Mail verification only working for auditor

Issue #854 closed
Martin Nadvornik created an issue

Hi Janos,

we have Piler set up to authenticate our Users against our iRedMail Pro LDAP. Everything was working fine beside that the mail verification was only shown as valid when being logged in with the auditor user. When being logged in as a general User the GUI always showed that the verification failed.

I found the issues #774 and #768. And after I changed the parameter HEADER_LINE_TO_HIDE to an empty string it is now working as expected.

I was just wondering why it is the default setting to hide the X-ENVELOPE-TO header. We are sending all our mails by our postfix server using the always_bcc method. Is there another method of getting postfix to send all mails to piler without having to take care of the X-ENVELOPE-TO header?

We are currently running Piler 1.3.0 no epoll

Comments (4)

  1. Janos SUTO repo owner

    The idea behind the header_line_to_hide feature is that to exclude such headers if they reveal bcc recipients as well. The problem or the bug is that the message is altered, and after that the hash values are verified, and it will result in different hash values, that's why the verification error. I'll check this issue, and let you know.

  2. Janos SUTO repo owner

    I'd like you to show me the get_raw_message() function in model/search/message.php. I suspect that the verify_message function is called (within get_raw_message) after preg_replace. The latest version fixes the order.

  3. Martin Nadvornik reporter

    For anyone who comes across this issue in future: I solved the problem by not hiding the X-ENVELOPE-TO header. In order to still not disclose any bcc receipients it should be possible to use sub-addressing as desribed in #335.

    I can't tell if the latest version at the time Janos wrote his comment would have also fixed the problem because I unhid the header before updating piler.

  4. Log in to comment