WIP: Add smarthost support

WORK IN PROGRESS -- WORK IN PROGRESS -- WORK IN PROGRESS

This patch adds support for delivering mail via a smarthost.

In this mode, all accepted mail gets delivered through an SMTP
connection to a specific host, statically configured.

internal/config/config.go

@@ -7,6 +7,7 @@ package config
 import (
 	"fmt"
 	"io/ioutil"
+	"net/url"
 	"os"
 
 	"blitiri.com.ar/go/log"
@@ -127,6 +128,9 @@ func override(c, o *Config) {
 	if o.HaproxyIncoming {
 		c.HaproxyIncoming = true
 	}
+	if o.SmarthostUrl != "" {
+		c.SmarthostUrl = o.SmarthostUrl
+	}
 }
 
 // LogConfig logs the given configuration, in a human-friendly way.
@@ -154,4 +158,15 @@ func LogConfig(c *Config) {
 	log.Infof("  Dovecot auth: %v (%q, %q)",
 		c.DovecotAuth, c.DovecotUserdbPath, c.DovecotClientPath)
 	log.Infof("  HAProxy incoming: %v", c.HaproxyIncoming)
+
+	// Avoid logging the password for the smarthost URL.
+	smurl, err := url.Parse(c.SmarthostUrl)
+	if err == nil {
+		if smurl.User != nil {
+			smurl.User = url.User(smurl.User.Username())
+		}
+		log.Infof("  Smarthost: %s", smurl)
+	} else {
+		log.Infof("  Smarthost: <invalid URL>")
+	}
 }

internal/config/config.pb.go

@@ -107,6 +107,12 @@ type Config struct {
 	// This allows deploying chasquid behind a HAProxy server, as the
 	// address information is preserved.
 	HaproxyIncoming bool `protobuf:"varint,16,opt,name=haproxy_incoming,json=haproxyIncoming,proto3" json:"haproxy_incoming,omitempty"`
+	// Smarthost URL. If set, we will send all received email to this
+	// location, including local mail.
+	// It is of the form "smtp://user:password@host:port" for SMTP (and
+	// STARTTLS will be forcefully negotiated), or
+	// "tls://user:password@host:port" for SMTP over TLS (usually port 465).
+	SmarthostUrl string `protobuf:"bytes,17,opt,name=smarthost_url,json=smarthostUrl,proto3" json:"smarthost_url,omitempty"`
 }
 
 func (x *Config) Reset() {
@@ -253,11 +259,18 @@ func (x *Config) GetHaproxyIncoming() bool {
 	return false
 }
 
+func (x *Config) GetSmarthostUrl() string {
+	if x != nil {
+		return x.SmarthostUrl
+	}
+	return ""
+}
+
 var File_config_proto protoreflect.FileDescriptor
 
