From 0a7643b367acb6edfa4cba6607a48eb268b07985 Mon Sep 17 00:00:00 2001
From: Son NK <>
Date: Mon, 28 Sep 2020 17:43:09 +0200
Subject: [PATCH] take into account mailbox authorized address when check for
 spoofing

---
 email_handler.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/email_handler.py b/email_handler.py
index 0bff0a5d..7e78d488 100644
--- a/email_handler.py
+++ b/email_handler.py
@@ -732,8 +732,9 @@ async def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> (boo
         handle_bounce(contact, alias, msg, user)
         return False, "550 SL E6"
 
-    mailbox = Mailbox.get_by(email=mail_from, user_id=user.id)
-    if not mailbox or mailbox not in alias.mailboxes:
+    # Anti-spoofing
+    mailbox = get_mailbox_from_mail_from(mail_from, alias)
+    if not mailbox:
         if alias.disable_email_spoofing_check:
             # ignore this error, use default alias mailbox
             LOG.warning(