From: Stephan Bosch <stephan.bosch@dovecot.fi>
Date: Sat, 27 Jan 2018 23:14:21 +0000 (+0100)
Subject: submission: Properly handle omission of required authentication for relay connection.
X-Git-Tag: 2.3.1~59
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6899712341fb07cc1f697d5f39dd567a55901713;p=thirdparty%2Fdovecot%2Fcore.git

submission: Properly handle omission of required authentication for relay connection.

Particularly, do not forward the 530 error to the client. Instead, log the
problem and close the client connection with an internal error.
---

diff --git a/src/submission/submission-commands.c b/src/submission/submission-commands.c
index 6c844f5ef8..8f2cbf37df 100644
--- a/src/submission/submission-commands.c
+++ b/src/submission/submission-commands.c
@@ -46,6 +46,19 @@ bool client_command_handle_proxy_reply(struct client *client,
 		client_destroy(client,
 			"4.4.0", "Lost connection to relay server");
 		return FALSE;
+	/* RFC 4954, Section 6: 530 5.7.0 Authentication required
+
+	   This response SHOULD be returned by any command other than AUTH,
+	   EHLO, HELO, NOOP, RSET, or QUIT when server policy requires
+	   authentication in order to perform the requested action and
+	   authentication is not currently in force. */
+	case 530:
+		i_error("Relay server requires authentication: %s",
+			smtp_reply_log(reply));
+		client_destroy(client, "4.3.5",
+			"Internal error occurred. "
+			"Refer to server log for more information.");
+		return FALSE;
 	default:
 		break;
 	}