moinwiki
Mail (bounce) handling
Original report by Bastian Blank (Bitbucket: waldi, GitHub: waldi).
Moin can send mails on several occasions, mostly related to user handling and notifications on changes. It currently does not handle bounces and they usually get unnoticed. Moin should be able to handle bounces and re-act on them.
Two things are needed to do this. It needs a script that receives mails, parses them and acts on them. It should also encode some more information into the from address, like user-id, so each bounce can be easily identified without extra code to handle many broken systems out there.
Sending mail
Each mail should get some more information about the recipient. This is usually encoded into the from-address of the e-mail, like [email protected]. All major MTA supports this recipient delimiter addressing, so all mails are delivered [email protected]. With this information the mail can be accounted to the correct account even if some system in between does not support DSN.
All sent mails must follow some rules. They must be sent with a Auto-Submitted: auto-generated header (see RFC 3834). Also Moin should assume DSN is supported by the local MSA (ten years is enough) and send mails with RET=HDRS, NOTIFY=FAILURE and ORCPT=… (see RFC 3461).
Receiving mail
Moin needs a script that can be called by the MDA. This script gets the recipient of the mail and the contents at least. It parses the mail as needed and possible. It can act on the contents depending on the type of mail.
A DSN as specified in RFC 3464 can be handled completely automatic. Each failed account should be disabled. However we need some way to tell the user the account was disabled on the next attempted log-in. He may get the option to specify a new e-mail-address to regain access to the account.
All other mails should be forwarded to the admin for inspection. This mail should include all available user information if the id encoded into the bounce address is available.
Original comment by ana-balica (Bitbucket: ana-balica, GitHub: ana-balica).
Transferring the task details from a moin fork
Tweak sendmail() func by setting some additional mail headers for receiving DSN
NOTIFY=FAILURE
ORCPT=rfc822;[email protected]
RET=HDRS
And encode the userid (uid = user.meta['itemid']) in the FROM address of moin - [email protected]
We need a function for determining if the inbound mail is a DSN. For that we need to check mail headers. A mail is a DSN if:
- Content-Type: multipart/report; report-type=delivery-status;
- Action: failed (rfc3464)
How to react on DSN:
Disable the user account (user.meta['disabled'] = True) and on next logins flash a message saying that "Your account was disabled due to some mail address problems. Please verify if the email address you have provided is valid and active."
That implies that we need a form, where the user can introduce his old login and a new email. The account will be activated and a new email will be set. Also we need to inform the admins on the DSN and provide user information. For instance we could email the admins the DSN headers and include minimal necessary information about the user.
Original comment by Thomas Waldmann (Bitbucket: thomaswaldmann, GitHub: thomaswaldmann).
Note: in moin 1.9.x, we have a "mailimport" script (for other purposes, but it also kind of "receives mail for the wiki")