smtpsrv: Close the connection after 3 errors (lowering from 10)

Today, we close the connection after 10 errors. While this is fine for normal use, it is unnecessarily large. Lowering it to 3 helps with defense-in-depth for cross-protocol attacks (e.g. https://alpaca-attack.com/), while still being large enough for useful troubleshooting and normal operation. As part of this change, we also remove the AUTH-specific failures limit, because they're covered by the connection limit.
2026-01-08 17:51:57 +00:00 · 2021-06-10 18:41:28 +01:00
parent 44eb0b903a
commit 85305f4bd9
7 changed files with 62 additions and 26 deletions
--- a/test/t-12-minor_dialogs/bad_rcpt_to.cmy
+++ b/test/t-12-minor_dialogs/bad_rcpt_to.cmy
@@ -13,12 +13,30 @@ c <- 500 5.5.2 Unknown command
 c -> RCPT TO:
 c <~ 500

+# Reconnect to avoid getting rejected due to too many errors.
+c close
+c tcp_connect localhost:1025
+c <~ 220
+c -> HELO localhost
+c <~ 250
+c -> MAIL FROM:<test@testy.com>
+c <~ 250
+
 c -> RCPT TO:<pepe>
 c <~ 501

 c -> RCPT TO:<a@xn--->
 c <- 501 5.1.2 Malformed destination domain (IDNA conversion failed)

+# Reconnect to avoid getting rejected due to too many errors.
+c close
+c tcp_connect localhost:1025
+c <~ 220
+c -> HELO localhost
+c <~ 250
+c -> MAIL FROM:<test@testy.com>
+c <~ 250
+
 c -> RCPT TO:<henryⅣ@testserver>
 c <- 550 5.1.3 Destination address is invalid