Add support for TLS and STARTTLS

2018-12-10 10:34:31 +00:00
parent 7b4a51d62c
commit f756ca0c98
2 changed files with 21 additions and 1 deletions
--- a/main.go
+++ b/main.go
@@ -1,8 +1,10 @@
 package main

 import (
+	"crypto/tls"
 	"flag"
 	"fmt"
+	"log"
 	"net/smtp"

 	"github.com/chrj/smtpd"
@@ -14,6 +16,9 @@ var (
 	welcomeMsg = flag.String("welcome_msg", "", "Welcome message for SMTP session")
 	localHost  = flag.String("local_host", "localhost", "Address to listen for incoming SMTP")
 	localPort  = flag.Int("local_port", 25, "Port to listen")
+	localForceTLS = flag.Bool("local_forcetls", false, "Force STARTTLS (needs local_cert and local_key)")
+	localCert  = flag.String("local_cert", "", "SSL certificate for STARTTLS/TLS")
+	localKey   = flag.String("local_key", "", "SSL private key for STARTTLS/TLS")
 	remoteHost = flag.String("remote_host", "smtp.gmail.com", "Outgoing SMTP host")
 	remotePort = flag.Int("remote_port", 587, "Outgoing SMTP port")
 	remoteUser = flag.String("remote_user", "", "Username for authentication on outgoing SMTP server")
@@ -39,6 +44,18 @@ func main() {
 		Hostname:	*hostName,
 		WelcomeMessage: *welcomeMsg,
 		Handler:        handler,
+		ForceTLS:	*localForceTLS,
+	}
+
+	if *localCert != "" && *localKey != "" {
+		cert, err := tls.LoadX509KeyPair(*localCert, *localKey)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		server.TLSConfig = &tls.Config {
+			Certificates: [] tls.Certificate{cert},
+		}
 	}

 	server.ListenAndServe(fmt.Sprintf("%s:%d", *localHost, *localPort))
--- a/smtp-proxy.ini
+++ b/smtp-proxy.ini
@@ -3,8 +3,11 @@
 ;hostname = "localhost.localdomain"
 ;welcome_msg = "<hostname> ESMTP ready."

-;local_host = 127.0.0.1
+;local_host = localhost
 ;local_port = 25
+;local_cert =
+;local_key  =
+;local_forcetls = false

 ;remote_host = smtp.gmail.com
 ;remote_port = 587