From f9ae101d38d89e1574e6f0c701a32f122d517b27 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Thu, 8 Jul 2021 22:38:18 +0100 Subject: [PATCH] Validation fixes --- README.md | 2 +- internal/smtpsender/sender.go | 3 +++ internal/smtpserver/backend.go | 5 +++-- internal/smtpserver/session_remote.go | 9 ++++++++- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9044c8b..7b0ed79 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ Yggmail is a single-binary all-in-one mail transfer agent which sends and receiv * All mail exchange traffic between any two Yggmail nodes is always end-to-end encrypted without exception; * Yggdrasil and Yggmail nodes on the same network are discovered automatically using multicast or you can configure a static Yggdrasil peer. -Email addresses are based on your public key, like `neilalexander@e3bf4665ae1ff714e0112040af8ddfc8e4b664a28e4afa40746e13952550f9ef.yggmail`. +Email addresses are based on your public key, like `neilalexander@1mLp6AtYSE7rYOVDDTPKzasmFgG9BfKOk7aK4xOdZcT.yggmail`. ## Why? diff --git a/internal/smtpsender/sender.go b/internal/smtpsender/sender.go index 27af750..3a571f8 100644 --- a/internal/smtpsender/sender.go +++ b/internal/smtpsender/sender.go @@ -94,16 +94,19 @@ func (q *Queue) run() { defer client.Close() if err := client.Hello(base62.EncodeToString(q.queues.Config.PublicKey)); err != nil { + q.queues.Log.Println("Remote server", q.destination, "did not accept HELLO:", err) return fmt.Errorf("client.Hello: %w", err) } q.backoff.Store(0) if err := client.Mail(mail.From, nil); err != nil { + q.queues.Log.Println("Remote server", q.destination, "did not accept MAIL:", err) return fmt.Errorf("client.Mail: %w", err) } if err := client.Rcpt(mail.Rcpt); err != nil { + q.queues.Log.Println("Remote server", q.destination, "did not accept RCPT:", err) return fmt.Errorf("client.Rcpt: %w", err) } diff --git a/internal/smtpserver/backend.go b/internal/smtpserver/backend.go index 21dbfcb..13f34ae 100644 --- a/internal/smtpserver/backend.go +++ b/internal/smtpserver/backend.go @@ -63,11 +63,12 @@ func (b *Backend) AnonymousLogin(state *smtp.ConnectionState) (smtp.Session, err if err != nil { return nil, fmt.Errorf("hex.DecodeString: %w", err) } - if state.Hostname != base62.EncodeToString(pks) { + remote := base62.EncodeToString(pks) + if state.Hostname != remote { return nil, fmt.Errorf("You are not who you claim to be") } - b.Log.Println("Incoming SMTP session from", state.RemoteAddr.String()) + b.Log.Println("Incoming SMTP session from", remote) return &SessionRemote{ backend: b, state: state, diff --git a/internal/smtpserver/session_remote.go b/internal/smtpserver/session_remote.go index 3dd1cf2..08fbf3b 100644 --- a/internal/smtpserver/session_remote.go +++ b/internal/smtpserver/session_remote.go @@ -3,6 +3,7 @@ package smtpserver import ( "bytes" "crypto/ed25519" + "encoding/hex" "fmt" "io" "time" @@ -26,7 +27,13 @@ func (s *SessionRemote) Mail(from string, opts smtp.MailOptions) error { return fmt.Errorf("mail.ParseAddress: %w", err) } - if local := s.state.RemoteAddr.String(); local != host { + pks, err := hex.DecodeString(host) + if err != nil { + return fmt.Errorf("hex.DecodeString: %w", err) + } + remote := base62.EncodeToString(pks) + + if local := s.state.RemoteAddr.String(); local != remote { return fmt.Errorf("not allowed to send incoming mail as %s", from) }