recaptime.dev
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
1@title Configuring Inbound Email
2@group config
3
4This document contains instructions for configuring inbound email, so users
5may interact with some Phorge applications via email.
6
7Preamble
8========
9
10Phorge can process inbound mail in two general ways:
11
12**Handling Replies**: When users reply to email notifications about changes,
13Phorge can turn email into comments on the relevant discussion thread.
14
15**Creating Objects**: You can configure an address like `bugs@yourcompany.com`
16to create new objects (like tasks) when users send email.
17
18In either case, users can interact with objects via mail commands to apply a
19broader set of changes to objects beyond commenting. (For example, you can use
20`!close` to close a task or `!priority` to change task priority.)
21
22To configure inbound mail, you will generally:
23
24 - Configure some mail domain to submit mail to Phorge for processing.
25 - For handling replies, set `metamta.reply-handler-domain` in your
26 configuration.
27 - For handling email that creates objects, configure inbound addresses in the
28 relevant application.
29
30See below for details on each of these steps.
31
32
33Configuration Overview
34======================
35
36Usually, the most challenging part of configuring inbound mail is getting mail
37delivered to Phorge for processing. This step can be made much easier if
38you use a third-party mail service which can submit mail to Phorge via
39webhooks.
40
41Some available approaches for delivering mail to Phorge are:
42
43| Receive Mail With | Setup | Cost | Notes |
44|--------|-------|------|-------|
45| Postmark | Easy | Cheap | Recommended |
46| SendGrid | Easy | Cheap | |
47| Mailgun | Easy | Cheap | Discouraged |
48| Local MTA | Difficult | Free | Discouraged |
49
50The remainder of this document walks through configuring Phorge to
51receive mail, and then configuring your chosen transport to deliver mail
52to Phorge.
53
54
55Configuring "Reply" Email
56=========================
57
58By default, Phorge uses a `noreply@phorge.example.com` email address
59as the "From" address when it sends mail. The exact address it uses can be
60configured with `metamta.default-address`.
61
62When a user takes an action that generates mail, Phorge sets the
63"Reply-To" address for the mail to that user's name and address. This means
64that users can reply to email to discuss changes, but: the conversation won't
65be recorded in Phorge; and users will not be able to use email commands
66to take actions or make edits.
67
68To change this behavior so that users can interact with objects in Phorge
69over email, change the configuration key `metamta.reply-handler-domain` to some
70domain you configure according to the instructions below, e.g.
71`phorge.example.com`. Once you set this key, email will use a
72"Reply-To" like `T123+273+af310f9220ad@phorge.example.com`, which -- when
73configured correctly, according to the instructions below -- will parse incoming
74email and allow users to interact with Differential revisions, Maniphest tasks,
75etc. over email.
76
77If you don't want Phorge to take up an entire domain (or subdomain) you
78can configure a general prefix so you can use a single mailbox to receive mail
79on. To make use of this set `metamta.single-reply-handler-prefix` to the
80prefix of your choice, and Phorge will prepend this to the "Reply-To"
81mail address. This works because everything up to the first (optional) '+'
82character in an email address is considered the receiver, and everything
83after is essentially ignored.
84
85
86Configuring "Create" Email
87==========================
88
89You can set up application email addresses to allow users to create objects via
90email. For example, you could configure `bugs@phorge.example.com` to
91create a Maniphest task out of any email which is sent to it.
92
93You can find application email settings for each application at:
94
95{nav icon=home, name=Home >
96Applications >
97type=instructions, name="Select an Application" >
98icon=cog, name=Configure}
99
100Not all applications support creating objects via email.
101
102In some applications, including Maniphest, you can also configure Herald rules
103with the `[ Content source ]` and/or `[ Receiving email address ]` fields to
104route or handle objects based on which address mail was sent to.
105
106You'll also need to configure the actual mail domain to submit mail to
107Phorge by following the instructions below. Phorge will let you add
108any address as an application address, but can only process mail which is
109actually delivered to it.
110
111
112Security
113========
114
115The email reply channel is "somewhat" authenticated. Each reply-to address is
116unique to the recipient and includes a hash of user information and a unique
117object ID, so it can only be used to update that object and only be used to act
118on behalf of the recipient.
119
120However, if an address is leaked (which is fairly easy -- for instance,
121forwarding an email will leak a live reply address, or a user might take a
122screenshot), //anyone// who can send mail to your reply-to domain may interact
123with the object the email relates to as the user who leaked the mail. Because
124the authentication around email has this weakness, some actions (like accepting
125revisions) are not permitted over email.
126
127This implementation is an attempt to balance utility and security, but makes
128some sacrifices on both sides to achieve it because of the difficulty of
129authenticating senders in the general case (e.g., where you are an open source
130project and need to interact with users whose email accounts you have no control
131over).
132
133You can also set `metamta.public-replies`, which will change how Phorge
134delivers email. Instead of sending each recipient a unique mail with a personal
135reply-to address, it will send a single email to everyone with a public reply-to
136address. This decreases security because anyone who can spoof a "From" address
137can act as another user, but increases convenience if you use mailing lists and,
138practically, is a reasonable setting for many installs. The reply-to address
139will still contain a hash unique to the object it represents, so users who have
140not received an email about an object can not blindly interact with it.
141
142If you enable application email addresses, those addresses also use the weaker
143"From" authentication mechanism.
144
145NOTE: Phorge does not currently attempt to verify "From" addresses because
146this is technically complex, seems unreasonably difficult in the general case,
147and no installs have had a need for it yet. If you have a specific case where a
148reasonable mechanism exists to provide sender verification (e.g., DKIM
149signatures are sufficient to authenticate the sender under your configuration,
150or you are willing to require all users to sign their email), file a feature
151request.
