1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-14 19:02:41 +01:00
phorge-phorge/src/applications
epriestley 948b0ceca4 Configure a whitelist of remote addresses for Postmark inbound webhooks
Summary:
Ref T13053. Postmark support recommends testing requests against a whitelist of known remote addresses to determine request authenticity. Today, the list can be found here:

<https://postmarkapp.com/support/article/800-ips-for-firewalls>

This is potentially less robust than, e.g., HMAC verification, since they may need to add new datacenters or support IPv6 or something. Users might also have weird network topologies where everything is proxied, and this makes testing/simulating more difficult.

Allow users to configure the list so that they don't need to hack things apart if Postmark adds a new datacenter or remote addresses are unreliable for some other reason, but ship with safe defaults for today.

Test Plan:
Tried to make local requests, got kicked out. Added `0.0.0.0/0` to the list, stopped getting kicked out.

I don't have a convenient way to route real Postmark traffic to my development laptop with an authentic remote address so I haven't verified that the published remote address is legitimate, but I'll vet that in production when I go through all the other mailers.

Maniphest Tasks: T13053

Differential Revision: https://secure.phabricator.com/D19025
2018-02-08 08:23:14 -08:00
..
almanac Fix spelling 2017-10-09 10:48:04 -07:00
aphlict Discard stdout/stderr from the aphlict subprocess when running in daemon (normal) mode 2016-11-13 16:43:42 -08:00
arcanist/conduit Remove remaining arcanist project code 2015-07-08 19:37:28 +10:00
audit When users resign from revisions, stop expanding projects/packages to include them 2018-02-08 06:29:13 -08:00
auth Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
badges Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
base Support basic export of user accounts 2018-01-26 11:17:44 -08:00
cache Add "persistence" types (data, cache, or index) to tables, and tweak what "storage dump" dumps 2017-10-04 12:09:33 -07:00
calendar Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
celerity Add a red button to PHUIButtonView 2017-08-06 08:09:40 -07:00
chatlog Remove empty implementations of describeAutomaticCapabilities() 2016-11-09 15:24:22 -08:00
conduit Add a bin/conduit call support binary 2018-02-05 12:20:49 -08:00
config Document that disabling "metamta.one-mail-per-recipient" leaks recipients for "Must Encrypt" 2018-02-08 06:23:08 -08:00
conpherence Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
console Separate button CSS classes 2017-06-05 20:14:34 +00:00
countdown Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
daemon When exporting more than 1,000 records, export in the background 2018-01-29 16:08:02 -08:00
dashboard Fix spelling 2017-10-09 10:48:04 -07:00
differential Fix an issue where some Differential edit pathways may not have reviewers attached 2018-02-08 06:30:00 -08:00
diffusion Fix another Git 2.16.0 CLI compatibility issue 2018-02-07 17:54:39 -08:00
diviner Fix a constant typo in Diviner ("DECLARATAION" -> "TION") 2017-03-04 09:54:10 -08:00
doorkeeper Remove empty implementations of describeAutomaticCapabilities() 2016-11-09 15:24:22 -08:00
draft/storage Clean up some log spam caused by races in VersionedDraft 2016-09-05 13:01:53 -07:00
drydock Allow "drydock.blueprint.edit" to create blueprints 2018-01-04 10:08:07 -08:00
fact Update Facts for newPage 2016-04-03 15:07:52 -07:00
favorites Add some style to label in Favorites Menu 2017-02-01 07:20:31 -08:00
feed Fix a minor/harmless race with feed publishers in certain draft states 2018-01-04 08:14:55 -08:00
files Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
flag Remove counts from home navigation 2017-01-21 13:55:40 -08:00
fund Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
guides Make "simple" a "button type", not a "color" 2017-05-30 17:59:37 -07:00
harbormaster Provide ANSI color information for Harbormaster build status via API 2017-12-23 11:39:05 -08:00
help Redesign header menus and search 2017-01-17 12:13:06 -08:00
herald Fix a Herald repetition policy selection error for rule types which support only one policy 2018-02-05 13:35:36 -08:00
home Update menu item names for Applications -> Favorites 2017-09-05 19:05:03 -07:00
legalpad Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
lipsum Add "--force" and "--quickly" flags to bin/lipsum 2017-02-27 09:09:41 -08:00
macro Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
maniphest Remove all "originalTitle"/"originalName" fields from objects 2018-02-08 06:22:03 -08:00
meta Modernize QuickSearch typeahead 2017-11-30 15:07:49 +00:00
metamta Configure a whitelist of remote addresses for Postmark inbound webhooks 2018-02-08 08:23:14 -08:00
multimeter Add a cluster.read-only option 2016-04-09 13:40:47 -07:00
notification Make "No Notifications" setting less broad, and fix a bug with default display behavior 2017-09-13 15:32:46 -07:00
nuance Mark "Settings" and "Nuance" as launchable applications 2017-06-01 12:40:25 -07:00
oauthserver Update Settings for WHITE_CONFIG style boxes 2017-09-05 19:42:34 -07:00
owners Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
packages Fixing copy/paste mistake 2017-04-19 15:48:59 -07:00
passphrase Fix spelling 2017-10-09 10:48:04 -07:00
paste Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
people Add Editor-based mail stamps: actor, via, silent, encrypted, new, mention, self-actor, self-mention 2018-02-06 04:04:52 -08:00
phame Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
phid Add Editor-based mail stamps: actor, via, silent, encrypted, new, mention, self-actor, self-mention 2018-02-06 04:04:52 -08:00
phlux Update Phlux edit UI 2017-09-07 12:47:36 -07:00
pholio Remove all "originalTitle"/"originalName" fields from objects 2018-02-08 06:22:03 -08:00
phortune Fix a Phortune billing issue where subscription autopay could charge disabled cards 2018-02-08 06:30:59 -08:00
phpast Update phpast for new UI 2016-04-05 13:52:59 -07:00
phragment Remove PhabricatorFile::buildFromFileDataOrHash() 2017-04-04 16:18:00 -07:00
phrequent Fix spelling 2017-10-09 10:48:04 -07:00
phriction Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
phurl Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
policy Fix spelling 2017-10-09 10:48:04 -07:00
ponder Remove all "originalTitle"/"originalName" fields from objects 2018-02-08 06:22:03 -08:00
project Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
releeph Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
remarkup/conduit
repository When users resign from revisions, stop expanding projects/packages to include them 2018-02-08 06:29:13 -08:00
search Fix an export bug where queries specified in the URI ("?param=value") were ignored when filtering the result set 2018-01-30 11:19:37 -08:00
settings Remove inconsistent and confusing use of the term "multiplex" in mail 2018-02-06 04:04:34 -08:00
slowvote Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
spaces Add more mail stamps: tasks, subscribers, projects, spaces 2018-02-06 04:05:46 -08:00
subscriptions Add more mail stamps: tasks, subscribers, projects, spaces 2018-02-06 04:05:46 -08:00
support/application
system When destorying a repository, print a notification about removing the working copy 2017-08-01 08:57:39 -07:00
tokens Property list view on Diffusion commits should show build status but not Subscriptions, Projects, or Tokens 2017-12-01 18:16:26 +00:00
transactions When users resign from revisions, stop expanding projects/packages to include them 2018-02-08 06:29:13 -08:00
typeahead Modernize QuickSearch typeahead 2017-11-30 15:07:49 +00:00
uiexample Fix spelling 2017-10-09 10:48:04 -07:00
xhprof Allow XHProf profiles to be drag-and-dropped to upload them 2017-02-23 11:16:19 -08:00