mirror of
https://github.com/stalwartlabs/mail-server.git
synced 2024-10-23 06:57:26 +00:00
Perform must-match-sender checks after sender rewriting (closes #394)
This commit is contained in:
parent
5a43455917
commit
7826eb3ea1
1 changed files with 29 additions and 28 deletions
|
@ -110,34 +110,6 @@ impl<T: SessionStream> Session<T> {
|
|||
(String::new(), String::new(), String::new())
|
||||
};
|
||||
|
||||
// Make sure that the authenticated user is allowed to send from this address
|
||||
if !self.data.authenticated_as.is_empty()
|
||||
&& self.params.auth_match_sender
|
||||
&& (self.data.authenticated_as != address_lcase
|
||||
&& !self.data.authenticated_emails.iter().any(|e| {
|
||||
e == &address_lcase || (e.starts_with('@') && address_lcase.ends_with(e))
|
||||
}))
|
||||
{
|
||||
trc::event!(
|
||||
Smtp(SmtpEvent::MailFromUnauthorized),
|
||||
SpanId = self.data.session_id,
|
||||
From = address_lcase,
|
||||
Details = [trc::Value::String(self.data.authenticated_as.to_string())]
|
||||
.into_iter()
|
||||
.chain(
|
||||
self.data
|
||||
.authenticated_emails
|
||||
.iter()
|
||||
.map(|e| trc::Value::String(e.to_string()))
|
||||
)
|
||||
.collect::<Vec<_>>()
|
||||
);
|
||||
|
||||
return self
|
||||
.write(b"501 5.5.4 You are not allowed to send from this address.\r\n")
|
||||
.await;
|
||||
}
|
||||
|
||||
let has_dsn = from.env_id.is_some();
|
||||
self.data.mail_from = SessionAddress {
|
||||
address,
|
||||
|
@ -224,6 +196,35 @@ impl<T: SessionStream> Session<T> {
|
|||
}
|
||||
}
|
||||
|
||||
// Make sure that the authenticated user is allowed to send from this address
|
||||
if !self.data.authenticated_as.is_empty() && self.params.auth_match_sender {
|
||||
let address_lcase = self.data.mail_from.as_ref().unwrap().address_lcase.as_str();
|
||||
if self.data.authenticated_as != address_lcase
|
||||
&& !self.data.authenticated_emails.iter().any(|e| {
|
||||
e == address_lcase || (e.starts_with('@') && address_lcase.ends_with(e))
|
||||
})
|
||||
{
|
||||
trc::event!(
|
||||
Smtp(SmtpEvent::MailFromUnauthorized),
|
||||
SpanId = self.data.session_id,
|
||||
From = address_lcase.to_string(),
|
||||
Details = [trc::Value::String(self.data.authenticated_as.to_string())]
|
||||
.into_iter()
|
||||
.chain(
|
||||
self.data
|
||||
.authenticated_emails
|
||||
.iter()
|
||||
.map(|e| trc::Value::String(e.to_string()))
|
||||
)
|
||||
.collect::<Vec<_>>()
|
||||
);
|
||||
self.data.mail_from = None;
|
||||
return self
|
||||
.write(b"501 5.5.4 You are not allowed to send from this address.\r\n")
|
||||
.await;
|
||||
}
|
||||
}
|
||||
|
||||
// Validate parameters
|
||||
let config = &self.core.core.smtp.session.extensions;
|
||||
let config_data = &self.core.core.smtp.session.data;
|
||||
|
|
Loading…
Reference in a new issue