banlist
This commit is contained in:
Aine
@@ -40,6 +40,8 @@ type Manager struct {
|
||||
|
||||
type matrixbot interface {
|
||||
AllowAuth(string, string) bool
|
||||
IsBanned(net.Addr) bool
|
||||
Ban(net.Addr)
|
||||
GetMapping(string) (id.RoomID, bool)
|
||||
GetIFOptions(id.RoomID) utils.IncomingFilteringOptions
|
||||
IncomingEmail(context.Context, *utils.Email) error
|
||||
|
||||
@@ -23,11 +23,17 @@ type mailServer struct {
|
||||
// Login used for outgoing mail submissions only (when you use postmoogle as smtp server in your scripts)
|
||||
func (m *mailServer) Login(state *smtp.ConnectionState, username, password string) (smtp.Session, error) {
|
||||
m.log.Debug("Login state=%+v username=%+v", state, username)
|
||||
if m.bot.IsBanned(state.RemoteAddr) {
|
||||
return nil, errors.New("please, don't bother me anymore")
|
||||
}
|
||||
|
||||
if !utils.AddressValid(username) {
|
||||
m.bot.Ban(state.RemoteAddr)
|
||||
return nil, errors.New("please, provide an email address")
|
||||
}
|
||||
|
||||
if !m.bot.AllowAuth(username, password) {
|
||||
m.bot.Ban(state.RemoteAddr)
|
||||
return nil, errors.New("email or password is invalid")
|
||||
}
|
||||
|
||||
@@ -44,6 +50,10 @@ func (m *mailServer) Login(state *smtp.ConnectionState, username, password strin
|
||||
// AnonymousLogin used for incoming mail submissions only
|
||||
func (m *mailServer) AnonymousLogin(state *smtp.ConnectionState) (smtp.Session, error) {
|
||||
m.log.Debug("AnonymousLogin state=%+v", state)
|
||||
if m.bot.IsBanned(state.RemoteAddr) {
|
||||
return nil, errors.New("please, don't bother me anymore")
|
||||
}
|
||||
|
||||
return &incomingSession{
|
||||
ctx: sentry.SetHubOnContext(context.Background(), sentry.CurrentHub().Clone()),
|
||||
getRoomID: m.bot.GetMapping,
|
||||
@@ -51,6 +61,7 @@ func (m *mailServer) AnonymousLogin(state *smtp.ConnectionState) (smtp.Session,
|
||||
receiveEmail: m.ReceiveEmail,
|
||||
log: m.log,
|
||||
domains: m.domains,
|
||||
addr: state.RemoteAddr,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -4,6 +4,7 @@ import (
|
||||
"context"
|
||||
"errors"
|
||||
"io"
|
||||
"net"
|
||||
|
||||
"github.com/emersion/go-smtp"
|
||||
"github.com/getsentry/sentry-go"
|
||||
@@ -21,9 +22,11 @@ type incomingSession struct {
|
||||
getRoomID func(string) (id.RoomID, bool)
|
||||
getFilters func(id.RoomID) utils.IncomingFilteringOptions
|
||||
receiveEmail func(context.Context, *utils.Email) error
|
||||
ban func(net.Addr)
|
||||
domains []string
|
||||
|
||||
ctx context.Context
|
||||
addr net.Addr
|
||||
to string
|
||||
from string
|
||||
}
|
||||
@@ -31,6 +34,7 @@ type incomingSession struct {
|
||||
func (s *incomingSession) Mail(from string, opts smtp.MailOptions) error {
|
||||
sentry.GetHubFromContext(s.ctx).Scope().SetTag("from", from)
|
||||
if !utils.AddressValid(from) {
|
||||
s.ban(s.addr)
|
||||
return errors.New("please, provide email address")
|
||||
}
|
||||
s.from = from
|
||||
@@ -50,17 +54,20 @@ func (s *incomingSession) Rcpt(to string) error {
|
||||
}
|
||||
if !domainok {
|
||||
s.log.Debug("wrong domain of %s", to)
|
||||
s.ban(s.addr)
|
||||
return smtp.ErrAuthRequired
|
||||
}
|
||||
|
||||
roomID, ok := s.getRoomID(utils.Mailbox(to))
|
||||
if !ok {
|
||||
s.log.Debug("mapping for %s not found", to)
|
||||
s.ban(s.addr)
|
||||
return smtp.ErrAuthRequired
|
||||
}
|
||||
|
||||
validations := s.getFilters(roomID)
|
||||
if !validateEmail(s.from, s.to, s.log, validations) {
|
||||
s.ban(s.addr)
|
||||
return smtp.ErrAuthRequired
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user