Moodle
  1. Moodle
  2. MDL-21321

Upload users does not send email corrcetly, when moodle generates passwords

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 1.9.7
    • Fix Version/s: None
    • Component/s: Administration
    • Labels:
      None
    • Environment:
      Centos Linux 4, MySQL 5, Apache 2, PHP 5.2.11
    • Database:
      MySQL
    • Affected Branches:
      MOODLE_19_STABLE
    • Rank:
      2541

      Description

      If a file of user details is uploaded, and the option is taken for moodle to create the passwords, and email them to the users, the emails are sent out to totally the wrong addresses. Instead of being sent to the address in the user record, it ends up being sent to something like: f5d1278e8109edd94e1e4197e04873b9@dsint01.pteppic.net (from a test on one of our sites - this is also affecting a client site, also 1.9.7 =, on a different server). This address of course is not recognised, and so the mail bounces.

      So, why is the address in the user record not being used?

      All of the settings are standard - the server is using an instance of postfix, locally, to sent smtp mail, via the standard default mail mechanism.

      Emails sent via forums, or in bulk user actions, work OK. It just seems to be the code that initially sends out the passwords that has this problem.

      Sean K

        Activity

        Sean Keogh created issue -
        Dan Poltawski made changes -
        Field Original Value New Value
        Assignee moodle.com [ moodle.com ] Dan Poltawski [ poltawski ]
        Hide
        Dan Poltawski added a comment -

        Hi Sean,

        I can't reproduce this issue or see a code path which generates this problem, the closest thing seems to be perhaps a generated messageid.

        The to address you seem to point out looks like a message id ather than from address. Here are sample headers i've jsut generated:

        From www-data@moodle Thu Jan 28 10:53:12 2010
        Received: from www-data by moodle with local (Exim 4.69)
                (envelope-from <www-data@moodle>)
                id 1NaRzs-0004Uy-2W
                for talktodan@gmail.com; Thu, 28 Jan 2010 10:53:12 +0000
        To: talktodan@gmail.com
        Subject: test: New user account
        Date: Thu, 28 Jan 2010 10:53:11 +0000
        From: "Admin User " <test@test.com>
        Message-ID: <31feb1a9d0a5d0aef6332ea2f25d1ca2@moodle.dev>
        X-Priority: 3
        X-Mailer: PHPMailer [version Moodle 2007101571.04]
        MIME-Version: 1.0
        Content-Transfer-Encoding: 8bit
        Content-Type: text/plain; charset="UTF-8"
        Sender: www-data <www-data@moodle>
        
        
        Hi firstname lastname,
        
        A new account has been created for you at 'test'
        and you have been issued with a new temporary password.
        
        Your current login information is now:
           username: firstname
           password: rock8stop
                     (you will have to change your password
                      when you login for the first time)
        
        To start using 'test', login at
           http://moodle.dev/login/
        
        In most mail programs, this should appear as a blue link
        which you can just click on.  If that doesn't work,
        then cut and paste the address into the address
        line at the top of your web browser window.
        
        Cheers from the 'test' administrator,
        
        Admin User
        :
        
        Show
        Dan Poltawski added a comment - Hi Sean, I can't reproduce this issue or see a code path which generates this problem, the closest thing seems to be perhaps a generated messageid. The to address you seem to point out looks like a message id ather than from address. Here are sample headers i've jsut generated: From www-data@moodle Thu Jan 28 10:53:12 2010 Received: from www-data by moodle with local (Exim 4.69) (envelope-from <www-data@moodle>) id 1NaRzs-0004Uy-2W for talktodan@gmail.com; Thu, 28 Jan 2010 10:53:12 +0000 To: talktodan@gmail.com Subject: test: New user account Date: Thu, 28 Jan 2010 10:53:11 +0000 From: "Admin User " <test@test.com> Message-ID: <31feb1a9d0a5d0aef6332ea2f25d1ca2@moodle.dev> X-Priority: 3 X-Mailer: PHPMailer [version Moodle 2007101571.04] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset= "UTF-8" Sender: www-data <www-data@moodle> Hi firstname lastname, A new account has been created for you at 'test' and you have been issued with a new temporary password. Your current login information is now: username: firstname password: rock8stop (you will have to change your password when you login for the first time) To start using 'test', login at http: //moodle.dev/login/ In most mail programs, this should appear as a blue link which you can just click on. If that doesn't work, then cut and paste the address into the address line at the top of your web browser window. Cheers from the 'test' administrator, Admin User :
        Hide
        Sean Keogh added a comment -

        Hi Dan,

        Yes I know, it looks like a messageid to me too. But we were seeing it in a bounce message as an actual address, which seems very odd.

