smtpsrv: Only allow authenticated email on submission

The submission port is expected to be used only by authenticated clients, so this patch makes chasquid enforce this, which also helps to reduce spam. https://www.rfc-editor.org/rfc/rfc6409.txt
2025-12-17 14:37:02 +00:00 · 2016-10-13 12:54:11 +01:00
parent fe146f00e5
commit c2d0d5f705
2 changed files with 12 additions and 0 deletions
--- a/internal/smtpsrv/conn.go
+++ b/internal/smtpsrv/conn.go
@@ -298,6 +298,9 @@ func (c *Conn) MAIL(params string) (code int, msg string) {
 	if !strings.HasPrefix(strings.ToLower(params), "from:") {
 		return 500, "unknown command"
 	}
+	if c.mode == ModeSubmission && !c.completedAuth {
+		return 550, "mail to submission port must be authenticated"
+	}

 	rawAddr := ""
 	_, err := fmt.Sscanf(params[5:], "%s ", &rawAddr)
--- a/internal/smtpsrv/server_test.go
+++ b/internal/smtpsrv/server_test.go
@@ -146,6 +146,15 @@ func TestAuth(t *testing.T) {
 	sendEmailWithAuth(t, c, auth)
 }

+func TestSubmissionWithoutAuth(t *testing.T) {
+	c := mustDial(t, ModeSubmission, true)
+	defer c.Close()
+
+	if err := c.Mail("from@from"); err == nil {
+		t.Errorf("Mail not failed as expected")
+	}
+}
+
 func TestAuthOnSMTP(t *testing.T) {
 	c := mustDial(t, ModeSMTP, true)
 	defer c.Close()