I am also the family genealogist and just moved to Gramps from FTM.
I am not sure what "multiple from addresses" actually means. It is not
possible for an email to come from more than one email address at a time
in reality.
Of course, as you already know, the sending e-mail system can put
whatever it wants in the headers (otherwise spam and phishing wouldn't
work).
Multiple reply-to addresses might make some sense if the sender wanted
any reply to be sent to 2 or more email addresses rather than one.
I doubt if many e-mail clients would respect this instruction. Likely
would pick one for a Reply and ignore the second.
The only possible use case for multiple "from address" would be if the
e-mail SMTP server batched up a bunch of e-mails from various clients
and looked through all of the emails to be sent and detected that 2
identical e-mails were being sent to the same address from 2 people. Not
a good idea since sometimes timestamps are important for legal reasons
and they would be different.
Never going to happen!
E-mail servers are generally stateless and process each e-mail as a
separate request that is to be processed as received not lumped in with
any other.
If I got an e-mail with multiple "From addresses" and I cared to check,
I would just drop it.
No point sending a bounce to a spammer or someone with a poorly written
e-mail client.
My 2 cents.
Ron
On 2020-10-09 1:20 p.m., Pau Peris wrote:
Thanks a lot Ron,
I probably didn't explain myself well.
The contact form was fixed before posting this topic here, but I'm
currently managing a personal server where I host family websites
among many other services and also a Postfix setup where I handle
about 8 different domains. As you said, I collect data through a
contact form and then send an email to my dad so he can give an answer
if he feels so. Obviously, the From headers are not an issue now but I
also would like to work on this use case.
I hope now it's clear how the form manages the data.
On the other hand, if someone knows how to help, I'm still interested
on the following matter:
* I've found some regexp to validate email addresses strings, and I
wonder if would it be ok to run this test on heaer_checks instead of
the proposed milter solution?
* When a message gets rejected because of multiple From
addresses,could I generate a custom bouncing email message? If so, how
should I proceed?
* Which would be the real use case(s) where it would be useful to use
multiple From addresses?
Thanks a lot for your time and help,
On Fri, Oct 9, 2020 at 2:10 PM Ron Wheeler
<rwhee...@artifact-software.com> wrote:
You need to fix your contact form.
There is no such thing as multiple from addresses.
As Tom said, your contact form is not creating an email. It is collecting
information that it processes to produce some intelligent response or that it
sends to you (or an automated proxy) requesting that you (or your proxy)
respond to a person (or a list of people).
That information that the user supplies should not be in the headers at all in
any message that you get. It is just data.
As Tom pointed out, the email to you or to the address entered on the form
should be from your website not from e-mail addresses provided by the users.
In your processing of the data, you could throw away data with multiple
addresses.
I am not sure why you would want a bounce in the case that users enter invalid
(multiple) addresses.
You contact form should validate the email address field to ensure that only
one email address is provided and tell the user immediately to fix their input.
I am not sure why you would care about other e-mail arriving at postfix with
multiple from addresses.
Does it ever happen from anyone else?
Ron
On 2020-10-09 4:59 a.m., Pau Peris wrote:
Thanks a lot for you comments, opinion and help! :)
As Tom said, before posting this question here, I already noticed the
logic behaviour handling the contact form was wrong because emails
should never be sent on behalf of someone else. When I developed that
website, it's my dad's website, I did it like a spare time favour and
so mistakes were made.
Before posting here, I already fixed the form contact handling so
emails, now, are sent using legitimate From addresses but I already
wanted to work on the multiple From addresses handling. Running some
tests, I noticed Gmail rejects those kind of messages even they comply
with the RFC. That's why I wondered which would be use cases for using
multiple From addresses.
Even, the form contact is now fixed (I'm even finishing to integrate
invisible reCaptcha v2 to keep spammers away) and free of bugs, I'm
still curious on how to improve my Postfix setup.
So I'm wondering, in case anyone could help:
* I've found some regexp to validate email addresses strings, and I
wonder if would it be ok to run this test on heaer_checks instead of
the proposed milter solution?
* When a message gets rejected because of multiple From addresses,
could I generate a custom bouncing email message? If so, how should I
proceed?
* Which would be the real use case(s) where would be useful to use
multiple From addresses?
Thanks a lot for your time and help,
On Thu, Oct 8, 2020 at 9:37 AM Tom Hendrikx <t...@whyscream.net> wrote:
On 07-10-2020 02:27, Pau Peris wrote:
I'm hosting my dad's webpage which has a contact form (which should be
improved to avoid spam and/or bots) and from time to time someone
types multiple email addresses in the from field of the form so
contact emails with multiple from addresses like "from:
h...@example.com, f...@example.net" are generated. I though that those
kind of messages should get rejected and thought that maybe there was
a builtin restriction for this use case.
Your basic setup is lacking, and causing you problems. The website
should not send the emails using the email addresses of the person
submitting data on your website in the From: header.
If the email address has DKIM/SPF/DMARC policies attached, actual
delivery of the message is likely harder, because f.i. the webserver is
not listed in the SPF policy of the sender domain. Essentially, the
email your website is sending, is spoofing the From: header. This might
not be too obvious when all email sent from the website ends up in your
mailbox (being the website administrator), but when you try to deliver
to 3rd parties, you'll find this out very quickly.
Conceptually, you could even say that ther person entering data in the
form did not send an email: he/she entered data into a form on a
website, and the website sent the email. Hence, the From: header should
contain webs...@example.org.
Back to your problem: the website controls the From: header so no
multiple email addresses in there. You could configure the website to
put the email address of the person entering data in the form in the
Reply-To: header.
Kind regards,
Tom
--
Ron Wheeler
Artifact Software
438-345-3369
rwhee...@artifact-software.com
--
Ron Wheeler
Artifact Software
438-345-3369
rwhee...@artifact-software.com
