mod_smtp_delivery_external: Ignore local mailboxes in exists handler.

Explicitly ignore handling mail where tolocal is true (mail is
destined for a local mailbox). Previously, this was not done, and
for mail received from another server, mod_smtp_delivery_external
would return 1 if the sending server was authorized to receive mail.
However, this should only be done for egressing mail, not for
ingressing mail (in particular, if it is to a local mailbox, it is
not egressing). The deliver handler correctly ignored this, but the
exists handler did not, which resulted in a scenario where RCPT TO
would return success but DATA would fail with a temporary failure
code, even though a permanent failure could should have been returned
immediately.

modules/mod_smtp_delivery_external.c

@@ -1940,6 +1940,10 @@ static int exists(struct smtp_session *smtp, struct smtp_response *resp, const c
 	UNUSED(user);
 	UNUSED(domain);
 
+	if (tolocal) {
+		return 0; /* We are not the right handler for local mail */
+	}
+
 	if (smtp_is_exempt_relay(smtp)) {
 		/* Allow an external host to relay messages for a domain if it's explicitly authorized to. */
 		bbs_debug(2, "%s is explicitly authorized to relay mail from %s\n", smtp_sender_ip(smtp), smtp_from_domain(smtp));

modules/mod_smtp_delivery_local.c

@@ -50,15 +50,18 @@ static int exists(struct smtp_session *smtp, struct smtp_response *resp, const c
 	if (!mbox) {
 		return 0;
 	}
+
 	/* Mailbox exists, great! */
+
 	if (!fromlocal && minpriv_relay_in) {
+		/* Check if user is authorized to receive mail from external senders */
 		int userpriv = bbs_user_priv_from_userid((unsigned int) mailbox_id(mbox));
 		if (userpriv < minpriv_relay_in) {
 			smtp_abort(resp, 550, 5.1.1, "User unauthorized to receive external mail");
 			return -1;
 		}
 	}
-	/* It's a submission of outgoing mail, do no further validation here. */
+	/* If a a submission of outgoing mail, do no further validation here. */
 	return 1;
 }