From 75a958d2be12e9486dacd2676f68ed3591e1106f Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bosch@dovecot.fi>
Date: Tue, 14 May 2019 00:33:28 +0200
Subject: [PATCH] submission: Deny anonymous access to significant commands by
 default.

The transaction and individual recipients can be opened for allowed anonymous
access by flagging these as such.
---
 src/submission/submission-client.h    |  2 ++
 src/submission/submission-commands.c  | 37 +++++++++++++++++++++++++++
 src/submission/submission-recipient.h |  2 ++
 3 files changed, 41 insertions(+)

diff --git a/src/submission/submission-client.h b/src/submission/submission-client.h
index 18007892da..6cd5a63d9a 100644
--- a/src/submission/submission-client.h
+++ b/src/submission/submission-client.h
@@ -16,6 +16,8 @@ struct client_state {
 	struct submission_backend *backend;
 	struct istream *data_input;
 	uoff_t data_size;
+
+	bool anonymous_allowed:1;
 };
 
 struct client_extra_capability {
diff --git a/src/submission/submission-commands.c b/src/submission/submission-commands.c
index 2a7d1622ee..6c6b90aced 100644
--- a/src/submission/submission-commands.c
+++ b/src/submission/submission-commands.c
@@ -138,6 +138,15 @@ int client_default_cmd_mail(struct client *client,
 			    struct smtp_server_cmd_ctx *cmd,
 			    struct smtp_server_cmd_mail *data)
 {
+	if (client->user->anonymous && !client->state.anonymous_allowed) {
+		/* NOTE: may need to allow anonymous BURL access in the future,
+		   but while that is not supported, deny all anonymous access
+		   explicitly. */
+		smtp_server_reply(cmd, 554, "5.7.1",
+				  "Access denied (anonymous user)");
+		return -1;
+	}
+
 	return submission_backend_cmd_mail(client->state.backend, cmd, data);
 }
 
@@ -160,6 +169,16 @@ int client_default_cmd_rcpt(struct client *client ATTR_UNUSED,
 			    struct smtp_server_cmd_ctx *cmd,
 			    struct submission_recipient *srcpt)
 {
+	if (client->user->anonymous && !srcpt->anonymous_allowed) {
+		/* NOTE: may need to allow anonymous BURL access in the future,
+		   but while that is not supported, deny all anonymous access
+		   explicitly. */
+		smtp_server_recipient_reply(
+			srcpt->rcpt, 554, "5.7.1",
+			"Access denied (anonymous user)");
+		return -1;
+	}
+
 	return submission_backend_cmd_rcpt(srcpt->backend, cmd, srcpt);
 }
 
@@ -253,6 +272,12 @@ int cmd_data_begin(void *conn_ctx,
 	struct istream *inputs[2];
 	string_t *path;
 
+	if (client->user->anonymous && !client->state.anonymous_allowed) {
+		smtp_server_reply(cmd, 554, "5.7.1",
+				  "Access denied (anonymous user)");
+		return -1;
+	}
+
 	inputs[0] = data_input;
 	inputs[1] = NULL;
 
@@ -469,6 +494,12 @@ void cmd_burl(struct smtp_server_cmd_ctx *cmd, const char *params)
 	if (ret < 0 || !smtp_server_connection_data_check_state(cmd))
 		return;
 
+	if (client->user->anonymous) {
+		smtp_server_reply(cmd, 554, "5.7.1",
+				  "Access denied (anonymous user)");
+		return;
+	}
+
 	burl_cmd = p_new(cmd->pool, struct cmd_burl_context, 1);
 	burl_cmd->client = client;
 	burl_cmd->cmd = cmd;
@@ -497,6 +528,12 @@ int cmd_vrfy(void *conn_ctx, struct smtp_server_cmd_ctx *cmd,
 {
 	struct client *client = conn_ctx;
 
+	if (client->user->anonymous) {
+		smtp_server_reply(cmd, 550, "5.7.1",
+				  "Access denied (anonymous user)");
+		return -1;
+	}
+
 	return client->v.cmd_vrfy(client, cmd, param);
 }
 
diff --git a/src/submission/submission-recipient.h b/src/submission/submission-recipient.h
index 6af7d044b2..d80046f0e5 100644
--- a/src/submission/submission-recipient.h
+++ b/src/submission/submission-recipient.h
@@ -12,6 +12,8 @@ struct submission_recipient {
 
 	/* Module-specific contexts. */
 	ARRAY(union submission_recipient_module_context *) module_contexts;
+
+	bool anonymous_allowed:1;
 };
 
 struct submission_recipient_module_register {
-- 
2.47.3