User-to-user mail SPF and privacy borkage

Per bug 12655

On our newer, Ubuntu-based Apache configuration we’ve been using sSMTP as a minimal local SMTP sending agent. This emulates the ‘sendmail’ binary and simply passes messages off to a hub server with no local queuing… but it’s not without its problems.

sSMTP forces the message’s ‘From’ header and the SMTP envelope sender address to be the same, which causes some problems for us when that ‘From’ address is a user’s offsite e-mail:

  • Servers which validate SPF records may reject the messages outright
  • In case of delivery problems, bounce messages will be sent back to the user, possibly including the recipient’s address which is supposed to be kept private.

As a workaround for such configurations I’ve introduced a config var $wgUserEmailUseReplyTo. When set, a wiki-specific address is used as ‘From’, and the user’s address is put in ‘Reply-To’.

This is uglier — you don’t see a clean ‘Sender’ column in your mail client — but mails will get through and private data won’t get tossed around inappropriately.

In the long term I’d like to see us either dump sSMTP (a local-only postfix or something would work fine) or patch it to let the envelope sender be set separately.