Implement HAProxy protocol support

This patch implements support for incoming connections wrapped in the
HAProxy protocol v1.

This is useful when running chasquid behind a HAProxy server, as it
needs the original source IP to perform SPF checks.

This patch is a reimplementation of one originally provided by Denys
Vitali in pull request #15, except the logic for the protocol handling
is moved to a new package, and the smtpsrv.Conn handling of the source
IP is simplified.

It is marked as experimental for now, since we want to give it a bit
more exposure just in case the option/api needs adjustment.

Thanks a lot to Denys Vitali (@denysvitali in github) for sending the
original patch for this, and helping test it!

test/Dockerfile

@@ -25,7 +25,8 @@ RUN apt-get install -y -q python3 msmtp
 # Install the optional packages for the integration tests.
 RUN apt-get install -y -q \
 	gettext-base dovecot-imapd \
-	exim4-daemon-light
+	exim4-daemon-light \
+	haproxy
 
 # Install sudo, needed for the docker entrypoint.
 RUN apt-get install -y -q sudo

test/README.md

@@ -40,6 +40,8 @@ if the dependencies are not found:
 - `t-15-driusan_dkim` DKIM integration tests:
     - The `dkimsign dkimverify dkimkeygen` binaries, from
       [driusan/dkim](https://github.com/driusan/dkim) (no Debian package yet).
+- `t-18-haproxy` HAProxy integration tests:
+    - `haproxy`
 
 For some tests, python >= 3.5 is required; they will be skipped if it's not
 available.

test/t-18-haproxy/config/chasquid.conf

@@ -0,0 +1,12 @@
+smtp_address: ":2025"
+submission_address: ":2587"
+submission_over_tls_address: ":2465"
+monitoring_address: ":2099"
+
+mail_delivery_agent_bin: "test-mda"
+mail_delivery_agent_args: "%to%"
+
+data_dir: "../.data"
+mail_log_path: "../.logs/mail_log"
+
+haproxy_incoming: true

test/t-18-haproxy/content

@@ -0,0 +1,4 @@
+Subject: Prueba desde el test
+
+Crece desde el test el futuro
+Crece desde el test

test/t-18-haproxy/haproxy.cfg

@@ -0,0 +1,7 @@
+global
+	debug
+
+listen smtp-in
+	mode tcp
+	bind *:1025
+	server srv1 localhost:2025 send-proxy

test/t-18-haproxy/hosts

@@ -0,0 +1 @@
+testserver localhost

test/t-18-haproxy/msmtprc

@@ -0,0 +1,14 @@
+account default
+
+host testserver
+port 1025
+
+tls on
+tls_trust_file config/certs/testserver/fullchain.pem
+
+from user@testserver
+
+auth on
+user user@testserver
+password secretpassword
+

test/t-18-haproxy/run.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+set -e
+. $(dirname ${0})/../util/lib.sh
+
+init
+
+mkdir -p .logs
+
+if ! haproxy -v > /dev/null; then
+	skip "haproxy binary not found"
+	exit 0
+fi
+
+# Set a 2m timeout: if there are issues with haproxy, the wait tends to hang
+# indefinitely, so an explicit timeout helps with test automation.
+timeout 2m
+
+# Launch haproxy in the background, checking config first to fail fast in that
+# case.
+haproxy -f haproxy.cfg -c
+haproxy -f haproxy.cfg > .logs/haproxy.log 2>&1 &
+
+generate_certs_for testserver
+add_user user@testserver secretpassword
+add_user someone@testserver secretpassword
+
+chasquid -v=2 --logfile=.logs/chasquid.log --config_dir=config &
+
+wait_until_ready 1025 # haproxy
+wait_until_ready 2025 # chasquid
+
+run_msmtp someone@testserver < content
+
+wait_for_file .mail/someone@testserver
+
+mail_diff content .mail/someone@testserver
+
+success

test/util/lib.sh

@@ -123,6 +123,15 @@ function fexp() {
 	${UTILDIR}/fexp "$@"
 }
 
+function timeout() {
+	MYPID=$$
+	(
+		sleep $1
+		echo "timed out after $1, killing test"
+		kill -9 $MYPID
+	) &
+}
+
 function success() {
 	echo success
 }