cristiancmoises
/
gophish
mirror of https://github.com/gophish/gophish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Modified "SMTP From" field to avoid SMTP server errors with RFC 5321 (#2669) 

Co-authored-by: Thomas Castronovo <thocastronovo@cic.be>
dependabot/npm_and_yarn/decode-uri-component-0.2.2
tcastron 2022-11-29 17:41:10 +01:00 committed by GitHub
parent cec2da5128
commit 2d08befb6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 40 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
models/maillog_test.go
View File

@ -284,7 +284,7 @@ func (s *ModelsSuite) TestMailLogGenerateOverrideTransparencyHeaders(ch *check.C
smtp := SMTP{ smtp := SMTP{
Name: "Test SMTP", Name: "Test SMTP",
Host: "1.1.1.1:25", Host: "1.1.1.1:25",
FromAddress: "Foo Bar <foo@example.com>", FromAddress: "foo@example.com",
UserId: 1, UserId: 1,
Headers: []Header{ Headers: []Header{
Header{Key: "X-Gophish-Contact", Value: ""}, Header{Key: "X-Gophish-Contact", Value: ""},

13
models/smtp.go
View File

@ -5,6 +5,7 @@ import (
"errors" "errors"
"net/mail" "net/mail"
"os" "os"
"regexp"
"strconv" "strconv"
"strings" "strings"
"time" "time"
@ -57,6 +58,10 @@ type Header struct {
// specified in the SMTP configuration // specified in the SMTP configuration
var ErrFromAddressNotSpecified = errors.New("No From Address specified") var ErrFromAddressNotSpecified = errors.New("No From Address specified")
// ErrInvalidFromAddress is thrown when the SMTP From field in the sending
// profiles containes a value that is not an email address
var ErrInvalidFromAddress = errors.New("Invalid SMTP From address because it is not an email address")
// ErrHostNotSpecified is thrown when there is no Host specified // ErrHostNotSpecified is thrown when there is no Host specified
// in the SMTP configuration // in the SMTP configuration
var ErrHostNotSpecified = errors.New("No SMTP Host specified") var ErrHostNotSpecified = errors.New("No SMTP Host specified")
@ -76,6 +81,8 @@ func (s *SMTP) Validate() error {
return ErrFromAddressNotSpecified return ErrFromAddressNotSpecified
case s.Host == "": case s.Host == "":
return ErrHostNotSpecified return ErrHostNotSpecified
case !validateFromAddress(s.FromAddress):
return ErrInvalidFromAddress
} }
_, err := mail.ParseAddress(s.FromAddress) _, err := mail.ParseAddress(s.FromAddress)
if err != nil { if err != nil {
@ -95,6 +102,12 @@ func (s *SMTP) Validate() error {
return err return err
} }
// validateFromAddress validates
func validateFromAddress(email string) bool {
r, _ := regexp.Compile("^([a-zA-Z0-9_\\-\\.]+)@([a-zA-Z0-9_\\-\\.]+)\\.([a-zA-Z]{2,5})$")
return r.MatchString(email)
}
// GetDialer returns a dialer for the given SMTP profile // GetDialer returns a dialer for the given SMTP profile
func (s *SMTP) GetDialer() (mailer.Dialer, error) { func (s *SMTP) GetDialer() (mailer.Dialer, error) {
// Setup the message and dial // Setup the message and dial

28
models/smtp_test.go
View File

@ -12,7 +12,7 @@ func (s *ModelsSuite) TestPostSMTP(c *check.C) {
smtp := SMTP{ smtp := SMTP{
Name: "Test SMTP", Name: "Test SMTP",
Host: "1.1.1.1:25", Host: "1.1.1.1:25",
FromAddress: "Foo Bar <foo@example.com>", FromAddress: "foo@example.com",
UserId: 1, UserId: 1,
} }
err := PostSMTP(&smtp) err := PostSMTP(&smtp)
@ -25,7 +25,7 @@ func (s *ModelsSuite) TestPostSMTP(c *check.C) {
func (s *ModelsSuite) TestPostSMTPNoHost(c *check.C) { func (s *ModelsSuite) TestPostSMTPNoHost(c *check.C) {
smtp := SMTP{ smtp := SMTP{
Name: "Test SMTP", Name: "Test SMTP",
FromAddress: "Foo Bar <foo@example.com>", FromAddress: "foo@example.com",
UserId: 1, UserId: 1,
} }
err := PostSMTP(&smtp) err := PostSMTP(&smtp)
@ -42,12 +42,34 @@ func (s *ModelsSuite) TestPostSMTPNoFrom(c *check.C) {
c.Assert(err, check.Equals, ErrFromAddressNotSpecified) c.Assert(err, check.Equals, ErrFromAddressNotSpecified)
} }
func (s *ModelsSuite) TestPostSMTPValidHeader(c *check.C) { func (s *ModelsSuite) TestPostInvalidFrom(c *check.C) {
smtp := SMTP{ smtp := SMTP{
Name: "Test SMTP", Name: "Test SMTP",
Host: "1.1.1.1:25", Host: "1.1.1.1:25",
FromAddress: "Foo Bar <foo@example.com>", FromAddress: "Foo Bar <foo@example.com>",
UserId: 1, UserId: 1,
}
err := PostSMTP(&smtp)
c.Assert(err, check.Equals, ErrInvalidFromAddress)
}
func (s *ModelsSuite) TestPostInvalidFromEmail(c *check.C) {
smtp := SMTP{
Name: "Test SMTP",
Host: "1.1.1.1:25",
FromAddress: "example.com",
UserId: 1,
}
err := PostSMTP(&smtp)
c.Assert(err, check.Equals, ErrInvalidFromAddress)
}
func (s *ModelsSuite) TestPostSMTPValidHeader(c *check.C) {
smtp := SMTP{
Name: "Test SMTP",
Host: "1.1.1.1:25",
FromAddress: "foo@example.com",
UserId: 1,
Headers: []Header{ Headers: []Header{
Header{Key: "Reply-To", Value: "test@example.com"}, Header{Key: "Reply-To", Value: "test@example.com"},
Header{Key: "X-Mailer", Value: "gophish"}, Header{Key: "X-Mailer", Value: "gophish"},

2
templates/sending_profiles.html
View File

@ -52,7 +52,7 @@
<input type="text" class="form-control" value="SMTP" id="interface_type" disabled /> <input type="text" class="form-control" value="SMTP" id="interface_type" disabled />
<label class="control-label" for="from">SMTP From: <i class="fa fa-question-circle" <label class="control-label" for="from">SMTP From: <i class="fa fa-question-circle"
data-toggle="tooltip" data-placement="right" title="Set this to an email address from your sending domain to bypass SPF-checks. You can set the Envelope Sender in Email Templates. The Envelope Sender is shown to the user."></i></label> data-toggle="tooltip" data-placement="right" title="Set this to an email address from your sending domain to bypass SPF-checks. You can set the Envelope Sender in Email Templates. The Envelope Sender is shown to the user."></i></label>
<input type="text" class="form-control" placeholder="First Last <test@example.com>" id="from" <input type="text" class="form-control" placeholder="test@example.com" id="from"
required /> required />
<label class="control-label" for="host">Host:</label> <label class="control-label" for="host">Host:</label>
<input type="text" class="form-control" placeholder="smtp.example.com:25" id="host" required /> <input type="text" class="form-control" placeholder="smtp.example.com:25" id="host" required />