The original message is said to have bounced.Įrrors may occur at multiple places during email delivery. I'm using the built-in php mail and it talks to a generic postfix service on localhost, with CentOS 6.5.Bounce message, also called a (failed) Delivery Status Notification (DSN) is an automated electronic email message from a mail system informing the sender about a delivery problem. That would set our new VERP address as the 'Return-Path' address of outgoing emails through PHP mailer Īnd that the UserMailerChangeReturnPath hook itself is not relevant. I don't really understand why it fixes the issue, I think it is due to: Sorry, I didn't realize there was more than one patch in this series.Īctually, before the patch, the 'Return-Path' header was set to the value of $wgPasswordSender for emails from the wiki - and this patch come to relevance only if you have installed the BounceHandler ( /wiki/Extension:BounceHandler ) extension to generate custom VERPed 'Return-Path' address on sent emails. Sounds like an endorsement/proposal for Chris to be a (co-)mentor? -) Chris, are you interested in soliciting students work in this area? If yes, who could be interested mentoring? Random, stored token or one that is the output of a symmetrical encryptionįunction, encrypt(email, secret). The way to avoid fake bounces DoSing a user would be to use aīounce- return path address with either being a Need a full MediaWiki install on the system )) when emails to bounce-XXX Say, 1-2 months time would be the right time for this.ġ-2 months from now would be great for GSoC (it's the deadline for students applications) if someone thinks this suits a GSoC work and unless you want this bug to be fixed *before* the summer by ops/platform.įrom the mailserver side, we can run a script (preferrably one that doesn't Infrastructure is about to be rebuilt, but I think catching up again in, Making that change (= making API calls from the mailservers) as the mail Yes, we need to do VERP and we'll make that happen. Hah! Good thing it was still on someone's radar then. #4785) in which I was the one to propose VERP, so we've actually ran a full So, this bug report was filed right after a conversation about Echo (RT (In reply to Faidon Liambotis from comment #5) the e-mail address as arguments), which can then call the (authenticated) MediaWiki API method to remove the mail address. There would be Mediawiki development component to this task to build the API, to add VERP request calls wherever email is sent, and an Ops component to route VERP bounces to a script (taking the mail as stdin, and optionally e.g. We want a history of consecutive mails bouncing. The reason for the threshold is that some failure scenarios will resolve themselves, eg mailbox over quota, so we don't want to react to one bounce. That API call would record the current incident and if there had been some threshold level met, eg at least 3 bounces with the oldest at least 7 days ago, then it would un-confirm the user's address so mail will stop going to it.įor at least the second call, authentication will be needed so fake bounces are not a DoS vector or a mechanism for hiding password reset requests. One that records a non-transient failure. One to generate a VERP address to use when sending mail from Mediawiki. It's a waste of resources and might trigger spam heuristics. We should not keep sending email that is just going to bounce. We do not currently unsubscribe users who trigger multiple non-transient failures and some addresses might be 10+ years old. It's likely that many Wikipedia accounts have a validated email address that once worked but is out of date.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |