add "Fail" transport, that immediately fails delivery

allows configs that prevent outgoing deliveries (globally, per domain, or per account) from/to certain domains. for issue #347
2025-07-15 21:24:35 +03:00 · 2025-05-15 17:59:49 +02:00
parent 91bfff220e
commit bb438488c5
7 changed files with 123 additions and 4 deletions
--- a/config/config.go
+++ b/config/config.go
@ -235,6 +235,7 @@ type Transport struct {
 	SMTP        *TransportSMTP   `sconf:"optional" sconf-doc:"SMTP over a plain connection (possibly with STARTTLS), typically for old-fashioned unauthenticated relaying to a remote queue."`
 	Socks       *TransportSocks  `sconf:"optional" sconf-doc:"Like regular direct delivery, but makes outgoing connections through a SOCKS proxy."`
 	Direct      *TransportDirect `sconf:"optional" sconf-doc:"Like regular direct delivery, but allows to tweak outgoing connections."`
+	Fail        *TransportFail   `sconf:"optional" sconf-doc:"Immediately fails the delivery attempt."`
 }

 // TransportSMTP delivers messages by "submission" (SMTP, typically
@ -278,6 +279,16 @@ type TransportDirect struct {
 	IPFamily string `sconf:"-" json:"-"`
 }

+// TransportFail is a transport that fails all delivery attempts.
+type TransportFail struct {
+	SMTPCode    int    `sconf:"optional" sconf-doc:"SMTP error code and optional enhanced error code to use for the failure. If empty, 554 is used (transaction failed)."`
+	SMTPMessage string `sconf:"optional" sconf-doc:"Message to include for the rejection. It will be shown in the DSN."`
+
+	// Effective values to use, set when parsing.
+	Code    int    `sconf:"-"`
+	Message string `sconf:"-"`
+}
+
 type Domain struct {
 	Disabled                    bool             `sconf:"optional" sconf-doc:"Disabled domains can be useful during/before migrations. Domains that are disabled can still be configured like normal, including adding addresses using the domain to accounts. However, disabled domains: 1. Do not try to fetch ACME certificates. TLS connections to host names involving the email domain will fail. A TLS certificate for the hostname (that wil be used as MX) itself will be requested. 2. Incoming deliveries over SMTP are rejected with a temporary error '450 4.2.1 recipient domain temporarily disabled'. 3. Submissions over SMTP using an (envelope) SMTP MAIL FROM address or message 'From' address of a disabled domain will be rejected with a temporary error '451 4.3.0 sender domain temporarily disabled'. Note that accounts with addresses at disabled domains can still log in and read email (unless the account itself is disabled)."`
 	Description                 string           `sconf:"optional" sconf-doc:"Free-form description of domain."`
--- a/config/doc.go
+++ b/config/doc.go
@ -725,6 +725,16 @@ See https://pkg.go.dev/github.com/mjl-/sconf for details.
 				# remote SMTP servers. (optional)
 				DisableIPv6: false

+			# Immediately fails the delivery attempt. (optional)
+			Fail:
+
+				# SMTP error code and optional enhanced error code to use for the failure. If
+				# empty, 554 is used (transaction failed). (optional)
+				SMTPCode: 0
+
+				# Message to include for the rejection. It will be shown in the DSN. (optional)
+				SMTPMessage:
+
 	# Do not send DMARC reports (aggregate only). By default, aggregate reports on
 	# DMARC evaluations are sent to domains if their DMARC policy requests them.
 	# Reports are sent at whole hours, with a minimum of 1 hour and maximum of 24