drew/smtprelay
1
0
Fork 1
mirror of https://github.com/decke/smtprelay.git synced 2025-12-26 00:12:32 -07:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: drew:v1.2.0
Branches Tags
drew:master drew:add-service
drew:v1.13.0 drew:v1.12.0 drew:v1.11.2 drew:v1.11.1 drew:v1.11.0 drew:v1.10.0 drew:v1.9.0 drew:v1.8.0 drew:v1.7.0 drew:v1.6.0 drew:v1.5.0 drew:v1.4.0 drew:v1.3.0 drew:v1.2.0 drew:v1.1.0 drew:v1.0.1 drew:v1.0.0
...
compare: drew:v1.3.0
Branches Tags
drew:master drew:add-service
drew:v1.13.0 drew:v1.12.0 drew:v1.11.2 drew:v1.11.1 drew:v1.11.0 drew:v1.10.0 drew:v1.9.0 drew:v1.8.0 drew:v1.7.0 drew:v1.6.0 drew:v1.5.0 drew:v1.4.0 drew:v1.3.0 drew:v1.2.0 drew:v1.1.0 drew:v1.0.1 drew:v1.0.0

9 Commits
v1.2.0 ... v1.3.0

Author SHA1 Message Date
Bernhard Froehlich
21b597f351 Bump version to 1.3.0 2019-09-07 11:31:28 +00:00
Bernhard Froehlich
5f82b4736c Update dependencies 2019-09-07 11:31:05 +00:00
Bernhard Fröhlich
de430286b3 Merge branch 'remote-sender' of beppler/smtprelay into master 2019-09-07 06:20:28 +00:00
Carlos Alberto Costa Beppler
769193ea4d Adjust the description of remote_sender parameter. 
It represents the e-mail address used while sending message to the outgoing SMTP server.
 2019-09-06 21:00:35 -03:00
Carlos Alberto Costa Beppler
0b65e904d8 Allows specify the sender used on SMTP conversation with outgoing server. 2019-09-06 17:07:37 -03:00
Bernhard Froehlich
2c9645ac68 Add drone config 2019-05-09 08:17:45 +00:00
Bernhard Froehlich
770e819e2b Improve error checking 2019-02-21 08:29:49 +00:00
Bernhard Froehlich
d11f8d81ea Fix formatting 2019-02-21 08:27:12 +00:00
Bernhard Froehlich
6270d75571 Improve TLS Config to prefer server ciphers, remove 3DES ciphers and require TLS 1.1 or higher 2019-01-08 15:09:29 +00:00
7 changed files with 109 additions and 29 deletions
Expand all files Collapse all files

8
.drone.yml Normal file
View File

@@ -0,0 +1,8 @@
kind: pipeline
name: default
steps:
- name: build
image: golang
commands:
- go build

1
auth.go
View File

@@ -65,4 +65,3 @@ func AuthCheckPassword(username string, secret string) error {
} }
return errors.New("Password invalid") return errors.New("Password invalid")
} }

3
config.go
View File

@@ -7,7 +7,7 @@ import (
) )
const ( const (
VERSION = "1.2.0" VERSION = "1.3.0"
) )
var ( var (
@@ -25,6 +25,7 @@ var (
remoteHost = flag.String("remote_host", "smtp.gmail.com:587", "Outgoing SMTP server") remoteHost = flag.String("remote_host", "smtp.gmail.com:587", "Outgoing SMTP server")
remoteUser = flag.String("remote_user", "", "Username for authentication on outgoing SMTP server") remoteUser = flag.String("remote_user", "", "Username for authentication on outgoing SMTP server")
remotePass = flag.String("remote_pass", "", "Password for authentication on outgoing SMTP server") remotePass = flag.String("remote_pass", "", "Password for authentication on outgoing SMTP server")
remoteSender = flag.String("remote_sender", "", "Sender e-mail address on outgoing SMTP server")
versionInfo = flag.Bool("version", false, "Show version information") versionInfo = flag.Bool("version", false, "Show version information")
) )

4
go.mod
View File

@@ -3,5 +3,7 @@ module code.bluelife.at/decke/smtprelay
require ( require (
github.com/chrj/smtpd v0.1.2 github.com/chrj/smtpd v0.1.2
github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472
) )
go 1.13

