Project

General

Profile

Actions

Task #104329

open

Do not use no-reply@example.com email addres as a fallback for the defaultMailFromAddress

Added by Marcin Sągol 5 months ago. Updated about 1 month ago.

Status:
New
Priority:
Could have
Assignee:
-
Category:
Backend API
Start date:
2024-07-07
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
12
PHP Version:
8.3
Tags:
mail, mailer, mailng, configuration, backend
Complexity:
easy
Sprint Focus:

Description

The typo3/cms-core/Classes/Utility/MailUtility.php class offers helper methods to fetch several configuration values related to making, providing also some fallbacks.

One of them is this method:

public static function getSystemFromAddress(): string
{
    $address = $GLOBALS['TYPO3_CONF_VARS']['MAIL']['defaultMailFromAddress'] ?? null;

    if (!is_string($address) || !GeneralUtility::validEmail($address)) {
        // still nothing, get host name from server
        $address = 'no-reply@' . php_uname('n');
        if (!GeneralUtility::validEmail($address)) {
            // if everything fails use a dummy address
            $address = 'no-reply@example.com';
        }
    }
    return $address;
}


So, here as a very last fallback we have the used which might not be a good idea as it can expose some sensitive data.
It should be considered if this fallback should be used and even if the php_uname usage is intended.
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['defaultMailFromAddress'], just throw some exception.

Actions #1

Updated by Friedemann Altrock 5 months ago

Hi,

can you specify what sensitive data would be exposed and how?

FTR:
example.com is reserved as per RFC2606: https://www.rfc-editor.org/rfc/rfc2606.html
As long as IANA (Internet Assigned Numbers Authority) does not start an SMTP server on that domain, we'll be good.

Actions #2

Updated by Garvin Hicking 5 months ago

  • Description updated (diff)
Actions #3

Updated by Garvin Hicking 5 months ago

$0.02: While IMO technically valid, mails with that sender shouldn't be sent from production sites, also because nowadays with "wrong" senders like that mails won't be delivered (spam; unless a mail relay rewrites the senders). How about gating this so both fallbacks only work for non-production environments?

Those installs which use mail relays on production that rewrite senders, they should manually set "". I think throwing an exception then is good.

Actions #4

Updated by Georg Ringer 5 months ago

i would favor an exception instead of dummy code which won’t work anyways

Actions #5

Updated by Benni Mack about 1 month ago

  • Target version changed from 13.3 to Candidate for Major Version
Actions

Also available in: Atom PDF