-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
URGENT! Calendar import google auto set to spam past appointment invitees #290
Comments
please report a bug in https://github.com/nextcloud/server |
and please provide one line from the ics beginning with |
Withdrawn :) |
No, the invitation mails are sent out by the dav app -> server repo |
ok I'm on it! |
submitted to nextcloud/server#2855 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Posted on #nextcloud on freenode irc
[15:12:36] just setting up nextcloud on a freebsd server today, and made a test user account and imported some account data from a google account. I imported a calendar and while importing the calendar nextcloud started to notify contacts for past appointments.....
[15:12:45] nextcloud 11.0 stable
[15:13:26] shutdown the postfix service and will remove the queue but guys this is quite an oversight....
[15:17:54] That sounds like a good github issue
[15:18:18] I'm a little surprised it doesn't check whether the date of an appointment is in the past before sending a notification
[15:18:43] there is about 10 years of google appointments getting mailed out to contacts
[15:18:52] import not yet complete
[15:19:07] pretty stunning oversight
[15:20:50] also as the user has not yet defined an email address the mail is going to the postmaster for the domain rofl....
[15:22:07] so basically the calendar app upon import even without a user defining an email address sends out mail via an imagined user/email address named after the site name @ the config domain name
Update 1
X-PHP-Originating-Script: 80:SimpleMailInvoker.php
you guys gotta patch this asap
There should be no immediate outbound mail triggered by importing data from outside data source. The import was not even half way through and the mails were flying out....
your calendar app sent out emails to 10 years of google calendar invitees..... really?
spammers can use this flaw actually...
The text was updated successfully, but these errors were encountered: