This pull request introduces 1 alert when merging 648ee10 into db63ee9 - view on LGTM.com

new alerts:

• 1 for Missing error check

Hi @ptitdoc - thanks for sending this through. Could you give me a bit of context and additional info as to what you're adding here? Thanks!

Hello,
I took the pull request from #986 which was not mergeable into master anymore.

The goal is to specify a different Envelope-Sender and SMTP-From address.

The SMTP-From address (RCPT TO) don't change, but it is now possible to specify a From: mail envelope header in the email template, which allow spoofing sender, while keeping a RCPT TO email that will be valid against SPF ...

It's also to answer the feature request #858

Hi. Can't believe it hasnt been merged into gophish yet. Lets hope it makes it in this time around :)

Hi all - thanks for your work on this. Have you been able to test backwards compatibility? e.g. if someone has current sending profiles etc already setup and they upgrade to this PR, will their sending profiles still work. This seems like a very good feature, but I want to be very careful about merges that change a lot of fundamental plumbing.

Hello,

I actually tested using an actual gophish instance that I migrated to this PR986 and I could still use the old sending profiles (the new parameter being optional, I don't think it can be a problem).

I gave this a quick test with an existing gophish database, and it seems goose didn't run the database updates:

➜  gophish git:(986-custom-envelope-sender-remerge) ✗ clear && go build && ./gophish

time="2022-02-17T14:26:50Z" level=warning msg="No contact address has been configured."
goose: no migrations to run. current version: 20201215000000

So we don't have the new field:

Might be because the database migration files are from 2018. I'll investigate some more.

Looks like renaming the migration files to today's date worked. I'll continue testing.

Initial test looks good. My test setup:

Sending Profile: Set SMTP From: to Mr SMTP Sender <mrSMTP@sender.com>
Email template: Set the new Envelope Sender: to Ms Envelope Sender<envelope@sender.com>

Sent campaign email to user Bobby Phisher <bobby@internet.com>

Here are the log files on my mailserver

Received 31 bytes: 'EHLO localhost
Got EHLO command, switching to MAIL state
Sent 36 bytes: '250-Hello localhost
Sent 16 bytes: '250-PIPELINING
Sent 16 bytes: '250 AUTH PLAIN
Received 31 bytes: 'MAIL FROM:<mrSMTP@sender.com>
Processing line: MAIL FROM:<mrSMTP@sender.com>
Got MAIL command, switching to RCPT state
Sent 33 bytes: '250 Sender mrSMTP@sender.com ok
Received 29 bytes: 'RCPT TO:<bobby@phisher.com>
Sent 36 bytes: '250 Recipient bobby@phisher.com ok
Received 6 bytes: 'DATA
Got DATA command, switching to DATA state


Received 483 bytes: 'Mime-Version: 1.0
Date: Thu, 17 Feb 2022 14:46:24 +0000
Message-Id: <1645109184398744000.94582.1638114476210840937@localhost>
Subject: Test envelope
To: "Bobby Phisher" <bobby@phisher.com>
From: "Ms Envelope Sender" <envelope@sender.com>
X-Mailer: gophish
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hello Bobby,

The Envelope Sender of this email is set to Ms Envelope Sender <envelope@sender.com>

Glenn
.

And the rendering in the email client:

@ptitdoc and @ChessSpider does the above all look correct?

yeah looks good to me!

@ptitdoc would you be able to resolve the merge conflicts please (from the recent sending_profiles.html update)? Also if you could remove the minified templates.min.js as we prefer to recompile those on our side.

@ptitdoc would you be able to resolve the merge conflicts please (from the recent sending_profiles.html update)? Also if you could remove the minified templates.min.js as we prefer to recompile those on our side.

Sorry, I forgot. I just done it.

This pull request introduces 1 alert when merging 17d8d56 into e0acb99 - view on LGTM.com

new alerts:

• 1 for Missing error check

This pull request introduces 1 alert when merging fa53dfb into e0acb99 - view on LGTM.com

new alerts:

• 1 for Missing error check

LGTM! Thanks all for your work on this.