Stop archweb from sending mail with reply-to header that's not in our scope
Archweb sends mails with e.g. this headers:
From: nobody@archlinux.org
Reply-To: someforeignuser@somefoereigndomain.tld
To: anotherforeignuser@anotherforeigndomain.tld
This is considered a forged Reply-To header, since the From
domain doesn't match the Reply-to
domain, which we need to stop. Either we simply remove the header completely,
or we create a forward service equal to the one github uses which would do the following:
- for an outgoing mail, create a token
- save the
sender
and the token to a DB - set
reply-to
to<token>@archlinux.org
- forward
<token>@archlinux.org
tosender