Page MenuHomePhabricator
Feed Advanced Search

Feb 5 2018

alexmv added a comment to T13053: Plans: Mail Tags and Failover.

Hrrrm...

Feb 5 2018, 11:37 PM · Plans, Must Encrypt Mail, Mail
epriestley added a comment to T13053: Plans: Mail Tags and Failover.

Hrrrm...

Feb 5 2018, 11:33 PM · Plans, Must Encrypt Mail, Mail
epriestley added a revision to T12677: Support multiple mail delivery services for automatic failover: D18998: Prepare mail transmission to support failover across multiple mailers.
Feb 5 2018, 10:44 PM · Phacility, Mail
epriestley added a revision to T13053: Plans: Mail Tags and Failover: D18998: Prepare mail transmission to support failover across multiple mailers.
Feb 5 2018, 10:44 PM · Plans, Must Encrypt Mail, Mail
epriestley added a revision to T13053: Plans: Mail Tags and Failover: D18997: Add Differential and Herald mail stamps and some refinements.
Feb 5 2018, 8:06 PM · Plans, Must Encrypt Mail, Mail
epriestley added a revision to T13053: Plans: Mail Tags and Failover: D18996: Add more mail stamps: tasks, subscribers, projects, spaces.
Feb 5 2018, 7:23 PM · Plans, Must Encrypt Mail, Mail
epriestley added a revision to T13053: Plans: Mail Tags and Failover: D18995: Add Editor-based mail stamps: actor, via, silent, encrypted, new, mention, self-actor, self-mention.
Feb 5 2018, 7:03 PM · Plans, Must Encrypt Mail, Mail
epriestley added a revision to T13053: Plans: Mail Tags and Failover: D18994: Remove inconsistent and confusing use of the term "multiplex" in mail.
Feb 5 2018, 6:40 PM · Plans, Must Encrypt Mail, Mail

Feb 4 2018

epriestley added a revision to T10448: Modularize mail tags: D18991: Add basic support for mail "stamps" to improve client mail routing.
Feb 4 2018, 5:40 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request

Feb 2 2018

epriestley added a comment to T13053: Plans: Mail Tags and Failover.

Vaguely related, the subject line for this mail is currently something like:

Feb 2 2018, 11:07 PM · Plans, Must Encrypt Mail, Mail
epriestley added a comment to T13053: Plans: Mail Tags and Failover.

🐱 🐟

Feb 2 2018, 11:03 PM · Plans, Must Encrypt Mail, Mail
epriestley added a project to T13053: Plans: Mail Tags and Failover: Must Encrypt Mail.
Feb 2 2018, 11:02 PM · Plans, Must Encrypt Mail, Mail
epriestley added a comment to T13053: Plans: Mail Tags and Failover.

contains complex HTML elements (like inline comments) which would also need to be stored in a structured way and then rendered just-in-time

Feb 2 2018, 4:30 PM · Plans, Must Encrypt Mail, Mail
epriestley added a comment to T13053: Plans: Mail Tags and Failover.

While it's on my mind -- these messages link to /mail/whatever/123/ right now, but that page doesn't hyperlink links in the mail body, which is a fairly significant usability issue since the workflow is: click the link to go to the mail, read the mail body, copy paste the link in the mail body into your address bar.

Feb 2 2018, 4:25 PM · Plans, Must Encrypt Mail, Mail

Feb 1 2018

epriestley closed T11138: mail is not delivered if metamta.placeholder-to-recipient is null as Invalid.

This report doesn't include working reproduction instructions so we can't move forward.

Feb 1 2018, 10:58 PM · Mail, Bug Report
epriestley closed T12630: Phabricator fails with a fatal PHP error if it receives a mail with no plain text part as Resolved.

I can't reproduce this; it may have been fixed by D18776 + D18778.

Feb 1 2018, 10:54 PM · Mail, Bug Report
epriestley closed T13037: An attacker gained staff access to Mailgun and was able to read customer API keys as Resolved.

