Synchronet now requires the libarchive development package (e.g. libarchive-dev on Debian-based Linux distros, libarchive.org for more info) to build successfully.

Commit ba8d544c authored by Rob Swindell's avatar Rob Swindell 💬

Detect and reject forged "from" fields in submitted msg headers

For non-authenticated SMTP clients, if the "From:" header field contains a "name" which appears to be an email address (i.e. it has an '@' in it), and that address does not match the *actual* address in the "From:" field, reject the mail with an error message about the forged/mismatched address.
parent 73edfd4b
Pipeline #514 passed with stage
in 13 minutes and 59 seconds
......@@ -3659,6 +3659,15 @@ static void smtp_thread(void* arg)
subnum=INVALID_SUB;
continue;
}
if(relay_user.number == 0
&& strchr(sender, '@') != NULL
&& compare_addrs(sender, sender_addr) != 0) {
lprintf(LOG_WARNING,"%04d %s %s !FORGED mail header 'FROM' field (%lu total)"
,socket, client.protocol, client_id, ++stats.msgs_refused);
sockprintf(socket,client.protocol,session, "554 Mail header contains mismatched 'FROM' field");
subnum=INVALID_SUB;
continue;
}
char sender_info[512];
if(relay_user.number) {
SAFEPRINTF(str,"%u",relay_user.number);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment