Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-21321

Upload users does not send email corrcetly, when moodle generates passwords

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 1.9.7
    • Fix Version/s: None
    • Component/s: Administration
    • Labels:
      None
    • Environment:
      Centos Linux 4, MySQL 5, Apache 2, PHP 5.2.11
    • Database:
      MySQL
    • Affected Branches:
      MOODLE_19_STABLE

      Description

      If a file of user details is uploaded, and the option is taken for moodle to create the passwords, and email them to the users, the emails are sent out to totally the wrong addresses. Instead of being sent to the address in the user record, it ends up being sent to something like: f5d1278e8109edd94e1e4197e04873b9@dsint01.pteppic.net (from a test on one of our sites - this is also affecting a client site, also 1.9.7 =, on a different server). This address of course is not recognised, and so the mail bounces.

      So, why is the address in the user record not being used?

      All of the settings are standard - the server is using an instance of postfix, locally, to sent smtp mail, via the standard default mail mechanism.

      Emails sent via forums, or in bulk user actions, work OK. It just seems to be the code that initially sends out the passwords that has this problem.

      Sean K

        Gliffy Diagrams

          Attachments

            Activity

            Hide
            poltawski Dan Poltawski added a comment -

            Hi Sean,

            I can't reproduce this issue or see a code path which generates this problem, the closest thing seems to be perhaps a generated messageid.

            The to address you seem to point out looks like a message id ather than from address. Here are sample headers i've jsut generated:

            From www-data@moodle Thu Jan 28 10:53:12 2010
            Received: from www-data by moodle with local (Exim 4.69)
                    (envelope-from <www-data@moodle>)
                    id 1NaRzs-0004Uy-2W
                    for talktodan@gmail.com; Thu, 28 Jan 2010 10:53:12 +0000
            To: talktodan@gmail.com
            Subject: test: New user account
            Date: Thu, 28 Jan 2010 10:53:11 +0000
            From: "Admin User " <test@test.com>
            Message-ID: <31feb1a9d0a5d0aef6332ea2f25d1ca2@moodle.dev>
            X-Priority: 3
            X-Mailer: PHPMailer [version Moodle 2007101571.04]
            MIME-Version: 1.0
            Content-Transfer-Encoding: 8bit
            Content-Type: text/plain; charset="UTF-8"
            Sender: www-data <www-data@moodle>
             
             
            Hi firstname lastname,
             
            A new account has been created for you at 'test'
            and you have been issued with a new temporary password.
             
            Your current login information is now:
               username: firstname
               password: rock8stop
                         (you will have to change your password
                          when you login for the first time)
             
            To start using 'test', login at
               http://moodle.dev/login/
             
            In most mail programs, this should appear as a blue link
            which you can just click on.  If that doesn't work,
            then cut and paste the address into the address
            line at the top of your web browser window.
             
            Cheers from the 'test' administrator,
             
            Admin User
            :

            Show
            poltawski Dan Poltawski added a comment - Hi Sean, I can't reproduce this issue or see a code path which generates this problem, the closest thing seems to be perhaps a generated messageid. The to address you seem to point out looks like a message id ather than from address. Here are sample headers i've jsut generated: From www-data@moodle Thu Jan 28 10:53:12 2010 Received: from www-data by moodle with local (Exim 4.69) (envelope-from <www-data@moodle>) id 1NaRzs-0004Uy-2W for talktodan@gmail.com; Thu, 28 Jan 2010 10:53:12 +0000 To: talktodan@gmail.com Subject: test: New user account Date: Thu, 28 Jan 2010 10:53:11 +0000 From: "Admin User " <test@test.com> Message-ID: <31feb1a9d0a5d0aef6332ea2f25d1ca2@moodle.dev> X-Priority: 3 X-Mailer: PHPMailer [version Moodle 2007101571.04] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" Sender: www-data <www-data@moodle>     Hi firstname lastname,   A new account has been created for you at 'test' and you have been issued with a new temporary password.   Your current login information is now: username: firstname password: rock8stop (you will have to change your password when you login for the first time)   To start using 'test', login at http://moodle.dev/login/   In most mail programs, this should appear as a blue link which you can just click on. If that doesn't work, then cut and paste the address into the address line at the top of your web browser window.   Cheers from the 'test' administrator,   Admin User :
            Hide
            keoghs Sean Keogh added a comment -

            Hi Dan,

            Yes I know, it looks like a messageid to me too. But we were seeing it in a bounce message as an actual address, which seems very odd.

