aliases: Implement "via" aliases

This patch implements "via" aliases, which let us explicitly select a
server to use for delivery.

This feature is useful in different scenarios, such as a secondary MX
server that forwards all incoming email to a primary.

For now, it is experimental and the syntax and semantics are subject to
change.

internal/queue/queue.go

@@ -191,6 +191,9 @@ func (q *Queue) Put(tr *trace.Trace, from string, to []string, data []byte) (str
 				r.Type = Recipient_EMAIL
 			case aliases.PIPE:
 				r.Type = Recipient_PIPE
+			case aliases.FORWARD:
+				r.Type = Recipient_FORWARD
+				r.Via = aliasRcpt.Via
 			default:
 				log.Errorf("unknown alias type %v when resolving %q",
 					aliasRcpt.Type, t)
@@ -387,6 +390,21 @@ func (item *Item) deliver(q *Queue, rcpt *Recipient) (err error, permanent bool)
 		return cmd.Run(), true
 	}
 
+	// Recipient type is FORWARD: we always use the remote courier, and pass
+	// the list of servers that was given to us.
+	if rcpt.Type == Recipient_FORWARD {
+		deliverAttempts.Add("forward", 1)
+
+		// When forwarding with an explicit list of servers, we use SRS if
+		// we're sending from a non-local domain (regardless of the
+		// destination).
+		from := item.From
+		if !envelope.DomainIn(item.From, q.localDomains) {
+			from = rewriteSender(item.From, rcpt.OriginalAddress)
+		}
+		return q.remoteC.Forward(from, rcpt.Address, item.Data, rcpt.Via)
+	}
+
 	// Recipient type is EMAIL.
 	if envelope.DomainIn(rcpt.Address, q.localDomains) {
 		deliverAttempts.Add("email:local", 1)
@@ -396,24 +414,32 @@ func (item *Item) deliver(q *Queue, rcpt *Recipient) (err error, permanent bool)
 	deliverAttempts.Add("email:remote", 1)
 	from := item.From
 	if !envelope.DomainIn(item.From, q.localDomains) {
-		// We're sending from a non-local to a non-local. This should
-		// happen only when there's an alias to forward email to a
-		// non-local domain.  In this case, using the original From is
-		// problematic, as we may not be an authorized sender for this.
-		// Some MTAs (like Exim) will do it anyway, others (like
-		// gmail) will construct a special address based on the
-		// original address.  We go with the latter.
-		// Note this assumes "+" is an alias suffix separator.
-		// We use the IDNA version of the domain if possible, because
-		// we can't know if the other side will support SMTPUTF8.
-		from = fmt.Sprintf("%s+fwd_from=%s@%s",
-			envelope.UserOf(rcpt.OriginalAddress),
-			strings.Replace(from, "@", "=", -1),
-			mustIDNAToASCII(envelope.DomainOf(rcpt.OriginalAddress)))
+		// We're sending from a non-local to a non-local, need to do SRS.
+		from = rewriteSender(item.From, rcpt.OriginalAddress)
 	}
 	return q.remoteC.Deliver(from, rcpt.Address, item.Data)
 }
 
+func rewriteSender(from, originalAddr string) string {
+	// Apply a send-only Sender Rewriting Scheme (SRS).
+	// This is used when we are sending from a (potentially) non-local domain,
+	// to a non-local domain.
+	// This should happen only when there's an alias to forward email to a
+	// non-local domain (either a normal "email" alias with a remote
+	// destination, or a "forward" alias with a list of servers).
+	// In this case, using the original From is problematic, as we may not be
+	// an authorized sender for this.
+	// To do this, we use a sender rewriting scheme, similar to what other
+	// MTAs do (e.g. gmail or postfix).
+	// Note this assumes "+" is an alias suffix separator.
+	// We use the IDNA version of the domain if possible, because
+	// we can't know if the other side will support SMTPUTF8.
+	return fmt.Sprintf("%s+fwd_from=%s@%s",
+		envelope.UserOf(originalAddr),
+		strings.Replace(from, "@", "=", -1),
+		mustIDNAToASCII(envelope.DomainOf(originalAddr)))
+}
+
 // countRcpt counts how many recipients are in the given status.
 func (item *Item) countRcpt(statuses ...Recipient_Status) int {
 	c := 0

internal/queue/queue.pb.go

@@ -23,8 +23,9 @@ const (
 type Recipient_Type int32
 
 const (
-	Recipient_EMAIL Recipient_Type = 0
-	Recipient_PIPE  Recipient_Type = 1
+	Recipient_EMAIL   Recipient_Type = 0
+	Recipient_PIPE    Recipient_Type = 1
+	Recipient_FORWARD Recipient_Type = 2
 )
 