        I will investigate further. THanks, Dan.

        Sean K

        Show
        Sean Keogh added a comment - Hi Dan, Yes I know, it looks like a messageid to me too. But we were seeing it in a bounce message as an actual address, which seems very odd. I will investigate further. THanks, Dan. Sean K
        Hide
        Anthony O'Connell added a comment -

        I came across this issue today as well. There doesn't seem to be any consistency because out of half a dozen attempts to upload users, one worked and 5 didn't. Here's the bounce email where the server tries to append the domain to the address. What's interesting is that the username is shows the email address with some random number after it instead of the username.

        The original message was received at Mon, 13 Sep 2010 18:00:04 +1000
        from root@localhost

        ----- The following addresses had permanent fatal errors -----
        d0e96b79469d6e6478bddab875a8b31b
        (reason: 550 5.1.1 <d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au>... User unknown)
        (expanded from: d0e96b79469d6e6478bddab875a8b31b)

        ----- Transcript of session follows -----
        ... while talking to [127.0.0.1]:
        DATA
        <<< 550 5.1.1 <d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au>... User unknown
        550 5.1.1 d0e96b79469d6e6478bddab875a8b31b... User unknown
        <<< 503 5.0.0 Need RCPT (recipient)
        Reporting-MTA: dns; mail.traininggroup.com.au
        Arrival-Date: Mon, 13 Sep 2010 18:00:04 +1000

        Final-Recipient: RFC822; d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au
        Action: failed
        Status: 5.1.1
        Remote-MTA: DNS; [127.0.0.1]
        Diagnostic-Code: SMTP; 550 5.1.1 <d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au>... User unknown
        Last-Attempt-Date: Mon, 13 Sep 2010 18:00:05 +1000

        From: "Administrator " <admin@traininggroup.com.au>
        Date: 13 September 2010 6:00:04 PM AEST
        To: d0e96b79469d6e6478bddab875a8b31b
        Subject: Site: New User Account

        Hi Anthony James,

        An online training account has been created at 'World Vision Australia' using
        your email address and you now have access to log in and commence training. The
        username you have been allocated will remain yours for the duration of your
        access to the site and you have been issued a temporary password. When you
        first log in to the online site you will be prompted to change your password.

        Your current login information is:
        <strong>username</strong>: anthony@zenius.com.au.1284357892
        <strong>password</strong>: e/wx4FG3

        To start using 'Site', login at
        http://wva.traininglink.com.au/login/

        In most mail programs, this should appear as a blue link which you can just
        click on. If that doesn't work, cut and paste the address into the address line
        at the top of your web browser window. You DO NOT need to type in www at the
        start of the site address.

        If you need help, please contact the site administrator.

