Alberto Bertogli e2fdcb3705 Add checks to prevent unauthorized relaying and impersonation ...

This patch adds checks that verify:

 - The envelope from must match the authenticated user. This prevents
   impersonation at the envelope level (while still allowing bounces, of
   course).
 - If the destination is remote, then the user must have completed
   authentication. This prevents unauthorized relaying.

The patch ends up adjusting quite a few tests, as they were not written
considering these restrictions so they have to be changed accordingly.

2016-10-10 00:50:56 +01:00

702 B

Raw Blame History

View Raw