mirror of
https://github.com/jhillyerd/inbucket.git
synced 2025-12-18 10:07:02 +00:00
Add a ForceTLS flag for SMTP. (#402)
When this is enabled, the server listens with TLS instead of waiting for STARTTLS. Signed-off-by: Benson Margulies <bimargulies@google.com>
This commit is contained in:
Benson Margulies
@@ -90,6 +90,7 @@ type SMTP struct {
|
|||||||
TLSPrivKey string `default:"cert.key" desc:"X509 Private Key file for TLS Support"`
|
TLSPrivKey string `default:"cert.key" desc:"X509 Private Key file for TLS Support"`
|
||||||
TLSCert string `default:"cert.crt" desc:"X509 Public Certificate file for TLS Support"`
|
TLSCert string `default:"cert.crt" desc:"X509 Public Certificate file for TLS Support"`
|
||||||
Debug bool `ignored:"true"`
|
Debug bool `ignored:"true"`
|
||||||
|
ForceTLS bool `default:"false" desc:"Listen for connections with TLS."`
|
||||||
}
|
}
|
||||||
|
|
||||||
// POP3 contains the POP3 server configuration.
|
// POP3 contains the POP3 server configuration.
|
||||||
|
|||||||
@@ -119,7 +119,7 @@ func NewSession(server *Server, id int, conn net.Conn, logger zerolog.Logger) *S
|
|||||||
reader := bufio.NewReader(conn)
|
reader := bufio.NewReader(conn)
|
||||||
host, _, _ := net.SplitHostPort(conn.RemoteAddr().String())
|
host, _, _ := net.SplitHostPort(conn.RemoteAddr().String())
|
||||||
|
|
||||||
return &Session{
|
session := &Session{
|
||||||
Server: server,
|
Server: server,
|
||||||
id: id,
|
id: id,
|
||||||
conn: conn,
|
conn: conn,
|
||||||
@@ -131,6 +131,11 @@ func NewSession(server *Server, id int, conn net.Conn, logger zerolog.Logger) *S
|
|||||||
debug: server.config.Debug,
|
debug: server.config.Debug,
|
||||||
text: textproto.NewConn(conn),
|
text: textproto.NewConn(conn),
|
||||||
}
|
}
|
||||||
|
if server.config.ForceTLS {
|
||||||
|
session.tlsState = new(tls.ConnectionState)
|
||||||
|
*session.tlsState = conn.(*tls.Conn).ConnectionState()
|
||||||
|
}
|
||||||
|
return session
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Session) String() string {
|
func (s *Session) String() string {
|
||||||
@@ -289,7 +294,7 @@ func (s *Session) greetHandler(cmd string, arg string) {
|
|||||||
s.send("250-" + readyBanner)
|
s.send("250-" + readyBanner)
|
||||||
s.send("250-8BITMIME")
|
s.send("250-8BITMIME")
|
||||||
s.send("250-AUTH PLAIN LOGIN")
|
s.send("250-AUTH PLAIN LOGIN")
|
||||||
if s.Server.config.TLSEnabled && s.Server.tlsConfig != nil && s.tlsState == nil {
|
if s.Server.config.TLSEnabled && !s.Server.config.ForceTLS && s.Server.tlsConfig != nil && s.tlsState == nil {
|
||||||
s.send("250-STARTTLS")
|
s.send("250-STARTTLS")
|
||||||
}
|
}
|
||||||
s.send(fmt.Sprintf("250 SIZE %v", s.config.MaxMessageBytes))
|
s.send(fmt.Sprintf("250 SIZE %v", s.config.MaxMessageBytes))
|
||||||
|
|||||||
@@ -113,7 +113,11 @@ func (s *Server) Start(ctx context.Context, readyFunc func()) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
slog.Info().Str("addr", addr.String()).Msg("SMTP listening on tcp4")
|
slog.Info().Str("addr", addr.String()).Msg("SMTP listening on tcp4")
|
||||||
|
if s.config.ForceTLS {
|
||||||
|
s.listener, err = tls.Listen("tcp4", addr.String(), s.tlsConfig)
|
||||||
|
} else {
|
||||||
s.listener, err = net.ListenTCP("tcp4", addr)
|
s.listener, err = net.ListenTCP("tcp4", addr)
|
||||||
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
slog.Error().Err(err).Msg("Failed to start tcp4 listener")
|
slog.Error().Err(err).Msg("Failed to start tcp4 listener")
|
||||||
s.notify <- err
|
s.notify <- err
|
||||||
|
|||||||
Reference in New Issue
Block a user