git » chasquid » commit 280939c

chasquid: Don't enforce authentication at MAIL FROM

author Alberto Bertogli
2016-10-01 16:52:13 UTC
committer Alberto Bertogli
2016-10-09 23:51:04 UTC
parent 1e74e02506f4c93c8ba5b71ebe3e33c1d7b7210a
chasquid: Don't enforce authentication at MAIL FROM

There are cases, like email bounces and forwarding, where a remote server may
use an address within our domain as "MAIL FROM".

The current test at MAIL FROM will block them, which can be quite an
inconvenience as those cases are not that rare.

It's a nice test but doesn't add much, as we don't really pass the validation
along, and we still do relay and user checks on RCPT TO.

So this patch removes that test.
chasquid.go +0 -8
chasquid_test.go +0 -9 
diff --git a/chasquid.go b/chasquid.go
index ea67313..e88254a 100644
--- a/chasquid.go
+++ b/chasquid.go
@@ -615,14 +615,6 @@ func (c *Conn) MAIL(params string) (code int, msg string) {
 	// but that's not according to the RFC. We reset the envelope instead.
 	c.resetEnvelope()
 
-	// If the source is local, check that it completed auth for that user.
-	if e.Address != "<>" && envelope.DomainIn(e.Address, c.localDomains) {
-		user, domain := envelope.Split(e.Address)
-		if user != c.authUser || domain != c.authDomain {
-			return 503, "user not authorized"
-		}
-	}
-
 	c.mailFrom = e.Address
 	return 250, "You feel like you are being watched"
 }
diff --git a/chasquid_test.go b/chasquid_test.go
index 2b111c8..638f92c 100644
--- a/chasquid_test.go
+++ b/chasquid_test.go
@@ -201,15 +201,6 @@ func TestRcptBeforeMail(t *testing.T) {
 	}
 }
 
-func TestLocalHasAuthenticated(t *testing.T) {
-	c := mustDial(t, ModeSubmission, false)
-	defer c.Close()
-
-	if err := c.Mail("from@localhost"); err == nil {
-		t.Errorf("Accepted non-authenticated local mail")
-	}
-}
-
 func TestRelayForbidden(t *testing.T) {
 	c := mustDial(t, ModeSMTP, false)
 	defer c.Close()