Is your feature request related to a problem? Please describe.
In version 2.2.2 it seems to be impossible to specify a From: address for errorreporting e-mails. The constructor for the EMail class has parameters to specify From: and To: addresses, but such arguments are not passed, hence the default technicalcontact_email is used for both From: and To:
This is problematic in many cases, for example when SimpleSAMLphp runs on saml.example.org and sends e-mail via localhost:25 and the technical contact e-mail is samladmin@example.net it is likely that the MTA at example.net:25 will refuse to accept e-mails from the MTA at saml.example.org where with From: samladmin@example.net, e.g. because of SPF or because it requires authentication for such From: headers. This might also lead to backscatter originating from the MTA at saml.example.org (e.g. Subject: Undelivered Mail Returned to Sender, From: Mail Delivery System <MAILER-DAEMON@saml.example.org>, To: samladmin@example.net) when failing to deliver the original e-mail.
Describe the solution you'd like
The real solution is of course to implement configuration options for specifying the From: addresses for errorreporting and cron sendemail.
Describe alternatives you've considered
I understand that there are workarounds to this problem, but they're mostly terrible or not applicable to my specific use case, including:
Changing SPF rules (would hurt security, get us more spam)
Changing the MTA from localhost to something external and configure my own mail-server to allow e-mail from saml.example.org (this would be difficult, and I don't know if the service provider where I host SimpleSAMLphp, allows outgoing connections to port 25 on external hosts).
Changing the technicalcontact_email to some @saml.example.org address (would require me to have a mailbox at saml.example.org)
Currently I opted for disabling errorreporting and cron sendemail altogether.
tvdijen
commented
3 weeks ago
Is your feature request related to a problem? Please describe. In version 2.2.2 it seems to be impossible to specify a
From:address forerrorreportinge-mails. The constructor for theEMailclass has parameters to specifyFrom:andTo:addresses, but such arguments are not passed, hence the defaulttechnicalcontact_emailis used for bothFrom:andTo:https://github.com/simplesamlphp/simplesamlphp/blob/2339859b9c05a59d930585baec9fdbe0a77e947d/src/SimpleSAML/Utils/EMail.php#L44-L57
This is problematic in many cases, for example when SimpleSAMLphp runs on
saml.example.organd sends e-mail vialocalhost:25and the technical contact e-mail issamladmin@example.netit is likely that the MTA atexample.net:25will refuse to accept e-mails from the MTA atsaml.example.orgwhere withFrom: samladmin@example.net, e.g. because of SPF or because it requires authentication for suchFrom:headers. This might also lead to backscatter originating from the MTA atsaml.example.org(e.g.Subject: Undelivered Mail Returned to Sender,From: Mail Delivery System <MAILER-DAEMON@saml.example.org>,To: samladmin@example.net) when failing to deliver the original e-mail.Describe the solution you'd like The real solution is of course to implement configuration options for specifying the
From:addresses forerrorreportingand cronsendemail.Describe alternatives you've considered I understand that there are workarounds to this problem, but they're mostly terrible or not applicable to my specific use case, including:
technicalcontact_emailto some@saml.example.orgaddress (would require me to have a mailbox atsaml.example.org)Currently I opted for disabling
errorreportingand cronsendemailaltogether.