Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server: unauthenticated access #228

Closed
Valentin-Kaiser opened this issue Aug 4, 2023 · 1 comment
Closed

Server: unauthenticated access #228

Valentin-Kaiser opened this issue Aug 4, 2023 · 1 comment

Comments

@Valentin-Kaiser
Copy link

If the server requires authentication, e-mails can only be sent with the correct credentials.
However, it is also possible to omit authentication. In this case, the server allows the message to be sent even though authentication was actually required. There is a variable in the connection structure that is set after successful authentication, but this variable is only used to prevent double authentication.

type Conn struct {
...
	didAuth bool
}

The commands like 'DATA' should first check in the handle function whether the authentication was successful.

switch cmd {
case "DATA":
	if !c.server.AuthDisabled && !c.didAuth {
		c.writeResponse(530, EnhancedCode{5, 7, 0}, "Authentication required")
		return
	}
	c.handleData(arg)
}
@Valentin-Kaiser Valentin-Kaiser mentioned this issue Aug 4, 2023
Closed
@emersion
Copy link
Owner

emersion commented Aug 6, 2023

Duplicate of #216

@emersion emersion marked this as a duplicate of #216 Aug 6, 2023
@emersion emersion closed this as completed Aug 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixed unauthenticated server access
2 participants
@emersion @Valentin-Kaiser