diff --git a/core/admin/mailu/internal/nginx.py b/core/admin/mailu/internal/nginx.py index 54eb3eb6..b7e246af 100644 --- a/core/admin/mailu/internal/nginx.py +++ b/core/admin/mailu/internal/nginx.py @@ -93,8 +93,8 @@ def handle_authentication(headers): app.logger.warn(f'Received undecodable user/password from nginx: {raw_user_email!r}/{raw_password!r}') else: try: - user = models.User.query.get(user_email) - is_valid_user = True + user = models.User.query.get(user_email) if '@' in user_email else None + is_valid_user = user is not None except sqlalchemy.exc.StatementError as exc: exc = str(exc).split('\n', 1)[0] app.logger.warn(f'Invalid user {user_email!r}: {exc}') diff --git a/core/admin/mailu/internal/views/auth.py b/core/admin/mailu/internal/views/auth.py index a9c1261a..f95e7c89 100644 --- a/core/admin/mailu/internal/views/auth.py +++ b/core/admin/mailu/internal/views/auth.py @@ -12,7 +12,7 @@ def nginx_authentication(): """ client_ip = flask.request.headers["Client-Ip"] headers = flask.request.headers - if headers["Auth-Port"] == '25' and headers['Auth-Method'] == 'plain': + if headers["Auth-Port"] == '25': response = flask.Response() response.headers['Auth-Status'] = 'AUTH not supported' response.headers['Auth-Error-Code'] = '502 5.5.1' diff --git a/core/admin/mailu/internal/views/postfix.py b/core/admin/mailu/internal/views/postfix.py index ed951943..3482b290 100644 --- a/core/admin/mailu/internal/views/postfix.py +++ b/core/admin/mailu/internal/views/postfix.py @@ -5,6 +5,7 @@ from flask import current_app as app import flask import idna import re +import sqlalchemy.exc import srslib @internal.route("/postfix/dane/") @@ -158,18 +159,13 @@ def postfix_sender_rate(sender): def postfix_sender_access(sender): """ Simply reject any sender that pretends to be from a local domain """ - if not is_void_address(sender): - localpart, domain_name = models.Email.resolve_domain(sender) - return flask.jsonify("REJECT") if models.Domain.query.get(domain_name) else flask.abort(404) - else: - return flask.abort(404) - - -def is_void_address(email): - '''True if the email is void (null) email address. - ''' - if email.startswith('<') and email.endswith('>'): - email = email[1:-1] - # Some MTAs use things like '' instead of '<>'; so let's - # consider void any such thing. - return '@' not in email + if '@' in sender: + if sender.startswith('<') and sender.endswith('>'): + sender = sender[1:-1] + try: + localpart, domain_name = models.Email.resolve_domain(sender) + if models.Domain.query.get(domain_name): + return flask.jsonify("REJECT") + except sqlalchemy.exc.StatementError: + pass + return flask.abort(404)