From 280939c3ec46607cb15b78d19de43a3971a92424 Mon Sep 17 00:00:00 2001 From: Alberto Bertogli Date: Sat, 1 Oct 2016 17:52:13 +0100 Subject: [PATCH] chasquid: Don't enforce authentication at MAIL FROM There are cases, like email bounces and forwarding, where a remote server may use an address within our domain as "MAIL FROM". The current test at MAIL FROM will block them, which can be quite an inconvenience as those cases are not that rare. It's a nice test but doesn't add much, as we don't really pass the validation along, and we still do relay and user checks on RCPT TO. So this patch removes that test. --- chasquid.go | 8 -------- chasquid_test.go | 9 --------- 2 files changed, 17 deletions(-) diff --git a/chasquid.go b/chasquid.go index ea67313..e88254a 100644 --- a/chasquid.go +++ b/chasquid.go @@ -615,14 +615,6 @@ func (c *Conn) MAIL(params string) (code int, msg string) { // but that's not according to the RFC. We reset the envelope instead. c.resetEnvelope() - // If the source is local, check that it completed auth for that user. - if e.Address != "<>" && envelope.DomainIn(e.Address, c.localDomains) { - user, domain := envelope.Split(e.Address) - if user != c.authUser || domain != c.authDomain { - return 503, "user not authorized" - } - } - c.mailFrom = e.Address return 250, "You feel like you are being watched" } diff --git a/chasquid_test.go b/chasquid_test.go index 2b111c8..638f92c 100644 --- a/chasquid_test.go +++ b/chasquid_test.go @@ -201,15 +201,6 @@ func TestRcptBeforeMail(t *testing.T) { } } -func TestLocalHasAuthenticated(t *testing.T) { - c := mustDial(t, ModeSubmission, false) - defer c.Close() - - if err := c.Mail("from@localhost"); err == nil { - t.Errorf("Accepted non-authenticated local mail") - } -} - func TestRelayForbidden(t *testing.T) { c := mustDial(t, ModeSMTP, false) defer c.Close()