My call with Mailgun was generally reassuring. Based on an uncharitable reading of the January 5th disclosure, my major concern was that they might be starting from a cultural position which was blind to internal actors as threats and everyone just used root / hunter2 written on a sticky note to log in to everything or something like that.

Feb 1 2018, 9:42 PM · Phacility, Security, Mail
epriestley added a revision to T13053: Plans: Mail Tags and Failover: D18986: Save mail attachments in Files, not on the actual objects.
Feb 1 2018, 8:04 PM · Plans, Must Encrypt Mail, Mail
epriestley added a revision to T13053: Plans: Mail Tags and Failover: D18985: Support DestructionEngine in MetaMTAMail.
Feb 1 2018, 7:37 PM · Plans, Must Encrypt Mail, Mail
epriestley added a revision to T13053: Plans: Mail Tags and Failover: D18984: Add a Herald action to trigger "Must Encrypt" for mail.
Feb 1 2018, 5:34 PM · Plans, Must Encrypt Mail, Mail
epriestley added a comment to T13053: Plans: Mail Tags and Failover.

I suppose another reasonable attacker is "laptop thieves", but deleting any locally stored mail which was accidentally transmitted in the open seems like a reasonable way to recover from any confusion that arises until we figure out how foolproof the behavior needs to be.

Feb 1 2018, 5:05 PM · Plans, Must Encrypt Mail, Mail
epriestley added a comment to T13053: Plans: Mail Tags and Failover.

The intended trigger for "Must Encrypt" is Herald rules like this:

Feb 1 2018, 5:03 PM · Plans, Must Encrypt Mail, Mail
epriestley added a revision to T13053: Plans: Mail Tags and Failover: D18983: Add basic support for a "Must Encrypt" mail flag which prevents unsecured content transmission.
Feb 1 2018, 4:39 PM · Plans, Must Encrypt Mail, Mail
epriestley added a comment to T13053: Plans: Mail Tags and Failover.

The "Must Encrypt" change will necessarily link into the existing /mail/ web UI so users can read the mail content, so it's probably worth considering possible improvements.

Feb 1 2018, 4:08 PM · Plans, Must Encrypt Mail, Mail
epriestley updated the task description for T13053: Plans: Mail Tags and Failover.
Feb 1 2018, 3:26 PM · Plans, Must Encrypt Mail, Mail
epriestley added a comment to T13053: Plans: Mail Tags and Failover.

Although I'm suppressing the X-Phabricator-To and X-Phabricator-Cc headers for "Must Encrypt" mail (and the "To: ..." and "Cc: ..." footers in the body), the recipients will still be visible in the actual "To" and "Cc" lines if metamta.one-mail-per-recipient has been configured to false instead of the default (which is true).

Feb 1 2018, 3:24 PM · Plans, Must Encrypt Mail, Mail
epriestley added a comment to T13053: Plans: Mail Tags and Failover.

On Thread-Topic, this very old thread suggests that Outlook can show the header in some cases: https://bugzilla.mozilla.org/show_bug.cgi?id=411601

Feb 1 2018, 3:14 PM · Plans, Must Encrypt Mail, Mail
epriestley updated the task description for T13053: Plans: Mail Tags and Failover.
Feb 1 2018, 3:02 PM · Plans, Must Encrypt Mail, Mail

Jan 31 2018

epriestley updated the task description for T13053: Plans: Mail Tags and Failover.
Jan 31 2018, 7:26 PM · Plans, Must Encrypt Mail, Mail

Jan 30 2018

epriestley added a comment to T13037: An attacker gained staff access to Mailgun and was able to read customer API keys.

(They got back to me and we're scheduling a call.)

Jan 30 2018, 7:01 PM · Phacility, Security, Mail
epriestley added a comment to T13037: An attacker gained staff access to Mailgun and was able to read customer API keys.

Mailgun has yet to respond to me after about three weeks, so I send them a followup.

