eric/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2026-03-03 03:57:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Prevent nested MAIL command during an active SMTP transaction (#623)

Browse Source
This commit is contained in:
Ralph Slooten
2026-01-23 17:41:33 +13:00
parent 9383c5876b
commit 464ff68c34
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/smtpd/smtpd.go
View File

@@ -428,6 +428,10 @@ loop:
s.writef("503 5.5.1 Bad sequence of commands (HELO/EHLO required before MAIL)")
break
}
if to != nil {
s.writef("503 5.5.1 Bad sequence of commands (RSET/HELO/EHLO required before MAIL)")
break
}
match, err := extractAndValidateAddress(mailFromRE, args)
if match == nil {

25
internal/smtpd/smtpd_test.go
View File

@@ -134,6 +134,31 @@ func TestCmdMAILBeforeEHLO(t *testing.T) {
_ = conn.Close()
}
func TestCmdMAILAfterRCPT(t *testing.T) {
conn := newConn(t, &Server{})
// Send EHLO, expect greeting
cmdCode(t, conn, "EHLO host.example.com", "250")
// Send MAIL FROM
cmdCode(t, conn, "MAIL FROM:<sender@example.com>", "250")
// Send RCPT TO
cmdCode(t, conn, "RCPT TO:<recipient@example.com>", "250")
// MAIL FROM must not come after RCPT TO in the same transaction
cmdCode(t, conn, "MAIL FROM:<sender2@example.com>", "503")
// RSET to clear the transaction
cmdCode(t, conn, "RSET", "250")
// Now the MAIL FROM should be accepted
cmdCode(t, conn, "MAIL FROM:<sender2@example.com>", "250")
cmdCode(t, conn, "QUIT", "221")
_ = conn.Close()
}
func TestCmdRSET(t *testing.T) {
conn := newConn(t, &Server{})
cmdCode(t, conn, "EHLO host.example.com", "250")