Allow specific users to send email from any address

master
Florent Daigniere 3 years ago
parent 6ea4e3217a
commit 3471ebb214

@ -32,6 +32,7 @@ DEFAULT_CONFIG = {
'DOMAIN': 'mailu.io', 'DOMAIN': 'mailu.io',
'HOSTNAMES': 'mail.mailu.io,alternative.mailu.io,yetanother.mailu.io', 'HOSTNAMES': 'mail.mailu.io,alternative.mailu.io,yetanother.mailu.io',
'POSTMASTER': 'postmaster', 'POSTMASTER': 'postmaster',
'WILDCARD_SENDERS': '',
'TLS_FLAVOR': 'cert', 'TLS_FLAVOR': 'cert',
'INBOUND_TLS_ENFORCE': False, 'INBOUND_TLS_ENFORCE': False,
'AUTH_RATELIMIT': '10/minute;1000/hour', 'AUTH_RATELIMIT': '10/minute;1000/hour',

@ -133,10 +133,13 @@ def postfix_sender_map(sender):
@internal.route("/postfix/sender/login/<path:sender>") @internal.route("/postfix/sender/login/<path:sender>")
def postfix_sender_login(sender): def postfix_sender_login(sender):
has_wildcard_senders = bool(flask.current_app.config["WILDCARD_SENDERS"])
wildcard_senders = flask.current_app.config["WILDCARD_SENDERS"].lower().split(',') if has_wildcard_senders else []
localpart, domain_name = models.Email.resolve_domain(sender) localpart, domain_name = models.Email.resolve_domain(sender)
if localpart is None: if localpart is None:
return flask.abort(404) return flask.jsonify(",".join(wildcard_senders)) if has_wildcard_senders else flask.abort(404)
destination = models.Email.resolve_destination(localpart, domain_name, True) destination = models.Email.resolve_destination(localpart, domain_name, True)
destination = [*destination, *wildcard_senders] if destination else [*wildcard_senders]
return flask.jsonify(",".join(destination)) if destination else flask.abort(404) return flask.jsonify(",".join(destination)) if destination else flask.abort(404)

@ -37,6 +37,8 @@ The ``POSTMASTER`` is the local part of the postmaster email address. It is
recommended to setup a generic value and later configure a mail alias for that recommended to setup a generic value and later configure a mail alias for that
address. address.
The ``WILDCARD_SENDERS`` setting is a comma delimited list of user email addresses that are allowed to send emails from any address (spoofing the sender).
The ``AUTH_RATELIMIT`` holds a security setting for fighting attackers that The ``AUTH_RATELIMIT`` holds a security setting for fighting attackers that
try to guess user passwords. The value is the limit of failed authentication attempts try to guess user passwords. The value is the limit of failed authentication attempts
that a single IP address can perform against IMAP, POP and SMTP authentication endpoints. that a single IP address can perform against IMAP, POP and SMTP authentication endpoints.

@ -0,0 +1 @@
Allow specific users to send emails from any address using the WILDCARD_SENDERS setting
Loading…
Cancel
Save