sieve vacation using from: not reply-to:

Question

Sieve vacation answers fine, but uses the from: field but not the reply-to: field, which would make much more sense (to me).

Using sieve with roundcube, sieve script is

require ["vacation"];
# rule:[rep]
if header :contains "subject" "Software"
{
    vacation :subject "reply!!" "abc";
}

How do i hint sieve to answer to reply-to?

What sort of validation are you doing on the contents of that field? The answer is usually "even less than we do on the return path", which would result in potential for using your server to sling trash into attacker-specified directions. — anx, Feb 27 '23 at 17:17

score 0 · Answer 1 · answered Feb 27 '23 at 17:14

0

Don't. Whatever remains of legitimate uses of the "reply-to" field only survives as long as it is not conflated with the return address.

RFC3834 gives some recommendations in its section appropriately named section 4. "The Where to send automatic responses (and where not to send them)", e.g.:

Reply-To [..] In general, this field is set by a human sender based on his/her anticipation of how human recipients will respond to the specific content of that message.

Towards certain recipients I even deliberately use that field only to be able to clarify in the from header where they can stick useless machine chatter, in cases where the only response I am interested in is one that unambiguously clarifies that an identifiable human has accepted legal responsibility for the matter.

answered Feb 27 '23 at 17:14

anx

8,963
5
24
48

Yes, thank you .. well i did not invent the problem. The problem comes from a webform, and that webform sends after filling the form with the from field set to 'the_web_form_admin' and with the user email inserted into the reply-to field. i am a bit stuck in that. – Heiner Feb 27 '23 at 17:18
@Heiner Then maybe the problem you want to solve is less "How to make sieve do things it should not?" and more "How to add a BCC recipient to this webform?" – anx Feb 27 '23 at 17:23
Yes, well .. i think i have to pipe the mail into a script and continue there, that is much more flexible. About the reply-to: the guys developing the webform say, in fact it is the webserver sending the mail, not the person using it. So changing a from: field is mail spoofing. Also true. How/why would a bcc field help? – Heiner Feb 27 '23 at 20:20
You appear to wish to send a message `From:` your address to the address (possibly but not necessarily mentioned in the headers) you put into the `Reply-To:` right now. Instead of the web server sending the message your way, and you replying.. you could have it carbon copy to intended recipient right away. – anx Feb 27 '23 at 21:16

score 0 · Accepted Answer · answered Feb 28 '23 at 15:15

I solved it by matching the header, capturing and setting a variable and sending a notification to reply-to this way:

require ["variables","enotify"];
# rule:[set]
if true {
    if allof(header :matches "reply-to" "*", not header :is "from" "${1}")
    {
        set "message" "message body text";
        notify  :importance "1"
                :from "sender@email.com"
                :message "this is the subject line"
                "mailto:${1}?subject=SIEVE&body=${message}";

    }
}

sieve vacation using from: not reply-to:

2 Answers2