From 1740b558d76c5b4e0045cff25cd3312c56b1beaf Mon Sep 17 00:00:00 2001
From: InterLinked1 <24227567+InterLinked1@users.noreply.github.com>
Date: Tue, 31 Dec 2024 10:58:33 -0500
Subject: [PATCH] mod_mail: Fix alias resolution.

* mod_mail: Always resolve aliases case-insensitively.
* mod_mail: Allow wildcard user matches for aliases.
* net_smtp: Don't emit warning for partial wildcard (wildcard user but
  not domain) authorized sender, only full wildcards (user and domain).
---
 modules/mod_mail.c | 26 ++++++++++++++++++--------
 nets/net_smtp.c    |  2 +-
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/modules/mod_mail.c b/modules/mod_mail.c
index 58d752f..4a2a2a8 100644
--- a/modules/mod_mail.c
+++ b/modules/mod_mail.c
@@ -459,14 +459,24 @@ static const char *resolve_alias(const char *user, const char *domain)
 
 	RWLIST_RDLOCK(&aliases);
 	RWLIST_TRAVERSE(&aliases, alias, entry) {
-		/* RFC 5321 4.5.1: postmaster match must be case-insensitive.
-		 * We allow all other matches to be made case-sensitively. */
-		if (!strcmp(alias->aliasuser, user) || (!strcmp(alias->aliasuser, "postmaster") && !strcasecmp(user, "postmaster"))) {
-			/* Unqualified match, or domain must match */
-			if (!alias->aliasdomain || (domain && !strcmp(alias->aliasdomain, domain))) {
-				retval = alias->target; /* Safe to return in practice since aliases cannot be unloaded while the module is running */
-				break;
-			}
+		int user_match;
+		if (!strcmp(alias->aliasuser, "*")) {
+			user_match = 1; /* Match like '*@example.com' */
+		} else if (!strcasecmp(alias->aliasuser, "postmaster")) {
+			/* RFC 5321 4.5.1: postmaster match must be case-insensitive.
+			 * All other matches could be case-sensitive,
+			 * but we also make them case-insensitively for compatibility. */
+			user_match = !strcasecmp(user, "postmaster");
+		} else {
+			user_match = !strcasecmp(alias->aliasuser, user); /* Explicit user match */
+		}
+		if (!user_match) {
+			continue;
+		}
+		/* Unqualified match, or domain must match */
+		if (!alias->aliasdomain || (domain && !strcasecmp(alias->aliasdomain, domain))) {
+			retval = alias->target; /* Safe to return in practice since aliases cannot be unloaded while the module is running */
+			break;
 		}
 	}
 	RWLIST_UNLOCK(&aliases);
diff --git a/nets/net_smtp.c b/nets/net_smtp.c
index e636dc6..a25f5a6 100644
--- a/nets/net_smtp.c
+++ b/nets/net_smtp.c
@@ -274,7 +274,7 @@ static void add_authorized_identity(const char *username, const char *identities
 {
 	struct smtp_authorized_identity *i;
 
-	if (STARTS_WITH(identities, "*")) {
+	if (!strcmp(identities, "*")) {
 		bbs_notice("This server is configured as an open mail relay for user '%s' and may be abused!\n", username);
 	}