phase3/includes/DefaultSettings.php (revision 30013)
+++ trunk/phase3/includes/DefaultSettings.php (revision 30014)
@@ -510,6 +510,16 @@
$wgEnableUserEmail = true;
/**
+ * Set to true to put the sending user's email in a Reply-To header
+ * instead of From. ($wgEmergencyContact will be used as From.)
+ *
+ * Some mailers (eg sSMTP) set the SMTP envelope sender to the From value,
+ * which can cause problems with SPF validation and leak recipient addressses
+ * when bounces are sent to the sender.
+ */
+$wgUserEmailUseReplyTo = false;
+
+/**
* Minimum time, in hours, which must elapse between password reminder
* emails for a given account. This is to prevent abuse by mail flooding.
*/
Index: trunk/phase3/RELEASE-NOTES
===================================================================
--- trunk/phase3/RELEASE-NOTES (revision 30013)
+++ trunk/phase3/RELEASE-NOTES (revision 30014)
@@ -136,6 +136,10 @@
* (bug 10049) Prefix index search and namespaces in Special:Withoutinterwiki
* (bug 12668) Support for custom iPhone bookmark icon via $wgAppleTouchIcon
* Add option to include templates in Special:Export.
+* (bug 12655) Added $wgUserEmailUseReplyTo config option to put sender
+ address in Reply-To instead of From for user-to-user emails.
+ This protects against SPF problems and privacy-leaking bounce messages
+ when using mailers that set the envelope sender to the From header value.
=== Bug fixes in 1.12 ===
