Add checks to prevent unauthorized relaying and impersonation

This patch adds checks that verify: - The envelope from must match the authenticated user. This prevents impersonation at the envelope level (while still allowing bounces, of course). - If the destination is remote, then the user must have completed authentication. This prevents unauthorized relaying. The patch ends up adjusting quite a few tests, as they were not written considering these restrictions so they have to be changed accordingly.
2026-01-27 20:45:56 +00:00 · 2016-09-12 06:08:53 +01:00
parent 941eb9315c
commit e2fdcb3705
9 changed files with 131 additions and 46 deletions
--- a/test/t-01-simple_local/msmtprc
+++ b/test/t-01-simple_local/msmtprc
@@ -1,7 +1,7 @@
 account default

 host testserver
-port 1025
+port 1587

 tls on
 tls_trust_file config/domains/testserver/cert.pem
@@ -12,6 +12,9 @@ auth on
 user user@testserver
 password secretpassword

+account smtpport : default
+port 1025
+
 account baduser : default
 user unknownuser@testserver
 password secretpassword
--- a/test/t-01-simple_local/run.sh
+++ b/test/t-01-simple_local/run.sh
@@ -7,6 +7,7 @@ init

 generate_certs_for testserver

+mkdir -p .logs
 chasquid -v=2 --log_dir=.logs --config_dir=config &
 wait_until_ready 1025

@@ -16,6 +17,13 @@ wait_for_file .mail/someone@testserver

 mail_diff content .mail/someone@testserver

+# At least for now, we allow AUTH over the SMTP port to avoid unnecessary
+# complexity, so we expect it to work.
+if ! run_msmtp -a smtpport someone@testserver < content 2> /dev/null; then
+	echo "ERROR: failed auth on the SMTP port"
+	exit 1
+fi
+
 if run_msmtp -a baduser someone@testserver < content 2> /dev/null; then
 	echo "ERROR: successfully sent an email with a bad password"
 	exit 1