Problem is:
* content editors are allowed to author emails send by webforms
* they select user input as "from" name/address
* mails will not be accepted by mail servers because the webserver is not in de SPF-record of the user-input email address.
This is simple to fix:
* we must properly configure webform and add the webform_default_from_address and webform_default_from_name settings. But these settings are included in the ct_webform feature. So we should exclude them.
| Comment | File | Size | Author |
|---|---|---|---|
| #3 | recreate_ct_webform_3066890_3.patch | 2.4 KB | joshahubbers |
| Schermafbeelding 2019-07-10 om 08.06.20.png | 118.13 KB | joshahubbers |
Comments
Comment #2
joshahubbers commentedThis patch removes
webform_default_from_address and webform_default_from_name from the webform feature. Now you can set the default settings per site without overriding the feature.
Comment #3
joshahubbers commentedHm, added the webform settings field to the domain specific config fields.
Comment #4
Danny.Wouters commentedThe patch from #3 works!
I have tested the patch on a website with domains enabled and the settings are domain sensitive.
Comment #5
joshahubbers commentedNote for who is testing this:
The reply-to header is only added if the sender address is from a different domain as the default "from" address.
Case 1:
default from address: test@test.com
mail from address: josha@test2.com
>> reply-to header is added because mail has another domain name
Case 2:
default from address test@test.com
mail from address: josha@test.com
>> no reply-to header is NOT added because the domain test.com should be set up to correctly send mails on behalf of this domain.
Comment #7
paulvandenburg commented