...
 
Commits (1)
  • Rob Swindell's avatar
    Detect and reject forged "from" fields in submitted msg headers · ba8d544c
    Rob Swindell authored
    For non-authenticated SMTP clients, if the "From:" header field contains a "name" which appears to be an email address (i.e. it has an '@' in it), and that address does not match the *actual* address in the "From:" field, reject the mail with an error message about the forged/mismatched address.
    ba8d544c
......@@ -3659,6 +3659,15 @@ static void smtp_thread(void* arg)
subnum=INVALID_SUB;
continue;
}
if(relay_user.number == 0
&& strchr(sender, '@') != NULL
&& compare_addrs(sender, sender_addr) != 0) {
lprintf(LOG_WARNING,"%04d %s %s !FORGED mail header 'FROM' field (%lu total)"
,socket, client.protocol, client_id, ++stats.msgs_refused);
sockprintf(socket,client.protocol,session, "554 Mail header contains mismatched 'FROM' field");
subnum=INVALID_SUB;
continue;
}
char sender_info[512];
if(relay_user.number) {
SAFEPRINTF(str,"%u",relay_user.number);
......