From 73ec35d5fad40ece8cdd8378f51e7ceb0480aaeb Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Thu, 8 Jul 2021 22:31:48 +0100 Subject: [PATCH] Fix origin check --- internal/smtpserver/backend.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/smtpserver/backend.go b/internal/smtpserver/backend.go index 7d57c5b..21dbfcb 100644 --- a/internal/smtpserver/backend.go +++ b/internal/smtpserver/backend.go @@ -6,6 +6,7 @@ import ( "log" "github.com/emersion/go-smtp" + "github.com/jxskiss/base62" "github.com/neilalexander/yggmail/internal/config" "github.com/neilalexander/yggmail/internal/smtpsender" "github.com/neilalexander/yggmail/internal/storage" @@ -58,14 +59,13 @@ func (b *Backend) AnonymousLogin(state *smtp.ConnectionState) (smtp.Session, err case BackendModeExternal: // The connection came from our overlay listener, so we should check // that they are who they claim to be - if state.Hostname != state.RemoteAddr.String() { - return nil, fmt.Errorf("You are not who you claim to be") - } - pks, err := hex.DecodeString(state.RemoteAddr.String()) if err != nil { return nil, fmt.Errorf("hex.DecodeString: %w", err) } + if state.Hostname != base62.EncodeToString(pks) { + return nil, fmt.Errorf("You are not who you claim to be") + } b.Log.Println("Incoming SMTP session from", state.RemoteAddr.String()) return &SessionRemote{