AUTH shouldn't happen on port 25

master
Florent Daigniere 3 years ago
parent 55cdb1a534
commit 5e7d5adf17

@ -81,6 +81,13 @@ def handle_authentication(headers):
raw_password = urllib.parse.unquote(headers["Auth-Pass"]) raw_password = urllib.parse.unquote(headers["Auth-Pass"])
password = raw_password.encode("iso8859-1").decode("utf8") password = raw_password.encode("iso8859-1").decode("utf8")
ip = urllib.parse.unquote(headers["Client-Ip"]) ip = urllib.parse.unquote(headers["Client-Ip"])
port = int(urllib.parse.unquote(headers["Auth-Port"]))
if port == 25:
return {
"Auth-Status": "AUTH not supported",
"Auth-Error-Code": "502 5.5.1",
"Auth-Wait": 0
}
user = models.User.query.get(user_email) user = models.User.query.get(user_email)
if check_credentials(user, password, ip, protocol): if check_credentials(user, password, ip, protocol):
return { return {

@ -250,6 +250,7 @@ mail {
listen 10025; listen 10025;
protocol smtp; protocol smtp;
smtp_auth plain; smtp_auth plain;
auth_http_header Auth-Port 10025;
} }
# Default IMAP server for the webmail (no encryption, but authentication) # Default IMAP server for the webmail (no encryption, but authentication)
@ -257,6 +258,7 @@ mail {
listen 10143; listen 10143;
protocol imap; protocol imap;
smtp_auth plain; smtp_auth plain;
auth_http_header Auth-Port 10043;
} }
# SMTP is always enabled, to avoid losing emails when TLS is failing # SMTP is always enabled, to avoid losing emails when TLS is failing
@ -271,6 +273,7 @@ mail {
{% endif %} {% endif %}
protocol smtp; protocol smtp;
smtp_auth none; smtp_auth none;
auth_http_header Auth-Port 25;
} }
# All other protocols are disabled if TLS is failing # All other protocols are disabled if TLS is failing
@ -283,6 +286,7 @@ mail {
{% endif %} {% endif %}
protocol imap; protocol imap;
imap_auth plain; imap_auth plain;
auth_http_header Auth-Port 143;
} }
server { server {
@ -293,6 +297,7 @@ mail {
{% endif %} {% endif %}
protocol pop3; protocol pop3;
pop3_auth plain; pop3_auth plain;
auth_http_header Auth-Port 110;
} }
server { server {
@ -303,6 +308,7 @@ mail {
{% endif %} {% endif %}
protocol smtp; protocol smtp;
smtp_auth plain; smtp_auth plain;
auth_http_header Auth-Port 587;
} }
{% if TLS %} {% if TLS %}
@ -311,6 +317,7 @@ mail {
listen [::]:465 ssl; listen [::]:465 ssl;
protocol smtp; protocol smtp;
smtp_auth plain; smtp_auth plain;
auth_http_header Auth-Port 465;
} }
server { server {
@ -318,6 +325,7 @@ mail {
listen [::]:993 ssl; listen [::]:993 ssl;
protocol imap; protocol imap;
imap_auth plain; imap_auth plain;
auth_http_header Auth-Port 993;
} }
server { server {
@ -325,6 +333,7 @@ mail {
listen [::]:995 ssl; listen [::]:995 ssl;
protocol pop3; protocol pop3;
pop3_auth plain; pop3_auth plain;
auth_http_header Auth-Port 995;
} }
{% endif %} {% endif %}
{% endif %} {% endif %}

Loading…
Cancel
Save