Email sent by wrong user


I’m the admin for an instance of OMP ( It has been running for a couple of years now without much problem. But today I was asked to look into why the February summary of editorial activity email was sent to the main editor with the From address being the address of a regular user (who has Author and External Reviewer roles), rather than the default envelope sender.

This hasn’t happened before. There haven’t been any changes to the system that I know of.

Do you have any idea how this could have happened? In this case there wasn’t really a data breach, but we might not be so lucky next time.



Hi @swithun,

Hmm… that seems odd. The only thing that immediately springs to mind is that that user might be designated as the primary contact in Journal Settings (but that seems unlikely…). What did the editorial activity summary look like or contain?

PKP Team

Thanks for replying. Yes, it is pretty odd. The email contained this:


Your press health report for February, 2023 is now available. Your key stats for this month are below.

  • New submissions this month: 4
  • Declined submissions this month: 1
  • Accepted submissions this month: 5
  • Total submissions in the system: 141

Login to the the press to view more detailed editorial trends and published article stats. A full copy of this month’s editorial trends is attached.

I’ve anonymized the name and links, but they were legit, as was the editorial-report.csv which was attached.

The principal and technical support contacts are what they should be. I’ll see if the recipient still has the email, and if they can get the header information, in case I can spot anything odd. I can see in the exim4 log on the server that the email was sent, but it doesn’t record the From address.


Just to say, I’ve seen the message headers now, and while the From address was wrong, the Reply-To one was correct.

In the config for the site, we have:

allow_envelope_sender = On
default_envelope_sender =
force_default_envelope_sender = On

That said, the value for the default_envelope_sender isn’t the same as the principal contact, and it is the principal contact address which gets used as the From/Reply-To address.

I can’t rule out user error, but if you can point me in roughly the right direction I can look through the source code. I know PHP well, but OMP is quite a haystack.


Hi @swithun,

Thanks for elaborating. In case you haven’t seen it, our docs may provide some information on the email settings:

I’m not an expert in these settings and/if you might need to modify the code (the general approach is to avoid this if you can help it), but I’m paging my colleague @jnugent here, who might be able to provide some advice.

PKP Team

Hi everyone,

So the force_default_envelope_sender setting will put the default_envelope_sender in the From: field. The other settings that are missing from this discussion are the DMARC ones:

force_dmarc_compliant_from can be set to On
dmarc_compliant_from_displayname which contains a string to use as the replacement.

It’s the force_dmarc_compliant_from setting that does the heavy lifting here. It’s the setting that puts the envelope sender in the From field and then the actual person’s address in the Reply-To header.

If you’re using the force.... headers then nothing you put in the primary contact field will end up in an email. That’d be a code modification and all of that code lives in the class, and starts here:


1 Like

Hi all,

This issue is already fixed in more recent releases:

Alec Smecher
Public Knowledge Project Team


Ah, I wish I’d found that bug report. That’s exactly it. Thank you all.

Marked as solved.


1 Like

This topic was automatically closed after 10 days. New replies are no longer allowed.