smtpserver: allow using an "message from" address from an allowed alias as smtp mail from during submission

mail clients will use these message from addresses also for smtp mail from, so
sending over smtp would fail for these cases. for the webmail and webapi they
already succeeded since we just took the "message from" address as "smtp mail
from" address.

for issue #266 by Robby-, thanks for reporting!

smtpserver/alias_test.go

@@ -40,6 +40,16 @@ test email
 		ts.smtpErr(err, nil)
 	})
 
+	ts.run(func(err error, client *smtpclient.Client) {
+		t.Helper()
+		mailFrom := "public@mox.example" // List address as smtp mail from.
+		rcptTo := "public@mox.example"
+		if err == nil {
+			err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(msg)), strings.NewReader(msg), false, false, false)
+		}
+		ts.smtpErr(err, nil)
+	})
+
 	msg = strings.ReplaceAll(`From: <private@mox.example>
 To: <private@mox.example>
 Subject: test
@@ -56,6 +66,16 @@ test email
 		}
 		ts.smtpErr(err, &smtpclient.Error{Permanent: true, Code: smtp.C550MailboxUnavail, Secode: smtp.SePol7DeliveryUnauth1})
 	})
+
+	ts.run(func(err error, client *smtpclient.Client) {
+		t.Helper()
+		mailFrom := "private@mox.example" // List address as smtp mail from.
+		rcptTo := "private@mox.example"
+		if err == nil {
+			err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(msg)), strings.NewReader(msg), false, false, false)
+		}
+		ts.smtpErr(err, &smtpclient.Error{Permanent: true, Code: smtp.C550MailboxUnavail, Secode: smtp.SePol7DeliveryUnauth1})
+	})
 }
 
 // Non-member cannot submit as alias that allows it for members.
@@ -97,6 +117,16 @@ test email
 		}
 		ts.smtpErr(err, &smtpclient.Error{Permanent: true, Code: smtp.C550MailboxUnavail, Secode: smtp.SePol7DeliveryUnauth1})
 	})
+
+	ts.run(func(err error, client *smtpclient.Client) {
+		t.Helper()
+		mailFrom := "public@mox.example" // List address as message from.
+		rcptTo := "public@mox.example"
+		if err == nil {
+			err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(msg)), strings.NewReader(msg), true, true, false)
+		}
+		ts.smtpErr(err, &smtpclient.Error{Permanent: true, Code: smtp.C550MailboxUnavail, Secode: smtp.SePol7DeliveryUnauth1})
+	})
 }
 
 // Non-member can deliver to public list, not to private list.
@@ -162,6 +192,18 @@ test email
 
 		ts.checkCount("Inbox", 2) // Receiving for both mjl@ and móx@.
 	})
+
+	ts.run(func(err error, client *smtpclient.Client) {
+		t.Helper()
+		mailFrom := "public@example.org" // List address as message from.
+		rcptTo := "public@mox.example"
+		if err == nil {
+			err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(msg)), strings.NewReader(msg), false, false, false)
+		}
+		ts.smtpErr(err, nil)
+
+		ts.checkCount("Inbox", 4) // Receiving for both mjl@ and móx@.
+	})
 }
 
 // Member can deliver to private list, but still not with alias address as message

smtpserver/server.go

@@ -1756,13 +1756,16 @@ func (c *conn) cmdMail(p *parser) {
 
 	// For submission, check if reverse path is allowed. I.e. authenticated account
 	// must have the rpath configured. We do a check again on rfc5322.from during DATA.
+	// Mail clients may use the alias address as smtp mail from address, so we allow it
+	// for such aliases.
 	rpathAllowed := func() bool {
 		// ../rfc/6409:349
 		if rpath.IsZero() {
 			return true
 		}
-		accName, _, _, _, err := mox.LookupAddress(rpath.Localpart, rpath.IPDomain.Domain, false, false)
+
-		return err == nil && accName == c.account.Name
+		from := smtp.NewAddress(rpath.Localpart, rpath.IPDomain.Domain)
+		return mox.AllowMsgFrom(c.account.Name, from)
 	}
 
 	if !c.submission && !rpath.IPDomain.Domain.IsZero() {