submission: Properly handle omission of required authentication for r…

…elay connection. Particularly, do not forward the 530 error to the client. Instead, log the problem and close the client connection with an internal error.
dovecot · Mar 13, 2018 · 6899712 · 6899712
1 parent f199f59
commit 6899712
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/src/submission/submission-commands.c b/src/submission/submission-commands.c
@@ -46,6 +46,19 @@ bool client_command_handle_proxy_reply(struct client *client,
 		client_destroy(client,
 			"4.4.0", "Lost connection to relay server");
 		return FALSE;
+	/* RFC 4954, Section 6: 530 5.7.0 Authentication required
+
+	   This response SHOULD be returned by any command other than AUTH,
+	   EHLO, HELO, NOOP, RSET, or QUIT when server policy requires
+	   authentication in order to perform the requested action and
+	   authentication is not currently in force. */
+	case 530:
+		i_error("Relay server requires authentication: %s",
+			smtp_reply_log(reply));
+		client_destroy(client, "4.3.5",
+			"Internal error occurred. "
+			"Refer to server log for more information.");
+		return FALSE;
 	default:
 		break;
 	}