From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Fri, 9 Aug 2019 21:13:43 +0000 (+0200)
Subject: submission: submission-client - Immediately terminate connection when it is an anonym... 
X-Git-Tag: 2.3.9~313
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=06bff02fd7e57919fb7f98fd6cf2c41f3e6b2a27;p=thirdparty%2Fdovecot%2Fcore.git

submission: submission-client - Immediately terminate connection when it is an anonymous login.

Unless a plugin flags the client for allowed anonymous login.
---

diff --git a/src/submission/submission-client.c b/src/submission/submission-client.c
index b0d3c045ef..4c7537f964 100644
--- a/src/submission/submission-client.c
+++ b/src/submission/submission-client.c
@@ -247,14 +247,6 @@ struct client *client_create(int fd_in, int fd_out,
 
 	client_create_backend_default(client, set);
 
-	if (client->backend_capabilities_configured) {
-		client_apply_backend_capabilities(client);
-		smtp_server_connection_start(client->conn);
-	} else {
-		submission_backend_start(client->backend_default);
-		smtp_server_connection_start_pending(client->conn);
-	}
-
 	mail_set = mail_user_set_get_storage_set(user);
 	if (*set->imap_urlauth_host != '\0' &&
 	    *mail_set->mail_attribute_dict != '\0') {
@@ -277,6 +269,18 @@ struct client *client_create(int fd_in, int fd_out,
 	if (hook_client_created != NULL)
 		hook_client_created(&client);
 
+	if (user->anonymous && !client->anonymous_allowed) {
+		smtp_server_connection_abort(
+			&client->conn, 534, "5.7.9",
+			"Anonymous login is not allowed for submission");
+	} else if (client->backend_capabilities_configured) {
+		client_apply_backend_capabilities(client);
+		smtp_server_connection_start(client->conn);
+	} else {
+		submission_backend_start(client->backend_default);
+		smtp_server_connection_start_pending(client->conn);
+	}
+
 	submission_refresh_proctitle();
 	return client;
 }
diff --git a/src/submission/submission-client.h b/src/submission/submission-client.h
index 2455d2ee38..18007892da 100644
--- a/src/submission/submission-client.h
+++ b/src/submission/submission-client.h
@@ -116,6 +116,7 @@ struct client {
 	bool destroyed:1;
 	bool anvil_sent:1;
 	bool backend_capabilities_configured:1;
+	bool anonymous_allowed:1;
 };
 
 struct submission_module_register {