Merge pull request #107 from simple-login/fix-sender

Fix sender
2025-02-24 07:43:54 +08:00 · 2020-03-13 12:01:11 +01:00 · 2020-03-13 12:01:11 +01:00 · f86506e697
commit f86506e697
parent c9431c693f d0616d05a5
5 changed files with 10 additions and 9 deletions
--- a/1
+++ b/1
@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## [Unreleased]
 Support PGP
+Take into account Sender header

 ## [1.1.0] - 2020-03-13
 Support multiple Mailboxes
--- a/app/dashboard/views/mailbox_detail.py
+++ b/app/dashboard/views/mailbox_detail.py
@ -54,9 +54,7 @@ def mailbox_detail_route(mailbox_id):
                ):
                    flash(f"Email {new_email} already used", "error")
                elif not can_be_used_as_personal_email(new_email):
-                    flash(
-                        "You cannot use this email address as your mailbox", "error",
-                    )
+                    flash("You cannot use this email address as your mailbox", "error")
                else:
                    mailbox.new_email = new_email
                    db.session.commit()
--- a/email_handler.py
+++ b/email_handler.py
@ -313,8 +313,9 @@ def handle_forward(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> str:
        # add custom header
        add_or_replace_header(msg, "X-SimpleLogin-Type", "Forward")

-        # remove reply-to header if present
+        # remove reply-to & sender header if present
        delete_header(msg, "Reply-To")
+        delete_header(msg, "Sender")

        # change the from header so the sender comes from @SL
        # so it can pass DMARC check
@ -405,9 +406,7 @@ def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> str:
    # in this case Postfix will try to send a bounce report to original sender, which is
    # the "reply email"
    if envelope.mail_from == "<>":
-        LOG.error(
-            "Bounce when sending to alias %s, user %s", alias, gen_email.user,
-        )
+        LOG.error("Bounce when sending to alias %s, user %s", alias, gen_email.user)

        handle_bounce(
            alias, envelope, forward_email, gen_email, msg, smtp, user, mailbox_email
@ -467,6 +466,9 @@ def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> str:
    # make sure to delete it
    delete_header(msg, "Reply-To")

+    # remove sender header if present as this could reveal user real email
+    delete_header(msg, "Sender")
+
    add_or_replace_header(msg, "To", forward_email.website_email)

    # add List-Unsubscribe header
--- a/tests/api/test_new_custom_alias.py
+++ b/tests/api/test_new_custom_alias.py
@ -50,7 +50,7 @@ def test_create_custom_alias_without_note(flask_client):
    r = flask_client.post(
        url_for("api.new_custom_alias", hostname="www.test.com"),
        headers={"Authentication": api_key.code},
-        json={"alias_prefix": "prefix", "alias_suffix": f".{word}@{EMAIL_DOMAIN}",},
+        json={"alias_prefix": "prefix", "alias_suffix": f".{word}@{EMAIL_DOMAIN}"},
    )

    assert r.status_code == 201
--- a/tests/api/test_new_random_alias.py
+++ b/tests/api/test_new_random_alias.py
@ -52,7 +52,7 @@ def test_custom_mode(flask_client):
    r = flask_client.post(
        url_for("api.new_random_alias", hostname="www.test.com", mode="uuid"),
        headers={"Authentication": api_key.code},
-        json={"note": "test note",},
+        json={"note": "test note"},
    )

    assert r.status_code == 201