Matching auth username and mail from

[gramakri]

It appears that haraka will allow an authenticated user to send out mail as any name@domain.com. AFAICT, there is no plugin that enforces that the AUTH username and the MAIL FROM match.

Can you confirm if this is the case?

If this is a good feature to add to haraka, I will be happy to give it a shot since I need this. I am thinking we can add mail_from hooks to the auth plugins which can enforce this using a config option. If there is a better approach, please let me know.

[baudehlo]

Correct that is the current case. It should be an easy plugin to create, assuming we save the AUTH username somewhere.

On Fri, May 6, 2016 at 2:25 AM, Girish Ramakrishnan < notifications@github.com> wrote:

It appears that haraka will allow an authenticated user to send out mail as any name@domain.com. AFAICT, there is no plugin that enforces that the AUTH username and the MAIL FROM match.

Can you confirm if this is the case?

If this is a good feature to add to haraka, I will be happy to give it a shot since I need this. I am thinking we can add mail_from hooks to the auth plugins which can enforce this using a config option. If there is a better approach, please let me know.

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/haraka/Haraka/issues/1444

[smfreegard]

assuming we save the AUTH username somewhere. We do: https://github.com/haraka/Haraka/blob/master/plugins/auth/auth_base.js#L99.

[gramakri]

@baudehlo @smfreegard do you prefer a separate plugin or can we add this as an option to the auth plugin(s) ?

I am thinking match_username config option. For now, we can do a simple exact match.

[smfreegard]

My personal feeling is that it should be a separate plugin.

Personally - this plugin wouldn't work for me, I've either got credentials that are just a UNIX username without a domain or I have several aliases for one login.

I have a slightly different on this here in that I don't allow someone to send a mail from a domain that isn't defined and that's applied irrespective to the use of AUTH or not - it's applied whenever connection.relaying = true.

If you did this as a separate plugin, then you could easily expand it to both cases if you wanted to.

[gramakri]

@smfreegard Thanks for your response!

Do you guys happen to have a separate repo where we can place some of these custom plugin/samples which don't belong in core? I can add this plugin and a couple other that I already have, if there is interest.

[baudehlo]

You can (as of 2.8) just release to npm.

On Fri, May 6, 2016 at 1:14 PM, Girish Ramakrishnan < notifications@github.com> wrote:

@smfreegard https://github.com/smfreegard Thanks for your response!

Do you guys happen to have a separate repo where we can place some of these custom plugin/samples which don't belong in core? I can add this plugin and a couple other that I already have, if there is interest.

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/haraka/Haraka/issues/1444#issuecomment-217502316

[gramakri]

@baudehlo How does that work? Just add module name in plugins?

[baudehlo]

Exactly, yes.

There are some differences - like the constants (DENY, etc) aren't stuffed in - you have to load them from haraka-constants: https://www.npmjs.com/package/haraka-constants

But it works the same way with the exports.* stuff, aside from that.

On Fri, May 6, 2016 at 1:20 PM, Girish Ramakrishnan < notifications@github.com> wrote:

@baudehlo https://github.com/baudehlo How does that work? Just add module name in plugins?

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/haraka/Haraka/issues/1444#issuecomment-217503937

[gramakri]

I will give it a shot, thanks. For anyone else reading this, see https://github.com/haraka/Haraka/issues/1287 for the design.