From e87b1e716822be0d4a920c71acab13ac7855f0f5 Mon Sep 17 00:00:00 2001
From: Bernhard Froehlich <decke@bluelife.at>
Date: Thu, 20 Dec 2018 13:52:19 +0000
Subject: [PATCH] Implement authentication checker against a plaintext file

---
 main.go        | 30 ++++++++++++++++++++++++++++++
 smtp-proxy.ini |  5 +++++
 2 files changed, 35 insertions(+)

diff --git a/main.go b/main.go
index b163871..3a9d709 100644
--- a/main.go
+++ b/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"bufio"
 	"crypto/tls"
 	"flag"
 	"fmt"
@@ -32,6 +33,7 @@ var (
 	allowedNets = flag.String("allowed_nets", "127.0.0.1/8 ::1/128", "Networks allowed to send mails")
 	allowedSender = flag.String("allowed_sender", "", "Regular expression for valid FROM EMail adresses")
 	allowedRecipients = flag.String("allowed_recipients", "", "Regular expression for valid TO EMail adresses")
+	allowedUsers = flag.String("allowed_users", "", "Path to file with valid users/passwords")
 	remoteHost = flag.String("remote_host", "smtp.gmail.com:587", "Outgoing SMTP server")
 	remoteUser = flag.String("remote_user", "", "Username for authentication on outgoing SMTP server")
 	remotePass = flag.String("remote_pass", "", "Password for authentication on outgoing SMTP server")
@@ -87,6 +89,30 @@ func recipientChecker(peer smtpd.Peer, addr string) error {
 	}
 }
 
+func authChecker(peer smtpd.Peer, username string, password string) error {
+	file, err := os.Open(*allowedUsers)
+	if err != nil {
+		log.Printf("User file not found %v", err)
+		return smtpd.Error{Code: 552, Message: "Denied"}
+	}
+	defer file.Close()
+
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		parts := strings.Fields(scanner.Text())
+
+		if len(parts) != 2 {
+			continue
+		}
+
+		if username == parts[0] && password == parts[1] {
+			return nil
+		}
+	}
+
+	return smtpd.Error{Code: 552, Message: "Denied"}
+}
+
 func mailHandler(peer smtpd.Peer, env smtpd.Envelope) error {
 
 	var auth smtp.Auth
@@ -144,6 +170,10 @@ func main() {
 			ProtocolLogger:    log.New(logwriter, "INBOUND: ", log.Lshortfile),
 		}
 
+		if *allowedUsers != "" {
+			server.Authenticator = authChecker
+		}
+
 		if strings.Index(listeners[i], "://") == -1 {
 			log.Printf("Listen on %s ...\n", listener)
 			go server.ListenAndServe(listener)
diff --git a/smtp-proxy.ini b/smtp-proxy.ini
index 0245fca..c5c53c8 100644
--- a/smtp-proxy.ini
+++ b/smtp-proxy.ini
@@ -35,6 +35,11 @@
 ; Example: ^(.*)@localhost.localdomain$
 ;allowed_recipients =
 
+; File which contains username and password used for
+; authentication before they can send mail.
+; File format: username password
+;allowed_users =
+
 ; Relay all mails to this SMTP server
 
 ; GMail