From cef7bb079d3096a1ae5f046e150c60fddab7de4d Mon Sep 17 00:00:00 2001 From: Alberto Bertogli Date: Sat, 1 Feb 2025 10:31:06 +0000 Subject: [PATCH] docs: Add note about sender validation/spoofing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Authenticated users are intentionally allowed to send email as other users or domains. This is a design choice made to balance simplicity of operation and use. However, it can be surprising and it's not obvious, so this patch adds a note to the documentation about it. Thanks to Matěj Volf for suggesting this improvement! Fixes: https://github.com/albertito/chasquid/issues/62 --- docs/flow.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/flow.md b/docs/flow.md index f3d2e98..078dbec 100644 --- a/docs/flow.md +++ b/docs/flow.md @@ -20,12 +20,31 @@ processing, in particular how messages flow through the system. - If the destination is local, check that the user exists. - Client sends DATA. - Client sends actual data, and ends it with '.' - - Run the post-data hook. If the hook fails, return an error. - Parse the data contents to perform loop detection. + - If the sender is authenticated, DKIM-sign the email with the + corresponding key. + - If the sender is not authenticated, verify the DKIM signature (if the + email has one). - Add the required headers (Received, SPF results, post-data hook output). + - Run the post-data hook. If the hook fails, return an error. - Put it in the queue and reply success. +### Authenticated mail, and email spoofing + +By default, authenticated users can send emails as any other user or domain. +For example, you can authenticate as `a@a`, and send email as `b@b`. + +This is a design choice made to balance simplicity of operation and use. + +Users who want to be strict about "MAIL FROM" or even "From:" validation can +add additional checks in the [post-DATA hook](hooks.md). + +In the future, chasquid may get some option to be strict about it by default, +or on a per-domain or per-user basis. But for now, using a [post-DATA +hook](hooks.md) is the best way to make chasquid more strict about this. + + ## Queue processing Before accepting a message: