From 5a757e722a9a2323cad5ea931db4cd874c2be19b Mon Sep 17 00:00:00 2001
From: Charlie Smurthwaite <charlie@atechmedia.com>
Date: Wed, 10 May 2017 11:47:13 +0100
Subject: [PATCH] remove AUTH= paramater from "MAIL FROM" before processing

---
 lib/postal/smtp_server/client.rb | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/postal/smtp_server/client.rb b/lib/postal/smtp_server/client.rb
index d6e3aa5..bc395fa 100644
--- a/lib/postal/smtp_server/client.rb
+++ b/lib/postal/smtp_server/client.rb
@@ -236,7 +236,14 @@ module Postal
 
         @state = :mail_from_received
         transaction_reset
-        @mail_from = data.gsub(/MAIL FROM\s*:\s*/i, '').gsub(/.*</, '').gsub(/>.*/, '').strip
+        if data =~ /AUTH=/
+          # Discard AUTH= parameter and anything that follows.
+          # We don't need this parameter as we don't trust any client to set it
+          mail_from_line = data.sub(/ *AUTH=.*/, '')
+        else
+          mail_from_line = data
+        end
+        @mail_from = mail_from_line.gsub(/MAIL FROM\s*:\s*/i, '').gsub(/.*</, '').gsub(/>.*/, '').strip
         '250 OK'
       end