Review Board default sender email - review-board

Review Board documentation mentions that
Sender Headers
Review Board can send e-mail on behalf of users. This may happen when creating a new review request or reviewing some code.
E-mails appear to be sent from the users, rather than from Review Board itself.
...
By using these two fields instead of just faking the From address, we can avoid e-mails appearing to be spam or otherwise malicious. Many modern e-mail clients warn if the From address appears to be suspicious.
Is there any way to disable email sending on behalf of users? I want to send emails from default email which is set in the admin panel.

Try setting the from_email in
https://github.com/reviewboard/reviewboard/blob/0935f8daf9b2f07d1f679a1cbed49998df3d59de/reviewboard/notifications/email.py
for the method:
def send_review_mail(user, review_request, subject, in_reply_to,
to_field, cc_field, text_template_name,
html_template_name, context=None, extra_headers=None)
In particular, the line:
from_email = get_email_address_for_user(user)
We do something similar for our server setup at the company to force the sender to be a particular user that we want users to respond to.

Related

AWS SES verified emails

Trying to understand something thats not clear from AWS SES emails.
I have a simple emailer on my website that I have setup using nodemailer.
It has 3 fields
Name: name of user filling out form
email: email address of user filling out email.
Description: description filled out by user.
I'm seeing in AWS docs that I need to verify on their console the users email.
You can only send mail from verified email addresses and domains.
Note: This restriction applies even when your account isn't in the
sandbox.
This could be any number of different user email address how would I be able to verify them all I wouldn't know them.
What am I not getting here. I have verified the To: email which will always be the same as its coming to my domain email.
You'll want to send from an email address under your control (SES enforces this on a technical level, but spam filters tend to de facto enforce this everywhere due to things like SPF records) with a Reply-To header of the email address submitting the form.

How to make sure email is not received in spam when sent with Django EmailMessage class?

I have the following settings in my settings.py file.
EMAIL_HOST = 'mail.domain.com'
EMAIL_HOST_USER = 'me#domain.com'
EMAIL_HOST_PASSWORD = 'mypassword'
EMAIL_PORT = 587
EMAIL_USE_TLS = True
A user in my Django application is able to send an email to a client with a PDF attachment using the EmailMessage class. Here is the code:
email = EmailMessage()
email.subject = 'Demo subject'
email.body = self.request.GET.get('email_body', '')
email.from_email = 'Full Name <user#domain.com>'
email.to = ['{}'.format(self.request.GET.get('to_address'))]
email.attach_file(os.path.join(settings.MEDIA_ROOT, 'quotation_email.pdf'))
email.send()
My questions are,
Since I can create a code to send the email as a different person, will the email not be marked as spam in certain domains?
I have access to a mail server which is already setup. Can I map the email accounts to the user accounts in the Django application in such a way that Django uses the email server as a medium to send email based on the logged in users?
Why do I need to provide an email and password in settings.py file when I may never use that email account to send any mail? Can I not log in to the email every time someone sends an email?
Since I can create a code to send the email as a different person, will the email not be marked as spam in certain domains?
The domain part of the email (part after #) is what mostly determines if the email will end up as spam or not (there are, of course, other conditions in determination of spam such as IP reputation of the sending mail server i.e. was this IP used for sending spam in the past, etc).
If you are the authorised sender for a particular domain, you can send emails like john#domain.com or no-reply#domain.com without worrying.
Read about SPF and DKIM records about domain authorisation. It's a topic that I can't really cover in an answer.
I have access to a mail server which is already setup. Can I map the email accounts to the user accounts in the Django application in such a way that Django uses the email server as a medium to send email based on the logged in users?
Yes, you can if you own the email's domain name. Just get the user's email address and use it as the From address to send the email.
Why do I need to provide an email and password in settings.py file when I may never use that email account to send any mail? Can I not log in to the email every time someone sends an email?
Are you referring to the EMAIL_HOST_USER? This is for authentication purpose. This email is required to log into your SMTP server. Without this, the SMTP server will not know if you are the owner of the server or a spammer trying to use their server to send spam.
But if the SMTP server is running locally, you can just use localhost as the EMAIL_HOST and leave out the authentication. Because most email servers (MTAs) relay emails from local host without requiring authentication. But this also depends on the configuration.
Basic understanding of how emails are sent:
Emails are sent just like the real mail - inside an envelope. The envelope and the letter inside it can have different From addresses. And that is also true in case of emails.
Here's an illustrative example. Suppose you own a PO Box. If you want to send a letter to your friend, you'll do this:
Write your message on a paper. You'll sign the letter.
Buy an envelope. Write To address of your friend on the envelope.
Write the From address of your PO Box on the envelope. You don't write your own address, because if the mail couldn't be delivered, it will be returned back to your PO box.
Send out the letter.
Pretty, simple. Suppose someone in your family also wants to send out a letter to someone they know. But they don't own an PO Box. They'd have to spend some money and time to get a PO Box. But why bother, because you already have one. This is how that will work:
They'll write the message on a paper. They'll sign the letter in their own name.
Buy an envelope. Write the the To address of their friend.
Write the From address of your PO Box, so that the mail could be returned to your PO Box if it didn't deliver.
Send the letter out.
This is how actual emails work.
An SMTP server is like a Post Office.
Your email account is like a PO Box.
Every message you send, goes inside an envelope.
The sender address on the envelope can be different than the sender
address on the message inside.
I think Django uses the EMAIL_HOST_USER settings to compose the email envelope and the from_email address you provide is used as the From address.
The sender address on the envelope in known as MAIL FROM address or the Return-Path address. This is not shown to the receiving user. The From address that you see in your Gmail, or Yahoo Mail, is called the MIME From address. They both can be different.
The case is not you sender gmail.
but you need to remove all links inside your html template

How do I send email from a user's email address with Django?

