Prevent loops in received mail

Summary: It's currently possible to configure Phabricator to send mail to some address it recognizes as relating to an object. When we receive mail from Phabricator, drop it unconditionally. Test Plan: Wrote two emails, one with the header and one without. Piped them to `mail_handler.php`, one was dropped immediately. Reviewers: btrahan, nh, mikaaay, jungejason Reviewed By: jungejason CC: aran Differential Revision: https://secure.phabricator.com/D2529
2024-09-20 01:08:50 +02:00 · 2012-05-22 06:02:05 -07:00 · 2012-05-22 06:02:05 -07:00 · 0461cd6e4f
commit 0461cd6e4f
parent 463cb116bd
1 changed files with 13 additions and 0 deletions
--- a/src/applications/metamta/storage/receivedmail/PhabricatorMetaMTAReceivedMail.php
+++ b/src/applications/metamta/storage/receivedmail/PhabricatorMetaMTAReceivedMail.php
@ -55,6 +55,19 @@ final class PhabricatorMetaMTAReceivedMail extends PhabricatorMetaMTADAO {
  }

  public function processReceivedMail() {
+
+    // If Phabricator sent the mail, always drop it immediately. This prevents
+    // loops where, e.g., the public bug address is also a user email address
+    // and creating a bug sends them an email, which loops.
+    $is_phabricator_mail = idx(
+      $this->headers,
+      'x-phabricator-sent-this-message');
+    if ($is_phabricator_mail) {
+      $message = "Ignoring email with 'X-Phabricator-Sent-This-Message' ".
+                 "header to avoid loops.";
+      return $this->setMessage($message)->save();
+    }
+
    $to = idx($this->headers, 'to');
    $to = $this->getRawEmailAddress($to);