diff --git a/src/applications/metamta/editor/PhabricatorMetaMTAApplicationEmailEditor.php b/src/applications/metamta/editor/PhabricatorMetaMTAApplicationEmailEditor.php --- a/src/applications/metamta/editor/PhabricatorMetaMTAApplicationEmailEditor.php +++ b/src/applications/metamta/editor/PhabricatorMetaMTAApplicationEmailEditor.php @@ -103,6 +103,7 @@ $type, pht('Invalid'), pht('Email address is not formatted properly.')); + continue; } $address = new PhutilEmailAddress($email); @@ -113,6 +114,19 @@ pht( 'This email address is reserved. Choose a different '. 'address.')); + continue; + } + + // See T13234. Prevent use of user email addresses as application + // email addresses. + if (PhabricatorMailUtil::isUserAddress($address)) { + $errors[] = new PhabricatorApplicationTransactionValidationError( + $type, + pht('In Use'), + pht( + 'This email address is already in use by a user. Choose '. + 'a different address.')); + continue; } } diff --git a/src/applications/metamta/storage/PhabricatorMetaMTAReceivedMail.php b/src/applications/metamta/storage/PhabricatorMetaMTAReceivedMail.php --- a/src/applications/metamta/storage/PhabricatorMetaMTAReceivedMail.php +++ b/src/applications/metamta/storage/PhabricatorMetaMTAReceivedMail.php @@ -170,6 +170,13 @@ unset($targets[$key]); continue; } + + // See T13234. Don't process mail if a user has attached this address + // to their account. + if (PhabricatorMailUtil::isUserAddress($target)) { + unset($targets[$key]); + continue; + } } $any_accepted = false; diff --git a/src/applications/metamta/util/PhabricatorMailUtil.php b/src/applications/metamta/util/PhabricatorMailUtil.php --- a/src/applications/metamta/util/PhabricatorMailUtil.php +++ b/src/applications/metamta/util/PhabricatorMailUtil.php @@ -108,4 +108,12 @@ return false; } + public static function isUserAddress(PhutilEmailAddress $address) { + $user_email = id(new PhabricatorUserEmail())->loadOneWhere( + 'address = %s', + $address->getAddress()); + + return (bool)$user_email; + } + }