Mirrors/go-chasquid-smtp
1
0
Fork 0
mirror of https://blitiri.com.ar/repos/chasquid synced 2026-01-10 18:05:57 +00:00
Code Releases Activity

smtpsrv: Flag to disable incoming DomainInfo rejection

Browse Source 
This flag makes us never reject incoming mail based on DomainInfo
checks, effectively turning the check into a warning.

This can be useful for situations where it's better to accept insecure
email than to reject it.
This commit is contained in:
Alberto Bertogli
2024-11-11 21:52:48 +00:00
parent 45bc70ee33
commit 9b2bb352b2
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
internal/smtpsrv/conn.go
View File

@@ -72,6 +72,14 @@ var (
maxReceivedHeaders = flag.Int("testing__max_received_headers", 50, maxReceivedHeaders = flag.Int("testing__max_received_headers", 50,
"max Received headers, for loop detection; ONLY FOR TESTING") "max Received headers, for loop detection; ONLY FOR TESTING")
// Disable incoming domain info rejection. This is insecure, as it allows
// connection downgrading attacks.
// This flag is experimental and likely to be either removed, or replaced
// by a config option.
disableDomainInfoIncomingRejection = flag.Bool(
"insecure__disable_domain_info_incoming_rejection", false,
"disable rejection based on incoming domain info checks; INSECURE")
// Some go tests disable SPF, to avoid leaking DNS lookups. // Some go tests disable SPF, to avoid leaking DNS lookups.
disableSPFForTesting = false disableSPFForTesting = false
) )
@@ -559,6 +567,11 @@ func (c *Conn) secLevelCheck(addr string) bool {
c.tr.Errorf("security level check for %s failed (%s)", domain, level) c.tr.Errorf("security level check for %s failed (%s)", domain, level)
} }
if *disableDomainInfoIncomingRejection {
c.tr.Debugf("DomainInfo incoming rejection disabled, accepting mail")
return true
}
return ok return ok
} }