mirror of
https://blitiri.com.ar/repos/chasquid
synced 2025-12-17 14:37:02 +00:00
e2fdcb3705
This patch adds checks that verify: - The envelope from must match the authenticated user. This prevents impersonation at the envelope level (while still allowing bounces, of course). - If the destination is remote, then the user must have completed authentication. This prevents unauthorized relaying. The patch ends up adjusting quite a few tests, as they were not written considering these restrictions so they have to be changed accordingly.