Is your feature request related to a problem? Please describe.
In version 2.2.2 it seems to be impossible to specify a From: address for errorreporting e-mails. The constructor for the EMail class has parameters to specify From: and To: addresses, but such arguments are not passed, hence the default technicalcontact_email is used for both From: and To:
This is problematic in many cases, for example when SimpleSAMLphp runs on saml.example.org and sends e-mail via localhost:25 and the technical contact e-mail is samladmin@example.net it is likely that the MTA at example.net:25 will refuse to accept e-mails from the MTA at saml.example.org where with From: samladmin@example.net, e.g. because of SPF or because it requires authentication for such From: headers. This might also lead to backscatter originating from the MTA at saml.example.org (e.g. Subject: Undelivered Mail Returned to Sender, From: Mail Delivery System <MAILER-DAEMON@saml.example.org>, To: samladmin@example.net) when failing to deliver the original e-mail.
Describe the solution you'd like
The real solution is of course to implement configuration options for specifying the From: addresses for errorreporting and cron sendemail.
Describe alternatives you've considered
I understand that there are workarounds to this problem, but they're mostly terrible or not applicable to my specific use case, including:
Changing SPF rules (would hurt security, get us more spam)
Changing the MTA from localhost to something external and configure my own mail-server to allow e-mail from saml.example.org (this would be difficult, and I don't know if the service provider where I host SimpleSAMLphp, allows outgoing connections to port 25 on external hosts).
Changing the technicalcontact_email to some @saml.example.org address (would require me to have a mailbox at saml.example.org)
Currently I opted for disabling errorreporting and cron sendemail altogether.
Is your feature request related to a problem? Please describe. In version 2.2.2 it seems to be impossible to specify a
From:
address forerrorreporting
e-mails. The constructor for theEMail
class has parameters to specifyFrom:
andTo:
addresses, but such arguments are not passed, hence the defaulttechnicalcontact_email
is used for bothFrom:
andTo:
https://github.com/simplesamlphp/simplesamlphp/blob/2339859b9c05a59d930585baec9fdbe0a77e947d/src/SimpleSAML/Utils/EMail.php#L44-L57
This is problematic in many cases, for example when SimpleSAMLphp runs on
saml.example.org
and sends e-mail vialocalhost:25
and the technical contact e-mail issamladmin@example.net
it is likely that the MTA atexample.net:25
will refuse to accept e-mails from the MTA atsaml.example.org
where withFrom: samladmin@example.net
, e.g. because of SPF or because it requires authentication for suchFrom:
headers. This might also lead to backscatter originating from the MTA atsaml.example.org
(e.g.Subject: Undelivered Mail Returned to Sender
,From: Mail Delivery System <MAILER-DAEMON@saml.example.org>
,To: samladmin@example.net
) when failing to deliver the original e-mail.Describe the solution you'd like The real solution is of course to implement configuration options for specifying the
From:
addresses forerrorreporting
and cronsendemail
.Describe alternatives you've considered I understand that there are workarounds to this problem, but they're mostly terrible or not applicable to my specific use case, including:
technicalcontact_email
to some@saml.example.org
address (would require me to have a mailbox atsaml.example.org
)Currently I opted for disabling
errorreporting
and cronsendemail
altogether.