 var file_config_proto_rawDesc = []byte{
-	0x0a, 0x0c, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf4,
-	0x05, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73,
+	0x0a, 0x0c, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x99,
+	0x06, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73,
 	0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73,
 	0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x27, 0x0a, 0x10, 0x6d, 0x61, 0x78, 0x5f, 0x64, 0x61, 0x74,
 	0x61, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x6d, 0x62, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52,
@@ -301,13 +314,15 @@ var file_config_proto_rawDesc = []byte{
 	0x6f, 0x76, 0x65, 0x63, 0x6f, 0x74, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68,
 	0x12, 0x29, 0x0a, 0x10, 0x68, 0x61, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x69, 0x6e, 0x63, 0x6f,
 	0x6d, 0x69, 0x6e, 0x67, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x68, 0x61, 0x70, 0x72,
-	0x6f, 0x78, 0x79, 0x49, 0x6e, 0x63, 0x6f, 0x6d, 0x69, 0x6e, 0x67, 0x42, 0x14, 0x0a, 0x12, 0x5f,
-	0x73, 0x75, 0x66, 0x66, 0x69, 0x78, 0x5f, 0x73, 0x65, 0x70, 0x61, 0x72, 0x61, 0x74, 0x6f, 0x72,
-	0x73, 0x42, 0x12, 0x0a, 0x10, 0x5f, 0x64, 0x72, 0x6f, 0x70, 0x5f, 0x63, 0x68, 0x61, 0x72, 0x61,
-	0x63, 0x74, 0x65, 0x72, 0x73, 0x42, 0x2c, 0x5a, 0x2a, 0x62, 0x6c, 0x69, 0x74, 0x69, 0x72, 0x69,
-	0x2e, 0x63, 0x6f, 0x6d, 0x2e, 0x61, 0x72, 0x2f, 0x67, 0x6f, 0x2f, 0x63, 0x68, 0x61, 0x73, 0x71,
-	0x75, 0x69, 0x64, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x63, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x6f, 0x78, 0x79, 0x49, 0x6e, 0x63, 0x6f, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x23, 0x0a, 0x0d, 0x73,
+	0x6d, 0x61, 0x72, 0x74, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x11, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0c, 0x73, 0x6d, 0x61, 0x72, 0x74, 0x68, 0x6f, 0x73, 0x74, 0x55, 0x72, 0x6c,
+	0x42, 0x14, 0x0a, 0x12, 0x5f, 0x73, 0x75, 0x66, 0x66, 0x69, 0x78, 0x5f, 0x73, 0x65, 0x70, 0x61,
+	0x72, 0x61, 0x74, 0x6f, 0x72, 0x73, 0x42, 0x12, 0x0a, 0x10, 0x5f, 0x64, 0x72, 0x6f, 0x70, 0x5f,
+	0x63, 0x68, 0x61, 0x72, 0x61, 0x63, 0x74, 0x65, 0x72, 0x73, 0x42, 0x2c, 0x5a, 0x2a, 0x62, 0x6c,
+	0x69, 0x74, 0x69, 0x72, 0x69, 0x2e, 0x63, 0x6f, 0x6d, 0x2e, 0x61, 0x72, 0x2f, 0x67, 0x6f, 0x2f,
+	0x63, 0x68, 0x61, 0x73, 0x71, 0x75, 0x69, 0x64, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (

internal/config/config.proto

@@ -100,4 +100,11 @@ message Config {
 	// This allows deploying chasquid behind a HAProxy server, as the
 	// address information is preserved.
 	bool haproxy_incoming = 16;
+
+	// Smarthost URL. If set, we will send all received email to this
+	// location, including local mail.
+	// It is of the form "smtp://user:password@host:port" for SMTP (and
+	// STARTTLS will be forcefully negotiated), or
+	// "tls://user:password@host:port" for SMTP over TLS (usually port 465).
+	string smarthost_url = 17;
 }

