In T13053#235208, @epriestley wrote:Hrrrm...
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Feb 5 2018
Feb 5 2018
Hrrrm...
Feb 4 2018
Feb 4 2018
epriestley added a revision to T10448: Modularize mail tags: D18991: Add basic support for mail "stamps" to improve client mail routing.
Feb 4 2018, 5:40 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request
Feb 2 2018
Feb 2 2018
Vaguely related, the subject line for this mail is currently something like:
🐱 🐟
contains complex HTML elements (like inline comments) which would also need to be stored in a structured way and then rendered just-in-time
While it's on my mind -- these messages link to /mail/whatever/123/ right now, but that page doesn't hyperlink links in the mail body, which is a fairly significant usability issue since the workflow is: click the link to go to the mail, read the mail body, copy paste the link in the mail body into your address bar.
Feb 1 2018
Feb 1 2018
epriestley closed T11138: mail is not delivered if metamta.placeholder-to-recipient is null as Invalid.
This report doesn't include working reproduction instructions so we can't move forward.
epriestley closed T13037: An attacker gained staff access to Mailgun and was able to read customer API keys as Resolved.
My call with Mailgun was generally reassuring. Based on an uncharitable reading of the January 5th disclosure, my major concern was that they might be starting from a cultural position which was blind to internal actors as threats and everyone just used root / hunter2 written on a sticky note to log in to everything or something like that.
epriestley added a revision to T13053: Plans: Mail Tags and Failover: D18985: Support DestructionEngine in MetaMTAMail.
I suppose another reasonable attacker is "laptop thieves", but deleting any locally stored mail which was accidentally transmitted in the open seems like a reasonable way to recover from any confusion that arises until we figure out how foolproof the behavior needs to be.
The intended trigger for "Must Encrypt" is Herald rules like this:
The "Must Encrypt" change will necessarily link into the existing /mail/ web UI so users can read the mail content, so it's probably worth considering possible improvements.
Although I'm suppressing the X-Phabricator-To and X-Phabricator-Cc headers for "Must Encrypt" mail (and the "To: ..." and "Cc: ..." footers in the body), the recipients will still be visible in the actual "To" and "Cc" lines if metamta.one-mail-per-recipient has been configured to false instead of the default (which is true).
On Thread-Topic, this very old thread suggests that Outlook can show the header in some cases: https://bugzilla.mozilla.org/show_bug.cgi?id=411601
Jan 31 2018
Jan 31 2018
Jan 30 2018
Jan 30 2018
epriestley added a comment to T13037: An attacker gained staff access to Mailgun and was able to read customer API keys.
(They got back to me and we're scheduling a call.)
epriestley added a comment to T13037: An attacker gained staff access to Mailgun and was able to read customer API keys.
Mailgun has yet to respond to me after about three weeks, so I send them a followup.
Jan 27 2018
Jan 27 2018
epriestley moved T11138: mail is not delivered if metamta.placeholder-to-recipient is null from v3 to Stamps/Failover on the Mail board.
Jan 27 2018, 9:57 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request
epriestley moved T7477: Handle inbound email with phabricator address in the CC from Backlog to Stamps/Failover on the Mail board.
epriestley moved T11363: Differential "revision updated" mail preference is pretty useless from Backlog to Stamps/Failover on the Mail board.
epriestley moved T11767: Unify email patch byte/line/time limit behaviors across Differential/Diffusion from Backlog to Future on the Mail board.
epriestley moved T12046: PHPMailer RCE [CVE-2016-10033 and CVE-2016-10045] from Backlog to Future on the Mail board.
epriestley moved T12404: Implement a first-party SMTP client from Backlog to Future on the Mail board.
epriestley moved T12677: Support multiple mail delivery services for automatic failover from Backlog to Stamps/Failover on the Mail board.
epriestley moved T12689: Mail is still received after resigning from a revision from Backlog to Stamps/Failover on the Mail board.
epriestley moved T13037: An attacker gained staff access to Mailgun and was able to read customer API keys from Backlog to Stamps/Failover on the Mail board.
epriestley moved T13053: Plans: Mail Tags and Failover from Backlog to Stamps/Failover on the Mail board.
I'm rolling this forward into T13053.
Jan 26 2018
Jan 26 2018
epriestley moved T7804: Implement an "Acting User" Herald condition from Next to Far Future on the Herald board.
Jan 6 2018
Jan 6 2018
epriestley updated the task description for T13037: An attacker gained staff access to Mailgun and was able to read customer API keys.
Jan 5 2018
Jan 5 2018
epriestley added a comment to T13037: An attacker gained staff access to Mailgun and was able to read customer API keys.
Mostly from the HN thread, other possible providers we haven't tried yet include Mandrill, Postmark, and Sparkpost.
epriestley added a comment to T13037: An attacker gained staff access to Mailgun and was able to read customer API keys.
T12677 documents previous general issues with mail providers. Mailgun gets the worst of it there, but just because we've been with them for a while without anything too awful happening.
epriestley triaged T13037: An attacker gained staff access to Mailgun and was able to read customer API keys as Normal priority.
epriestley closed T13035: Differential drops draft mail when prototypes are enabled but no build plans are configured as Resolved.
