From dbe479f0d9dee38aee22808dc6321cd32e766a1f Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Wed, 7 Feb 2018 05:09:21 -0800
Subject: [PATCH] Don't send error/exception mail to unverified addresses

Summary:
Depends on D19017. Fixes T12491. Ref T13053. After SES threw us in the dungeon for sending mail to a spamtrap we changed outbound mail rules to stop sending to unverified addresses, except a small amount of registration mail which we can't avoid.

However, we'll still reply to random inbound messages with a helpful error, even if the sender is unverified.

Instead, only send exception mail back if we know who the sender is.

Test Plan: Processed inbound mail with `scripts/mail/mail_handler.php`. No more outbound mail for "bad address", etc. Still got outbound mail for "unknown command !quack".

Reviewers: amckinley

Maniphest Tasks: T13053, T12491

Differential Revision: https://secure.phabricator.com/D19018
---
 .../PhabricatorMetaMTAReceivedMail.php        | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/applications/metamta/storage/PhabricatorMetaMTAReceivedMail.php b/src/applications/metamta/storage/PhabricatorMetaMTAReceivedMail.php
index 18fa7dd2ba..fc98d17010 100644
--- a/src/applications/metamta/storage/PhabricatorMetaMTAReceivedMail.php
+++ b/src/applications/metamta/storage/PhabricatorMetaMTAReceivedMail.php
@@ -105,6 +105,7 @@ final class PhabricatorMetaMTAReceivedMail extends PhabricatorMetaMTADAO {
 
   public function processReceivedMail() {
 
+    $sender = null;
     try {
       $this->dropMailFromPhabricator();
       $this->dropMailAlreadyReceived();
@@ -140,7 +141,7 @@ final class PhabricatorMetaMTAReceivedMail extends PhabricatorMetaMTADAO {
           // This error is explicitly ignored.
           break;
         default:
-          $this->sendExceptionMail($ex);
+          $this->sendExceptionMail($ex, $sender);
           break;
       }
 
@@ -150,7 +151,7 @@ final class PhabricatorMetaMTAReceivedMail extends PhabricatorMetaMTADAO {
         ->save();
       return $this;
     } catch (Exception $ex) {
-      $this->sendExceptionMail($ex);
+      $this->sendExceptionMail($ex, $sender);
 
       $this
         ->setStatus(MetaMTAReceivedMailStatus::STATUS_UNHANDLED_EXCEPTION)
@@ -305,9 +306,14 @@ final class PhabricatorMetaMTAReceivedMail extends PhabricatorMetaMTADAO {
     return head($accept);
   }
 
-  private function sendExceptionMail(Exception $ex) {
-    $from = $this->getHeader('from');
-    if (!strlen($from)) {
+  private function sendExceptionMail(
+    Exception $ex,
+    PhabricatorUser $viewer = null) {
+
+    // If we've failed to identify a legitimate sender, we don't send them
+    // an error message back. We want to avoid sending mail to unverified
+    // addresses. See T12491.
+    if (!$viewer) {
       return;
     }
 
@@ -364,9 +370,8 @@ EOBODY
 
     $mail = id(new PhabricatorMetaMTAMail())
       ->setIsErrorEmail(true)
-      ->setForceDelivery(true)
       ->setSubject($title)
-      ->addRawTos(array($from))
+      ->addTos(array($viewer->getPHID()))
       ->setBody($body)
       ->saveAndSend();
   }