add config option to reject incoming deliveries with an error during the smtp transaction

useful when a catchall is configured, and messages to some address need to be
rejected.

would have been nicer if this could be part of a ruleset. but evaluating a
ruleset requires us to have the message (so we can match on headers, etc). but
we can't reject messages to individual recipients during the DATA command in
smtp. that would reject the entire delivery attempt.

for issue #156 by ally9335

Author: mjl-

config/config.go

@@ -455,13 +455,18 @@ type JunkFilter struct {
 }
 
 type Destination struct {
-	Mailbox  string    `sconf:"optional" sconf-doc:"Mailbox to deliver to if none of Rulesets match. Default: Inbox."`
-	Rulesets []Ruleset `sconf:"optional" sconf-doc:"Delivery rules based on message and SMTP transaction. You may want to match each mailing list by SMTP MailFrom address, VerifiedDomain and/or List-ID header (typically <listname.example.org> if the list address is [email protected]), delivering them to their own mailbox."`
-	FullName string    `sconf:"optional" sconf-doc:"Full name to use in message From header when composing messages coming from this address with webmail."`
+	Mailbox   string    `sconf:"optional" sconf-doc:"Mailbox to deliver to if none of Rulesets match. Default: Inbox."`
+	Rulesets  []Ruleset `sconf:"optional" sconf-doc:"Delivery rules based on message and SMTP transaction. You may want to match each mailing list by SMTP MailFrom address, VerifiedDomain and/or List-ID header (typically <listname.example.org> if the list address is [email protected]), delivering them to their own mailbox."`
+	SMTPError string    `sconf:"optional" sconf-doc:"If non-empty, incoming delivery attempts to this destination will be rejected during SMTP RCPT TO with this error response line. Useful when a catchall address is configured for the domain and messages to some addresses should be rejected. The response line must start with an error code. Currently the following error resonse codes are allowed: 421 (temporary local error), 550 (user not found). If the line consists of only an error code, an appropriate error message is added. Rejecting messages with a 4xx code invites later retries by the remote, while 5xx codes should prevent further delivery attempts."`
+	FullName  string    `sconf:"optional" sconf-doc:"Full name to use in message From header when composing messages coming from this address with webmail."`
 
 	DMARCReports     bool `sconf:"-" json:"-"`
 	HostTLSReports   bool `sconf:"-" json:"-"`
 	DomainTLSReports bool `sconf:"-" json:"-"`
+	// Ready to use in SMTP responses.
+	SMTPErrorCode   int    `sconf:"-" json:"-"`
+	SMTPErrorSecode string `sconf:"-" json:"-"`
+	SMTPErrorMsg    string `sconf:"-" json:"-"`
 }
 
 // Equal returns whether d and o are equal, only looking at their user-changeable fields.

config/doc.go

@@ -1120,6 +1120,17 @@ See https://pkg.go.dev/github.com/mjl-/sconf for details.
 							# Free-form comments. (optional)
 							Comment:
 
+					# If non-empty, incoming delivery attempts to this destination will be rejected
+					# during SMTP RCPT TO with this error response line. Useful when a catchall
+					# address is configured for the domain and messages to some addresses should be
+					# rejected. The response line must start with an error code. Currently the
+					# following error resonse codes are allowed: 421 (temporary local error), 550
+					# (user not found). If the line consists of only an error code, an appropriate
+					# error message is added. Rejecting messages with a 4xx code invites later retries
+					# by the remote, while 5xx codes should prevent further delivery attempts.
+					# (optional)
+					SMTPError:
+
 					# Full name to use in message From header when composing messages coming from this
 					# address with webmail. (optional)
 					FullName:

mox-/config.go

@@ -1436,6 +1436,44 @@ func prepareDynamicConfig(ctx context.Context, log mlog.Log, dynamicPath string,
 
 			checkMailboxNormf(dest.Mailbox, "destination mailbox", addDestErrorf)
 