Jan 30 2018, 3:25 PM · Phacility, Security, Mail

Jan 27 2018

epriestley moved T11138: mail is not delivered if metamta.placeholder-to-recipient is null from v3 to Stamps/Failover on the Mail board.
Jan 27 2018, 9:58 PM · Mail, Bug Report
epriestley updated the task description for T13053: Plans: Mail Tags and Failover.
Jan 27 2018, 9:58 PM · Plans, Must Encrypt Mail, Mail
epriestley moved T9141: Rename "MetaMTA" to "Mail" from v3 to Far Future on the Mail board.
Jan 27 2018, 9:57 PM · Restricted Project, Mail
epriestley moved T10448: Modularize mail tags from v3 to Stamps/Failover on the Mail board.
Jan 27 2018, 9:57 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request
epriestley moved T7477: Handle inbound email with phabricator address in the CC from Backlog to Stamps/Failover on the Mail board.
Jan 27 2018, 9:57 PM · llvm, Restricted Project, Restricted Project, Mail
epriestley moved T4776: Notify users when someone takes an action that takes them off an object's recipient list from Backlog to Stamps/Failover on the Mail board.
Jan 27 2018, 9:56 PM · Mail, Restricted Project, Transactions
epriestley moved T11363: Differential "revision updated" mail preference is pretty useless from Backlog to Stamps/Failover on the Mail board.
Jan 27 2018, 9:56 PM · Customer Impact, Restricted Project, Differential, Mail
epriestley moved T11767: Unify email patch byte/line/time limit behaviors across Differential/Diffusion from Backlog to Future on the Mail board.
Jan 27 2018, 9:56 PM · Diffusion (v3), Differential, Mail
epriestley closed T12033: Large diffs can still repeatedly fail to insert as Resolved.

This is resolved as far as I'm aware. See also T11767 (improvements to these limits), PHI125 (similar issue with non-UTF8 attachments failing to insert) and T13053 (planning).

Jan 27 2018, 9:55 PM · Diffusion (v3), Restricted Project, Mail, Differential, Bug Report
epriestley closed T12033: Large diffs can still repeatedly fail to insert, a subtask of T11767: Unify email patch byte/line/time limit behaviors across Differential/Diffusion, as Resolved.
Jan 27 2018, 9:55 PM · Diffusion (v3), Differential, Mail
epriestley moved T12046: PHPMailer RCE [CVE-2016-10033 and CVE-2016-10045] from Backlog to Future on the Mail board.
Jan 27 2018, 9:54 PM · Mail, Security
epriestley moved T12404: Implement a first-party SMTP client from Backlog to Future on the Mail board.
Jan 27 2018, 9:54 PM · Infrastructure, Mail
epriestley moved T12491: Error reply emails which are generated before identifying the sender should no longer be sent, now that the "always require verification" rule is in place from Backlog to Stamps/Failover on the Mail board.
Jan 27 2018, 9:54 PM · Mail, Bug Report
epriestley moved T12630: Phabricator fails with a fatal PHP error if it receives a mail with no plain text part from Backlog to Stamps/Failover on the Mail board.
Jan 27 2018, 9:54 PM · Mail, Bug Report
epriestley moved T12677: Support multiple mail delivery services for automatic failover from Backlog to Stamps/Failover on the Mail board.
Jan 27 2018, 9:54 PM · Phacility, Mail
epriestley moved T12689: Mail is still received after resigning from a revision from Backlog to Stamps/Failover on the Mail board.
Jan 27 2018, 9:54 PM · Mail, Differential, Bug Report
epriestley moved T13037: An attacker gained staff access to Mailgun and was able to read customer API keys from Backlog to Stamps/Failover on the Mail board.
Jan 27 2018, 9:54 PM · Phacility, Security, Mail
epriestley moved T13053: Plans: Mail Tags and Failover from Backlog to Stamps/Failover on the Mail board.
Jan 27 2018, 9:53 PM · Plans, Must Encrypt Mail, Mail
epriestley closed T11337: Mail v3 as Wontfix.

I'm rolling this forward into T13053.

Jan 27 2018, 9:53 PM · llvm, Mail
epriestley triaged T13053: Plans: Mail Tags and Failover as Normal priority.
Jan 27 2018, 9:52 PM · Plans, Must Encrypt Mail, Mail

Jan 26 2018

epriestley moved T7804: Implement an "Acting User" Herald condition from Next to Far Future on the Herald board.
Jan 26 2018, 5:52 PM · Restricted Project, Herald, Mail

Jan 6 2018

epriestley updated the task description for T13037: An attacker gained staff access to Mailgun and was able to read customer API keys.
Jan 6 2018, 3:26 PM · Phacility, Security, Mail

Jan 5 2018

epriestley added a comment to T13037: An attacker gained staff access to Mailgun and was able to read customer API keys.

Mostly from the HN thread, other possible providers we haven't tried yet include Mandrill, Postmark, and Sparkpost.

Jan 5 2018, 8:55 PM · Phacility, Security, Mail
epriestley added a comment to T13037: An attacker gained staff access to Mailgun and was able to read customer API keys.

T12677 documents previous general issues with mail providers. Mailgun gets the worst of it there, but just because we've been with them for a while without anything too awful happening.

Jan 5 2018, 8:20 PM · Phacility, Security, Mail
epriestley triaged T13037: An attacker gained staff access to Mailgun and was able to read customer API keys as Normal priority.
Jan 5 2018, 8:14 PM · Phacility, Security, Mail
epriestley closed T13035: Differential drops draft mail when prototypes are enabled but no build plans are configured as Resolved.

The install in PHI271 reported this as fixed after upgrading.

Jan 5 2018, 6:47 PM · Mail, Differential

Jan 3 2018

epriestley added a revision to T13035: Differential drops draft mail when prototypes are enabled but no build plans are configured: D18852: Fix a minor/harmless race with feed publishers in certain draft states.
Jan 3 2018, 9:58 PM · Mail, Differential
epriestley added a revision to T13035: Differential drops draft mail when prototypes are enabled but no build plans are configured: D18851: Always show "X requested review" in mail to stop some undraft mail from being dropped.
Jan 3 2018, 9:43 PM · Mail, Differential
epriestley added parent tasks for T13035: Differential drops draft mail when prototypes are enabled but no build plans are configured: T13010: Upgrading: Differential Draft State, T2543: Add a formal "Draft" / "Not Yet Ready for Review" state to Differential.
Jan 3 2018, 9:40 PM · Mail, Differential
epriestley triaged T13035: Differential drops draft mail when prototypes are enabled but no build plans are configured as Normal priority.
Jan 3 2018, 9:40 PM · Mail, Differential

Nov 1 2017

epriestley added a revision to T12689: Mail is still received after resigning from a revision: D18758: Don't include resigned reviewers in the Differential "To" list.
Nov 1 2017, 6:12 PM · Mail, Differential, Bug Report
epriestley updated the task description for T12689: Mail is still received after resigning from a revision.
Nov 1 2017, 6:10 PM · Mail, Differential, Bug Report

Sep 13 2017

epriestley added a comment to T12033: Large diffs can still repeatedly fail to insert.

Oh, yes, sorry, looked at the wrong tab.

Sep 13 2017, 10:49 PM · Diffusion (v3), Restricted Project, Mail, Differential, Bug Report
alexmv added a comment to T12033: Large diffs can still repeatedly fail to insert.

Do you mean "follow up in PHI55"?

Sep 13 2017, 10:40 PM · Diffusion (v3), Restricted Project, Mail, Differential, Bug Report
epriestley added a comment to T12033: Large diffs can still repeatedly fail to insert.

I'm going to presume this is resolved by D18598 -- I updated T11767 with more plans and context for smoothing over the behavior, but I think it will no longer be disastrously bad. I'll follow up in PHI36 PHI55.

