Skip to content

Don't allow configuration requiring authentication with non-TLS listener #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 2, 2021
Merged

Don't allow configuration requiring authentication with non-TLS listener #27

merged 3 commits into from
Apr 2, 2021

Conversation

JonathonReinhart
Copy link
Collaborator

@JonathonReinhart JonathonReinhart commented Apr 1, 2021
edited
Loading

This fixes #26.

Now if someone tries to run smtprelay with -allowed_users and any non-TLS address in -listen, it will fail right away:

$ ./smtprelay -listen ':2525' -allowed_users userlist.txt 
WARN[2021-04-01T01:03:57-04:00] remote_host not set; mail will not be forwarded! 
FATA[2021-04-01T01:03:57-04:00] Local authentication (via allowed_users file) not allowed with non-TLS listener  address=":2525"

@JonathonReinhart JonathonReinhart requested a review from decke April 1, 2021 05:05
@JonathonReinhart
Refactor parsing of -listen string out into separate config function
ca1ccd8 
This makes the "for each listen address" loop in main() look even cleaner.
@JonathonReinhart
Add localAuthRequired() helper function
45a676e 
This just makes the configuration state a little more obvious.
@JonathonReinhart
Don't allow a configuration requiring auth with a non-TLS listener
247d187 
This fixes #26
@decke decke merged commit 9e8b551 into master Apr 2, 2021
@decke
Copy link
Owner

decke commented Apr 2, 2021

Very good work! Thanks Jonathon!

@decke decke mentioned this pull request Apr 2, 2021
Closed
@JonathonReinhart JonathonReinhart deleted the 26-tls-reqd-for-auth branch April 2, 2021 21:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@decke decke decke approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Issue warning if configured to require authentication but not TLS
2 participants
@JonathonReinhart @decke