I'd like to send email to third parties on behalf of users. The key is for the user's email to show up as the "from:" email.
I've tried using send_mail with the user's email as the from_email, but to no avail. When I used gmail's servers to send the message, the third party sees the EMAIL_HOST_USER as the "from:" email. And when I tried using namecheap's mail server, I got SMTPRecipientsRefused: {u'<to email>': (553, '5.7.1 <from email>: Sender address rejected: not owned by user <EMAIL_HOST_USER>')}.
If possible, I'd like to avoid asking for their password as well.
Short answer: You can't do that.
Back in the old days, mail servers used to be quite relaxed about posting mail whenever anyone asked them to, but then SPAM happened and people realised that it was actually quite important to check that the person sending an email is actually the person whose address appears in the From: header.
There are now several mechanisms in place that make it very difficult to spoof a sender email address. These include:
Sender Policy Framework (SPF): An email validation system that works by placing restrictions on the IP addresses authorised to send email from a particular email address. If you try sending email from an IP address not associated with the legitimate owner of an email address, your mail will be rejected.
DomainKeys Identified Mail (DKIM): A method for confirming that emails claiming to have originated from a particular mail server really did originate from that server.
Mail transfer agent restrictions: These days, most MTAs are configured to only accept emails from people who it already knows. (This is why you're seeing a Sender address rejected: not owned by user error message).
Instead, your best option — essentially your only option — is to put your own email address in the From: header, and send the email from your own mail server. If you want the reply to go to someone else, add a Reply-To: header containing their email address.
If you are using Exchange, you might be able to use a library such as Exchangelib, in which the author seems to have been inspired by some of Django's design decisions. Unfortunately, it does look like you will still need to ask for the user's password. I'm going to be looking into this further later on, and since I use LDAP authentication to the Django project, perhaps there is some way to use that to authenticate to the email server, but I have my skepticism.
See this question:
https://serverfault.com/questions/546255/sending-email-with-python-django-through-microsoft-exchange-imap

how to get a users #facebook.com email?

I am trying to find out if a user has an #facebook.com email for messaging but can not see where to request that I do request perms for their regular email and can get that, but can't see where to get their #facebook.com email. It's not included in https://graph.facebook.com/me/ and since there's no guarantee that they have set one up I can't assume that it's based on their username
If a user has a facebook.com email address it will be their {username}#facebook.com. However, just because a user has a username setup, doesn't mean there's a corresponding email for it. I've had a username since Facebook landrushed them, and just the other day I setup an email for it. There's no way to tell if they've set it up. Your best bet is to ask the user for an email address that your app can use.
Just go to your privacy settings and from there act as you are editing you email address then there is a Facebook email button setup there.

How does one send an email to 10,000 users in Django?

My Django application has 10,000 users, all with emails. I would like to send an email message to all of them say once a month. This message could have some pdf attachments.
What I have tried is using an EmailMessage object to send an email to all of them. I add all users' email addresses to the bcc component of this EmailMessage before sending.
recList = []
for recipient in rec:
reci = str.strip(str(recipient))
recList.append(reci)
message = (form.cleaned_data['subject'], form.cleaned_data['message'], 'emailAdmin#yahoo.com', recList)
mail = EmailMessage(form.cleaned_data['subject'], form.cleaned_data['message'], 'email_manager#mysite.org', ['email_list#mysite.org'], recList)
num_attachments = 0
if form.cleaned_data['attachment'] != None:
email_attachment = EmailAttachment(
document_name = form.cleaned_data['attachment'].name,
email_message = email,
document = form.cleaned_data['attachment'],
)
email_attachment.save()
mail.attach_file(settings.MEDIA_ROOT + "/" + email_attachment.document.name)
mail.send(fail_silently=False)
However, when I send the email, Django complains that "The connection was reset" and does not send. I am assuming that the server connection was closed.
What's an efficient way to send a mass email blast in Django? Would send_mass_mail() be more effective?
You should use send_mass_mail since it won't close the connection every time. docs
I would also chunk the messages into groups of about 100-1,000, depending on how powerful your server is. The reason is that you can catch errors in smaller groups for retrying. This also results in a separate email per recipient, which is ideal. BCC'ing thousands of people is not great.
An alternative suggestion: sign up to a mailing service and use their APIs to maintain your email list and send out mailings. A couple of advantages to this approach:
They’ll handle any unsubscribe requests for you, so you don’t have to worry about adding exclusion flags to your users who don’t want your emails.
You’re less likely to get spam-filtered out of your users’ inboxes, or to annoy your hosting provider.
There are API wrappers available for, among others, MailChimp and Campaign Monitor. It should be fairly easy to add in hooks to add new users to the mailing list and (if relevant) remove any users who delete their accounts.
I think, an E-mail BCC header cannot contain 10000 records.