courier/smtp: Retry over plaintext on STARTTLS errors

When the SMTP courier gets an error on STARTTLS (either because the
command itself failed, or because there was a low-level TLS negotiation
error), today we just fail that attempt.

This can cause messages to never be delivered if the underlying reason
is a server misconfiguration (e.g. a server certificate that Go cannot
parse). This is quite rare in practice, but it can happen.

To prevent this situation, this patch adds logic so that the SMTP
courier retries over plaintext when STARTTLS fails.

This is still subject to security level checks, so this type of failures
cannot be used to downgrade connections to domains we successfully
established a TLS connection previously.

Note that certificate validation issues are NOT included in this
type of failure, so they will not trigger a retry. The certificate
validation handling is unchanged by this patch.

internal/courier/fakeserver_test.go

@@ -20,14 +20,16 @@ type FakeServer struct {
 	responses map[string]string
 	wg        *sync.WaitGroup
 	addr      string
+	conns     int
 	tlsConfig *tls.Config
 }
 
-func newFakeServer(t *testing.T, responses map[string]string) *FakeServer {
+func newFakeServer(t *testing.T, responses map[string]string, conns int) *FakeServer {
 	s := &FakeServer{
 		t:         t,
 		tmpDir:    testlib.MustTempDir(t),
 		responses: responses,
+		conns:     conns,
 		wg:        &sync.WaitGroup{},
 	}
 	s.start()
@@ -82,11 +84,10 @@ func (s *FakeServer) start() string {
 
 	s.initTLS()
 
-	s.wg.Add(1)
+	s.wg.Add(s.conns)
 
-	go func() {
+	accept := func() {
 		defer s.wg.Done()
-		defer l.Close()
 
 		c, err := l.Accept()
 		if err != nil {
@@ -134,7 +135,11 @@ func (s *FakeServer) start() string {
 				c.Write([]byte(s.responses["_DATA"]))
 			}
 		}
-	}()
+	}
+
+	for i := 0; i < s.conns; i++ {
+		go accept()
+	}
 
 	return s.addr
 }