parse _MAILBOX_ID_HEADER to handle bounce message

email_handler.py

@@ -490,7 +490,7 @@ def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> (bool, str
             alias.user,
         )
 
-        handle_bounce(contact, alias, msg, user, mailbox_email)
+        handle_bounce(contact, alias, msg, user)
         return False, "550 SL E6"
 
     mailbox: Mailbox = Mailbox.get_by(email=mailbox_email)
@@ -688,9 +688,7 @@ def handle_unknown_mailbox(
     )
 
 
-def handle_bounce(
-    contact: Contact, alias: Alias, msg: Message, user: User, mailbox_email: str
-):
+def handle_bounce(contact: Contact, alias: Alias, msg: Message, user: User):
     address = alias.email
     email_log: EmailLog = EmailLog.create(
         contact_id=contact.id, bounced=True, user_id=contact.user_id
@@ -708,12 +706,28 @@ def handle_bounce(
     full_report_path = f"refused-emails/full-{random_name}.eml"
     s3.upload_email_from_bytesio(full_report_path, BytesIO(msg.as_bytes()), random_name)
 
-    file_path = None
-    if orig_msg:
-        file_path = f"refused-emails/{random_name}.eml"
-        s3.upload_email_from_bytesio(
-            file_path, BytesIO(orig_msg.as_bytes()), random_name
+    if not orig_msg:
+        LOG.error(
+            "Cannot parse original message from bounce message %s %s %s",
+            alias,
+            user,
+            contact,
         )
+        return
+
+    file_path = f"refused-emails/{random_name}.eml"
+    s3.upload_email_from_bytesio(file_path, BytesIO(orig_msg.as_bytes()), random_name)
+    mailbox_id = int(orig_msg[_MAILBOX_ID_HEADER])
+    mailbox = Mailbox.get(mailbox_id)
+    if not mailbox or mailbox.user_id != user.id:
+        LOG.error(
+            "Tampered message mailbox_id %s, %s, %s, %s",
+            mailbox_id,
+            user,
+            alias,
+            contact,
+        )
+        return
 
     refused_email = RefusedEmail.create(
         path=file_path, full_report_path=full_report_path, user_id=user.id
@@ -750,7 +764,7 @@ def handle_bounce(
                 website_email=contact.website_email,
                 disable_alias_link=disable_alias_link,
                 refused_email_url=refused_email_url,
-                mailbox_email=mailbox_email,
+                mailbox_email=mailbox.email,
             ),
             render(
                 "transactional/bounced-email.html",
@@ -759,7 +773,7 @@ def handle_bounce(
                 website_email=contact.website_email,
                 disable_alias_link=disable_alias_link,
                 refused_email_url=refused_email_url,
-                mailbox_email=mailbox_email,
+                mailbox_email=mailbox.email,
             ),
             # cannot include bounce email as it can contain spammy text
             # bounced_email=msg,
@@ -786,7 +800,7 @@ def handle_bounce(
                 alias=alias,
                 website_email=contact.website_email,
                 refused_email_url=refused_email_url,
-                mailbox_email=mailbox_email,
+                mailbox_email=mailbox.email,
             ),
             render(
                 "transactional/automatic-disable-alias.html",
@@ -794,7 +808,7 @@ def handle_bounce(
                 alias=alias,
                 website_email=contact.website_email,
                 refused_email_url=refused_email_url,
-                mailbox_email=mailbox_email,
+                mailbox_email=mailbox.email,
             ),
             # cannot include bounce email as it can contain spammy text
             # bounced_email=msg,