Gnarwhal/diodemail
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages 1 Wiki Activity Actions

Actual AUTH and also enforce EHLO/HELO first

Browse source
This commit is contained in:
Gnarwhal 2024-10-04 21:44:10 +00:00
parent f656866e7d
commit 5ce65e6be9
Signed by: Gnarwhal
GPG key ID: 0989A73D8C421174
5 changed files with 133 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

72
smtp/commands.go
View file

@ -61,27 +61,43 @@ func Helo(smtp_session *SMTPSession, message string) (bool, error) {
return true, err
}
smtp_session.HasHelloed = true
return false, nil
}
func Ehlo(smtp_session *SMTPSession, message string) (bool, error) {
enable_auth := ""
if smtp_session.RequiresAuthentication() {
enable_auth = "250-AUTH PLAIN\r\n"
}
err := smtp_session.Write(
fmt.Sprintf(
"250-%v is shy" + "\r\n" +
"250-AUTH PLAIN" + "\r\n" +
"%v" +
"250-8BITMIME" + "\r\n" +
"250 SMTPUTF8" + "\r\n",
smtp_session.GetHost(),
enable_auth,
),
)
if err != nil {
return true, err
}
smtp_session.HasHelloed = true
return false, nil
}
func Auth(smtp_session *SMTPSession, message string) (bool, error) {
if !smtp_session.HasHelloed {
err := smtp_session.Write(
"503 Must HELO/EHLO first\n",
)
if err != nil {
return true, err
}
return false, nil
}
parts := strings.Split(message, " ")[1:]
if parts[0] == "PLAIN" {
var password string
@ -107,6 +123,24 @@ func Auth(smtp_session *SMTPSession, message string) (bool, error) {
}
func MailFrom(smtp_session *SMTPSession, message string) (bool, error) {
if !smtp_session.HasHelloed {
err := smtp_session.Write(
"503 Must HELO/EHLO first\n",
)
if err != nil {
return true, err
}
return false, nil
}
if !smtp_session.AuthenticationSatisfied() {
err := smtp_session.Write(
"530 Authentication required\n",
)
if err != nil {
return true, err
}
return false, nil
}
match := ReversePath.FindStringSubmatch(message)
if match == nil {
err := smtp_session.Write(
@ -129,6 +163,24 @@ func MailFrom(smtp_session *SMTPSession, message string) (bool, error) {
}
func RcptTo(smtp_session *SMTPSession, message string) (bool, error) {
if !smtp_session.HasHelloed {
err := smtp_session.Write(
"503 Must HELO/EHLO first\n",
)
if err != nil {
return true, err
}
return false, nil
}
if !smtp_session.AuthenticationSatisfied() {
err := smtp_session.Write(
"530 Authentication required\n",
)
if err != nil {
return true, err
}
return false, nil
}
match := ForwardPath.FindStringSubmatch(message)
if match == nil {
err := smtp_session.Write(
@ -151,6 +203,24 @@ func RcptTo(smtp_session *SMTPSession, message string) (bool, error) {
}
func Data(smtp_session *SMTPSession, message string) (bool, error) {
if !smtp_session.HasHelloed {
err := smtp_session.Write(
"503 Must HELO/EHLO first\n",
)
if err != nil {
return true, err
}
return false, nil
}
if !smtp_session.AuthenticationSatisfied() {
err := smtp_session.Write(
"530 Authentication required\n",
)
if err != nil {
return true, err
}
return false, nil
}
err := smtp_session.Write(
"354 Start Input\n",
)

22
smtp/server.go
View file

@ -27,14 +27,20 @@ import (
"github.com/rs/zerolog/log"
)
func handle(connection net.Conn, host string, password_hash string, tls_config tls.Config) {
func handle(
connection net.Conn,
host string,
tls_config tls.Config,
auth bool,
password_hash string,
) {
log.Info().Msgf(
"New connection %v. Starting session.",
connection.RemoteAddr(),
)
defer connection.Close()
session := MakeSMTPSession(connection, host, password_hash, tls_config)
session := MakeSMTPSession(connection, host, tls_config, auth, password_hash)
err := session.Run()
if err != nil {
log.Error().Msgf(
@ -52,10 +58,11 @@ func handle(connection net.Conn, host string, password_hash string, tls_config t
func Run(
host string,
password_hash string,
plain_port string,
tls_port string,
tls_config tls.Config,
auth bool,
password_hash string,
) error {
var wait_group sync.WaitGroup
if plain_port != "disabled" {
@ -65,7 +72,7 @@ func Run(
}
log.Info().Msgf("Plain text server started on port %v for host %v", plain_port, host)
wait_group.Add(1)
go Listen(wait_group, host, password_hash, tls_config, listener)
go Listen(wait_group, host, tls_config, auth, password_hash, listener)
}
if tls_port != "disabled" {
listener, err := tls.Listen("tcp", fmt.Sprintf(":%v", tls_port), &tls_config)
@ -74,7 +81,7 @@ func Run(
}
log.Info().Msgf("TLS server started on port %v for host %v", tls_port, host)
wait_group.Add(1)
go Listen(wait_group, host, password_hash, tls_config, listener)
go Listen(wait_group, host, tls_config, auth, password_hash, listener)
}
wait_group.Wait()
@ -84,8 +91,9 @@ func Run(
func Listen(
wait_group sync.WaitGroup,
host string,
password_hash string,
tls_config tls.Config,
auth bool,
password_hash string,
listener net.Listener,
) {
defer wait_group.Done()
@ -94,7 +102,7 @@ func Listen(
if err != nil {
log.Error().Msgf("Failed to accept client: %v", err)
} else {
go handle(connection, host, password_hash, tls_config)
go handle(connection, host, tls_config, auth, password_hash)
}
}
}

15
smtp/session.go
View file

@ -35,16 +35,20 @@ type SMTPSession struct {
password_hash string
tls_config tls.Config
buffer [4096]byte
HasHelloed bool
requires_auth bool
is_authed bool
ReversePathBuffer *string
ForwardPathBuffer []string
}
func MakeSMTPSession(connection net.Conn, host string, password_hash string, tls_config tls.Config) SMTPSession {
func MakeSMTPSession(connection net.Conn, host string, tls_config tls.Config, auth bool, password_hash string) SMTPSession {
return SMTPSession{
connection: connection,
host: host,
password_hash: password_hash,
requires_auth: auth,
}
}
@ -137,6 +141,15 @@ func (self *SMTPSession) GetHost() string {
return self.host
}
func (self *SMTPSession) RequiresAuthentication() bool {
return self.requires_auth
}
func (self *SMTPSession) AuthenticationSatisfied() bool {
fmt.Println(self.requires_auth, self.is_authed)
return !self.requires_auth || self.is_authed
}
func (self *SMTPSession) ValidatePassword(password string) bool {
return fmt.Sprintf("%x", sha256.Sum256([]byte(password))) == self.password_hash
}