[wp-trac] [WordPress Trac] #14888: PHPMailer class uses wrong/no sender for mail envelope
WordPress Trac
wp-trac at lists.automattic.com
Fri Aug 24 12:07:39 UTC 2012
#14888: PHPMailer class uses wrong/no sender for mail envelope
-----------------------------------------+-----------------------------
Reporter: gkusardi | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Mail | Version: 3.2.1
Severity: normal | Resolution:
Keywords: reporter-feedback has-patch |
-----------------------------------------+-----------------------------
Changes (by basos):
* version: 3.0 => 3.2.1
Comment:
Hello, SergeyBiryukov patch is correct (partially). Should remove reply-to
headers explicitly being set AND should remove sender to be auto-filled
with from address. I.E. remove all lines.
Explanations
Note that this patch addresses the issue where "''wordpress generated
emails do not have an appropriate envelope address (reply-to header)"'',
which could cause servers to reject mail (when envelope is not a fqdn -
misconfigurayion) or classify them as SPAM (when envelope is a shared
system domain, see below). Also should the default envelope be a valid
address, the bounces will go there, and not in a configurable (webmaster)
email.
On the other hand there is another issue (the old #5273),''' that will
reappear''' if this patch is applied. This is the ''"wordpress generated
emails -erroneously- specify the from header address as a non configurable
wordpress[@]sitedomain.com email"'', which when combined with the envelope
setting fix above will specify this email as an envelope causing some
recipient SMTPs to rehect the mail due to
[http://en.wikipedia.org/wiki/Callback_verification callback (callout)
verification] failure.
'''The solutuion'''
A. At php mailer do not assume anything about sender i.e. leave it blank
by default (to instruct sending SMTP to use it's default envelope). Also
apply the fix to not explicitly set return-path sender as it is against
the specs.
B. Add a new wp configuration option "System email" i.e. "An email address
to be used for bounces. This should be an existing email address at the
originating mail server. Leave it black to use the server's default
address.". Normally, this would be the webmaster's email (the technical
guy).
C. Use the existing wp "admin_email" as a from header to all wordpress
generated emails. This will be the email that users will see as a sender
(and possibly reply to). Normally the blog administrator's email (the
social guy :).
Also a small history, to explain how I found thing trac report (and an
example of the impact on spam filters):
In my case the envelope sender (reply-to header) was added automatically
by the shared hosting provider.(By the way it is a mail server
misconfiguration to set envelope sender address to a non-fqdn)
Instead of being someone[@]mydomain.com it was
servername[@]companyserver.com. This caused some SPAM filtering engines on
the recipient side (possibly having to do with
[http://en.wikipedia.org/wiki/Sender_Policy_Framework SPF]) to classify
the mail as SPAM. (Meanwhile I found that the server's SMTP address is at
a SPAM list, which is another story). Nevertheless, when the correct
envelope sender was set, the mail was not classified as SPAM at least at
yahoo and gmail.
Also the two scenarios have a differed Receive-SPF header. The latter
being a "best guess" pass, whatever that could mean.
- with envelope set to @mydomain.com
Received-SPF: Pass (recipientmailprovider.com: domain of
wordpress[@]mydomain.com designates xxx.xxx.xxx.xxx as permitted sender )
client-ip: xxx.xxx.xxx.xxx
- with no-envelope set (defaulting to sending SMTP server's envelope
@companyserver.com)
Received-SPF: Pass (recipientmailprovider.com: domain of
servername[@]companyserver.com designates xxx.xxx.xxx.xxx as permitted
sender using best guess ) client-ip: xxx.xxx.xxx.xxx
--
Ticket URL: <http://core.trac.wordpress.org/ticket/14888#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list