d-b.ca/smtprelay
2
0
Fork 0
forked from drew/smtprelay
Code Pull Requests Activity

Compare commits

base: d-b.ca:add-service
Branches Tags
d-b.ca:master d-b.ca:docker d-b.ca:add-service
d-b.ca:v1.13.0 d-b.ca:v1.12.0 d-b.ca:v1.11.2 d-b.ca:v1.11.1 d-b.ca:v1.11.0 d-b.ca:v1.10.0 d-b.ca:v1.9.0 d-b.ca:v1.8.0 d-b.ca:v1.7.0 d-b.ca:v1.6.0 d-b.ca:v1.5.0 d-b.ca:v1.4.0 d-b.ca:v1.3.0 d-b.ca:v1.2.0 d-b.ca:v1.1.0 d-b.ca:v1.0.1 d-b.ca:v1.0.0 drew:v1.13.0 drew:v1.12.0 drew:v1.11.2 drew:v1.11.1 drew:v1.11.0 drew:v1.10.0 drew:v1.9.0 drew:v1.8.0 drew:v1.7.0 drew:v1.6.0 drew:v1.5.0 drew:v1.4.0 drew:v1.3.0 drew:v1.2.0 drew:v1.1.0 drew:v1.0.1 drew:v1.0.0
...
compare: d-b.ca:v1.6.0
Branches Tags
d-b.ca:docker d-b.ca:master d-b.ca:add-service drew:master drew:add-service
d-b.ca:v1.13.0 d-b.ca:v1.12.0 d-b.ca:v1.11.2 d-b.ca:v1.11.1 d-b.ca:v1.11.0 d-b.ca:v1.10.0 d-b.ca:v1.9.0 d-b.ca:v1.8.0 d-b.ca:v1.7.0 d-b.ca:v1.6.0 d-b.ca:v1.5.0 d-b.ca:v1.4.0 d-b.ca:v1.3.0 d-b.ca:v1.2.0 d-b.ca:v1.1.0 d-b.ca:v1.0.1 d-b.ca:v1.0.0 drew:v1.13.0 drew:v1.12.0 drew:v1.11.2 drew:v1.11.1 drew:v1.11.0 drew:v1.10.0 drew:v1.9.0 drew:v1.8.0 drew:v1.7.0 drew:v1.6.0 drew:v1.5.0 drew:v1.4.0 drew:v1.3.0 drew:v1.2.0 drew:v1.1.0 drew:v1.0.1 drew:v1.0.0

8 Commits
add-servic ... v1.6.0

Author SHA1 Message Date
Bernhard Froehlich
7b199cc6ae Bump Go version for CI builds to 1.16 2021-04-02 18:51:23 +00:00
Bernhard Froehlich
184d5f8611 Bump Go version for builds to 1.16.3 2021-04-02 18:49:53 +00:00
Bernhard Fröhlich
9e8b5517a6 Merge pull request #27 from decke/26-tls-reqd-for-auth 
Don't allow configuration requiring authentication with non-TLS listener
 2021-04-02 20:41:38 +02:00
Bernhard Fröhlich
65f0cfcfbd Merge pull request #28 from decke/dependabot/github_actions/wangyoucao577/go-release-action-v1.16 
Bump wangyoucao577/go-release-action from v1.15 to v1.16
 2021-04-02 20:29:02 +02:00
dependabot[bot]
410c70d86f Bump wangyoucao577/go-release-action from v1.15 to v1.16 
Bumps [wangyoucao577/go-release-action](https://github.com/wangyoucao577/go-release-action) from v1.15 to v1.16.
- [Release notes](https://github.com/wangyoucao577/go-release-action/releases)
- [Commits](https://github.com/wangyoucao577/go-release-action/compare/v1.15...d00bb7360b2dd6a39f1a7ca198b8289582eee2df)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-01 07:35:56 +00:00
Jonathon Reinhart
247d187576 Don't allow a configuration requiring auth with a non-TLS listener 
This fixes #26
 2021-04-01 01:12:34 -04:00
Jonathon Reinhart
45a676e274 Add localAuthRequired() helper function 
This just makes the configuration state a little more obvious.
 2021-04-01 01:12:34 -04:00
Jonathon Reinhart
ca1ccd85e3 Refactor parsing of -listen string out into separate config function 
This makes the "for each listen address" loop in main() look even cleaner.
 2021-04-01 01:12:34 -04:00
5 changed files with 110 additions and 30 deletions
Expand all files Collapse all files

