forked from drew/smtprelay
Compare commits
27 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
0ee982ea31 | ||
|
|
287395ad91 | ||
|
3aecd3c6d6 | ||
|
|
f8960053e8 | ||
|
db5512d47b | ||
|
|
fd063ad879 | ||
|
|
85bdd060e3 | ||
|
|
5be6165865 | ||
|
|
b64a34becf | ||
|
|
a2ea5ab49e | ||
|
|
94957d944f | ||
|
|
a5db5e1ff5 | ||
|
|
94776b27d9 | ||
|
|
81bc7addc7 | ||
|
|
e9bfe53f18 | ||
|
|
32032c297c | ||
|
|
53e52de279 | ||
|
|
02810c0a50 | ||
|
|
6b21f52037 | ||
|
|
544bd081ff | ||
|
|
6a28f939de | ||
|
|
f0392bdf09 | ||
|
3f627d3281 | ||
|
|
d8860fc917 | ||
|
|
ebb53ea1b6 | ||
|
|
a5ee525825 | ||
|
|
441a53cfd9 |
2
.github/workflows/codeql-analysis.yml
vendored
2
.github/workflows/codeql-analysis.yml
vendored
@@ -25,7 +25,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
uses: actions/checkout@v2.4.0
|
||||
with:
|
||||
# We must fetch at least the immediate parents so that if this is
|
||||
# a pull request then we can checkout the head.
|
||||
|
||||
8
.github/workflows/go.yml
vendored
8
.github/workflows/go.yml
vendored
@@ -7,14 +7,14 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
- name: Set up Go 1.16
|
||||
uses: actions/setup-go@v2.1.3
|
||||
- name: Set up Go 1.17
|
||||
uses: actions/setup-go@v2.1.4
|
||||
with:
|
||||
go-version: 1.16
|
||||
go-version: 1.17
|
||||
id: go
|
||||
|
||||
- name: Check out code into the Go module directory
|
||||
uses: actions/checkout@v1
|
||||
uses: actions/checkout@v2.4.0
|
||||
|
||||
- name: Get dependencies
|
||||
run: |
|
||||
|
||||
6
.github/workflows/release.yaml
vendored
6
.github/workflows/release.yaml
vendored
@@ -13,18 +13,18 @@ jobs:
|
||||
goos: [freebsd, linux, windows]
|
||||
goarch: ["386", amd64]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/checkout@v2.4.0
|
||||
|
||||
- name: Set APP_VERSION env
|
||||
run: echo APP_VERSION=$(echo ${GITHUB_REF} | rev | cut -d'/' -f 1 | rev ) >> ${GITHUB_ENV}
|
||||
- name: Set BUILD_TIME env
|
||||
run: echo BUILD_TIME=$(date) >> ${GITHUB_ENV}
|
||||
|
||||
- uses: wangyoucao577/go-release-action@v1.16
|
||||
- uses: wangyoucao577/go-release-action@v1.21
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
goos: ${{ matrix.goos }}
|
||||
goarch: ${{ matrix.goarch }}
|
||||
goversion: "https://golang.org/dl/go1.16.3.linux-amd64.tar.gz"
|
||||
goversion: "https://golang.org/dl/go1.17.3.linux-amd64.tar.gz"
|
||||
extra_files: LICENSE README.md smtprelay.ini
|
||||
ldflags: -s -w -X "main.appVersion=${{ env.APP_VERSION }}" -X "main.buildTime=${{ env.BUILD_TIME }}"
|
||||
|
||||
30
config.go
30
config.go
@@ -7,8 +7,8 @@ import (
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
"github.com/vharitonsky/iniflags"
|
||||
"github.com/sirupsen/logrus"
|
||||
"github.com/vharitonsky/iniflags"
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -34,6 +34,7 @@ var (
|
||||
allowedRecipStr = flag.String("allowed_recipients", "", "Regular expression for valid TO EMail addresses")
|
||||
allowedRecipients *regexp.Regexp
|
||||
allowedUsers = flag.String("allowed_users", "", "Path to file with valid users/passwords")
|
||||
command = flag.String("command", "", "Path to pipe command")
|
||||
remoteHost = flag.String("remote_host", "", "Outgoing SMTP server")
|
||||
remoteUser = flag.String("remote_user", "", "Username for authentication on outgoing SMTP server")
|
||||
remotePass = flag.String("remote_pass", "", "Password for authentication on outgoing SMTP server")
|
||||
@@ -47,7 +48,6 @@ func localAuthRequired() bool {
|
||||
return *allowedUsers != ""
|
||||
}
|
||||
|
||||
|
||||
func setupAllowedNetworks() {
|
||||
for _, netstr := range splitstr(*allowedNetsStr, ' ') {
|
||||
baseIP, allowedNet, err := net.ParseCIDR(netstr)
|
||||
@@ -61,7 +61,7 @@ func setupAllowedNetworks() {
|
||||
// meaning the address refers to a host and not a network.
|
||||
if !allowedNet.IP.Equal(baseIP) {
|
||||
log.WithFields(logrus.Fields{
|
||||
"given_net": netstr,
|
||||
"given_net": netstr,
|
||||
"proper_net": allowedNet,
|
||||
}).Fatal("Invalid network in allowed_nets (host bits set)")
|
||||
}
|
||||
@@ -73,7 +73,7 @@ func setupAllowedNetworks() {
|
||||
func setupAllowedPatterns() {
|
||||
var err error
|
||||
|
||||
if (*allowedSenderStr != "") {
|
||||
if *allowedSenderStr != "" {
|
||||
allowedSender, err = regexp.Compile(*allowedSenderStr)
|
||||
if err != nil {
|
||||
log.WithField("allowed_sender", *allowedSenderStr).
|
||||
@@ -82,7 +82,7 @@ func setupAllowedPatterns() {
|
||||
}
|
||||
}
|
||||
|
||||
if (*allowedRecipStr != "") {
|
||||
if *allowedRecipStr != "" {
|
||||
allowedRecipients, err = regexp.Compile(*allowedRecipStr)
|
||||
if err != nil {
|
||||
log.WithField("allowed_recipients", *allowedRecipStr).
|
||||
@@ -92,7 +92,6 @@ func setupAllowedPatterns() {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
func setupRemoteAuth() {
|
||||
logger := log.WithField("remote_auth", *remoteAuthStr)
|
||||
|
||||
@@ -123,7 +122,7 @@ func setupRemoteAuth() {
|
||||
host, _, err := net.SplitHostPort(*remoteHost)
|
||||
if err != nil {
|
||||
logger.WithField("remote_host", *remoteHost).
|
||||
Fatal("Invalid remote_host")
|
||||
Fatal("Invalid remote_host")
|
||||
}
|
||||
|
||||
switch *remoteAuthStr {
|
||||
@@ -144,13 +143,13 @@ type protoAddr struct {
|
||||
func splitProto(s string) protoAddr {
|
||||
idx := strings.Index(s, "://")
|
||||
if idx == -1 {
|
||||
return protoAddr {
|
||||
address: s,
|
||||
return protoAddr{
|
||||
address: s,
|
||||
}
|
||||
}
|
||||
return protoAddr {
|
||||
protocol: s[0 : idx],
|
||||
address: s[idx+3 : len(s)],
|
||||
return protoAddr{
|
||||
protocol: s[0:idx],
|
||||
address: s[idx+3:],
|
||||
}
|
||||
}
|
||||
|
||||
@@ -161,10 +160,9 @@ func setupListeners() {
|
||||
if localAuthRequired() && pa.protocol == "" {
|
||||
log.WithField("address", pa.address).
|
||||
Fatal("Local authentication (via allowed_users file) " +
|
||||
"not allowed with non-TLS listener")
|
||||
"not allowed with non-TLS listener")
|
||||
}
|
||||
|
||||
|
||||
listenAddrs = append(listenAddrs, pa)
|
||||
}
|
||||
}
|
||||
@@ -175,8 +173,8 @@ func ConfigLoad() {
|
||||
// Set up logging as soon as possible
|
||||
setupLogger()
|
||||
|
||||
if (*remoteHost == "") {
|
||||
log.Warn("remote_host not set; mail will not be forwarded!")
|
||||
if *remoteHost == "" && *command == "" {
|
||||
log.Warn("no remote_host or command set; mail will not be forwarded!")
|
||||
}
|
||||
|
||||
setupAllowedNetworks()
|
||||
|
||||
@@ -6,24 +6,24 @@ import (
|
||||
|
||||
func TestSplitProto(t *testing.T) {
|
||||
var tests = []struct {
|
||||
input string
|
||||
proto string
|
||||
addr string
|
||||
input string
|
||||
proto string
|
||||
addr string
|
||||
}{
|
||||
{
|
||||
input: "localhost",
|
||||
proto: "",
|
||||
addr: "localhost",
|
||||
input: "localhost",
|
||||
proto: "",
|
||||
addr: "localhost",
|
||||
},
|
||||
{
|
||||
input: "tls://my.local.domain",
|
||||
proto: "tls",
|
||||
addr: "my.local.domain",
|
||||
input: "tls://my.local.domain",
|
||||
proto: "tls",
|
||||
addr: "my.local.domain",
|
||||
},
|
||||
{
|
||||
input: "starttls://my.local.domain",
|
||||
proto: "starttls",
|
||||
addr: "my.local.domain",
|
||||
input: "starttls://my.local.domain",
|
||||
proto: "starttls",
|
||||
addr: "my.local.domain",
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
4
go.mod
4
go.mod
@@ -1,8 +1,8 @@
|
||||
module github.com/decke/smtprelay
|
||||
|
||||
require (
|
||||
github.com/chrj/smtpd v0.3.0
|
||||
github.com/google/uuid v1.2.0
|
||||
github.com/chrj/smtpd v0.3.1
|
||||
github.com/google/uuid v1.3.0
|
||||
github.com/sirupsen/logrus v1.8.1
|
||||
github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de
|
||||
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
|
||||
|
||||
9
go.sum
9
go.sum
@@ -1,10 +1,9 @@
|
||||
github.com/chrj/smtpd v0.3.0 h1:cw1LSHDOz7N3XbkcZSF/bue9dh7ATKk5ZksfBztV6b0=
|
||||
github.com/chrj/smtpd v0.3.0/go.mod h1:1hmG9KbrE10JG1SmvG79Krh4F6713oUrw2+gRp1oSYk=
|
||||
github.com/chrj/smtpd v0.3.1 h1:kogHFkbFdKaoH3bgZkqNC9uVtKYOFfM3uV3rroBdooE=
|
||||
github.com/chrj/smtpd v0.3.1/go.mod h1:JtABvV/LzvLmEIzy0NyDnrfMGOMd8wy5frAokwf6J9Q=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/eaigner/dkim v0.0.0-20150301120808-6fe4a7ee9cfb/go.mod h1:FSCIHbrqk7D01Mj8y/jW+NS1uoCerr+ad+IckTHTFf4=
|
||||
github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs=
|
||||
github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
|
||||
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
|
||||
|
||||
@@ -16,7 +16,7 @@ func setupLogger() {
|
||||
log = logrus.New()
|
||||
|
||||
// Handle logfile
|
||||
if (*logFile == "") {
|
||||
if *logFile == "" {
|
||||
log.SetOutput(os.Stderr)
|
||||
} else {
|
||||
writer, err := os.OpenFile(*logFile, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0600)
|
||||
|
||||
52
main.go
52
main.go
@@ -1,11 +1,13 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/textproto"
|
||||
"os"
|
||||
"os/exec"
|
||||
"os/signal"
|
||||
"strings"
|
||||
"syscall"
|
||||
@@ -86,7 +88,7 @@ func senderChecker(peer smtpd.Peer, addr string) error {
|
||||
if err != nil {
|
||||
// Shouldn't happen: authChecker already validated username+password
|
||||
log.WithFields(logrus.Fields{
|
||||
"peer": peer.Addr,
|
||||
"peer": peer.Addr,
|
||||
"username": peer.Username,
|
||||
}).WithError(err).Warn("could not fetch auth user")
|
||||
return smtpd.Error{Code: 451, Message: "Bad sender address"}
|
||||
@@ -94,8 +96,8 @@ func senderChecker(peer smtpd.Peer, addr string) error {
|
||||
|
||||
if !addrAllowed(addr, user.allowedAddresses) {
|
||||
log.WithFields(logrus.Fields{
|
||||
"peer": peer.Addr,
|
||||
"username": peer.Username,
|
||||
"peer": peer.Addr,
|
||||
"username": peer.Username,
|
||||
"sender_address": addr,
|
||||
}).Warn("sender address not allowed for authenticated user")
|
||||
return smtpd.Error{Code: 451, Message: "Bad sender address"}