internal/courier/smarthost.go

@@ -0,0 +1,145 @@
+package courier
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"net"
+	netsmtp "net/smtp"
+	"net/url"
+	"time"
+
+	"blitiri.com.ar/go/chasquid/internal/expvarom"
+	"blitiri.com.ar/go/chasquid/internal/smtp"
+	"blitiri.com.ar/go/chasquid/internal/trace"
+)
+
+var (
+	// Timeouts for smarthost delivery.
+	shDialTimeout  = 1 * time.Minute
+	shTotalTimeout = 10 * time.Minute
+)
+
+// Exported variables.
+var (
+	shAttempts = expvarom.NewInt("chasquid/smarthostOut/attempts",
+		"count of attempts to deliver via smarthost")
+	shErrors = expvarom.NewMap("chasquid/smarthostOut/errors",
+		"reason", "count of smarthost delivery errors, per reason")
+	shSuccess = expvarom.NewInt("chasquid/smarthostOut/success",
+		"count of successful delivering via smarthost")
+)
+
+// SmartHost delivers remote mail via smarthost relaying.
+type SmartHost struct {
+	HelloDomain string
+	URL         url.URL
+
+	// For testing.
+	rootCAs *x509.CertPool
+}
+
+// Deliver an email. On failures, returns an error, and whether or not it is
+// permanent.
+func (s *SmartHost) Deliver(from string, to string, data []byte) (error, bool) {
+	tr := trace.New("Courier.SmartHost", to)
+	defer tr.Finish()
+	tr.Debugf("%s  ->  %s", from, to)
+	shAttempts.Add(1)
+
+	conn, onTLS, err := s.dial()
+	if err != nil {
+		shErrors.Add("dial", 1)
+		return tr.Errorf("Could not dial %q: %v", s.URL.Host, err), false
+	}
+
+	defer conn.Close()
+	conn.SetDeadline(time.Now().Add(shTotalTimeout))
+
+	host, _, _ := net.SplitHostPort(s.URL.Host)
+
+	c, err := smtp.NewClient(conn, host)
+	if err != nil {
+		shErrors.Add("client", 1)
+		return tr.Errorf("Error creating client: %v", err), false
+	}
+
+	if err = c.Hello(s.HelloDomain); err != nil {
+		shErrors.Add("hello", 1)
+		return tr.Errorf("Error saying hello: %v", err), false
+	}
+
+	if !onTLS {
+		if ok, _ := c.Extension("STARTTLS"); !ok {
+			shErrors.Add("starttls-support", 1)
+			return tr.Errorf("Server does not support STARTTLS"), false
+		}
+
+		config := &tls.Config{
+			ServerName: host,
+			RootCAs:    s.rootCAs,
+		}
+		if err = c.StartTLS(config); err != nil {
+			shErrors.Add("starttls-exchange", 1)
+			return tr.Errorf("Error in STARTTLS: %v", err), false
+		}
+	}
+
+	if s.URL.User != nil {
+		user := s.URL.User.Username()
+		password, _ := s.URL.User.Password()
+		auth := netsmtp.PlainAuth("", user, password, host)
+		if err = c.Auth(auth); err != nil {
+			shErrors.Add("auth", 1)
+			return tr.Errorf("AUTH error: %v", err), false
+		}
+	}
+
+	// smtp.Client.Mail will add the <> for us when the address is empty.
+	if from == "<>" {
+		from = ""
+	}
+
+	if err = c.MailAndRcpt(from, to); err != nil {
+		shErrors.Add("mail", 1)
+		return tr.Errorf("MAIL+RCPT %v", err), smtp.IsPermanent(err)
+	}
+
+	w, err := c.Data()
+	if err != nil {
+		shErrors.Add("data", 1)
+		return tr.Errorf("DATA %v", err), smtp.IsPermanent(err)
+	}
+	_, err = w.Write(data)
+	if err != nil {
+		shErrors.Add("dataw", 1)
+		return tr.Errorf("DATA writing: %v", err), smtp.IsPermanent(err)
+	}
+
+	err = w.Close()
+	if err != nil {
+		shErrors.Add("close", 1)
+		return tr.Errorf("DATA closing %v", err), smtp.IsPermanent(err)
+	}
+
+	_ = c.Quit()
+	tr.Debugf("done")
+	shSuccess.Add(1)
+
+	return nil, false
+}
+
+func (s *SmartHost) dial() (conn net.Conn, onTLS bool, err error) {
+	dialer := &net.Dialer{Timeout: shDialTimeout}
+
+	if s.URL.Scheme == "tls" {
+		onTLS = true
+		config := &tls.Config{
+			RootCAs: s.rootCAs,
+		}
+		conn, err = tls.DialWithDialer(dialer, "tcp", s.URL.Host, config)
+	} else {
+		onTLS = false
+		conn, err = dialer.Dial("tcp", s.URL.Host)
+	}
+	return
+}

