Merge branch 'master' of github.com:decke/smtprelay

See:	32be721d71

.drone.yml

@@ -1,8 +0,0 @@
-kind: pipeline
-name: default
-
-steps:
-- name: build
-  image: golang
-  commands:
-  - go build

.github/workflows/go.yml

@@ -0,0 +1,24 @@
+name: Go
+on: [push]
+jobs:
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Set up Go 1.14
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.14
+      id: go
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v1
+
+    - name: Get dependencies
+      run: |
+        go get -v -t -d ./...
+
+    - name: Build
+      run: go build -v .

README.md

@@ -1,5 +1,7 @@
 # smtprelay
 
+[![Go Report Card](https://goreportcard.com/badge/github.com/decke/smtprelay)](https://goreportcard.com/report/github.com/decke/smtprelay)
+
 Simple Golang based SMTP relay/proxy server that accepts mail via SMTP
 and forwards it directly to another SMTP server.
 

cmd/README.md

@@ -0,0 +1,6 @@
+
+To run the hasher, do like this
+
+```bash
+$ go run hasher.go hunter2
+```

cmd/hasher.go

@@ -0,0 +1,18 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+func main() {
+	password := os.Args[1]
+
+	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		fmt.Println("Error generating hash: %s", err)
+	}
+	fmt.Println(string(hash))
+}

config.go

@@ -25,6 +25,7 @@ var (
 	remoteHost        = flag.String("remote_host", "smtp.gmail.com:587", "Outgoing SMTP server")
 	remoteUser        = flag.String("remote_user", "", "Username for authentication on outgoing SMTP server")
 	remotePass        = flag.String("remote_pass", "", "Password for authentication on outgoing SMTP server")
+	remoteAuth        = flag.String("remote_auth", "plain", "Auth method on outgoing SMTP server (plain, login)")
 	remoteSender      = flag.String("remote_sender", "", "Sender e-mail address on outgoing SMTP server")
 	versionInfo       = flag.Bool("version", false, "Show version information")
 )

go.mod

@@ -1,9 +1,9 @@
-module code.bluelife.at/decke/smtprelay
+module github.com/decke/smtprelay
 
 require (
-	github.com/chrj/smtpd v0.1.2
+	github.com/chrj/smtpd v0.2.0
 	github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de
-	golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472
+	golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9
 )
 
 go 1.13

go.sum

@@ -1,11 +1,11 @@
-github.com/chrj/smtpd v0.1.2 h1:yWaMOCmnPlcNgJzkak1TBhhkObAfomd+NmZG5epdO88=
+github.com/chrj/smtpd v0.2.0 h1:QGbE4UQz7sKjvXpRgNLuiBOjcWTzBKu/dj0hyDLpD14=
-github.com/chrj/smtpd v0.1.2/go.mod h1:jt4ydELuZmqhn9hn3YpEPV1dY00aOB+Q1nWXnBDFKeY=
+github.com/chrj/smtpd v0.2.0/go.mod h1:1hmG9KbrE10JG1SmvG79Krh4F6713oUrw2+gRp1oSYk=
 github.com/eaigner/dkim v0.0.0-20150301120808-6fe4a7ee9cfb/go.mod h1:FSCIHbrqk7D01Mj8y/jW+NS1uoCerr+ad+IckTHTFf4=
 github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de h1:fkw+7JkxF3U1GzQoX9h69Wvtvxajo5Rbzy6+YMMzPIg=
 github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de/go.mod h1:irMhzlTz8+fVFj6CH2AN2i+WI5S6wWFtK3MBCIxIpyI=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472 h1:Gv7RPwsi3eZ2Fgewe3CBsuOebPwO27PoXzRpJPsvSSM=
+golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 h1:vEg9joUBmeBcK9iSJftGNf3coIG4HqZElCPehJsfAYM=
-golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

main.go

@@ -94,10 +94,6 @@ func authChecker(peer smtpd.Peer, username string, password string) error {
 }
 
 func mailHandler(peer smtpd.Peer, env smtpd.Envelope) error {
-	if *allowedUsers != "" && peer.Username == "" {
-		return smtpd.Error{Code: 530, Message: "Authentication Required"}
-	}
-
 	peerIP := ""
 	if addr, ok := peer.Addr.(*net.TCPAddr); ok {
 		peerIP = addr.IP.String()
@@ -110,7 +106,14 @@ func mailHandler(peer smtpd.Peer, env smtpd.Envelope) error {
 	host, _, _ := net.SplitHostPort(*remoteHost)
 
 	if *remoteUser != "" && *remotePass != "" {
+		switch *remoteAuth {
+		case "plain":
 			auth = smtp.PlainAuth("", *remoteUser, *remotePass, host)
+		case "login":
+			auth = LoginAuth(*remoteUser, *remotePass)
+		default:
+			return smtpd.Error{Code: 530, Message: "Authentication method not supported"}
+		}
 	}
 
 	env.AddReceivedLine(peer)
@@ -143,6 +146,30 @@ func mailHandler(peer smtpd.Peer, env smtpd.Envelope) error {
 }
 
 func main() {
+	// Ciphersuites as defined in stock Go but without 3DES and RC4
+	// https://golang.org/src/crypto/tls/cipher_suites.go
+	var tlsCipherSuites = []uint16{
+		tls.TLS_AES_128_GCM_SHA256,
+		tls.TLS_AES_256_GCM_SHA384,
+		tls.TLS_CHACHA20_POLY1305_SHA256,
+		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+		tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+		tls.TLS_RSA_WITH_AES_128_GCM_SHA256, // does not provide PFS
+		tls.TLS_RSA_WITH_AES_256_GCM_SHA384, // does not provide PFS
+		tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
+		tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+		tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+	}
 
 	ConfigLoad()
 
@@ -202,28 +229,7 @@ func main() {
 			server.TLSConfig = &tls.Config{
 				PreferServerCipherSuites: true,
 				MinVersion:               tls.VersionTLS11,
-
+				CipherSuites:             tlsCipherSuites,
-				// Ciphersuites as defined in stock Go but without 3DES
-				// https://golang.org/src/crypto/tls/cipher_suites.go
-				CipherSuites: []uint16{
-					tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-					tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-					tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-					tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-					tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-					tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-					tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-					tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-					tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-					tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-					tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-					tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-					tls.TLS_RSA_WITH_AES_128_GCM_SHA256, // does not provide PFS
-					tls.TLS_RSA_WITH_AES_256_GCM_SHA384, // does not provide PFS
-					tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
-					tls.TLS_RSA_WITH_AES_128_CBC_SHA,
-					tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-				},
 				Certificates:             []tls.Certificate{cert},
 			}
 			server.ForceTLS = *localForceTLS
@@ -252,28 +258,7 @@ func main() {
 			server.TLSConfig = &tls.Config{
 				PreferServerCipherSuites: true,
 				MinVersion:               tls.VersionTLS11,
-
+				CipherSuites:             tlsCipherSuites,
-				// Ciphersuites as defined in stock Go but without 3DES
-				// https://golang.org/src/crypto/tls/cipher_suites.go
-				CipherSuites: []uint16{
-					tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-					tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-					tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-					tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-					tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-					tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-					tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-					tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-					tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-					tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-					tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-					tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-					tls.TLS_RSA_WITH_AES_128_GCM_SHA256, // does not provide PFS
-					tls.TLS_RSA_WITH_AES_256_GCM_SHA384, // does not provide PFS
-					tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
-					tls.TLS_RSA_WITH_AES_128_CBC_SHA,
-					tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-				},
 				Certificates:             []tls.Certificate{cert},
 			}
 

scripts/release.sh

@@ -0,0 +1,34 @@
+#!/bin/sh
+
+PROJECT=smtprelay
+VERSION=1.3.0
+
+for goos in freebsd linux windows
+do
+   for goarch in 386 amd64
+   do
+      export GOOS=${goos}
+      export GOARCH=${goarch}
+
+      RELDIR=${PROJECT}-${VERSION}-${GOOS}-${GOARCH}
+
+      rm -rf ${RELDIR}
+      mkdir ${RELDIR} || exit 1
+      cp -p README.md LICENSE ${PROJECT}.ini ${RELDIR}/ || exit 1
+
+      if [ ${GOOS} = "windows" ]; then
+        BINARY=${PROJECT}.exe
+        sed -I '' -e 's/;logfile =.*/logfile =/g' ${RELDIR}/${PROJECT}.ini
+        sed -I '' -e 's/$/^M/' ${RELDIR}/${PROJECT}.ini
+      else
+        BINARY=${PROJECT}
+      fi
+
+      go build -ldflags="-s -w" -o ${RELDIR}/${BINARY} || exit 1
+
+      chown -R root:wheel ${RELDIR} || exit 1
+      tar cvfJ ${RELDIR}.tar.xz ${RELDIR} || exit 1
+      rm -rf ${RELDIR}
+   done
+done
+

smtp.go

@@ -451,3 +451,30 @@ func validateLine(line string) error {
 	}
 	return nil
 }
+
+// LOGIN authentication
+type loginAuth struct {
+	username, password string
+}
+
+func LoginAuth(username, password string) smtp.Auth {
+	return &loginAuth{username, password}
+}
+
+func (a *loginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {
+	return "LOGIN", []byte{}, nil
+}
+
+func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) {
+	if more {
+		switch string(fromServer) {
+		case "Username:":
+			return []byte(a.username), nil
+		case "Password:":
+			return []byte(a.password), nil
+		default:
+			return nil, errors.New("Unknown fromServer")
+		}
+	}
+	return nil, nil
+}

smtprelay.ini

@@ -55,5 +55,9 @@
 ;remote_user =
 ;remote_pass =
 
+; Authentication method on outgoing SMTP server
+; (plain, login)
+;remote_auth = plain
+
 ; Sender e-mail address on outgoing SMTP server
 ;remote_sender =