From e15d11df1856b0bf64ff66b1280c034ca47903a2 Mon Sep 17 00:00:00 2001
From: "Ryan C. Gordon" <icculus@icculus.org>
Date: Wed, 5 Apr 2017 02:32:50 -0400
Subject: [PATCH] Added an API to ask if an incoming email should be dropped at
 the SMTP level.

This lets an SMTP server optionally decide if it should reject a mail without
passing it on to Discourse at all, possibly before even reading the
email's payload, to prevent spam-induced backscatter and save resources.

This just does the bare minimum sanity checking that could prevent obvious
backscatter. For legit errors from legit users, Discourse will still send a
much more pleasant reply email.
---
 app/controllers/admin/email_controller.rb | 13 +++++++++++++
 config/routes.rb                          |  1 +
 2 files changed, 14 insertions(+)

diff --git a/app/controllers/admin/email_controller.rb b/app/controllers/admin/email_controller.rb
index df400de93e5..ca7dd112c00 100644
--- a/app/controllers/admin/email_controller.rb
+++ b/app/controllers/admin/email_controller.rb
@@ -69,6 +69,19 @@ class Admin::EmailController < Admin::AdminController
     end
   end
 
+  def smtp_should_reject
+    params.require(:from)
+    params.require(:to)
+    # These strings aren't localized; they are sent to an anonymous SMTP user.
+    if User.find_by_email(params[:from]).nil? && !SiteSetting.enable_staged_users
+        render json: { reject: true, reason: "Mail from your address is not accepted. Do you have an account here?" }
+    elsif Email::Receiver.new(params[:from]).check_address(params[:to]).nil?
+        render json: { reject: true, reason: "Mail to this address is not accepted. Check the address and try to send again?" }
+    else
+        render json: { reject: false }
+    end
+  end
+
   def handle_mail
     params.require(:email)
     Email::Processor.process!(params[:email])
diff --git a/config/routes.rb b/config/routes.rb
index b8091c79397..e6c3d9ed719 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -155,6 +155,7 @@ Discourse::Application.routes.draw do
         get "/incoming_from_bounced/:id" => "email#incoming_from_bounced"
         get "preview-digest" => "email#preview_digest"
         get "send-digest" => "email#send_digest"
+        get "smtp_should_reject"
         post "handle_mail"
       end
     end