submission: Properly handle omission of required authentication for relay connection.

Particularly, do not forward the 530 error to the client. Instead, log the
problem and close the client connection with an internal error.

diff --git a/src/submission/submission-commands.c b/src/submission/submission-commands.c
index 6c844f5ef87af0e61b63035619ccc786734d3fd1..8f2cbf37df4f27b6c48003794a439624c147d762 100644 (file)
--- a/src/submission/submission-commands.c
+++ b/src/submission/submission-commands.c
@@ -46,6 +46,19 @@ bool client_command_handle_proxy_reply(struct client *client,
                client_destroy(client,
                        "4.4.0", "Lost connection to relay server");
                return FALSE;
+       /* RFC 4954, Section 6: 530 5.7.0 Authentication required
+
+          This response SHOULD be returned by any command other than AUTH,
+          EHLO, HELO, NOOP, RSET, or QUIT when server policy requires
+          authentication in order to perform the requested action and
+          authentication is not currently in force. */
+       case 530:
+               i_error("Relay server requires authentication: %s",
+                       smtp_reply_log(reply));
+               client_destroy(client, "4.3.5",
+                       "Internal error occurred. "
+                       "Refer to server log for more information.");
+               return FALSE;
        default:
                break;
        }