No OneTemporary
Actions

Authored By

Unknown

Size

2 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/app/Policy/SmtpAccess.php b/src/app/Policy/SmtpAccess.php
	index 3b9f36e4..a7bd6d08 100644
	--- a/src/app/Policy/SmtpAccess.php
	+++ b/src/app/Policy/SmtpAccess.php
	@@ -17,7 +17,7 @@ class SmtpAccess
	public static function reception($data): Response
	{
	// Check access policy
	- if (!self::verifyRecipient($data['sender'], $data['recipient'])) {
	+ if (!self::verifyRecipient($data['sender'] ?? '', $data['recipient'])) {
	return new Response(Response::ACTION_REJECT, 'Invalid recipient', 403);
	}

	@@ -143,10 +143,6 @@ class SmtpAccess
	{
	$sender = \strtolower($sender);

	- if (!str_contains($sender, '@')) {
	- return false;
	- }
	-
	$group = Group::where('email', $recipient)->first();

	// Check distribution list sender access list
	@@ -155,6 +151,10 @@ class SmtpAccess

	if (!empty($policy)) {
	foreach ($policy as $entry) {
	+ // $sender can be empty in case of an empty SMTP FROM
	+ if (!str_contains($sender, '@')) {
	+ break;
	+ }
	// Full email address match
	if (str_contains($entry, '@')) {
	if ($sender === $entry) {
	diff --git a/src/tests/Feature/Policy/SmtpAccessTest.php b/src/tests/Feature/Policy/SmtpAccessTest.php
	index f8d75357..2497629b 100644
	--- a/src/tests/Feature/Policy/SmtpAccessTest.php
	+++ b/src/tests/Feature/Policy/SmtpAccessTest.php
	@@ -44,15 +44,15 @@ class SmtpAccessTest extends TestCase
	{
	$group = $this->getTestGroup('group-test@kolab.org');

	- // invalid sender address
	- $this->assertFalse(SmtpAccess::verifyRecipient('invalid', 'none@unknown.tld'));
	-
	// non-existing recipient
	$this->assertTrue(SmtpAccess::verifyRecipient('ext@gmail.com', 'none@unknown.tld'));

	// no policy for a group
	$this->assertTrue(SmtpAccess::verifyRecipient('ext@gmail.com', $group->email));

	+ // empty sender
	+ $this->assertTrue(SmtpAccess::verifyRecipient('', $group->email));
	+
	$group->setConfig(['sender_policy' => ['.gmail.com', 'allowed.tld', 'allowed@kolab.org']]);

	// domain suffix match
	@@ -66,6 +66,17 @@ class SmtpAccessTest extends TestCase

	// no match
	$this->assertFalse(SmtpAccess::verifyRecipient('test@kolab.ch', $group->email));
	+
	+ // empty sender
	+ $this->assertFalse(SmtpAccess::verifyRecipient('', $group->email));
	+
	+ // User recipient
	+ $this->assertTrue(SmtpAccess::verifyRecipient('anyone@gmail.com', 'john@kolab.org'));
	+ $this->assertTrue(SmtpAccess::verifyRecipient('', 'john@kolab.org'));
	+
	+ // Non-existing recipient (?)
	+ $this->assertTrue(SmtpAccess::verifyRecipient('anyone@gmail.com', 'unknown@unknown.org'));
	+ $this->assertTrue(SmtpAccess::verifyRecipient('', 'unknown@unknown.org'));
	}

	/**

File Metadata

Mime Type: text/x-diff
Expires: Sat, Apr 4, 9:41 AM (3 w, 5 d ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18823510
Default Alt Text: (2 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions