| author | Alberto Bertogli
<albertito@blitiri.com.ar> 2025-02-01 10:31:06 UTC |
| committer | Alberto Bertogli
<albertito@blitiri.com.ar> 2025-02-01 10:31:06 UTC |
| parent | b3fadf08f4c0ca1af3641e5b63fd33a023bfc071 |
| docs/flow.md | +20 | -1 |
diff --git a/docs/flow.md b/docs/flow.md index f3d2e98..078dbec 100644 --- a/docs/flow.md +++ b/docs/flow.md @@ -20,12 +20,31 @@ processing, in particular how messages flow through the system. - If the destination is local, check that the user exists. - Client sends DATA. - Client sends actual data, and ends it with '.' - - Run the post-data hook. If the hook fails, return an error. - Parse the data contents to perform loop detection. + - If the sender is authenticated, DKIM-sign the email with the + corresponding key. + - If the sender is not authenticated, verify the DKIM signature (if the + email has one). - Add the required headers (Received, SPF results, post-data hook output). + - Run the post-data hook. If the hook fails, return an error. - Put it in the queue and reply success. +### Authenticated mail, and email spoofing + +By default, authenticated users can send emails as any other user or domain. +For example, you can authenticate as `a@a`, and send email as `b@b`. + +This is a design choice made to balance simplicity of operation and use. + +Users who want to be strict about "MAIL FROM" or even "From:" validation can +add additional checks in the [post-DATA hook](hooks.md). + +In the future, chasquid may get some option to be strict about it by default, +or on a per-domain or per-user basis. But for now, using a [post-DATA +hook](hooks.md) is the best way to make chasquid more strict about this. + + ## Queue processing Before accepting a message: