Compare commits
	
		
			11 Commits 
		
	
	
	| Author | SHA1 | Date | 
|---|---|---|
|  | 223b65994c | |
|  | 1af4d062fd | |
|  | e7bdc4e92b | |
|  | 386c80b6a4 | |
|  | 885df1c4ab | |
|  | 90b8ece611 | |
|  | 6fb3d402e5 | |
|  | ddf9566fd9 | |
|  | ef4187459e | |
|  | 71a9b231e3 | |
|  | c101731bcd | 
|  | @ -0,0 +1,24 @@ | |||
| #Start multistage Docker | ||||
| #Stage 1 : build brutalinks | ||||
| 
 | ||||
| 
 | ||||
| FROM golang:latest AS zangbuilder | ||||
| RUN apt install make  git -y | ||||
| RUN mkdir -p /go/src/zangtumb | ||||
| RUN git clone https://git.keinpfusch.net/loweel/zangtumb.git /go/src/zangtumb  | ||||
| WORKDIR /go/src/zangtumb | ||||
| ENV GO111MODULE=auto  | ||||
| RUN go build  | ||||
| 
 | ||||
| 
 | ||||
| #Start multistage Docker | ||||
| #Stage 2 : put pieces together | ||||
| 
 | ||||
| FROM debian:latest  | ||||
| RUN apt update | ||||
| RUN apt upgrade -y | ||||
| RUN apt install ca-certificates -y | ||||
| RUN mkdir -p /opt/zangtumb | ||||
| WORKDIR  /opt/zangtumb | ||||
| COPY --from=zangbuilder /go/src/zangtumb /opt/zangtumb/ | ||||
| ENTRYPOINT ["/opt/zangtumb/zangtumb"] | ||||
							
								
								
									
										295
									
								
								LICENSE
								
								
								
								
							
							
						
						
									
										295
									
								
								LICENSE
								
								
								
