From af5da176239b3eca22046a1d92cacfc60bd0ef9d Mon Sep 17 00:00:00 2001
From: Mechiel Lukkien <mechiel@ueber.net>
Date: Mon, 11 Dec 2023 15:34:11 +0100
Subject: [PATCH] smtpserver: also allow space after "MAIL FROM:" and "RCPT
 TO:" command for SMTP delivery (unless in pedantic mode)

we already allowed it for (authenticated) SMTP submission. it turns out also
legitimate senders can use this invalid syntax to deliver messages.

for issue #101 by Fell, thanks for reporting & explaining!
---
 smtpserver/server.go | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/smtpserver/server.go b/smtpserver/server.go
index ac9c9bb..b4da960 100644
--- a/smtpserver/server.go
+++ b/smtpserver/server.go
@@ -1285,10 +1285,10 @@ func (c *conn) cmdMail(p *parser) {
 		}
 	}()
 	p.xtake(" FROM:")
-	// note: no space after colon. ../rfc/5321:1093
-	// Allow illegal space for submission only, not for regular SMTP. Microsoft Outlook
-	// 365 Apps for Enterprise sends it.
-	if c.submission && !moxvar.Pedantic {
+	// note: no space allowed after colon. ../rfc/5321:1093
+	// Microsoft Outlook 365 Apps for Enterprise sends it with submission. For delivery
+	// it is mostly used by spammers, but has been seen with legitimate senders too.
+	if !moxvar.Pedantic {
 		p.space()
 	}
 	rawRevPath := p.xrawReversePath()
@@ -1426,10 +1426,10 @@ func (c *conn) cmdRcpt(p *parser) {
 
 	// ../rfc/5321:1985
 	p.xtake(" TO:")
-	// note: no space after colon. ../rfc/5321:1093
-	// Allow illegal space for submission only, not for regular SMTP. Microsoft Outlook
-	// 365 Apps for Enterprise sends it.
-	if c.submission && !moxvar.Pedantic {
+	// note: no space allowed after colon. ../rfc/5321:1093
+	// Microsoft Outlook 365 Apps for Enterprise sends it with submission. For delivery
+	// it is mostly used by spammers, but has been seen with legitimate senders too.
+	if !moxvar.Pedantic {
 		p.space()
 	}
 	var fpath smtp.Path