 // Enum value maps for Recipient_Type.
@@ -32,10 +33,12 @@ var (
 	Recipient_Type_name = map[int32]string{
 		0: "EMAIL",
 		1: "PIPE",
+		2: "FORWARD",
 	}
 	Recipient_Type_value = map[string]int32{
-		"EMAIL": 0,
-		"PIPE":  1,
+		"EMAIL":   0,
+		"PIPE":    1,
+		"FORWARD": 2,
 	}
 )
 
@@ -221,6 +224,8 @@ type Recipient struct {
 	// This is before expanding aliases and only used in very particular
 	// cases.
 	OriginalAddress string `protobuf:"bytes,5,opt,name=original_address,json=originalAddress,proto3" json:"original_address,omitempty"`
+	// The list of servers to use, for recipients of type == FORWARD.
+	Via []string `protobuf:"bytes,6,rep,name=via,proto3" json:"via,omitempty"`
 }
 
 func (x *Recipient) Reset() {
@@ -290,6 +295,13 @@ func (x *Recipient) GetOriginalAddress() string {
 	return ""
 }
 
+func (x *Recipient) GetVia() []string {
+	if x != nil {
+		return x.Via
+	}
+	return nil
+}
+
 // Timestamp representation, for convenience.
 // We used to use the well-known type, but the dependency makes packaging much
 // more convoluted and adds very little value, so we now just include it here.
@@ -365,7 +377,7 @@ var file_queue_proto_rawDesc = []byte{
 	0x0a, 0x0d, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x5f, 0x74, 0x73, 0x18,
 	0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x71, 0x75, 0x65, 0x75, 0x65, 0x2e, 0x54, 0x69,
 	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64,
-	0x41, 0x74, 0x54, 0x73, 0x22, 0xa8, 0x02, 0x0a, 0x09, 0x52, 0x65, 0x63, 0x69, 0x70, 0x69, 0x65,
+	0x41, 0x74, 0x54, 0x73, 0x22, 0xc7, 0x02, 0x0a, 0x09, 0x52, 0x65, 0x63, 0x69, 0x70, 0x69, 0x65,
 	0x6e, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20,
 	0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x29, 0x0a, 0x04,
 	0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x71, 0x75, 0x65,
@@ -379,19 +391,20 @@ var file_queue_proto_rawDesc = []byte{
 	0x75, 0x72, 0x65, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x6f, 0x72,
 	0x69, 0x67, 0x69, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x05,
 	0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x6c, 0x41, 0x64,
-	0x64, 0x72, 0x65, 0x73, 0x73, 0x22, 0x1b, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x09, 0x0a,
-	0x05, 0x45, 0x4d, 0x41, 0x49, 0x4c, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x50, 0x49, 0x50, 0x45,
-	0x10, 0x01, 0x22, 0x2b, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0b, 0x0a, 0x07,
-	0x50, 0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x45, 0x4e,
-	0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x10, 0x02, 0x22,
-	0x3b, 0x0a, 0x09, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x18, 0x0a, 0x07,
-	0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x73,
-	0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6e, 0x6f, 0x73, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x6e, 0x61, 0x6e, 0x6f, 0x73, 0x42, 0x2b, 0x5a, 0x29,
-	0x62, 0x6c, 0x69, 0x74, 0x69, 0x72, 0x69, 0x2e, 0x63, 0x6f, 0x6d, 0x2e, 0x61, 0x72, 0x2f, 0x67,
-	0x6f, 0x2f, 0x63, 0x68, 0x61, 0x73, 0x71, 0x75, 0x69, 0x64, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x6e, 0x61, 0x6c, 0x2f, 0x71, 0x75, 0x65, 0x75, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x33,
+	0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x76, 0x69, 0x61, 0x18, 0x06, 0x20, 0x03,
+	0x28, 0x09, 0x52, 0x03, 0x76, 0x69, 0x61, 0x22, 0x28, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12,
+	0x09, 0x0a, 0x05, 0x45, 0x4d, 0x41, 0x49, 0x4c, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x50, 0x49,
+	0x50, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x4f, 0x52, 0x57, 0x41, 0x52, 0x44, 0x10,
+	0x02, 0x22, 0x2b, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0b, 0x0a, 0x07, 0x50,
+	0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x45, 0x4e, 0x54,
+	0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x10, 0x02, 0x22, 0x3b,
+	0x0a, 0x09, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x73,
+	0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x73, 0x65,
+	0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6e, 0x6f, 0x73, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x6e, 0x61, 0x6e, 0x6f, 0x73, 0x42, 0x2b, 0x5a, 0x29, 0x62,
+	0x6c, 0x69, 0x74, 0x69, 0x72, 0x69, 0x2e, 0x63, 0x6f, 0x6d, 0x2e, 0x61, 0x72, 0x2f, 0x67, 0x6f,
+	0x2f, 0x63, 0x68, 0x61, 0x73, 0x71, 0x75, 0x69, 0x64, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
+	0x61, 0x6c, 0x2f, 0x71, 0x75, 0x65, 0x75, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (

internal/queue/queue.proto

@@ -27,6 +27,7 @@ message Recipient {
 	enum Type {
 		EMAIL = 0;
 		PIPE = 1;
+                FORWARD = 2;
 	}
 	Type type = 2;
 
@@ -43,6 +44,9 @@ message Recipient {
 	// This is before expanding aliases and only used in very particular
 	// cases.
 	string original_address = 5;
+
+        // The list of servers to use, for recipients of type == FORWARD.
+        repeated string via = 6;
 }
 
 // Timestamp representation, for convenience.

internal/queue/queue_test.go

@@ -127,28 +127,52 @@ func TestAliases(t *testing.T) {
 	defer tr.Finish()
 
 	q.aliases.AddDomain("loco")
-	q.aliases.AddAliasForTesting("ab@loco", "pq@loco", aliases.EMAIL)
-	q.aliases.AddAliasForTesting("ab@loco", "rs@loco", aliases.EMAIL)
-	q.aliases.AddAliasForTesting("cd@loco", "ata@hualpa", aliases.EMAIL)
+	q.aliases.AddAliasForTesting("ab@loco", "pq@loco", nil, aliases.EMAIL)
+	q.aliases.AddAliasForTesting("ab@loco", "rs@loco", nil, aliases.EMAIL)
+	q.aliases.AddAliasForTesting("cd@loco", "ata@hualpa", nil, aliases.EMAIL)
+	q.aliases.AddAliasForTesting(
+		"fwd@loco", "fwd@loco", []string{"server"}, aliases.FORWARD)
+	q.aliases.AddAliasForTesting(
+		"remote@loco", "remote@rana", []string{"server"}, aliases.FORWARD)
 	// Note the pipe aliases are tested below, as they don't use the couriers
 	// and it can be quite inconvenient to test them in this way.
 
 	localC.Expect(2)
-	remoteC.Expect(1)
-	_, err := q.Put(tr, "from", []string{"ab@loco", "cd@loco"}, []byte("data"))
+	remoteC.Expect(3)
+
+	// One email from a local domain: from@loco -> ab@loco, cd@loco, fwd@loco.
+	_, err := q.Put(tr, "from@loco",
+		[]string{"ab@loco", "cd@loco", "fwd@loco"},
+		[]byte("data"))
 	if err != nil {
 		t.Fatalf("Put: %v", err)
 	}
+
+	// And another from a remote domain: from@rana -> remote@loco
+	_, err = q.Put(tr, "from@rana",
+		[]string{"remote@loco"},
+		[]byte("data"))
+	if err != nil {
+		t.Fatalf("Put: %v", err)
+	}
+
 	localC.Wait()
 	remoteC.Wait()
 
 	cases := []struct {
-		courier    *testlib.TestCourier
-		expectedTo string
+		courier      *testlib.TestCourier
+		expectedFrom string
+		expectedTo   string
 	}{
-		{localC, "pq@loco"},
-		{localC, "rs@loco"},
-		{remoteC, "ata@hualpa"},
+		// From the local domain: from@loco
+		{localC, "from@loco", "pq@loco"},
+		{localC, "from@loco", "rs@loco"},
+		{remoteC, "from@loco", "ata@hualpa"},
+		{remoteC, "from@loco", "fwd@loco"},
+
+		// From the remote domain: from@rana.
+		// Note the SRS in the remoteC.
+		{remoteC, "remote+fwd_from=from=rana@loco", "remote@rana"},
 	}
 	for _, c := range cases {
 		req := c.courier.ReqFor[c.expectedTo]
@@ -157,9 +181,9 @@ func TestAliases(t *testing.T) {
 			continue
 		}
 
-		if req.From != "from" || req.To != c.expectedTo ||
+		if req.From != c.expectedFrom || req.To != c.expectedTo ||
 			!bytes.Equal(req.Data, []byte("data")) {
-			t.Errorf("wrong request for %q: %v", c.expectedTo, req)
+			t.Errorf("wrong request for %q: %v", c.expectedTo, *req)
 		}
 	}
 }