When an email is received,
Email.Receiver only checks the following:
Regexp.new(SiteSetting.ignore_by_title) =~ @mail.subject // Blacklisted TOPIC TITLE raise BouncedEmailError if is_bounce? // Bounce mail raise NoSenderDetectedError if @from_email.blank? // No From field raise ScreenedEmailError if ScreenedEmail.should_block?(@from_email) // Screend Email address
After this, a new staged user is created via
The result is, when an email is received via
email in, the originator address is not checked whether it is from a blacklisted domain.
EmailValidator.validate_each should be called on
The procedure should be:
- Do the checks above
- Further check first if the user with that email address already exists (
find_user?). If so, let it pass.
- If the email address doesn’t exist, call
EmailValidator.validate_eachto check if it is blacklisted. DO NOT create a staged user if the email domain is blacklisted.
- If not blacklisted, then create the user (
- Continue processing