FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Google Groups rewriting from addresses to handle DMARC policy
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Google Groups rewriting from addresses to handle DMARC policy [message #187615] Mon, 05 November 2018 10:11 Go to next message
Zrubi is currently offline  Zrubi   Hungary
Messages: 5
Registered: November 2018
Karma: 0
Junior Member
Hi,

I just created a PoC project to create a forum interface for some google(groups) based mailing lists.
Now we have been hit by this isuse:
www.spamresource.com/2014/04/google-groups-rewriting-from-addresses.html

As I use the auto user account creation feature, in practice this means that the forged From address causing the forum engine to create a user accoutn using the mailing list email address Smile
The side effects:
- all the affected users mails are appearing under this fake user.
- the password reset function sends out reset links to the public mailing lists.

With this bug - or missing feature to workaround google's bad workaround - makes the forum useless in case of google mailing lists.
I found out that in such cases:
- the mail address in the From filed is always ending with: '@googlegroups.com'
- the real sender address can be found in: 'X-Original-From'


I also started to investigate the responsible code.
It seems trivial to add such exeption, however I don't know if that mail header parsing module is third party code or not...
Re: Google Groups rewriting from addresses to handle DMARC policy [message #187616 is a reply to message #187615] Mon, 05 November 2018 19:32 Go to previous messageGo to next message
naudefj is currently offline  naudefj   United States
Messages: 3771
Registered: December 2004
Karma: 28
Senior Member
Administrator
Core Developer
The mail headers are parsed in file "mime_decode.inc", in particular, look at function fetch_useful_headers().
Please post a patch when you're done.
Re: Google Groups rewriting from addresses to handle DMARC policy [message #187618 is a reply to message #187616] Wed, 07 November 2018 13:07 Go to previous messageGo to next message
Zrubi is currently offline  Zrubi   Hungary
Messages: 5
Registered: November 2018
Karma: 0
Junior Member
As the issue is NOT google specific, I'm only searched for the existence of the new (X-Original-From) header, and used that instead of the standard - but forged - 'From' header.
It is woks for me - but I only tested it with googlegroups mailing lists.
Re: Google Groups rewriting from addresses to handle DMARC policy [message #187667 is a reply to message #187618] Sat, 02 February 2019 12:46 Go to previous message
Zrubi is currently offline  Zrubi   Hungary
Messages: 5
Registered: November 2018
Karma: 0
Junior Member
Another issue, with the same root cause:
When sending mails with fake From address to a mailing list, it will deny or at least delay the message.

The "Fixed from address:" is a workaround, but then we loosing the author of the post.
To workaround this I just created a small modification (attached)

Hence, it is a quick fix, the final solution would be to (optionally?) include additional headers like X-Original-From
And/or probably this sould be template specific?

[Updated on: Sat, 02 February 2019 12:47]

Report message to a moderator

  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: memory problem/leak in category manager?
Next Topic: Convert MSG Files to MBOX
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 04:48:49 GMT 2024

Total time taken to generate the page: 0.02395 seconds