Mirrors/go-chasquid-smtp
1
0
Fork 0
mirror of https://blitiri.com.ar/repos/chasquid synced 2025-12-22 15:27:02 +00:00
Code Releases Activity

Add checks to prevent unauthorized relaying and impersonation

Browse Source 
This patch adds checks that verify:

 - The envelope from must match the authenticated user. This prevents
   impersonation at the envelope level (while still allowing bounces, of
   course).
 - If the destination is remote, then the user must have completed
   authentication. This prevents unauthorized relaying.

The patch ends up adjusting quite a few tests, as they were not written
considering these restrictions so they have to be changed accordingly.
This commit is contained in:
Alberto Bertogli
2016-09-12 06:08:53 +01:00
parent 941eb9315c
commit e2fdcb3705
9 changed files with 131 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/envelope/envelope.go
View File

@@ -9,7 +9,7 @@ import (
)
// Split an user@domain address into user and domain.
func split(addr string) (string, string) {
func Split(addr string) (string, string) {
ps := strings.SplitN(addr, "@", 2)
if len(ps) != 2 {
return addr, ""
@@ -19,12 +19,12 @@ func split(addr string) (string, string) {
}
func UserOf(addr string) string {
user, _ := split(addr)
user, _ := Split(addr)
return user
}
func DomainOf(addr string) string {
_, domain := split(addr)
_, domain := Split(addr)
return domain
}