Page MenuHomePhabricator

Error reply emails which are generated before identifying the sender should no longer be sent, now that the "always require verification" rule is in place
Closed, ResolvedPublic

Description

After setting up mailgun to handle inbound mail to Phabricator, I found my mailgun logs were unexpectedly showing a lot of outbound mail to unknown addresses.

This seems to be because Phabricator accepts all inbound mail (at least the mailgun endpoint does), then sends a standard "Error Processing Mail (No Receivers)" mail to the alleged sender (who in the case of spam is likely an innocent victim). While it does avoid sending the body of the original mail, so isn't perpetuating the spam problem through backscatter, it is still an annoyance, and may lead to complaints against the mailgun account.

Potential solutions:

  1. Reject unrecognized destination addresses before the incoming mail is accepted. This should result in the originating server handling the failure as a bounce without implicating the Phabricator installation.
  2. Document the addresses that inbound mail actually uses, so more specific pattern matching rules can be set up in mailgun instead of a catch_all.
  3. An option to not send out such Error messages.

Event Timeline

Version is stable, updated about 2 hours ago.

phabricator 8f7983a5be3a56db5b79dc7c3a0eb470f1d7ca02 (Sat, Mar 25) (branched from b4effdf26c3e7d5de0d010cf14626c5d8d404e04 on origin)
arcanist 60aaee0ed3f5a1e4384ac7d7f2efd2c64cecbe44 (Sat, Mar 25) (branched from d1db9a72b552151613a918e3d49fa72433387a68 on origin)
phutil b133c277014868d476f08b4ebecde2ea795509e4 (Sat, Mar 25) (branched from c0bc116bedc895fd617799a13549f8707edfd3fb on origin)

Also, my test email body was too short, and I missed that it is in fact included in the reply message, so this is sending backscatter spam, and could result in Phabricator installs being deliberately used for that purpose.

jasonrumney updated the task description. (Show Details)Apr 2 2017, 2:06 PM

I should also mention that phabricator.allow-email-users is false on this install. Another option to avoid backscatter spam could be to limit the error messages to registered users (maybe even regardless of that setting).

epriestley renamed this task from Avoid replying to spam to Error reply emails which are generated before identifying the sender should no longer be sent, now that the "always require verification" rule is in place.Apr 26 2017, 12:31 PM