From 73a20cbf89ae402e3e557be3198415dee40ed883 Mon Sep 17 00:00:00 2001
From: Alexander Schwartz <aschwart@redhat.com>
Date: Thu, 3 Apr 2025 16:51:50 +0200
Subject: [PATCH] Set the mail.from to avoid looking up the local hostname

Closes #38353

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
---
 .../java/org/keycloak/email/DefaultEmailSenderProvider.java  | 5 +++++
 .../src/test/java/org/keycloak/test/examples/EmailTest.java  | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/services/src/main/java/org/keycloak/email/DefaultEmailSenderProvider.java b/services/src/main/java/org/keycloak/email/DefaultEmailSenderProvider.java
index 2e74a6b523b..cb0d3c00017 100644
--- a/services/src/main/java/org/keycloak/email/DefaultEmailSenderProvider.java
+++ b/services/src/main/java/org/keycloak/email/DefaultEmailSenderProvider.java
@@ -115,6 +115,11 @@ public class DefaultEmailSenderProvider implements EmailSenderProvider {
                 throw new EmailException("No sender address configured in the realm settings for emails");
             }
 
+            // Specify 'mail.from' as InternetAddress.getLocalAddress() would otherwise do a InetAddress.getCanonicalHostName
+            // and add this as a mail header. This would both be slow, and would reveal internal IP addresses that we don't want.
+            // https://jakarta.ee/specifications/mail/2.0/jakarta-mail-spec-2.0#a823
+            props.setProperty("mail.from", from);
+
             String fromDisplayName = config.get("fromDisplayName");
             String replyTo = config.get("replyTo");
             String replyToDisplayName = config.get("replyToDisplayName");
diff --git a/test-framework/examples/tests/src/test/java/org/keycloak/test/examples/EmailTest.java b/test-framework/examples/tests/src/test/java/org/keycloak/test/examples/EmailTest.java
index 6bfbc1372c2..e7dd6baf10d 100644
--- a/test-framework/examples/tests/src/test/java/org/keycloak/test/examples/EmailTest.java
+++ b/test-framework/examples/tests/src/test/java/org/keycloak/test/examples/EmailTest.java
@@ -3,6 +3,8 @@ package org.keycloak.test.examples;
 import com.nimbusds.oauth2.sdk.GeneralException;
 import jakarta.mail.MessagingException;
 import jakarta.mail.internet.MimeMessage;
+import org.hamcrest.MatcherAssert;
+import org.hamcrest.Matchers;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 import org.keycloak.events.email.EmailEventListenerProviderFactory;
@@ -50,6 +52,7 @@ public class EmailTest {
         mail.waitForIncomingEmail(1);
         MimeMessage lastReceivedMessage = mail.getLastReceivedMessage();
         Assertions.assertEquals("Login error", lastReceivedMessage.getSubject());
+        MatcherAssert.assertThat(lastReceivedMessage.getMessageID(), Matchers.endsWith("@keycloak.org>"));
     }
 
     public static class EmailSenderRealmConfig implements RealmConfig {