Bump version to 1.3.0

Update dependencies
Merge branch 'remote-sender' of beppler/smtprelay into master
2025-12-25 16:12:28 -07:00 · 2019-09-07 11:31:28 +00:00 · 2019-09-07 11:31:05 +00:00 · 2019-09-07 06:20:28 +00:00 · 2019-09-06 21:00:35 -03:00 · 2019-09-06 17:07:37 -03:00
7 changed files with 109 additions and 29 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -0,0 +1,8 @@
+kind: pipeline
+name: default
+
+steps:
+- name: build
+  image: golang
+  commands:
+  - go build
--- a/auth.go
+++ b/auth.go
@@ -65,4 +65,3 @@ func AuthCheckPassword(username string, secret string) error {
 	}
 	return errors.New("Password invalid")
 }
-
--- a/config.go
+++ b/config.go
@@ -7,7 +7,7 @@ import (
 )

 const (
-	VERSION = "1.2.0"
+	VERSION = "1.3.0"
 )

 var (
@@ -25,6 +25,7 @@ var (
 	remoteHost        = flag.String("remote_host", "smtp.gmail.com:587", "Outgoing SMTP server")
 	remoteUser        = flag.String("remote_user", "", "Username for authentication on outgoing SMTP server")
 	remotePass        = flag.String("remote_pass", "", "Password for authentication on outgoing SMTP server")
+	remoteSender      = flag.String("remote_sender", "", "Sender e-mail address on outgoing SMTP server")
 	versionInfo       = flag.Bool("version", false, "Show version information")
 )

--- a/go.mod
+++ b/go.mod
@@ -3,5 +3,7 @@ module code.bluelife.at/decke/smtprelay
 require (
 	github.com/chrj/smtpd v0.1.2
 	github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de
-	golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9
+	golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472
 )
+
+go 1.13
--- a/go.sum
+++ b/go.sum
@@ -3,5 +3,10 @@ github.com/chrj/smtpd v0.1.2/go.mod h1:jt4ydELuZmqhn9hn3YpEPV1dY00aOB+Q1nWXnBDFK
 github.com/eaigner/dkim v0.0.0-20150301120808-6fe4a7ee9cfb/go.mod h1:FSCIHbrqk7D01Mj8y/jW+NS1uoCerr+ad+IckTHTFf4=
 github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de h1:fkw+7JkxF3U1GzQoX9h69Wvtvxajo5Rbzy6+YMMzPIg=
 github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de/go.mod h1:irMhzlTz8+fVFj6CH2AN2i+WI5S6wWFtK3MBCIxIpyI=
-golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0=
-golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472 h1:Gv7RPwsi3eZ2Fgewe3CBsuOebPwO27PoXzRpJPsvSSM=
+golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
--- a/main.go
+++ b/main.go
@@ -25,7 +25,7 @@ func connectionChecker(peer smtpd.Peer) error {

 	nets := strings.Split(*allowedNets, " ")

-	for i := range(nets) {
+	for i := range nets {
 		_, allowedNet, _ := net.ParseCIDR(nets[i])

 		if allowedNet.Contains(peerIP) {
@@ -117,15 +117,23 @@ func mailHandler(peer smtpd.Peer, env smtpd.Envelope) error {

 	log.Printf("delivering using smarthost %s\n", *remoteHost)

+	var sender string
+
+	if *remoteSender == "" {
+		sender = env.Sender
+	} else {
+		sender = *remoteSender
+	}
+
 	err := SendMail(
 		*remoteHost,
 		auth,
-		env.Sender,
+		sender,
 		env.Recipients,
 		env.Data,
 	)
 	if err != nil {
-		log.Printf("delivery failed: %v\n", err);
+		log.Printf("delivery failed: %v\n", err)
 		return smtpd.Error{Code: 554, Message: "Forwarding failed"}
 	}

@@ -155,7 +163,7 @@ func main() {

 	listeners := strings.Split(*listen, " ")

-	for i := range(listeners) {
+	for i := range listeners {
 		listener := listeners[i]

 		server := &smtpd.Server{
@@ -192,12 +200,39 @@ func main() {
 			}

 			server.TLSConfig = &tls.Config{
+				PreferServerCipherSuites: true,
+				MinVersion:               tls.VersionTLS11,
+
+				// Ciphersuites as defined in stock Go but without 3DES
+				// https://golang.org/src/crypto/tls/cipher_suites.go
+				CipherSuites: []uint16{
+					tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+					tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+					tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+					tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+					tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+					tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+					tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+					tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+					tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+					tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+					tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+					tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+					tls.TLS_RSA_WITH_AES_128_GCM_SHA256, // does not provide PFS
+					tls.TLS_RSA_WITH_AES_256_GCM_SHA384, // does not provide PFS
+					tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
+					tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+					tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+				},
 				Certificates: []tls.Certificate{cert},
 			}
 			server.ForceTLS = *localForceTLS

 			log.Printf("Listen on %s (STARTSSL) ...\n", listener)
 			lsnr, err := net.Listen("tcp", listener)
+			if err != nil {
+				log.Fatal(err)
+			}
 			defer lsnr.Close()

 			go server.Serve(lsnr)
@@ -215,11 +250,38 @@ func main() {
 			}

 			server.TLSConfig = &tls.Config{
+				PreferServerCipherSuites: true,
+				MinVersion:               tls.VersionTLS11,
+
+				// Ciphersuites as defined in stock Go but without 3DES
+				// https://golang.org/src/crypto/tls/cipher_suites.go
+				CipherSuites: []uint16{
+					tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+					tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+					tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+					tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+					tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+					tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+					tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+					tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+					tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+					tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+					tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+					tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+					tls.TLS_RSA_WITH_AES_128_GCM_SHA256, // does not provide PFS
+					tls.TLS_RSA_WITH_AES_256_GCM_SHA384, // does not provide PFS
+					tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
+					tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+					tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+				},
 				Certificates: []tls.Certificate{cert},
 			}

 			log.Printf("Listen on %s (TLS) ...\n", listener)
 			lsnr, err := tls.Listen("tcp", listener, server.TLSConfig)
+			if err != nil {
+				log.Fatal(err)
+			}
 			defer lsnr.Close()

 			go server.Serve(lsnr)
--- a/smtprelay.ini
+++ b/smtprelay.ini
@@ -54,3 +54,6 @@
 ; Authentication credentials on outgoing SMTP server
 ;remote_user =
 ;remote_pass =
+
+; Sender e-mail address on outgoing SMTP server
+;remote_sender =
Author	SHA1	Message	Date
Bernhard Froehlich	21b597f351	Bump version to 1.3.0	2019-09-07 11:31:28 +00:00
Bernhard Froehlich	5f82b4736c	Update dependencies	2019-09-07 11:31:05 +00:00
Bernhard Fröhlich	de430286b3	Merge branch 'remote-sender' of beppler/smtprelay into master	2019-09-07 06:20:28 +00:00
Carlos Alberto Costa Beppler	769193ea4d	Adjust the description of remote_sender parameter. It represents the e-mail address used while sending message to the outgoing SMTP server.	2019-09-06 21:00:35 -03:00
Carlos Alberto Costa Beppler	0b65e904d8	Allows specify the sender used on SMTP conversation with outgoing server.	2019-09-06 17:07:37 -03:00
Bernhard Froehlich	2c9645ac68	Add drone config	2019-05-09 08:17:45 +00:00
Bernhard Froehlich	770e819e2b	Improve error checking	2019-02-21 08:29:49 +00:00
Bernhard Froehlich	d11f8d81ea	Fix formatting	2019-02-21 08:27:12 +00:00
Bernhard Froehlich	6270d75571	Improve TLS Config to prefer server ciphers, remove 3DES ciphers and require TLS 1.1 or higher	2019-01-08 15:09:29 +00:00