Sep 13 2017, 10:34 PM · Diffusion (v3), Restricted Project, Mail, Differential, Bug Report

Sep 12 2017

epriestley updated the task description for T11767: Unify email patch byte/line/time limit behaviors across Differential/Diffusion.
Sep 12 2017, 10:52 PM · Diffusion (v3), Differential, Mail
epriestley added a revision to T12033: Large diffs can still repeatedly fail to insert: D18598: Stop the bleeding caused by attaching enormous patches to revision mail.
Sep 12 2017, 10:43 PM · Diffusion (v3), Restricted Project, Mail, Differential, Bug Report

Aug 15 2017

epriestley moved T12689: Mail is still received after resigning from a revision from Backlog to Reviewer Rules on the Differential board.
Aug 15 2017, 5:53 PM · Mail, Differential, Bug Report

Aug 6 2017

chad merged T11368: Allow to watch only single column of the workboard into T5791: Write Herald rules for outbound mail.
Aug 6 2017, 3:26 AM · Restricted Project, Restricted Project, FreeBSD, Mail

Jul 27 2017

epriestley added a comment to T12404: Implement a first-party SMTP client.

This doesn't affect us, but more fuel on the fire -- XSS in example code which ships with PHPMailer (we don't distribute this code):

Jul 27 2017, 2:55 PM · Infrastructure, Mail
epriestley merged T12939: Ponder seems to ignore all email settings into T10448: Modularize mail tags.
Jul 27 2017, 1:33 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request
epriestley merged T12909: Calendar ignores email preferences if a user is invited via a project into T10448: Modularize mail tags.
Jul 27 2017, 1:31 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request
Twilight added a comment to T4776: Notify users when someone takes an action that takes them off an object's recipient list.

A possibly exceptional case here is users who unsubscribe themselves. We could wait for complaints or special case that.

Jul 27 2017, 8:21 AM · Mail, Restricted Project, Transactions

Jul 25 2017

chad closed T12929: Tasks created via email don't get "created" feed stories. They say "renamed" as Resolved by committing rPca17e2283d92: Have Maniphest use create transactions when using email.
Jul 25 2017, 8:36 PM · Mail, Bug Report, Maniphest
epriestley added a comment to T12929: Tasks created via email don't get "created" feed stories. They say "renamed".

There's also bin/mail receive-test but that only accepts mail --to an existing object, not a random email address, right now. We could make that more flexible to make testing a little easier (raw_mail.txt must be a full piece of mail with proper headers and encoding, but bin/mail receive-test accepts just the plain text of a body and simulates all the headers/encoding/envelope stuff).

Jul 25 2017, 8:31 PM · Mail, Bug Report, Maniphest
epriestley added a comment to T12929: Tasks created via email don't get "created" feed stories. They say "renamed".

Something like:

Jul 25 2017, 8:29 PM · Mail, Bug Report, Maniphest
chad added a revision to T12929: Tasks created via email don't get "created" feed stories. They say "renamed": D18279: Have Maniphest use create transactions when using email.
Jul 25 2017, 8:28 PM · Mail, Bug Report, Maniphest
chad added a comment to T12929: Tasks created via email don't get "created" feed stories. They say "renamed".

I think I have a fix but can't find the command line trick you showed me to test it.

Jul 25 2017, 8:25 PM · Mail, Bug Report, Maniphest

Jul 24 2017

epriestley added a comment to T12929: Tasks created via email don't get "created" feed stories. They say "renamed".

The easiest fix is probably to add a TYPE_CREATE transaction into ReplyHandler or MailReceiver alongside the other creation transactions.

Jul 24 2017, 4:06 PM · Mail, Bug Report, Maniphest
chad claimed T12929: Tasks created via email don't get "created" feed stories. They say "renamed".
Jul 24 2017, 4:06 PM · Mail, Bug Report, Maniphest
epriestley renamed T12929: Tasks created via email don't get "created" feed stories. They say "renamed" from Sample to Tasks created via email don't get "created" feed stories. They say "renamed".
Jul 24 2017, 3:36 PM · Mail, Bug Report, Maniphest

Jul 14 2017

ivo created T12921: Link to referenced object in transaction emails.
Jul 14 2017, 1:46 PM · Mail

Jul 11 2017

joshuaspence added a revision to T12910: Allow SES to be used for inbound mail: D18205: Add SNS mail endpoint.
Jul 11 2017, 1:53 PM · Mail

Jul 10 2017

joshuaspence created T12910: Allow SES to be used for inbound mail.
Jul 10 2017, 12:20 PM · Mail

Jul 9 2017

chad updated the image for Mail from F1087792: profile to F5039293: profile.
Jul 9 2017, 7:37 PM

Jun 23 2017

aklapper added a comment to T8363: Include reply action ("!action") hints in outbound email.

