From 0a7643b367acb6edfa4cba6607a48eb268b07985 Mon Sep 17 00:00:00 2001 From: Son NK <> Date: Mon, 28 Sep 2020 17:43:09 +0200 Subject: [PATCH] take into account mailbox authorized address when check for spoofing --- email_handler.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/email_handler.py b/email_handler.py index 0bff0a5d..7e78d488 100644 --- a/email_handler.py +++ b/email_handler.py @@ -732,8 +732,9 @@ async def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> (boo handle_bounce(contact, alias, msg, user) return False, "550 SL E6" - mailbox = Mailbox.get_by(email=mail_from, user_id=user.id) - if not mailbox or mailbox not in alias.mailboxes: + # Anti-spoofing + mailbox = get_mailbox_from_mail_from(mail_from, alias) + if not mailbox: if alias.disable_email_spoofing_check: # ignore this error, use default alias mailbox LOG.warning(