+			if dest.SMTPError != "" {
+				if len(dest.SMTPError) > 256 {
+					addDestErrorf("smtp error must be smaller than 256 bytes")
+				}
+				for _, c := range dest.SMTPError {
+					if c < ' ' || c >= 0x7f {
+						addDestErrorf("smtp error cannot contain contain control characters (including newlines) or non-ascii")
+						break
+					}
+				}
+
+				if dest.Mailbox != "" {
+					addDestErrorf("cannot have both SMTPError and Mailbox")
+				}
+				if len(dest.Rulesets) != 0 {
+					addDestErrorf("cannot have both SMTPError and Rulesets")
+				}
+
+				t := strings.SplitN(dest.SMTPError, " ", 2)
+				switch t[0] {
+				default:
+					addDestErrorf("smtp error must be 421 or 550 (with optional message), not %q", dest.SMTPError)
+
+				case "421":
+					dest.SMTPErrorCode = smtp.C451LocalErr
+					dest.SMTPErrorSecode = smtp.SeSys3Other0
+					dest.SMTPErrorMsg = "error processing"
+				case "550":
+					dest.SMTPErrorCode = smtp.C550MailboxUnavail
+					dest.SMTPErrorSecode = smtp.SeAddr1UnknownDestMailbox1
+					dest.SMTPErrorMsg = "no such user(s)"
+				}
+				if len(t) > 1 {
+					dest.SMTPErrorMsg = strings.TrimSpace(t[1])
+				}
+				acc.Destinations[addrName] = dest
+			}
+
 			for i, rs := range dest.Rulesets {
 				addRulesetErrorf := func(format string, args ...any) {
 					addDestErrorf("ruleset %d: %s", i+1, fmt.Sprintf(format, args...))

smtpserver/server.go

@@ -1919,12 +1919,14 @@ func (c *conn) cmdRcpt(p *parser) {
 			xsmtpUserErrorf(smtp.C550MailboxUnavail, smtp.SeAddr1UnknownDestMailbox1, "not accepting email for ip")
 		}
 		c.recipients = append(c.recipients, recipient{fpath, nil, nil})
-	} else if accountName, alias, canonical, addr, err := mox.LookupAddress(fpath.Localpart, fpath.IPDomain.Domain, true, true); err == nil {
+	} else if accountName, alias, canonical, dest, err := mox.LookupAddress(fpath.Localpart, fpath.IPDomain.Domain, true, true); err == nil {
 		// note: a bare postmaster, without domain, is handled by LookupAddress. ../rfc/5321:735
 		if alias != nil {
 			c.recipients = append(c.recipients, recipient{fpath, nil, &rcptAlias{*alias, canonical}})
+		} else if dest.SMTPError != "" {
+			xsmtpServerErrorf(codes{dest.SMTPErrorCode, dest.SMTPErrorSecode}, dest.SMTPErrorMsg)
 		} else {
-			c.recipients = append(c.recipients, recipient{fpath, &rcptAccount{accountName, addr, canonical}, nil})
+			c.recipients = append(c.recipients, recipient{fpath, &rcptAccount{accountName, dest, canonical}, nil})
 		}
 
 	} else if Localserve {

smtpserver/server_test.go

@@ -2086,5 +2086,25 @@ test email
 		_, err = client.DeliverMultiple(ctxbg, mailFrom, rcptTo, int64(len(extraMsg)), strings.NewReader(extraMsg), true, true, false)
 		ts.smtpErr(err, &smtpclient.Error{Permanent: true, Code: smtp.C554TransactionFailed, Secode: smtp.SeProto5TooManyRcpts3})
 	})
+}
+
+// TestDestinationSMTPError checks delivery to a destination with an SMTPError is rejected as configured.
+func TestDestinationSMTPError(t *testing.T) {
+	resolver := dns.MockResolver{
+		A: map[string][]string{
+			"example.org.": {"127.0.0.10"}, // For mx check.
+		},
+	}
 
+	ts := newTestServer(t, filepath.FromSlash("../testdata/smtp/mox.conf"), resolver)
+	defer ts.close()
+
+	ts.run(func(err error, client *smtpclient.Client) {
+		t.Helper()
+		tcheck(t, err, "init client")
+		mailFrom := "[email protected]"
+		rcptTo := "[email protected]"
+		err = client.Deliver(ctxbg, mailFrom, rcptTo, int64(len(deliverMessage)), strings.NewReader(deliverMessage), false, false, false)
+		ts.smtpErr(err, &smtpclient.Error{Permanent: true, Code: smtp.C550MailboxUnavail, Secode: smtp.SeAddr1UnknownDestMailbox1})
+	})
 }

testdata/smtp/domains.conf

@@ -24,6 +24,8 @@ Accounts:
 			# ohm sign, \u2126
 			Ω@mox.example: nil
 			mó[email protected]: nil
+			[email protected]:
+				SMTPError: 550 no more messages
 		JunkFilter:
 			Threshold: 0.9
 			Params: