Mask the sender for "Must Encrypt" mail

Summary: Depends on D18998. Ref T13053. When we send "Must Encrypt" mail, we currently send it with a normal "From" address. This discloses a little information about the object (for example, if the Director of Silly Walks is interacting with a "must encrypt" object, the vulnerability is probably related to Silly Walks), so anonymize who is interacting with the object. Test Plan: Processed some mail. (The actual final "From" is ephemeral and a little tricky to examine and I didn't actually transmit mail over the network, but it should be obvious if this works or not on `secure`.) Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13053 Differential Revision: https://secure.phabricator.com/D19000
2024-11-26 16:52:41 +01:00 · 2018-02-06 04:28:03 -08:00 · 2018-02-06 04:28:03 -08:00 · 7765299f83
commit 7765299f83
parent 1485debcbd
1 changed files with 6 additions and 0 deletions
--- a/src/applications/metamta/storage/PhabricatorMetaMTAMail.php
+++ b/src/applications/metamta/storage/PhabricatorMetaMTAMail.php
@ -592,6 +592,12 @@ final class PhabricatorMetaMTAMail
          $mailer->setFrom($from_email, $from_name);
          break;
        case 'from':
+          // If the mail content must be encrypted, disguise the sender.
+          if ($must_encrypt) {
+            $mailer->setFrom($default_from, pht('Phabricator'));
+            break;
+          }
+
          $from = $value;
          $actor_email = null;
          $actor_name = null;