9
go.sum
View File

@@ -3,5 +3,10 @@ github.com/chrj/smtpd v0.1.2/go.mod h1:jt4ydELuZmqhn9hn3YpEPV1dY00aOB+Q1nWXnBDFK
github.com/eaigner/dkim v0.0.0-20150301120808-6fe4a7ee9cfb/go.mod h1:FSCIHbrqk7D01Mj8y/jW+NS1uoCerr+ad+IckTHTFf4= github.com/eaigner/dkim v0.0.0-20150301120808-6fe4a7ee9cfb/go.mod h1:FSCIHbrqk7D01Mj8y/jW+NS1uoCerr+ad+IckTHTFf4=
github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de h1:fkw+7JkxF3U1GzQoX9h69Wvtvxajo5Rbzy6+YMMzPIg= github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de h1:fkw+7JkxF3U1GzQoX9h69Wvtvxajo5Rbzy6+YMMzPIg=
github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de/go.mod h1:irMhzlTz8+fVFj6CH2AN2i+WI5S6wWFtK3MBCIxIpyI= github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de/go.mod h1:irMhzlTz8+fVFj6CH2AN2i+WI5S6wWFtK3MBCIxIpyI=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472 h1:Gv7RPwsi3eZ2Fgewe3CBsuOebPwO27PoXzRpJPsvSSM=
golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

70
main.go
View File

@@ -25,7 +25,7 @@ func connectionChecker(peer smtpd.Peer) error {
nets := strings.Split(*allowedNets, " ") nets := strings.Split(*allowedNets, " ")
for i := range(nets) { for i := range nets {
_, allowedNet, _ := net.ParseCIDR(nets[i]) _, allowedNet, _ := net.ParseCIDR(nets[i])
if allowedNet.Contains(peerIP) { if allowedNet.Contains(peerIP) {
@@ -117,15 +117,23 @@ func mailHandler(peer smtpd.Peer, env smtpd.Envelope) error {
log.Printf("delivering using smarthost %s\n", *remoteHost) log.Printf("delivering using smarthost %s\n", *remoteHost)
var sender string
if *remoteSender == "" {
sender = env.Sender
} else {
sender = *remoteSender
}
err := SendMail( err := SendMail(
*remoteHost, *remoteHost,
auth, auth,
env.Sender, sender,
env.Recipients, env.Recipients,
env.Data, env.Data,
) )
if err != nil { if err != nil {
log.Printf("delivery failed: %v\n", err); log.Printf("delivery failed: %v\n", err)
return smtpd.Error{Code: 554, Message: "Forwarding failed"} return smtpd.Error{Code: 554, Message: "Forwarding failed"}
} }
@@ -155,7 +163,7 @@ func main() {
listeners := strings.Split(*listen, " ") listeners := strings.Split(*listen, " ")
for i := range(listeners) { for i := range listeners {
listener := listeners[i] listener := listeners[i]
server := &smtpd.Server{ server := &smtpd.Server{
@@ -192,12 +200,39 @@ func main() {
} }
server.TLSConfig = &tls.Config{ server.TLSConfig = &tls.Config{
PreferServerCipherSuites: true,
MinVersion: tls.VersionTLS11,
// Ciphersuites as defined in stock Go but without 3DES
// https://golang.org/src/crypto/tls/cipher_suites.go
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_GCM_SHA256, // does not provide PFS
tls.TLS_RSA_WITH_AES_256_GCM_SHA384, // does not provide PFS
tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
},
Certificates: []tls.Certificate{cert}, Certificates: []tls.Certificate{cert},
} }
server.ForceTLS = *localForceTLS server.ForceTLS = *localForceTLS
log.Printf("Listen on %s (STARTSSL) ...\n", listener) log.Printf("Listen on %s (STARTSSL) ...\n", listener)
lsnr, err := net.Listen("tcp", listener) lsnr, err := net.Listen("tcp", listener)
if err != nil {
log.Fatal(err)
}
defer lsnr.Close() defer lsnr.Close()
go server.Serve(lsnr) go server.Serve(lsnr)
@@ -215,11 +250,38 @@ func main() {
} }
server.TLSConfig = &tls.Config{ server.TLSConfig = &tls.Config{
PreferServerCipherSuites: true,
MinVersion: tls.VersionTLS11,
// Ciphersuites as defined in stock Go but without 3DES
// https://golang.org/src/crypto/tls/cipher_suites.go
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_GCM_SHA256, // does not provide PFS
tls.TLS_RSA_WITH_AES_256_GCM_SHA384, // does not provide PFS
tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
},
Certificates: []tls.Certificate{cert}, Certificates: []tls.Certificate{cert},
} }
log.Printf("Listen on %s (TLS) ...\n", listener) log.Printf("Listen on %s (TLS) ...\n", listener)
lsnr, err := tls.Listen("tcp", listener, server.TLSConfig) lsnr, err := tls.Listen("tcp", listener, server.TLSConfig)
if err != nil {
log.Fatal(err)
}
defer lsnr.Close() defer lsnr.Close()
go server.Serve(lsnr) go server.Serve(lsnr)

3
smtprelay.ini
View File

@@ -54,3 +54,6 @@
; Authentication credentials on outgoing SMTP server ; Authentication credentials on outgoing SMTP server
;remote_user = ;remote_user =
;remote_pass = ;remote_pass =
; Sender e-mail address on outgoing SMTP server
;remote_sender =