        Administrator
        admin@traininggroup.com.a

        Show
        Anthony O'Connell added a comment - I came across this issue today as well. There doesn't seem to be any consistency because out of half a dozen attempts to upload users, one worked and 5 didn't. Here's the bounce email where the server tries to append the domain to the address. What's interesting is that the username is shows the email address with some random number after it instead of the username. The original message was received at Mon, 13 Sep 2010 18:00:04 +1000 from root@localhost ----- The following addresses had permanent fatal errors ----- d0e96b79469d6e6478bddab875a8b31b (reason: 550 5.1.1 <d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au>... User unknown) (expanded from: d0e96b79469d6e6478bddab875a8b31b) ----- Transcript of session follows ----- ... while talking to [127.0.0.1] : DATA <<< 550 5.1.1 <d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au>... User unknown 550 5.1.1 d0e96b79469d6e6478bddab875a8b31b... User unknown <<< 503 5.0.0 Need RCPT (recipient) Reporting-MTA: dns; mail.traininggroup.com.au Arrival-Date: Mon, 13 Sep 2010 18:00:04 +1000 Final-Recipient: RFC822; d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au Action: failed Status: 5.1.1 Remote-MTA: DNS; [127.0.0.1] Diagnostic-Code: SMTP; 550 5.1.1 <d0e96b79469d6e6478bddab875a8b31b@mail.traininggroup.com.au>... User unknown Last-Attempt-Date: Mon, 13 Sep 2010 18:00:05 +1000 From: "Administrator " <admin@traininggroup.com.au> Date: 13 September 2010 6:00:04 PM AEST To: d0e96b79469d6e6478bddab875a8b31b Subject: Site: New User Account Hi Anthony James, An online training account has been created at 'World Vision Australia' using your email address and you now have access to log in and commence training. The username you have been allocated will remain yours for the duration of your access to the site and you have been issued a temporary password. When you first log in to the online site you will be prompted to change your password. Your current login information is: <strong>username</strong>: anthony@zenius.com.au.1284357892 <strong>password</strong>: e/wx4FG3 To start using 'Site', login at http://wva.traininglink.com.au/login/ In most mail programs, this should appear as a blue link which you can just click on. If that doesn't work, cut and paste the address into the address line at the top of your web browser window. You DO NOT need to type in www at the start of the site address. If you need help, please contact the site administrator. Administrator admin@traininggroup.com.a
        Hide
        Anthony O'Connell added a comment -

        Actually, to me, that looks like the password hash. What mechanism would allow moodle to use the password hash instead of the email address to send out the new account details? That would seem to be a bit of a security issue. Comments guys?

        Show
        Anthony O'Connell added a comment - Actually, to me, that looks like the password hash. What mechanism would allow moodle to use the password hash instead of the email address to send out the new account details? That would seem to be a bit of a security issue. Comments guys?
        Hide
        Anthony O'Connell added a comment -

        Following some logic here...

        • When you upload users from a file and tell Moodle to create a password if needed, Moodle creates a empty password field in the database that it fills when the cron.php is next run (at whatever frequency you set it to run)
        • When you delete a user in Moodle, their username is replaced with their email address plus a short random number and their email address is replaced with a long random number that looks a bit like a password hash

        Is it possible the impatience is the problem here? After you upload users, no email arrives so you delete the user. The next time the cron runs, the new password is sent to the long random number and the username is the email address with the short random number appended. Looking for some logic here so let me know if this is a possibility.

        Question: would Moodle still try to create a password (for any account with no password) and email it out even if the user's account was set as deleted?

        Show
        Anthony O'Connell added a comment - Following some logic here... When you upload users from a file and tell Moodle to create a password if needed, Moodle creates a empty password field in the database that it fills when the cron.php is next run (at whatever frequency you set it to run) When you delete a user in Moodle, their username is replaced with their email address plus a short random number and their email address is replaced with a long random number that looks a bit like a password hash Is it possible the impatience is the problem here? After you upload users, no email arrives so you delete the user. The next time the cron runs, the new password is sent to the long random number and the username is the email address with the short random number appended. Looking for some logic here so let me know if this is a possibility. Question: would Moodle still try to create a password (for any account with no password) and email it out even if the user's account was set as deleted?
        Martin Dougiamas made changes -
        Workflow jira [ 34734 ] MDL Workflow [ 45785 ]
        Martin Dougiamas made changes -
        Workflow MDL Workflow [ 45785 ] MDL Full Workflow [ 74112 ]
        Hide
        Michael de Raadt added a comment -

        Thanks for reporting this issue.

        We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported.

        If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed.

        Michael d;

        lqjjLKA0p6

        Show
        Michael de Raadt added a comment - Thanks for reporting this issue. We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported. If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed. Michael d; lqjjLKA0p6
        Hide
        Michael de Raadt added a comment -

        I'm closing this issue as it appears to have become inactive and is probably not relevant to a current supported version. If you are encountering this problem or one similar, please launch a new issue.

        Show
        Michael de Raadt added a comment - I'm closing this issue as it appears to have become inactive and is probably not relevant to a current supported version. If you are encountering this problem or one similar, please launch a new issue.
        Michael de Raadt made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Won't Fix [ 2 ]

          People

          • Votes:
            3 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: