Unnecessary Base64 Encoded From Address

General forum information, announcements, news, questions and suggestions.
Locked
sorenstoutner
Site Member
Site Member
Posts: 12
Joined: Tue Jul 24, 2018 5:19 pm

Unnecessary Base64 Encoded From Address

Post by sorenstoutner »

The "From" and "Reply-To" fields in emails sent from the forum are unnecessarily base64 encoded. For example, the email I received after registration included the following:

Code: Select all

From: "=?UTF-8?B?RWFzeUxpc3QgRm9ydW1z?=" <[email protected]>
This causes the email to be flagged as spam. Is there some way to program the system to only use base64 encoding when it is necessary?
User avatar
LanikSJ
Site Owner
Site Owner
Posts: 1806
Joined: Thu Feb 15, 2007 7:44 am
Location: /dev/null

Post by LanikSJ »

That's not something I have control over as the emails I do get come through without Base64 Encoded message.
"If it ain't broke don't fix it."
sorenstoutner
Site Member
Site Member
Posts: 12
Joined: Tue Jul 24, 2018 5:19 pm

Post by sorenstoutner »

Does the email come through without Base64 Encoding (they do for me) or do the "From" and "Reply-To" fields come through without unnecessary Base64 encoding (they don't for me)? You will have to look at the raw email source to tell, because email clients decode these headers and display the correct text.

For example, this is the entire raw source of the email notification I received about your post. Notice that "To", "Subject", "From", and "Reply-To" are all unnecessarily Base64 encoded, which is common of spam emails. Base64 should only be used when it is required because the characters in these fields are not legal plaintext characters. Depending on whether there already exists an option to modify this behavior, you may need to open a bug with the upstream phpBB maintainers.
User avatar
LanikSJ
Site Owner
Site Owner
Posts: 1806
Joined: Thu Feb 15, 2007 7:44 am
Location: /dev/null

Post by LanikSJ »

I'm removing your headers to preserve your privacy as well as mine since this is a public forum.

I have no control over how the emails get sent that would be a question for the folks who created PHPBB. 2 points is a VERY strict level for your spam controls. I suggest increasing that threshold to at least 5 or more which is the standard I believe. The other option is to whitelist the from email ID.
"If it ain't broke don't fix it."
sorenstoutner
Site Member
Site Member
Posts: 12
Joined: Tue Jul 24, 2018 5:19 pm

Post by sorenstoutner »

I agree that this is a bug in phpBB's behavior. It is possible it can be fixed via a configuration option. Otherwise, I would recommend you file a bug report upstream.

My Spamassassin rules are strict because that is the world we live in. Emails that follow standard best practices have no problem making it through. That is why I am kindly advising you about how you can bring your forum into compliance with those best practices.
User avatar
LanikSJ
Site Owner
Site Owner
Posts: 1806
Joined: Thu Feb 15, 2007 7:44 am
Location: /dev/null

Post by LanikSJ »

sorenstoutner wrote: Tue Jul 24, 2018 11:53 pm I agree that this is a bug in phpBB's behavior. It is possible it can be fixed via a configuration option. Otherwise, I would recommend you file a bug report upstream.
You'll have to file the bug report since you're the one who has the problem. :mrgreen:
Applicable discussion: https://www.phpbb.com/community/viewtop ... p=14883486
FWIW IMO this isn't something the PHPBB will be addressing but you're welcome to try.
sorenstoutner wrote: Tue Jul 24, 2018 11:53 pmMy Spamassassin rules are strict because that is the world we live in. Emails that follow standard best practices have no problem making it through. That is why I am kindly advising you about how you can bring your forum into compliance with those best practices.
I'll agree to disagree with you there how about that?
"If it ain't broke don't fix it."
sorenstoutner
Site Member
Site Member
Posts: 12
Joined: Tue Jul 24, 2018 5:19 pm

Post by sorenstoutner »

I am happy to file the bug report. However, as an programmer myself, I prefer to receive bug reports from the person who is actually running my software. That way, I can ask detailed questions about how they have it configured (which I, as a user of the forum, am not equipped to answer).
sorenstoutner
Site Member
Site Member
Posts: 12
Joined: Tue Jul 24, 2018 5:19 pm

Post by sorenstoutner »

I have created a bug report.

https://tracker.phpbb.com/browse/PHPBB3-15729

Note that when setting up my account on their phpBB server, the registration email came through correctly because they didn't include a name in the From or ReplyTo headers (just an email address). This is perhaps a workaround you could consider until they issue a fix.
User avatar
LanikSJ
Site Owner
Site Owner
Posts: 1806
Joined: Thu Feb 15, 2007 7:44 am
Location: /dev/null

Post by LanikSJ »

I don't use special characters in From field (only configurable feature to me in PHPBB). FWIW phpbb.com related sites are usually further along in development process then mainstream apps. The interface you're seeing in their bug tracker is JIRA and not PHPBB.

I did however use the PHP built in mail() function. My only other option is SMTP which is what I switched to about 10 minutes ago. So if you get this email alert correctly then we know that's what the problem is.
"If it ain't broke don't fix it."
sorenstoutner
Site Member
Site Member
Posts: 12
Joined: Tue Jul 24, 2018 5:19 pm

Post by sorenstoutner »

I know you don't use special characters in your from field. Your from address is:

Code: Select all

EasyList Forums <[email protected]>
The core of this bug is that phpBB is Base64 encoding the "EasyList Forums" part of your email address, which makes it look like this:

Code: Select all

From: "=?UTF-8?B?RWFzeUxpc3QgRm9ydW1z?=" <[email protected]>
This is obviously unnecessary because there are no special characters that need this type of encoding. It is common for spam emails to do Base64 encoding on these fields to make them difficult for humans to read them and thus sneak through some filters. Note that Spamassassin does not complain if these are Base64 encoded if they contain characters that really need Base64 encoding (something outside the ASCII set).

The solution to this bug is for phpBB to implement a check in their code to see if there are any special characters in the name and only Base64 encode it if there are.

The phpBB bug tracker is indeed based on Jira, which is not the phpBB software. However, there is no way to directly create an account on their Jira server (they have customized it that way). Rather, you must create an account on their www.phpbb.com server, which then synchronizes the account with Jira on the backend.

When I registered on www.phpbb.com, the registration email I received had the following From field:
Because they have left the name of the sending account blank and it only has an email address there was nothing to Base64 encode and it came through just fine.

The changes in your SMTP settings did not resolve this problem but they did resolve a different issue. Previously, your emails contained the X-Priority header. There are some valid uses for X-Priority, but mostly it is just used by spam. As such, X-Priority headers will increase a Spamassassin score. Your current SMTP server does not include the X-Priority header. Thank you.
Locked