Mirrors/go-chasquid-smtp
1
0
Fork 0
mirror of https://blitiri.com.ar/repos/chasquid synced 2025-12-21 15:17:01 +00:00
Code Releases Activity

Add checks to prevent unauthorized relaying and impersonation

Browse Source 
This patch adds checks that verify:

 - The envelope from must match the authenticated user. This prevents
   impersonation at the envelope level (while still allowing bounces, of
   course).
 - If the destination is remote, then the user must have completed
   authentication. This prevents unauthorized relaying.

The patch ends up adjusting quite a few tests, as they were not written
considering these restrictions so they have to be changed accordingly.
This commit is contained in:
Alberto Bertogli
2016-09-12 06:08:53 +01:00
parent 941eb9315c
commit e2fdcb3705
9 changed files with 131 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
test/util/mail_diff
View File

@@ -25,10 +25,15 @@ for h, val in expected.items():
if expected.get_payload() != msg.get_payload():
diff = True
exp = expected.get_payload().splitlines()
got = msg.get_payload().splitlines()
print("Payload differs:")
for l in difflib.ndiff(exp, got):
print(l)
if expected.is_multipart() != msg.is_multipart():
print("Multipart differs, expected %s, got %s" % (
expected.is_multipart(), msg.is_multipart()))
elif not msg.is_multipart():
exp = expected.get_payload().splitlines()
got = msg.get_payload().splitlines()
print("Payload differs:")
for l in difflib.ndiff(exp, got):
print(l)
sys.exit(0 if not diff else 1)