I think that these use to exist and were moved to a help document somewhere.

Jun 23 2017, 5:31 PM · llvm, Restricted Project, Mail

Jun 15 2017

avivey renamed T11138: mail is not delivered if metamta.placeholder-to-recipient is null from metamta.placeholder-to-recipient doesn't upgrade CCs to To as it says so. [With more info] to mail is not delivered if metamta.placeholder-to-recipient is null.
Jun 15 2017, 9:23 PM · Mail, Bug Report
aravindh added a comment to T11138: mail is not delivered if metamta.placeholder-to-recipient is null.

What is the problem? What is wrong/not working?

Jun 15 2017, 9:20 PM · Mail, Bug Report
avivey added a comment to T11138: mail is not delivered if metamta.placeholder-to-recipient is null.

I'm not sure I understand something:

Jun 15 2017, 8:57 PM · Mail, Bug Report
aravindh added a comment to T11138: mail is not delivered if metamta.placeholder-to-recipient is null.

I am running into this issue too and am on commits:

Jun 15 2017, 7:32 PM · Mail, Bug Report

Jun 14 2017

epriestley closed T12844: MetaMTA worker can win a race against MTAMail despite both being inserted in the same transaction, because they aren't actually inserted in the same transaction as Resolved by committing rP3d70db9eb5d0: Queue a worker task to send mail only after committing the mail transaction.
Jun 14 2017, 7:27 PM · Daemons, Mail, Restricted Project, Bug Report
epriestley renamed T12844: MetaMTA worker can win a race against MTAMail despite both being inserted in the same transaction, because they aren't actually inserted in the same transaction from MetaMTA worker can win a race against MTAMail despite both being inserted in the same transaction to MetaMTA worker can win a race against MTAMail despite both being inserted in the same transaction, because they aren't actually inserted in the same transaction.
Jun 14 2017, 7:19 PM · Daemons, Mail, Restricted Project, Bug Report
epriestley added a revision to T12844: MetaMTA worker can win a race against MTAMail despite both being inserted in the same transaction, because they aren't actually inserted in the same transaction: D18124: Queue a worker task to send mail only after committing the mail transaction.
Jun 14 2017, 7:15 PM · Daemons, Mail, Restricted Project, Bug Report
epriestley added a comment to T12844: MetaMTA worker can win a race against MTAMail despite both being inserted in the same transaction, because they aren't actually inserted in the same transaction.

Oh, this doesn't isolate things because they're on different databases, and thus we establish different connections. The daemon insert does not happen inside a transaction.

Jun 14 2017, 7:10 PM · Daemons, Mail, Restricted Project, Bug Report
epriestley created T12844: MetaMTA worker can win a race against MTAMail despite both being inserted in the same transaction, because they aren't actually inserted in the same transaction.
Jun 14 2017, 6:59 PM · Daemons, Mail, Restricted Project, Bug Report

May 24 2017

amckinley updated the task description for T10448: Modularize mail tags.
May 24 2017, 8:01 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request
amckinley updated the task description for T10448: Modularize mail tags.
May 24 2017, 8:01 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request
amckinley closed T12673: Update Projects for Modular Transactions, a subtask of T10448: Modularize mail tags, as Resolved.
May 24 2017, 7:56 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request
amckinley closed T12673: Update Projects for Modular Transactions as Resolved by committing rP88466addee26: Migrate Project workboard background color to modular transactions.
May 24 2017, 7:56 PM · Prioritized, Restricted Project, Mail, User Preferences, Owners, Feature Request