internal/courier/smarthost_test.go

@@ -0,0 +1,220 @@
+package courier
+
+import (
+	"net/url"
+	"strings"
+	"testing"
+	"time"
+)
+
+func newSmartHost(t *testing.T, addr string) *SmartHost {
+	return &SmartHost{
+		HelloDomain: "hello",
+		URL: url.URL{
+			Scheme: "smtp",
+			Host:   addr,
+		},
+	}
+}
+
+func TestSmartHost(t *testing.T) {
+	// Shorten the total timeout, so the test fails quickly if the protocol
+	// gets stuck.
+	shTotalTimeout = 3 * time.Second
+
+	responses := map[string]string{
+		"_welcome":   "220 welcome\n",
+		"EHLO hello": "250-ehlo ok\n250 STARTTLS AUTH HELP\n",
+		"STARTTLS":   "220 tls ok\n",
+		"_STARTTLS":  "ok",
+
+		// Auth corresponds to the user and password below.
+		"AUTH PLAIN AHVzZXIAcGFzc3dvcmQ=": "235 auth ok\n",
+
+		"MAIL FROM:<me@me>": "250 mail ok\n",
+		"RCPT TO:<to@to>":   "250 rcpt ok\n",
+		"DATA":              "354 send data\n",
+		"_DATA":             "250 data ok\n",
+		"QUIT":              "250 quit ok\n",
+	}
+	srv := newFakeServer(t, responses)
+
+	sh := newSmartHost(t, srv.addr)
+	sh.URL.User = url.UserPassword("user", "password")
+	sh.rootCAs = srv.rootCA()
+	err, _ := sh.Deliver("me@me", "to@to", []byte("data"))
+	if err != nil {
+		t.Errorf("deliver failed: %v", err)
+	}
+
+	srv.wg.Wait()
+}
+
+func TestSmartHostBadAuth(t *testing.T) {
+	// Shorten the total timeout, so the test fails quickly if the protocol
+	// gets stuck.
+	shTotalTimeout = 3 * time.Second
+
+	responses := map[string]string{
+		"_welcome":   "220 welcome\n",
+		"EHLO hello": "250-ehlo ok\n250-STARTTLS\n250 AUTH PLAIN\n",
+		"STARTTLS":   "220 tls ok\n",
+		"_STARTTLS":  "ok",
+
+		// Auth corresponds to the user and password below.
+		"AUTH PLAIN AHVzZXIAcGFzc3dvcmQ=": "454 auth error\n",
+
+		// The client will use an "*" to abort the auth on errors.
+		"*": "501 invalid command\n",
+
+		"QUIT": "250 quit ok\n",
+	}
+	srv := newFakeServer(t, responses)
+
+	sh := newSmartHost(t, srv.addr)
+	sh.URL.User = url.UserPassword("user", "password")
+	sh.rootCAs = srv.rootCA()
+	err, _ := sh.Deliver("me@me", "to@to", []byte("data"))
+	if !strings.HasPrefix(err.Error(), "AUTH error: 454 auth error") {
+		t.Errorf("expected error in AUTH, got %q", err)
+	}
+
+	srv.wg.Wait()
+}
+
+func TestSmartHostBadCert(t *testing.T) {
+	// Shorten the total timeout, so the test fails quickly if the protocol
+	// gets stuck.
+	shTotalTimeout = 3 * time.Second
+
+	responses := map[string]string{
+		"_welcome":   "220 welcome\n",
+		"EHLO hello": "250-ehlo ok\n250 STARTTLS\n",
+		"STARTTLS":   "220 tls ok\n",
+		"_STARTTLS":  "ok",
+	}
+	srv := newFakeServer(t, responses)
+
+	sh := newSmartHost(t, srv.addr)
+	// We do NOT set the root CA to our test server's certificate, so we
+	// expect the STARTTLS negotiation to fail.
+	err, _ := sh.Deliver("me@me", "to@to", []byte("data"))
+	if !strings.HasPrefix(err.Error(), "Error in STARTTLS:") {
+		t.Errorf("expected error in STARTTLS, got %q", err)
+	}
+
+	srv.wg.Wait()
+}
+
+func TestSmartHostErrors(t *testing.T) {