            I will investigate further. THanks, Dan.

            Sean K

            Show
            keoghs Sean Keogh added a comment - Hi Dan, Yes I know, it looks like a messageid to me too. But we were seeing it in a bounce message as an actual address, which seems very odd. I will investigate further. THanks, Dan. Sean K
            Hide
            anthoc1 Anthony O'Connell added a comment -

            I came across this issue today as well. There doesn't seem to be any consistency because out of half a dozen attempts to upload users, one worked and 5 didn't. Here's the bounce email where the server tries to append the domain to the address. What's interesting is that the username is shows the email address with some random number after it instead of the username.

            The original message was received at Mon, 13 Sep 2010 18:00:04 +1000
            from root@localhost

            ----- The following addresses had permanent fatal errors -----
            d0e96b79469d6e6478bddab875a8b31b
            (reason: 550 5.1.1 <d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au>... User unknown)
            (expanded from: d0e96b79469d6e6478bddab875a8b31b)

            ----- Transcript of session follows -----
            ... while talking to [127.0.0.1]:
            DATA
            <<< 550 5.1.1 <d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au>... User unknown
            550 5.1.1 d0e96b79469d6e6478bddab875a8b31b... User unknown
            <<< 503 5.0.0 Need RCPT (recipient)
            Reporting-MTA: dns; mail.traininggroup.com.au
            Arrival-Date: Mon, 13 Sep 2010 18:00:04 +1000

            Final-Recipient: RFC822; d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au
            Action: failed
            Status: 5.1.1
            Remote-MTA: DNS; [127.0.0.1]
            Diagnostic-Code: SMTP; 550 5.1.1 <d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au>... User unknown
            Last-Attempt-Date: Mon, 13 Sep 2010 18:00:05 +1000

            From: "Administrator " <admin@traininggroup.com.au>
            Date: 13 September 2010 6:00:04 PM AEST
            To: d0e96b79469d6e6478bddab875a8b31b
            Subject: Site: New User Account

            Hi Anthony James,

            An online training account has been created at 'World Vision Australia' using
            your email address and you now have access to log in and commence training. The
            username you have been allocated will remain yours for the duration of your
            access to the site and you have been issued a temporary password. When you
            first log in to the online site you will be prompted to change your password.

            Your current login information is:
            <strong>username</strong>: anthony@zenius.com.au.1284357892
            <strong>password</strong>: e/wx4FG3

            To start using 'Site', login at
            http://wva.traininglink.com.au/login/

            In most mail programs, this should appear as a blue link which you can just
            click on. If that doesn't work, cut and paste the address into the address line
            at the top of your web browser window. You DO NOT need to type in www at the
            start of the site address.

            If you need help, please contact the site administrator.

            Administrator
            admin@traininggroup.com.a

            Show
            anthoc1 Anthony O'Connell added a comment - I came across this issue today as well. There doesn't seem to be any consistency because out of half a dozen attempts to upload users, one worked and 5 didn't. Here's the bounce email where the server tries to append the domain to the address. What's interesting is that the username is shows the email address with some random number after it instead of the username. The original message was received at Mon, 13 Sep 2010 18:00:04 +1000 from root@localhost ----- The following addresses had permanent fatal errors ----- d0e96b79469d6e6478bddab875a8b31b (reason: 550 5.1.1 <d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au>... User unknown) (expanded from: d0e96b79469d6e6478bddab875a8b31b) ----- Transcript of session follows ----- ... while talking to [127.0.0.1] : DATA <<< 550 5.1.1 <d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au>... User unknown 550 5.1.1 d0e96b79469d6e6478bddab875a8b31b... User unknown <<< 503 5.0.0 Need RCPT (recipient) Reporting-MTA: dns; mail.traininggroup.com.au Arrival-Date: Mon, 13 Sep 2010 18:00:04 +1000 Final-Recipient: RFC822; d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au Action: failed Status: 5.1.1 Remote-MTA: DNS; [127.0.0.1] Diagnostic-Code: SMTP; 550 5.1.1 <d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au>... User unknown Last-Attempt-Date: Mon, 13 Sep 2010 18:00:05 +1000 From: "Administrator " <admin@traininggroup.com.au> Date: 13 September 2010 6:00:04 PM AEST To: d0e96b79469d6e6478bddab875a8b31b Subject: Site: New User Account Hi Anthony James, An online training account has been created at 'World Vision Australia' using your email address and you now have access to log in and commence training. The username you have been allocated will remain yours for the duration of your access to the site and you have been issued a temporary password. When you first log in to the online site you will be prompted to change your password. Your current login information is: <strong>username</strong>: anthony@zenius.com.au.1284357892 <strong>password</strong>: e/wx4FG3 To start using 'Site', login at http://wva.traininglink.com.au/login/ In most mail programs, this should appear as a blue link which you can just click on. If that doesn't work, cut and paste the address into the address line at the top of your web browser window. You DO NOT need to type in www at the start of the site address. If you need help, please contact the site administrator. Administrator admin@traininggroup.com.a
            Hide
            anthoc1 Anthony O'Connell added a comment -

            Actually, to me, that looks like the password hash. What mechanism would allow moodle to use the password hash instead of the email address to send out the new account details? That would seem to be a bit of a security issue. Comments guys?

            Show
            anthoc1 Anthony O'Connell added a comment - Actually, to me, that looks like the password hash. What mechanism would allow moodle to use the password hash instead of the email address to send out the new account details? That would seem to be a bit of a security issue. Comments guys?
            Hide
            anthoc1 Anthony O'Connell added a comment -

            Following some logic here...

            • When you upload users from a file and tell Moodle to create a password if needed, Moodle creates a empty password field in the database that it fills when the cron.php is next run (at whatever frequency you set it to run)
            • When you delete a user in Moodle, their username is replaced with their email address plus a short random number and their email address is replaced with a long random number that looks a bit like a password hash

            Is it possible the impatience is the problem here? After you upload users, no email arrives so you delete the user. The next time the cron runs, the new password is sent to the long random number and the username is the email address with the short random number appended. Looking for some logic here so let me know if this is a possibility.

            Question: would Moodle still try to create a password (for any account with no password) and email it out even if the user's account was set as deleted?

            Show
            anthoc1 Anthony O'Connell added a comment - Following some logic here... When you upload users from a file and tell Moodle to create a password if needed, Moodle creates a empty password field in the database that it fills when the cron.php is next run (at whatever frequency you set it to run) When you delete a user in Moodle, their username is replaced with their email address plus a short random number and their email address is replaced with a long random number that looks a bit like a password hash Is it possible the impatience is the problem here? After you upload users, no email arrives so you delete the user. The next time the cron runs, the new password is sent to the long random number and the username is the email address with the short random number appended. Looking for some logic here so let me know if this is a possibility. Question: would Moodle still try to create a password (for any account with no password) and email it out even if the user's account was set as deleted?
            Hide
            salvetore Michael de Raadt added a comment -

            Thanks for reporting this issue.

            We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported.

            If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed.

            Michael d;

            lqjjLKA0p6

            Show
            salvetore Michael de Raadt added a comment - Thanks for reporting this issue. We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported. If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed. Michael d; lqjjLKA0p6
            Hide
            salvetore Michael de Raadt added a comment -

            I'm closing this issue as it appears to have become inactive and is probably not relevant to a current supported version. If you are encountering this problem or one similar, please launch a new issue.

            Show
            salvetore Michael de Raadt added a comment - I'm closing this issue as it appears to have become inactive and is probably not relevant to a current supported version. If you are encountering this problem or one similar, please launch a new issue.

              People

              • Votes:
                3 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: