Add checks to prevent unauthorized relaying and impersonation

This patch adds checks that verify: - The envelope from must match the authenticated user. This prevents impersonation at the envelope level (while still allowing bounces, of course). - If the destination is remote, then the user must have completed authentication. This prevents unauthorized relaying. The patch ends up adjusting quite a few tests, as they were not written considering these restrictions so they have to be changed accordingly.
2025-12-17 14:37:02 +00:00 · 2016-09-12 06:08:53 +01:00
parent 941eb9315c
commit e2fdcb3705
9 changed files with 131 additions and 46 deletions
--- a/test/t-02-exim/config/exim4.in
+++ b/test/t-02-exim/config/exim4.in
@@ -31,6 +31,13 @@ acl_check_data:
  accept


+# Rewrite envelope-from to server@srv-exim.
+# This is so when we redirect, we don't use user@srv-chasquid in the
+# envelope-from (we're not authorized to send mail on behalf of
+# @srv-chasquid).
+begin rewrite
+user@srv-chasquid  server@srv-exim F
+
 # Forward all incoming email to chasquid (running on :1025 in this test).
 begin routers

--- a/test/t-02-exim/msmtprc
+++ b/test/t-02-exim/msmtprc
@@ -1,7 +1,7 @@
 account default

 host srv-chasquid
-port 1025
+port 1587

 tls on
 tls_trust_file config/domains/srv-chasquid/cert.pem
--- a/test/t-02-exim/run.sh
+++ b/test/t-02-exim/run.sh
@@ -37,6 +37,7 @@ generate_certs_for srv-chasquid
 # Launch chasquid at port 1025 (in config).
 # Use outgoing port 2025 which is where exim will be at.
 # Bypass MX lookup, so it can find srv-exim (via our host alias).
+mkdir -p .logs
 chasquid -v=2 --log_dir=.logs --config_dir=config \
 	--testing__outgoing_smtp_port=2025 \
 	--testing__bypass_mx_lookup &