152
153
154Testing and Debugging Inbound Email
155===================================
156
157You can use the `bin/mail` utility to test and review inbound mail. This can
158help you determine if mail is being delivered to Phorge or not:
159
160 phorge/ $ ./bin/mail list-inbound # List inbound messages.
161 phorge/ $ ./bin/mail show-inbound # Show details about a message.
162
163You can also test receiving mail, but note that this just simulates receiving
164the mail and doesn't send any information over the network. It is
165primarily aimed at developing email handlers: it will still work properly
166if your inbound email configuration is incorrect or even disabled.
167
168 phorge/ $ ./bin/mail receive-test # Receive test message.
169
170Run `bin/mail help <command>` for detailed help on using these commands.
171
172
173Mailgun Setup
174=============
175
176To use Mailgun, you need a Mailgun account. You can sign up at
177<https://www.mailgun.com>. Provided you have such an account, configure it
178like this:
179
180 - Configure a mail domain according to Mailgun's instructions.
181 - Add a Mailgun route with a `catch_all()` rule which takes the action
182 `forward("https://phorge.example.com/mail/mailgun/")`. Replace the
183 example domain with your actual domain.
184 - Configure a mailer in `cluster.mailers` with your Mailgun API key.
185
186Use of Mailgun is discouraged because of concerns that they may not be a
187trustworthy custodian of sensitive data.
188See <https://secure.phabricator.com/T13669> for discussion and context.
189
190Postmark Setup
191==============
192
193To process inbound mail from Postmark, configure this URI as your inbound
194webhook URI in the Postmark control panel:
195
196```
197https://<phorge.yourdomain.com>/mail/postmark/
198```
199
200See also the Postmark section in @{article:Configuring Outbound Email} for
201discussion of the remote address allowlist used to verify that requests this
202endpoint receives are authentic requests originating from Postmark.
203
204
205SendGrid Setup
206==============
207
208To use SendGrid, you need a SendGrid account with access to the "Parse API" for
209inbound email. Provided you have such an account, configure it like this:
210
211 - Configure an MX record according to SendGrid's instructions, i.e. add
212 `phorge.example.com MX 10 mx.sendgrid.net.` or similar.
213 - Go to the "Parse Incoming Emails" page on SendGrid
214 (<http://sendgrid.com/developer/reply>) and add the domain as the
215 "Hostname".
216 - Add the URL `https://phorge.example.com/mail/sendgrid/` as the "Url",
217 using your domain (and HTTP instead of HTTPS if you are not configured with
218 SSL).
219 - If you get an error that the hostname "can't be located or verified", it
220 means your MX record is either incorrectly configured or hasn't propagated
221 yet.
222 - Set `metamta.reply-handler-domain` to `phorge.example.com`
223 (whatever you configured the MX record for).
224
225That's it! If everything is working properly you should be able to send email
226to `anything@phorge.example.com` and it should appear in
227`bin/mail list-inbound` within a few seconds.
228
229
230Local MTA: Installing Mailparse
231===============================
232
233If you're going to run your own MTA, you need to install the PECL mailparse
234extension. In theory, you can do that with:
235
236 $ sudo pecl install mailparse
237
238You may run into an error like "needs mbstring". If so, try:
239
240 $ sudo yum install php-mbstring # or equivalent
241 $ sudo pecl install -n mailparse
242
243If you get a linker error like this:
244
245 COUNTEREXAMPLE
246 PHP Warning: PHP Startup: Unable to load dynamic library
247 '/usr/lib64/php/modules/mailparse.so' - /usr/lib64/php/modules/mailparse.so:
248 undefined symbol: mbfl_name2no_encoding in Unknown on line 0
249
250...you need to edit your php.ini file so that mbstring.so is loaded **before**
251mailparse.so. This is not the default if you have individual files in
252`php.d/`.
253
254Local MTA: Configuring Sendmail
255===============================
256
257Before you can configure Sendmail, you need to install Mailparse. See the
258section "Installing Mailparse" above.
259
260Sendmail is very difficult to configure. First, you need to configure it for
261your domain so that mail can be delivered correctly. In broad strokes, this
262probably means something like this:
263
264 - add an MX record;
265 - make sendmail listen on external interfaces;
266 - open up port 25 if necessary (e.g., in your EC2 security policy);
267 - add your host to /etc/mail/local-host-names; and
268 - restart sendmail.
269
270Now, you can actually configure sendmail to deliver to Phorge. In
271`/etc/aliases`, add an entry like this:
272
273 phorge: "| /path/to/phorge/scripts/mail/mail_handler.php"
274
275If you use the `PHABRICATOR_ENV` environmental variable to select a
276configuration, you can pass the value to the script as an argument:
277
278 .../path/to/mail_handler.php <ENV>
279
280This is an advanced feature which is rarely used. Most installs should run
281without an argument.
282
283After making this change, run `sudo newaliases`. Now you likely need to symlink
284this script into `/etc/smrsh/`:
285
286 sudo ln -s /path/to/phorge/scripts/mail/mail_handler.php /etc/smrsh/
287
288Finally, edit `/etc/mail/virtusertable` and add an entry like this:
289
290 @yourdomain.com phorge@localhost
291
292That will forward all mail to @yourdomain.com to the Phorge processing
293script. Run `sudo /etc/mail/make` or similar and then restart sendmail with
294`sudo /etc/init.d/sendmail restart`.