4
.github/workflows/go.yml vendored
View File

@@ -7,10 +7,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Set up Go 1.15
- name: Set up Go 1.16
uses: actions/setup-go@v2.1.3
with:
go-version: 1.15
go-version: 1.16
id: go
- name: Check out code into the Go module directory

4
.github/workflows/release.yaml vendored
View File

@@ -20,11 +20,11 @@ jobs:
- name: Set BUILD_TIME env
run: echo BUILD_TIME=$(date) >> ${GITHUB_ENV}
- uses: wangyoucao577/go-release-action@v1.15
- uses: wangyoucao577/go-release-action@v1.16
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
goos: ${{ matrix.goos }}
goarch: ${{ matrix.goarch }}
goversion: "https://golang.org/dl/go1.15.8.linux-amd64.tar.gz"
goversion: "https://golang.org/dl/go1.16.3.linux-amd64.tar.gz"
extra_files: LICENSE README.md smtprelay.ini
ldflags: -s -w -X "main.appVersion=${{ env.APP_VERSION }}" -X "main.buildTime=${{ env.BUILD_TIME }}"

44
config.go
View File

@@ -3,8 +3,9 @@ package main
import (
"flag"
"net"
"regexp"
"net/smtp"
"regexp"
"strings"
"github.com/vharitonsky/iniflags"
"github.com/sirupsen/logrus"
@@ -21,7 +22,8 @@ var (
logLevel = flag.String("log_level", "info", "Minimum log level to output")
hostName = flag.String("hostname", "localhost.localdomain", "Server hostname")
welcomeMsg = flag.String("welcome_msg", "", "Welcome message for SMTP session")
listen = flag.String("listen", "127.0.0.1:25 [::1]:25", "Address and port to listen for incoming SMTP")
listenStr = flag.String("listen", "127.0.0.1:25 [::1]:25", "Address and port to listen for incoming SMTP")
listenAddrs = []protoAddr{}
localCert = flag.String("local_cert", "", "SSL certificate for STARTTLS/TLS")
localKey = flag.String("local_key", "", "SSL private key for STARTTLS/TLS")
localForceTLS = flag.Bool("local_forcetls", false, "Force STARTTLS (needs local_cert and local_key)")
@@ -41,6 +43,10 @@ var (
versionInfo = flag.Bool("version", false, "Show version information")
)
func localAuthRequired() bool {
return *allowedUsers != ""
}
func setupAllowedNetworks() {
for _, netstr := range splitstr(*allowedNetsStr, ' ') {
@@ -130,6 +136,39 @@ func setupRemoteAuth() {
}
}
type protoAddr struct {
protocol string
address string
}
func splitProto(s string) protoAddr {
idx := strings.Index(s, "://")
if idx == -1 {
return protoAddr {
address: s,
}
}
return protoAddr {
protocol: s[0 : idx],
address: s[idx+3 : len(s)],
}
}
func setupListeners() {
for _, listenAddr := range strings.Split(*listenStr, " ") {
pa := splitProto(listenAddr)
if localAuthRequired() && pa.protocol == "" {
log.WithField("address", pa.address).
Fatal("Local authentication (via allowed_users file) " +
"not allowed with non-TLS listener")
}
listenAddrs = append(listenAddrs, pa)
}
}
func ConfigLoad() {
iniflags.Parse()
@@ -143,4 +182,5 @@ func ConfigLoad() {
setupAllowedNetworks()
setupAllowedPatterns()
setupRemoteAuth()
setupListeners()
}

