courier: Fix SMTP outgoing security level check

The outgoing security level checks are not being performed, because of a bug: the courier thinks the "to"'s domain is always empty. This patch fixes the bug by simplifying the logic, as there's no need for the conditional (there is always a domain in the "to" address if it got to the SMTP courier).
2026-01-07 17:47:14 +00:00 · 2017-07-14 00:39:23 +01:00
parent a85ba1252b
commit a016d78515
2 changed files with 16 additions and 8 deletions
--- a/internal/courier/smtp.go
+++ b/internal/courier/smtp.go
@@ -43,11 +43,12 @@ type SMTP struct {

 func (s *SMTP) Deliver(from string, to string, data []byte) (error, bool) {
 	a := &attempt{
-		courier: s,
-		from:    from,
-		to:      to,
-		data:    data,
-		tr:      trace.New("Courier.SMTP", to),
+		courier:  s,
+		from:     from,
+		to:       to,
+		toDomain: envelope.DomainOf(to),
+		data:     data,
+		tr:       trace.New("Courier.SMTP", to),
 	}
 	defer a.tr.Finish()
 	a.tr.Debugf("%s  ->  %s", from, to)
@@ -57,8 +58,7 @@ func (s *SMTP) Deliver(from string, to string, data []byte) (error, bool) {
 		a.from = ""
 	}

-	toDomain := envelope.DomainOf(to)
-	mxs, err := lookupMXs(a.tr, toDomain)
+	mxs, err := lookupMXs(a.tr, a.toDomain)
 	if err != nil || len(mxs) == 0 {
 		// Note this is considered a permanent error.
 		// This is in line with what other servers (Exim) do. However, the
@@ -163,7 +163,7 @@ retry:
 		a.tr.Debugf("Insecure - NOT using TLS")
 	}

-	if a.toDomain != "" && !a.courier.Dinfo.OutgoingSecLevel(a.toDomain, secLevel) {
+	if !a.courier.Dinfo.OutgoingSecLevel(a.toDomain, secLevel) {
 		// We consider the failure transient, so transient misconfigurations
 		// do not affect deliveries.
 		slcResults.Add("fail", 1)