@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Mask the sender for "Must Encrypt" mail
Summary:
Depends on D18998. Ref T13053. When we send "Must Encrypt" mail, we currently send it with a normal "From" address.
This discloses a little information about the object (for example, if the Director of Silly Walks is interacting with a "must encrypt" object, the vulnerability is probably related to Silly Walks), so anonymize who is interacting with the object.
Test Plan: Processed some mail. (The actual final "From" is ephemeral and a little tricky to examine and I didn't actually transmit mail over the network, but it should be obvious if this works or not on `secure`.)
Reviewers: amckinley
Reviewed By: amckinley
Maniphest Tasks: T13053
Differential Revision: https://secure.phabricator.com/D19000
+6
+6
src/applications/metamta/storage/PhabricatorMetaMTAMail.php
+6
src/applications/metamta/storage/PhabricatorMetaMTAMail.php
···
592
592
$mailer->setFrom($from_email, $from_name);
593
593
break;
594
594
case 'from':
595
+
// If the mail content must be encrypted, disguise the sender.
596
+
if ($must_encrypt) {
597
+
$mailer->setFrom($default_from, pht('Phabricator'));
598
+
break;
599
+
}
600
+
595
601
$from = $value;
596
602
$actor_email = null;
597
603
$actor_name = null;