|
||||
@@ -114,7 +116,7 @@ func senderChecker(peer smtpd.Peer, addr string) error {
|
||||
|
||||
log.WithFields(logrus.Fields{
|
||||
"sender_address": addr,
|
||||
"peer": peer.Addr,
|
||||
"peer": peer.Addr,
|
||||
}).Warn("sender address not allowed by allowed_sender pattern")
|
||||
return smtpd.Error{Code: 451, Message: "Bad sender address"}
|
||||
}
|
||||
@@ -131,7 +133,7 @@ func recipientChecker(peer smtpd.Peer, addr string) error {
|
||||
}
|
||||
|
||||
log.WithFields(logrus.Fields{
|
||||
"peer": peer.Addr,
|
||||
"peer": peer.Addr,
|
||||
"recipient_address": addr,
|
||||
}).Warn("recipient address not allowed by allowed_recipients pattern")
|
||||
return smtpd.Error{Code: 451, Message: "Bad recipient address"}
|
||||
@@ -141,7 +143,7 @@ func authChecker(peer smtpd.Peer, username string, password string) error {
|
||||
err := AuthCheckPassword(username, password)
|
||||
if err != nil {
|
||||
log.WithFields(logrus.Fields{
|
||||
"peer": peer.Addr,
|
||||
"peer": peer.Addr,
|
||||
"username": username,
|
||||
}).WithError(err).Warn("auth error")
|
||||
return smtpd.Error{Code: 535, Message: "Authentication credentials invalid"}
|
||||
@@ -157,21 +159,45 @@ func mailHandler(peer smtpd.Peer, env smtpd.Envelope) error {
|
||||
|
||||
logger := log.WithFields(logrus.Fields{
|
||||
"from": env.Sender,
|
||||
"to": env.Recipients,
|
||||
"to": env.Recipients,
|
||||
"peer": peerIP,
|
||||
"host": *remoteHost,
|
||||
"uuid": generateUUID(),
|
||||
})
|
||||
|
||||
if (*remoteHost == "") {
|
||||
logger.Warning("remote_host not set; discarding mail")
|
||||
if *remoteHost == "" && *command == "" {
|
||||
logger.Warning("no remote_host or command set; discarding mail")
|
||||
return nil
|
||||
}
|
||||
|
||||
env.AddReceivedLine(peer)
|
||||
|
||||
if *command != "" {
|
||||
cmdLogger := logger.WithField("command", *command)
|
||||
|
||||
var stdout bytes.Buffer
|
||||
var stderr bytes.Buffer
|
||||
|
||||
cmd := exec.Command(*command)
|
||||
cmd.Stdin = bytes.NewReader(env.Data)
|
||||
cmd.Stdout = &stdout
|
||||
cmd.Stderr = &stderr
|
||||
|
||||
err := cmd.Run()
|
||||
if err != nil {
|
||||
cmdLogger.WithError(err).Error(stderr.String())
|
||||
return nil
|
||||
}
|
||||
|
||||
cmdLogger.Info("pipe command successful: " + stdout.String())
|
||||
}
|
||||
|
||||
if *remoteHost == "" {
|
||||
return nil
|
||||
}
|
||||
|
||||
logger.Info("delivering mail from peer using smarthost")
|
||||
|
||||
env.AddReceivedLine(peer)
|
||||
|
||||
var sender string
|
||||
|
||||
if *remoteSender == "" {
|
||||
@@ -197,7 +223,7 @@ func mailHandler(peer smtpd.Peer, env smtpd.Envelope) error {
|
||||
|
||||
logger.WithFields(logrus.Fields{
|
||||
"err_code": err.Code,
|
||||
"err_msg": err.Msg,
|
||||
"err_msg": err.Msg,
|
||||
}).Error("delivery failed")
|
||||
default:
|
||||
smtpError = smtpd.Error{Code: 554, Message: "Forwarding failed"}
|
||||
@@ -246,7 +272,7 @@ func getTLSConfig() *tls.Config {
|
||||
if *localCert == "" || *localKey == "" {
|
||||
log.WithFields(logrus.Fields{
|
||||
"cert_file": *localCert,
|
||||
"key_file": *localKey,
|
||||
"key_file": *localKey,
|
||||
}).Fatal("TLS certificate/key file not defined in config")
|
||||
}
|
||||
|
||||
|
||||
@@ -78,3 +78,6 @@
|
||||
|
||||
; Sender e-mail address on outgoing SMTP server
|
||||
;remote_sender =
|
||||
|
||||
; Pipe messages to external command
|
||||
;command = /usr/local/bin/script
|
||||
Reference in New Issue
Block a user