Commit 6c45a770 authored by John Long's avatar John Long Committed by Marcin Sedlak-Jakubowski

Add note suggesting best practice for address used

parent 4a8e1e7a
......@@ -21,6 +21,11 @@ GitLab has several features based on receiving incoming emails:
## Requirements
NOTE: **Note:**
It is **not** recommended to use an email address that receives or will receive any
messages not intended for the GitLab instance. Any incoming emails not intended
for GitLab will receive a reject notice.
Handling incoming emails requires an [IMAP](https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol)-enabled
email account. GitLab requires one of the following three strategies:
......@@ -106,6 +111,16 @@ Alternatively, use a dedicated domain for GitLab email communications such as
See GitLab issue [#30366](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/30366)
for a real-world example of this exploit.
CAUTION:**Caution:**
Be sure to use a mail server that has been configured to reduce
spam.
A Postfix mail server that is running on a default configuration, for example,
can result in abuse. All messages received on the configured mailbox will be processed
and messages that are not intended for the GitLab instance will receive a reject notice.
If the sender's address is spoofed, the reject notice will be delivered to the spoofed
`FROM` address, which can cause the mail server's IP or domain to appear on a block
list.
### Omnibus package installations
1. Find the `incoming_email` section in `/etc/gitlab/gitlab.rb`, enable the feature
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment