submission: Deny anonymous access to significant commands by default.

The transaction and individual recipients can be opened for allowed anonymous
access by flagging these as such.

diff --git a/src/submission/submission-client.h b/src/submission/submission-client.h
index 18007892daac533126aefdb220af8a1cbf2441cf..6cd5a63d9a8ee753e0e119d9584e266306f5ca42 100644 (file)
--- a/src/submission/submission-client.h
+++ b/src/submission/submission-client.h
@@ -16,6 +16,8 @@ struct client_state {
        struct submission_backend *backend;
        struct istream *data_input;
        uoff_t data_size;
+
+       bool anonymous_allowed:1;
 };
 
 struct client_extra_capability {

diff --git a/src/submission/submission-commands.c b/src/submission/submission-commands.c
index 2a7d1622ee35609a5e246ab9b22e9e3803b1075e..6c6b90aced96daeabc4a66c33687d2e22c4eaa55 100644 (file)
--- a/src/submission/submission-commands.c
+++ b/src/submission/submission-commands.c
@@ -138,6 +138,15 @@ int client_default_cmd_mail(struct client *client,
                            struct smtp_server_cmd_ctx *cmd,
                            struct smtp_server_cmd_mail *data)
 {
+       if (client->user->anonymous && !client->state.anonymous_allowed) {
+               /* NOTE: may need to allow anonymous BURL access in the future,
+                  but while that is not supported, deny all anonymous access
+                  explicitly. */
+               smtp_server_reply(cmd, 554, "5.7.1",
+                                 "Access denied (anonymous user)");
+               return -1;
+       }
+
        return submission_backend_cmd_mail(client->state.backend, cmd, data);
 }
 
@@ -160,6 +169,16 @@ int client_default_cmd_rcpt(struct client *client ATTR_UNUSED,
                            struct smtp_server_cmd_ctx *cmd,
                            struct submission_recipient *srcpt)
 {
+       if (client->user->anonymous && !srcpt->anonymous_allowed) {
+               /* NOTE: may need to allow anonymous BURL access in the future,
+                  but while that is not supported, deny all anonymous access
+                  explicitly. */
+               smtp_server_recipient_reply(
+                       srcpt->rcpt, 554, "5.7.1",
+                       "Access denied (anonymous user)");
+               return -1;
+       }
+
        return submission_backend_cmd_rcpt(srcpt->backend, cmd, srcpt);
 }
 
@@ -253,6 +272,12 @@ int cmd_data_begin(void *conn_ctx,
        struct istream *inputs[2];
        string_t *path;
 
+       if (client->user->anonymous && !client->state.anonymous_allowed) {
+               smtp_server_reply(cmd, 554, "5.7.1",
+                                 "Access denied (anonymous user)");
+               return -1;
+       }
+
        inputs[0] = data_input;
        inputs[1] = NULL;
 
@@ -469,6 +494,12 @@ void cmd_burl(struct smtp_server_cmd_ctx *cmd, const char *params)
        if (ret < 0 || !smtp_server_connection_data_check_state(cmd))
                return;
 
+       if (client->user->anonymous) {
+               smtp_server_reply(cmd, 554, "5.7.1",
+                                 "Access denied (anonymous user)");
+               return;
+       }
+
        burl_cmd = p_new(cmd->pool, struct cmd_burl_context, 1);
        burl_cmd->client = client;
        burl_cmd->cmd = cmd;
@@ -497,6 +528,12 @@ int cmd_vrfy(void *conn_ctx, struct smtp_server_cmd_ctx *cmd,
 {
        struct client *client = conn_ctx;
 
+       if (client->user->anonymous) {
+               smtp_server_reply(cmd, 550, "5.7.1",
+                                 "Access denied (anonymous user)");
+               return -1;
+       }
+
        return client->v.cmd_vrfy(client, cmd, param);
 }
 

diff --git a/src/submission/submission-recipient.h b/src/submission/submission-recipient.h
index 6af7d044b230d2150a0eb18eec0cdd4421d84392..d80046f0e50b06144c3f24b2a0768c948912757e 100644 (file)
--- a/src/submission/submission-recipient.h
+++ b/src/submission/submission-recipient.h
@@ -12,6 +12,8 @@ struct submission_recipient {
 
        /* Module-specific contexts. */
        ARRAY(union submission_recipient_module_context *) module_contexts;
+
+       bool anonymous_allowed:1;
 };
 
 struct submission_recipient_module_register {