From 2d08befb6b00b21eb80fe8caf72c00aa62babfa6 Mon Sep 17 00:00:00 2001
From: tcastron <thomascastronovo@icloud.com>
Date: Tue, 29 Nov 2022 17:41:10 +0100
Subject: [PATCH] Modified "SMTP From" field to avoid SMTP server errors with
 RFC 5321 (#2669)

Co-authored-by: Thomas Castronovo <thocastronovo@cic.be>
---
 models/maillog_test.go          |  2 +-
 models/smtp.go                  | 13 +++++++++++++
 models/smtp_test.go             | 28 +++++++++++++++++++++++++---
 templates/sending_profiles.html |  2 +-
 4 files changed, 40 insertions(+), 5 deletions(-)

diff --git a/models/maillog_test.go b/models/maillog_test.go
index 88619f93..54895413 100644
--- a/models/maillog_test.go
+++ b/models/maillog_test.go
@@ -284,7 +284,7 @@ func (s *ModelsSuite) TestMailLogGenerateOverrideTransparencyHeaders(ch *check.C
 	smtp := SMTP{
 		Name:        "Test SMTP",
 		Host:        "1.1.1.1:25",
-		FromAddress: "Foo Bar <foo@example.com>",
+		FromAddress: "foo@example.com",
 		UserId:      1,
 		Headers: []Header{
 			Header{Key: "X-Gophish-Contact", Value: ""},
diff --git a/models/smtp.go b/models/smtp.go
index cd4d4e23..aeedce42 100644
--- a/models/smtp.go
+++ b/models/smtp.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"net/mail"
 	"os"
+	"regexp"
 	"strconv"
 	"strings"
 	"time"
@@ -57,6 +58,10 @@ type Header struct {
 // specified in the SMTP configuration
 var ErrFromAddressNotSpecified = errors.New("No From Address specified")
 
+// ErrInvalidFromAddress is thrown when the SMTP From field in the sending
+// profiles containes a value that is not an email address
+var ErrInvalidFromAddress = errors.New("Invalid SMTP From address because it is not an email address")
+
 // ErrHostNotSpecified is thrown when there is no Host specified
 // in the SMTP configuration
 var ErrHostNotSpecified = errors.New("No SMTP Host specified")
@@ -76,6 +81,8 @@ func (s *SMTP) Validate() error {
 		return ErrFromAddressNotSpecified
 	case s.Host == "":
 		return ErrHostNotSpecified
+	case !validateFromAddress(s.FromAddress):
+		return ErrInvalidFromAddress
 	}
 	_, err := mail.ParseAddress(s.FromAddress)
 	if err != nil {
@@ -95,6 +102,12 @@ func (s *SMTP) Validate() error {
 	return err
 }
 
+// validateFromAddress validates
+func validateFromAddress(email string) bool {
+	r, _ := regexp.Compile("^([a-zA-Z0-9_\\-\\.]+)@([a-zA-Z0-9_\\-\\.]+)\\.([a-zA-Z]{2,5})$")
+	return r.MatchString(email)
+}
+
 // GetDialer returns a dialer for the given SMTP profile
 func (s *SMTP) GetDialer() (mailer.Dialer, error) {
 	// Setup the message and dial
diff --git a/models/smtp_test.go b/models/smtp_test.go
index b559c282..f4f1ab60 100644
--- a/models/smtp_test.go
+++ b/models/smtp_test.go
@@ -12,7 +12,7 @@ func (s *ModelsSuite) TestPostSMTP(c *check.C) {
 	smtp := SMTP{
 		Name:        "Test SMTP",
 		Host:        "1.1.1.1:25",
-		FromAddress: "Foo Bar <foo@example.com>",
+		FromAddress: "foo@example.com",
 		UserId:      1,
 	}
 	err := PostSMTP(&smtp)
@@ -25,7 +25,7 @@ func (s *ModelsSuite) TestPostSMTP(c *check.C) {
 func (s *ModelsSuite) TestPostSMTPNoHost(c *check.C) {
 	smtp := SMTP{
 		Name:        "Test SMTP",
-		FromAddress: "Foo Bar <foo@example.com>",
+		FromAddress: "foo@example.com",
 		UserId:      1,
 	}
 	err := PostSMTP(&smtp)
@@ -42,12 +42,34 @@ func (s *ModelsSuite) TestPostSMTPNoFrom(c *check.C) {
 	c.Assert(err, check.Equals, ErrFromAddressNotSpecified)
 }
 
-func (s *ModelsSuite) TestPostSMTPValidHeader(c *check.C) {
+func (s *ModelsSuite) TestPostInvalidFrom(c *check.C) {
 	smtp := SMTP{
 		Name:        "Test SMTP",
 		Host:        "1.1.1.1:25",
 		FromAddress: "Foo Bar <foo@example.com>",
 		UserId:      1,
+	}
+	err := PostSMTP(&smtp)
+	c.Assert(err, check.Equals, ErrInvalidFromAddress)
+}
+
+func (s *ModelsSuite) TestPostInvalidFromEmail(c *check.C) {
+	smtp := SMTP{
+		Name:        "Test SMTP",
+		Host:        "1.1.1.1:25",
+		FromAddress: "example.com",
+		UserId:      1,
+	}
+	err := PostSMTP(&smtp)
+	c.Assert(err, check.Equals, ErrInvalidFromAddress)
+}
+
+func (s *ModelsSuite) TestPostSMTPValidHeader(c *check.C) {
+	smtp := SMTP{
+		Name:        "Test SMTP",
+		Host:        "1.1.1.1:25",
+		FromAddress: "foo@example.com",
+		UserId:      1,
 		Headers: []Header{
 			Header{Key: "Reply-To", Value: "test@example.com"},
 			Header{Key: "X-Mailer", Value: "gophish"},
diff --git a/templates/sending_profiles.html b/templates/sending_profiles.html
index d68cc867..fd9a3ec8 100644
--- a/templates/sending_profiles.html
+++ b/templates/sending_profiles.html
@@ -52,7 +52,7 @@
                         <input type="text" class="form-control" value="SMTP" id="interface_type" disabled />
                         <label class="control-label" for="from">SMTP From: <i class="fa fa-question-circle"
                                 data-toggle="tooltip" data-placement="right" title="Set this to an email address from your sending domain to bypass SPF-checks. You can set the Envelope Sender in Email Templates. The Envelope Sender is shown to the user."></i></label>
-                        <input type="text" class="form-control" placeholder="First Last <test@example.com>" id="from"
+                        <input type="text" class="form-control" placeholder="test@example.com" id="from"
                             required />
                         <label class="control-label" for="host">Host:</label>
                         <input type="text" class="form-control" placeholder="smtp.example.com:25" id="host" required />