Check sender email against auth file when user is authenticated

README.md

@@ -25,5 +25,5 @@ produces mail.
 * Authentication support with file (LOGIN, PLAIN)
 * Enforce encryption for authentication
 * Forwards all mail to a smarthost (GMail, MailGun or any other SMTP server)
-* Small codebase (smtp-proxy ~250 LoC, chrj/smtpd ~1200 LoC)
+* Small codebase (smtp-proxy ~300 LoC, chrj/smtpd ~1200 LoC)
 * IPv6 support

main.go

@@ -63,6 +63,31 @@ func connectionChecker(peer smtpd.Peer) error {
 }
 
 func senderChecker(peer smtpd.Peer, addr string) error {
+	// check sender address from auth file if user is authenticated
+	if *allowedUsers != "" && peer.Username != "" {
+		file, err := os.Open(*allowedUsers)
+		if err != nil {
+			log.Printf("User file not found %v", err)
+			return smtpd.Error{Code: 451, Message: "Bad sender address"}
+		}
+		defer file.Close()
+
+		scanner := bufio.NewScanner(file)
+		for scanner.Scan() {
+			parts := strings.Fields(scanner.Text())
+
+			if len(parts) != 3 {
+				continue
+			}
+
+			if peer.Username == parts[0] {
+				if strings.ToLower(addr) != strings.ToLower(parts[2])  {
+					return smtpd.Error{Code: 451, Message: "Bad sender address"}
+				}
+			}
+		}
+	}
+
 	if *allowedSender == "" {
 		return nil
 	}

smtp-proxy.ini

@@ -37,7 +37,7 @@
 
 ; File which contains username and password used for
 ; authentication before they can send mail.
-; File format: username bcrypt-hash
+; File format: username bcrypt-hash email
 ;allowed_users =
 
 ; Relay all mails to this SMTP server