AUTH shouldn't happen on port 25

3 years ago · 5e7d5adf17
parent 55cdb1a534
commit 5e7d5adf17
2 changed files with 16 additions and 0 deletions
--- a/core/admin/mailu/internal/nginx.py
+++ b/core/admin/mailu/internal/nginx.py
@ -81,6 +81,13 @@ def handle_authentication(headers):
        raw_password = urllib.parse.unquote(headers["Auth-Pass"])
        password = raw_password.encode("iso8859-1").decode("utf8")
        ip = urllib.parse.unquote(headers["Client-Ip"])
+        port = int(urllib.parse.unquote(headers["Auth-Port"]))
+        if port == 25:
+            return {
+                "Auth-Status": "AUTH not supported",
+                "Auth-Error-Code": "502 5.5.1",
+                "Auth-Wait": 0
+            }
        user = models.User.query.get(user_email)
        if check_credentials(user, password, ip, protocol):
            return {
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@ -250,6 +250,7 @@ mail {
      listen 10025;
      protocol smtp;
      smtp_auth plain;
+      auth_http_header Auth-Port 10025;
    }

    # Default IMAP server for the webmail (no encryption, but authentication)
@ -257,6 +258,7 @@ mail {
      listen 10143;
      protocol imap;
      smtp_auth plain;
+      auth_http_header Auth-Port 10043;
    }

    # SMTP is always enabled, to avoid losing emails when TLS is failing
@ -271,6 +273,7 @@ mail {
      {% endif %}
      protocol smtp;
      smtp_auth none;
+      auth_http_header Auth-Port 25;
    }

    # All other protocols are disabled if TLS is failing
@ -283,6 +286,7 @@ mail {
      {% endif %}
      protocol imap;
      imap_auth plain;
+      auth_http_header Auth-Port 143;
    }

    server {
@ -293,6 +297,7 @@ mail {
      {% endif %}
      protocol pop3;
      pop3_auth plain;
+      auth_http_header Auth-Port 110;
    }

    server {
@ -303,6 +308,7 @@ mail {
      {% endif %}
      protocol smtp;
      smtp_auth plain;
+      auth_http_header Auth-Port 587;
    }

    {% if TLS %}
@ -311,6 +317,7 @@ mail {
      listen [::]:465 ssl;
      protocol smtp;
      smtp_auth plain;
+      auth_http_header Auth-Port 465;
    }

    server {
@ -318,6 +325,7 @@ mail {
      listen [::]:993 ssl;
      protocol imap;
      imap_auth plain;
+      auth_http_header Auth-Port 993;
    }

    server {
@ -325,6 +333,7 @@ mail {
      listen [::]:995 ssl;
      protocol pop3;
      pop3_auth plain;
+      auth_http_header Auth-Port 995;
    }
    {% endif %}
    {% endif %}