Skip to content

additional_message_headers.php: support CALLABLE/callback via config#9755

Open
jb4z wants to merge 6 commits intoroundcube:masterfrom
jb4z:patch-1
Open

additional_message_headers.php: support CALLABLE/callback via config#9755
jb4z wants to merge 6 commits intoroundcube:masterfrom
jb4z:patch-1

Conversation

@jb4z
Copy link
Copy Markdown

@jb4z jb4z commented Jan 19, 2025

Good day all,

The purpose of this patch is to have Roundcube execute a callback function during runtime, as defined in config.inc.php, for more complex tasks going beyond static strings or their replacements.

For example, one could configure something like this:

$config['additional_message_headers']['X-Sender'] = null;
$config['additional_message_headers']['X-RC-USR'] = (function() {
                $d = json_encode([
                    'u' => rcube::get_instance()->get_user_name(),
                    'r' => $_SERVER['REMOTE_ADDR'],
                    'a' => empty($_SERVER['HTTP_USER_AGENT']) ? '-' : $_SERVER['HTTP_USER_AGENT'],
                    't' => $_SERVER['REQUEST_TIME']
                ]);
                return base64_encode($d); # should also be encrypted ;)
        });

In this example,
a) disables the cleartext X-Sender header;
b) adds a dynamic header X-RC-USR in base64-JSON-encoded form, which could later be used for compliance purposes. If this header is automatically processed by the mail gateway, further analysis could aid in detecting abuse patterns, while not directly exposing this sensitive information as human-readable text; if properly encrypted (out of this scope), this could eliminate privacy concerns.

One of the ideas behind this is that using Roundcube (or any other webmailer) usually masquerades the original user's IP address by the webmailer's server IP address to the SMTP server; this is not the case when a user talks to the SMTP server directly.

With tight integration into your setup, you will never again have to sift through different logs/correlate IP address information just to find the guy who sent this message which the person behind the user's login denies having sent.

This patch also reduces two arrays ($search, $replace) into one ($map) for maintainability.

jb4z added 3 commits January 19, 2025 11:27
@jb4z
Update additional_message_headers.php: Add support for CALLABLE/callb…
48fe6ce 
…ack via config

The purpose of this patch is to have Roundcube execute a callback function during runtime, as defined in config.inc.php for more complex tasks.

For example, one could configure something like this:

$config['additional_message_headers']['X-Sender'] = null;
$config['additional_message_headers']['X-RC-USR'] = (function() {
                $d = json_encode(['u' => rcube::get_instance()->get_user_name(), 'r' => $_SERVER['REMOTE_ADDR'], 'a' => empty($_SERVER['HTTP_USER_AGENT']) ? '-' : $_SERVER['HTTP_USER_AGENT'], 't' => $_SERVER['REQUEST_TIME'] ]);
                return base64_encode($d); # should also be encrypted ;)
        });

In this example,
a) disables the cleartext X-Sender header; 
b) adds a dynamic header X-RC-USR in base64-JSON-encoded form, which could later be used for compliance purposes. If this header is automatically processed by the mail gateway, further analysis could aid in detecting abuse patterns, while not directly exposing this sensitive information as human-readable text; if properly encrypted (out of this scope), this could eliminate privacy concerns.

One of the ideas behind this is that using Roundcube (or any other webmailer) usually masquerades the original user's IP address by the webmailer's server IP address to the SMTP server; this is not the case when a user talks to the SMTP server directly.

With tight integration into your setup, you will never again have to sift through different logs/correlate IP address information just to find the guy who sent this message which the person behind the user's login denies having sent.

This patch also reduces two arrays ($search, $replace) into one ($map) for maintainability.
@jb4z
Update additional_message_headers.php
7659584 
Missed something while creating initial patch
@jb4z
Update additional_message_headers.php
31401fb 
3 times' a charm
@alecpl
Copy link
Copy Markdown
Member

alecpl commented Feb 9, 2025

Thanks. Please, fix the coding style issue. Also, it would be good to add some note to the config.inc.php.dist file, with some simple example.

@jb4z
Copy link
Copy Markdown
Author

jb4z commented Feb 16, 2025

Thanks for considering this. Fixed the whitespace issue as requested and updated the config.inc.php.sample, hoping it's not too verbose (and not too opinionated 😬)

alecpl
alecpl reviewed Feb 16, 2025
View reviewed changes
Comment thread config/config.inc.php.sample
// Specify Roundcube's Default Skin, equal to the folder name beneath skins/
$config['skin'] = 'elastic';

// Optional config of the additional_message_headers plugin (Issue #9755; Feb 2025)
Copy link
Copy Markdown
Member

@alecpl alecpl Feb 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The sample should be in plugins/additional_message_headers/config.inc.php.dist

Copy link
Copy Markdown
Member

@alecpl alecpl Mar 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jb4z would you mind fixing the last issue I mentioned? It's almost ready to be merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alecpl alecpl alecpl left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jb4z @alecpl