+	// Shorten the total timeout, so the test fails quickly if the protocol
+	// gets stuck.
+	shTotalTimeout = 1 * time.Second
+
+	cases := []struct {
+		responses map[string]string
+		errPrefix string
+	}{
+		// First test: hang response, should fail due to timeout.
+		{
+			map[string]string{"_welcome": "220 no newline"},
+			"",
+		},
+
+		// No STARTTLS support.
+		{
+			map[string]string{
+				"_welcome":   "220 rcpt to not allowed\n",
+				"EHLO hello": "250-ehlo ok\n250 HELP\n",
+			},
+			"Server does not support STARTTLS",
+		},
+
+		// MAIL FROM not allowed.
+		{
+			map[string]string{
+				"_welcome":          "220 mail from not allowed\n",
+				"EHLO hello":        "250-ehlo ok\n250 STARTTLS\n",
+				"STARTTLS":          "220 tls ok\n",
+				"_STARTTLS":         "ok",
+				"MAIL FROM:<me@me>": "501 mail error\n",
+			},
+			"MAIL+RCPT 501 mail error",
+		},
+
+		// RCPT TO not allowed.
+		{
+			map[string]string{
+				"_welcome":          "220 rcpt to not allowed\n",
+				"EHLO hello":        "250-ehlo ok\n250 STARTTLS\n",
+				"STARTTLS":          "220 tls ok\n",
+				"_STARTTLS":         "ok",
+				"MAIL FROM:<me@me>": "250 mail ok\n",
+				"RCPT TO:<to@to>":   "501 rcpt error\n",
+			},
+			"MAIL+RCPT 501 rcpt error",
+		},
+
+		// DATA error.
+		{
+			map[string]string{
+				"_welcome":          "220 data error\n",
+				"EHLO hello":        "250-ehlo ok\n250 STARTTLS\n",
+				"STARTTLS":          "220 tls ok\n",
+				"_STARTTLS":         "ok",
+				"MAIL FROM:<me@me>": "250 mail ok\n",
+				"RCPT TO:<to@to>":   "250 rcpt ok\n",
+				"DATA":              "554 data error\n",
+			},
+			"DATA 554 data error",
+		},
+
+		// DATA response error.
+		{
+			map[string]string{
+				"_welcome":          "220 data error\n",
+				"EHLO hello":        "250-ehlo ok\n250 STARTTLS\n",
+				"STARTTLS":          "220 tls ok\n",
+				"_STARTTLS":         "ok",
+				"MAIL FROM:<me@me>": "250 mail ok\n",
+				"RCPT TO:<to@to>":   "250 rcpt ok\n",
+				"DATA":              "354 send data\n",
+				"_DATA":             "551 data response error\n",
+			},
+			"DATA closing 551 data response error",
+		},
+	}
+
+	for _, c := range cases {
+		srv := newFakeServer(t, c.responses)
+		sh := newSmartHost(t, srv.addr)
+		sh.rootCAs = srv.rootCA()
+
+		err, _ := sh.Deliver("me@me", "to@to", []byte("data"))
+		if err == nil {
+			t.Errorf("deliver not failed in case %q: %v",
+				c.responses["_welcome"], err)
+			continue
+		}
+		t.Logf("failed as expected: %v", err)
+
+		if !strings.HasPrefix(err.Error(), c.errPrefix) {
+			t.Errorf("expected error prefix %q, got %q",
+				c.errPrefix, err)
+		}
+
+		srv.wg.Wait()
+	}
+}
+
+func TestSmartHostDialError(t *testing.T) {
+	sh := newSmartHost(t, "localhost:1")
+	err, permanent := sh.Deliver("me@me", "to@to", []byte("data"))
+	if err == nil {
+		t.Errorf("delivery worked, expected failure")
+	}
+	if permanent {
+		t.Errorf("expected transient failure, got permanent (%v)", err)
+	}
+	t.Logf("got transient failure, as expected: %v", err)
+}