44
config_test.go Normal file
View File

@@ -0,0 +1,44 @@
package main
import (
"testing"
)
func TestSplitProto(t *testing.T) {
var tests = []struct {
input string
proto string
addr string
}{
{
input: "localhost",
proto: "",
addr: "localhost",
},
{
input: "tls://my.local.domain",
proto: "tls",
addr: "my.local.domain",
},
{
input: "starttls://my.local.domain",
proto: "starttls",
addr: "my.local.domain",
},
}
for i, test := range tests {
testName := test.input
t.Run(testName, func(t *testing.T) {
pa := splitProto(test.input)
if pa.protocol != test.proto {
t.Errorf("Testcase %d: Incorrect proto: expected %v, got %v",
i, test.proto, pa.protocol)
}
if pa.address != test.addr {
t.Errorf("Testcase %d: Incorrect addr: expected %v, got %v",
i, test.addr, pa.address)
}
})
}
}

44
main.go
View File

@@ -81,7 +81,7 @@ func addrAllowed(addr string, allowedAddrs []string) bool {
func senderChecker(peer smtpd.Peer, addr string) error {
// check sender address from auth file if user is authenticated
if *allowedUsers != "" && peer.Username != "" {
if localAuthRequired() && peer.Username != "" {
user, err := AuthFetch(peer.Username)
if err != nil {
// Shouldn't happen: authChecker already validated username+password
@@ -276,7 +276,7 @@ func main() {
Debug("starting smtprelay")
// Load allowed users file
if *allowedUsers != "" {
if localAuthRequired() {
err := AuthLoadFile(*allowedUsers)
if err != nil {
log.WithField("file", *allowedUsers).
@@ -288,7 +288,9 @@ func main() {
var servers []*smtpd.Server
// Create a server for each desired listen address
for _, listenAddr := range strings.Split(*listen, " ") {
for _, listen := range listenAddrs {
logger := log.WithField("address", listen.address)
server := &smtpd.Server{
Hostname: *hostName,
WelcomeMessage: *welcomeMsg,
@@ -298,44 +300,38 @@ func main() {
Handler: mailHandler,
}
if *allowedUsers != "" {
if localAuthRequired() {
server.Authenticator = authChecker
}
var lsnr net.Listener
var err error
if strings.Index(listenAddr, "://") == -1 {
log.WithField("address", listenAddr).
Info("listening on address")
lsnr, err = net.Listen("tcp", listenAddr)
} else if strings.HasPrefix(listenAddr, "starttls://") {
listenAddr = strings.TrimPrefix(listenAddr, "starttls://")
switch listen.protocol {
case "":
logger.Info("listening on address")
lsnr, err = net.Listen("tcp", listen.address)
case "starttls":
server.TLSConfig = getTLSConfig()
server.ForceTLS = *localForceTLS
log.WithField("address", listenAddr).
Info("listening on address (STARTTLS)")
lsnr, err = net.Listen("tcp", listenAddr)
} else if strings.HasPrefix(listenAddr, "tls://") {
listenAddr = strings.TrimPrefix(listenAddr, "tls://")
logger.Info("listening on address (STARTTLS)")
lsnr, err = net.Listen("tcp", listen.address)
case "tls":
server.TLSConfig = getTLSConfig()
log.WithField("address", listenAddr).
Info("listening on address (TLS)")
lsnr, err = tls.Listen("tcp", listenAddr, server.TLSConfig)
} else {
log.WithField("address", listenAddr).
logger.Info("listening on address (TLS)")
lsnr, err = tls.Listen("tcp", listen.address, server.TLSConfig)
default:
logger.WithField("protocol", listen.protocol).
Fatal("unknown protocol in listen address")
}
if err != nil {
log.WithFields(logrus.Fields{
"address": listenAddr,
}).WithError(err).Fatal("error starting listener")
logger.WithError(err).Fatal("error starting listener")
}
servers = append(servers, server)