Bug 8085 - Make OJS more SPF-compatible in email sending
Make OJS more SPF-compatible in email sending
Status: NEW
Product: OCS
Classification: Unclassified
Component: General
3.0
All All
: P3 normal
Assigned To: PKP Support
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-17 15:16 PST by Alec Smecher
Modified: 2014-08-21 05:19 PDT (History)
4 users (show)

See Also:
Version Reported In:
Also Affects:


Attachments
Patch against OJS 2.4.x (34.16 KB, patch)
2013-01-23 12:19 PST, Alec Smecher
Details | Diff
Patch against OJS 2.4.x (33.58 KB, patch)
2013-01-23 12:20 PST, Alec Smecher
Details | Diff
Patch against OJS 2.3.x (29.87 KB, patch)
2013-01-23 12:32 PST, Alec Smecher
Details | Diff
Patch against OJS 2.4.x (33.62 KB, patch)
2014-05-22 14:09 PDT, Alec Smecher
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alec Smecher 2013-01-17 15:16:02 PST
Make OJS more SPF-compatible in email sending:
- Use Reply-To where we're currently using From
- Add an email header field to journal setup and all emails
- Add a new default setting for the header field
Comment 1 Alec Smecher 2013-01-17 15:20:02 PST
SPF email tune-ups
https://github.com/pkp/pkp-lib/commit/4acff7d16280343287c6ed30ea4f055f75f6b0a6
Comment 2 Alec Smecher 2013-01-17 15:20:03 PST
SPF email tune-ups
https://github.com/pkp/ojs/commit/2a4f6775b466c09b67346fced7358b5e971b4bd7
Comment 3 Alec Smecher 2013-01-23 12:19:14 PST
Created attachment 3903 [details]
Patch against OJS 2.4.x
Comment 4 Alec Smecher 2013-01-23 12:20:38 PST
Created attachment 3904 [details]
Patch against OJS 2.4.x

(Prior patch contained submodule hashes)
Comment 5 Alec Smecher 2013-01-23 12:32:54 PST
Created attachment 3905 [details]
Patch against OJS 2.3.x
Comment 6 Alec Smecher 2013-01-23 14:00:07 PST
Transferring over to James for some testing feedback.
Comment 8 Alec Smecher 2013-04-30 15:16:03 PDT
Ported to OMP master. Needs porting to OCS.
Comment 10 Alec Smecher 2013-05-01 15:42:35 PDT
SPF to OMP
https://github.com/pkp/pkp-lib/commit/196c11249d6c7a5279bcefe845f764649ae0
d73c
Comment 11 Alec Smecher 2014-05-22 14:09:36 PDT
Created attachment 4028 [details]
Patch against OJS 2.4.x
Comment 12 Clinton Graham 2014-08-20 06:39:09 PDT
I'm not following why in the 2.4.x patch some cases replace the setFrom($x,$y) with an equivalent setReplyTo($x,$y) [c.f. pages/login/LoginHandler.inc.php or lib/pkp/classes/notification/PKPNotificationManager.inc.php] and some cases replace the setFrom($x,$y) with a setReplyTo(null) [c.f. classes/author/form/submit/AuthorSubmitStep5Form.inc.php or plugins/paymethod/manual/ManualPaymentPlugin.inc.php].
Comment 13 Alec Smecher 2014-08-20 08:51:54 PDT
Clinton, in the MailTemplate.inc.php section of the patch you can see that the reply-to is set by default to the current user. In some cases that's not desired behavior -- e.g. when sending an article confirmation the current user is the author, but the reply-to should be the journal contact. The setReplyTo(null) call removes the default in those cases.
Comment 14 Clinton Graham 2014-08-20 12:52:53 PDT
Got it.

So FROM is the journal contact (or the site contact if not in a journal context).

And REPLY-TO is the user (or otherwise specified address per the calling method).

This only covers SPF if the journal's contact is an address at the journal's host, correct?  In the case where the journal contact is an off-host address, I think we would want the FROM to be a noreply at the host, and the REPLY-TO to use the FROM/REPLY-TO logic as above.  I would anticipate:
- a sitewide configuration to force all journals to use a single "noreply" sender.
--  when enabled, FROM would be $NOREPLY and REPLY_TO would be ($REPLY_TO ? $REPLY_TO : $FROM)
-- when disabled, the logic in this patch would control

- a plugin allowing a per-journal email configuration (per separate discussion)
-- this would provide an alternate to the above.

Any thoughts?

And a final question: Any reason not to move the email configuration out of config.inc.php and into the web-based site administration?