Forcing a failure on original wp_mail() confuses other plugins

[fabacab]

See https://wordpress.org/support/topic/encrypt-e-mail-attachments?replies=12#post-8112451

[boblmartens]

Thank you for looking into this some more (and that I am not, at least, 100% crazy)!

[fabacab]

Thank you for looking into this some more (and that I am not, at least, 100% crazy)!

You're not crazy. There are just some security implications that I need to more fully understand. It turns out WordPress really doesn't have any good API support for handling anything beyond trivially simple email modifications. Encrypting email is obviously not trivial.

The problem here is that other plugins expect a specific call to wp_mail() to either do almost exactly what they expect it to or they will take some other action which they provide no mechanism to modify. Very few, if any, other plugins deal with email securely. This creates a rather difficult burden (for me) to try to secure something that was never designed to be secure, but that's exactly what this plugin claims to do, and it's what I signed up for trying to make possible, for free, without encumbered software, in a fully open source way, because that's what every WordPress user deserves—including me.

The technical problem is more subtle. If I hijack the original call to wp_mail(), then I am able to absolutely ensure a secure delivery via PGP encryption for each individual recipient. However, this evidently confuses these other plugins that are, for lack of a better way to put it, expecting an insecure delivery. But this is obviously unworkable in practice, meaning my preferred solution, implemented in WP PGP Encrypted Emails 0.4.1, won't work for the majority of naive users, exactly the users this plugin is supposed to serve.

There are some alternative approaches I can try to take, which include trying to fake a success instead of return a failure (what I'm trying to code today), and simply encrypting the message and its attachments for multiple recipients. The latter approach would leak information about the message recipients to each recipient, which the current implementation doesn't do.

So basically I'm still not sure what the right solution is but then again, this plugin is less than a month old, so I'm not surprised we haven't yet discovered The Right Way to do this. Your feedback and the feedback from the WordPress support forum is invaluable to this process.

[boblmartens]

You are a saint for taking this serious of approach to things. Thanks for all of your work and help so far and I'll continue to help where I am able.

Again, nothing but my thanks.

[fabacab]

Thanks, all support is appreciated.

[fabacab]

@boblmartens If you're willing to give this patched version a try, let me know how it works for you with Formidable regarding #8. This patch contains the first approach, where I try "successfully" sending an email to an RFC 2606 non-routable addressee. My hope is that all modern MTAs understand what to do with this (i.e., fake a successful send but not actually deliver the mail). Thanks.

[boblmartens]

Just tested it. I only get the one message and I can see the other one in the logs getting a successful send message but that is it. Wonderful!

[fabacab]

Awesome! Out of curiosity, what MTA is your system running?

[boblmartens]

Right now we have a SLE 12 server with Postfix installed forwarding to Mandrill to handle the actual delivery …

… which I need to change because Mandrill is killing the best parts of the service and being folded into Mailchimp proper. Yay!

Sincerely, Bob Martens

[fabacab]

Oh, yeah, that's definitely modern enough. :)

Cool, well, since Stefan is the only other person who has reported problems with this, I'm going to give him or a day or two until he gets back to me before I officially release this as a version 0.4.2 bugfix.

[boblmartens]

Sounds good. Thanks!

Sincerely, Bob Martens

[fabacab]

@boblmartens When you say you can see the other message getting a succesful send in the logs, did you mean the Postfix logs or Formidable's WordPress logs or…?

[fabacab]

@boblmartens Stefan reported problems with noisy email failure notifications on his system so I am trying a new approach to solving this problem in an attempt to make both MTAs and other plugins happy. Can you please give patch 7fcd8a9f a try and let me know how your system feels about it? Thanks.

[boblmartens]

I’ll do that early on Monday when I’m back at work and report back.

I think the reason mine was working is that I was already checking for various version of “localhost” and forwarding those mails to another box, so my MTA (before Mandrill) was already taking care of those emails so that response back was a success.

Sincerely, Bob Martens

[fabacab]

@boblmartens I felt confident enough that this is going to work after my own tests and a successful fix for Stefan so I released this as v0.4.2, but feel free to take your time updating/testing in your own environment, too. I'm closing this issue as fixed in the mean time. If there are further problems relating to other plugins, feel free to reopen this.

[boblmartens]

Initial tests are positive from my end. Thanks!