The install in PHI271 reported this as fixed after upgrading.
Jan 3 2018
Jan 3 2018
epriestley triaged T13035: Differential drops draft mail when prototypes are enabled but no build plans are configured as Normal priority.
Nov 1 2017
Nov 1 2017
epriestley updated the task description for T12689: Mail is still received after resigning from a revision.
Sep 13 2017
Sep 13 2017
Oh, yes, sorry, looked at the wrong tab.
Do you mean "follow up in PHI55"?
Sep 12 2017
Sep 12 2017
epriestley updated the task description for T11767: Unify email patch byte/line/time limit behaviors across Differential/Diffusion.
Aug 15 2017
Aug 15 2017
epriestley moved T12689: Mail is still received after resigning from a revision from Backlog to Reviewer Rules on the Differential board.
Aug 6 2017
Aug 6 2017
Jul 27 2017
Jul 27 2017
This doesn't affect us, but more fuel on the fire -- XSS in example code which ships with PHPMailer (we don't distribute this code):
epriestley merged T12939: Ponder seems to ignore all email settings into T10448: Modularize mail tags.
Jul 27 2017, 1:33 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request
epriestley merged T12909: Calendar ignores email preferences if a user is invited via a project into T10448: Modularize mail tags.
Jul 27 2017, 1:31 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request
Twilight added a comment to T4776: Notify users when someone takes an action that takes them off an object's recipient list.
A possibly exceptional case here is users who unsubscribe themselves. We could wait for complaints or special case that.
Jul 25 2017
Jul 25 2017
epriestley added a comment to T12929: Tasks created via email don't get "created" feed stories. They say "renamed".
There's also bin/mail receive-test but that only accepts mail --to an existing object, not a random email address, right now. We could make that more flexible to make testing a little easier (raw_mail.txt must be a full piece of mail with proper headers and encoding, but bin/mail receive-test accepts just the plain text of a body and simulates all the headers/encoding/envelope stuff).
epriestley added a comment to T12929: Tasks created via email don't get "created" feed stories. They say "renamed".
Something like:
chad added a comment to T12929: Tasks created via email don't get "created" feed stories. They say "renamed".
I think I have a fix but can't find the command line trick you showed me to test it.
Jul 24 2017
Jul 24 2017
epriestley added a comment to T12929: Tasks created via email don't get "created" feed stories. They say "renamed".
The easiest fix is probably to add a TYPE_CREATE transaction into ReplyHandler or MailReceiver alongside the other creation transactions.
epriestley renamed T12929: Tasks created via email don't get "created" feed stories. They say "renamed" from Sample to Tasks created via email don't get "created" feed stories. They say "renamed".
Jul 14 2017
Jul 14 2017
Jul 11 2017
Jul 11 2017
joshuaspence added a revision to T12910: Allow SES to be used for inbound mail: D18205: Add SNS mail endpoint.
Jul 10 2017
Jul 10 2017
Jul 9 2017
Jul 9 2017
Jun 23 2017
Jun 23 2017
I think that these use to exist and were moved to a help document somewhere.
Jun 15 2017
Jun 15 2017
avivey renamed T11138: mail is not delivered if metamta.placeholder-to-recipient is null from metamta.placeholder-to-recipient doesn't upgrade CCs to To as it says so. [With more info] to mail is not delivered if metamta.placeholder-to-recipient is null.
aravindh added a comment to T11138: mail is not delivered if metamta.placeholder-to-recipient is null.
What is the problem? What is wrong/not working?
avivey added a comment to T11138: mail is not delivered if metamta.placeholder-to-recipient is null.
I'm not sure I understand something:
aravindh added a comment to T11138: mail is not delivered if metamta.placeholder-to-recipient is null.
I am running into this issue too and am on commits:
Jun 14 2017
Jun 14 2017
epriestley closed T12844: MetaMTA worker can win a race against MTAMail despite both being inserted in the same transaction, because they aren't actually inserted in the same transaction as Resolved by committing rP3d70db9eb5d0: Queue a worker task to send mail only after committing the mail transaction.
epriestley renamed T12844: MetaMTA worker can win a race against MTAMail despite both being inserted in the same transaction, because they aren't actually inserted in the same transaction from MetaMTA worker can win a race against MTAMail despite both being inserted in the same transaction to MetaMTA worker can win a race against MTAMail despite both being inserted in the same transaction, because they aren't actually inserted in the same transaction.
epriestley added a comment to T12844: MetaMTA worker can win a race against MTAMail despite both being inserted in the same transaction, because they aren't actually inserted in the same transaction.
Oh, this doesn't isolate things because they're on different databases, and thus we establish different connections. The daemon insert does not happen inside a transaction.
May 24 2017
May 24 2017
May 24 2017, 8:01 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request
May 24 2017, 8:01 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request
amckinley closed T12673: Update Projects for Modular Transactions, a subtask of T10448: Modularize mail tags, as Resolved.
May 24 2017, 7:56 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request
amckinley closed T12673: Update Projects for Modular Transactions as Resolved by committing rP88466addee26: Migrate Project workboard background color to modular transactions.
May 24 2017, 7:56 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request