From: Stephan Bosch <stephan.bosch@dovecot.fi>
Date: Wed, 28 Feb 2018 18:16:36 +0000 (+0100)
Subject: lmtp: proxy: Use proxy_not_trusted field if returned from passdb.
X-Git-Tag: 2.3.9~2134
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4002c09f7171d4e1277816b35e9e717707c060db;p=thirdparty%2Fdovecot%2Fcore.git

lmtp: proxy: Use proxy_not_trusted field if returned from passdb.

Before, this field was ignored. Now, if this field is set, no XCLIENT command is
ever sent to the remote proxy.
---

diff --git a/src/lmtp/lmtp-proxy.c b/src/lmtp/lmtp-proxy.c
index 6b7ca0ba90..f925760125 100644
--- a/src/lmtp/lmtp-proxy.c
+++ b/src/lmtp/lmtp-proxy.c
@@ -48,6 +48,8 @@ struct lmtp_proxy_rcpt_settings {
 	enum lmtp_proxy_ssl_flags ssl_flags;
 	unsigned int timeout_msecs;
 	struct smtp_params_rcpt params;
+
+	bool proxy_not_trusted:1;
 };
 
 struct lmtp_proxy_recipient {
@@ -253,7 +255,7 @@ lmtp_proxy_get_connection(struct lmtp_proxy *proxy,
 	i_zero(&lmtp_set);
 	lmtp_set.my_ip = conn->set.source_ip;
 	lmtp_set.ssl = &ssl_set;
-	lmtp_set.peer_trusted = TRUE;
+	lmtp_set.peer_trusted = !conn->set.proxy_not_trusted;
 	lmtp_set.forced_capabilities = SMTP_CAPABILITY__ORCPT;
 
 	if (conn->set.hostip.family != 0) {
@@ -374,6 +376,8 @@ lmtp_proxy_rcpt_parse_fields(struct lmtp_proxy_rcpt_settings *set,
 				return FALSE;
 			}
 			set->timeout_msecs *= 1000;
+		} else if (strcmp(key, "proxy_not_trusted") == 0) {
+			set->proxy_not_trusted = TRUE;
 		} else if (strcmp(key, "protocol") == 0) {
 			if (strcmp(value, "lmtp") == 0) {
 				set->protocol = SMTP_PROTOCOL_LMTP;