								
							|  | @ -1,14 +1,289 @@ | |||
|     Copyright (C) 2020  loweel@keinpfusch.net | ||||
| 
 | ||||
|     This program is free software: you can redistribute it and/or modify | ||||
|     it under the terms of the GNU General Public License as published by | ||||
|     the Free Software Foundation, either version 3 of the License, or | ||||
|     (at your option) any later version. | ||||
|                           EUROPEAN UNION PUBLIC LICENCE v. 1.2 | ||||
|                       EUPL © the European Union 2007, 2016 | ||||
| 
 | ||||
|     This program is distributed in the hope that it will be useful, | ||||
|     but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
|     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||
|     GNU General Public License for more details. | ||||
| This European Union Public Licence (the ‘EUPL’) applies to the Work (as defined | ||||
| below) which is provided under the terms of this Licence. Any use of the Work, | ||||
| other than as authorised under this Licence is prohibited (to the extent such | ||||
| use is covered by a right of the copyright holder of the Work). | ||||
| 
 | ||||
|     You should have received a copy of the GNU General Public License | ||||
|     along with this program.  If not, see <https://www.gnu.org/licenses/>. | ||||
| The Work is provided under the terms of this Licence when the Licensor (as | ||||
| defined below) has placed the following notice immediately following the | ||||
| copyright notice for the Work: | ||||
| 
 | ||||
|         Licensed under the EUPL | ||||
| 
 | ||||
| or has expressed by any other means his willingness to license under the EUPL. | ||||
| 
 | ||||
| 1. Definitions | ||||
| 
 | ||||
| In this Licence, the following terms have the following meaning: | ||||
| 
 | ||||
| - ‘The Licence’: this Licence. | ||||
| 
 | ||||
| - ‘The Original Work’: the work or software distributed or communicated by the | ||||
|   Licensor under this Licence, available as Source Code and also as Executable | ||||
|   Code as the case may be. | ||||
| 
 | ||||
| - ‘Derivative Works’: the works or software that could be created by the | ||||
|   Licensee, based upon the Original Work or modifications thereof. This Licence | ||||
|   does not define the extent of modification or dependence on the Original Work | ||||
|   required in order to classify a work as a Derivative Work; this extent is | ||||
|   determined by copyright law applicable in the country mentioned in Article 15. | ||||
| 
 | ||||
| - ‘The Work’: the Original Work or its Derivative Works. | ||||
| 
 | ||||
| - ‘The Source Code’: the human-readable form of the Work which is the most | ||||
|   convenient for people to study and modify. | ||||
| 
 | ||||
| - ‘The Executable Code’: any code which has generally been compiled and which is | ||||
|   meant to be interpreted by a computer as a program. | ||||
| 
 | ||||
| - ‘The Licensor’: the natural or legal person that distributes or communicates | ||||
|   the Work under the Licence. | ||||
| 
 | ||||
| - ‘Contributor(s)’: any natural or legal person who modifies the Work under the | ||||
|   Licence, or otherwise contributes to the creation of a Derivative Work. | ||||
| 
 | ||||
| - ‘The Licensee’ or ‘You’: any natural or legal person who makes any usage of | ||||
|   the Work under the terms of the Licence. | ||||
| 
 | ||||
| - ‘Distribution’ or ‘Communication’: any act of selling, giving, lending, | ||||
|   renting, distributing, communicating, transmitting, or otherwise making | ||||
|   available, online or offline, copies of the Work or providing access to its | ||||
|   essential functionalities at the disposal of any other natural or legal | ||||
|   person. | ||||
| 
 | ||||
| 2. Scope of the rights granted by the Licence | ||||
| 
 | ||||
| The Licensor hereby grants You a worldwide, royalty-free, non-exclusive, | ||||
| sublicensable licence to do the following, for the duration of copyright vested | ||||
| in the Original Work: | ||||
| 
 | ||||
| - use the Work in any circumstance and for all usage, | ||||
| - reproduce the Work, | ||||
| - modify the Work, and make Derivative Works based upon the Work, | ||||
| - communicate to the public, including the right to make available or display | ||||
|   the Work or copies thereof to the public and perform publicly, as the case may | ||||
|   be, the Work, | ||||
| - distribute the Work or copies thereof, | ||||
| - lend and rent the Work or copies thereof, | ||||
| - sublicense rights in the Work or copies thereof. | ||||
| 
 | ||||
| Those rights can be exercised on any media, supports and formats, whether now | ||||
| known or later invented, as far as the applicable law permits so. | ||||
| 
 | ||||
| In the countries where moral rights apply, the Licensor waives his right to | ||||
| exercise his moral right to the extent allowed by law in order to make effective | ||||
| the licence of the economic rights here above listed. | ||||
| 
 | ||||
| The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to | ||||
| any patents held by the Licensor, to the extent necessary to make use of the | ||||
| rights granted on the Work under this Licence. | ||||
| 
 | ||||
| 3. Communication of the Source Code | ||||
| 
 | ||||
| The Licensor may provide the Work either in its Source Code form, or as | ||||
| Executable Code. If the Work is provided as Executable Code, the Licensor | ||||
| provides in addition a machine-readable copy of the Source Code of the Work | ||||
| along with each copy of the Work that the Licensor distributes or indicates, in | ||||
| a notice following the copyright notice attached to the Work, a repository where | ||||
| the Source Code is easily and freely accessible for as long as the Licensor | ||||
| continues to distribute or communicate the Work. | ||||
| 
 | ||||
| 4. Limitations on copyright | ||||
| 
 | ||||
| Nothing in this Licence is intended to deprive the Licensee of the benefits from | ||||
| any exception or limitation to the exclusive rights of the rights owners in the | ||||
| Work, of the exhaustion of those rights or of other applicable limitations | ||||
| thereto. | ||||
| 
 | ||||
| 5. Obligations of the Licensee | ||||
| 
 | ||||
| The grant of the rights mentioned above is subject to some restrictions and | ||||
| obligations imposed on the Licensee. Those obligations are the following: | ||||
| 
 | ||||
| Attribution right: The Licensee shall keep intact all copyright, patent or | ||||
| trademarks notices and all notices that refer to the Licence and to the | ||||
| disclaimer of warranties. The Licensee must include a copy of such notices and a | ||||
| copy of the Licence with every copy of the Work he/she distributes or | ||||
| communicates. The Licensee must cause any Derivative Work to carry prominent | ||||
| notices stating that the Work has been modified and the date of modification. | ||||
| 
 | ||||
| Copyleft clause: If the Licensee distributes or communicates copies of the | ||||
| Original Works or Derivative Works, this Distribution or Communication will be | ||||
| done under the terms of this Licence or of a later version of this Licence | ||||
| unless the Original Work is expressly distributed only under this version of the | ||||
| Licence — for example by communicating ‘EUPL v. 1.2 only’. The Licensee | ||||
| (becoming Licensor) cannot offer or impose any additional terms or conditions on | ||||
| the Work or Derivative Work that alter or restrict the terms of the Licence. | ||||
| 
 | ||||
| Compatibility clause: If the Licensee Distributes or Communicates Derivative | ||||
| Works or copies thereof based upon both the Work and another work licensed under | ||||
| a Compatible Licence, this Distribution or Communication can be done under the | ||||
| terms of this Compatible Licence. For the sake of this clause, ‘Compatible | ||||
| Licence’ refers to the licences listed in the appendix attached to this Licence. | ||||
| Should the Licensee's obligations under the Compatible Licence conflict with | ||||
| his/her obligations under this Licence, the obligations of the Compatible | ||||
| Licence shall prevail. | ||||
| 
 | ||||
| Provision of Source Code: When distributing or communicating copies of the Work, | ||||
| the Licensee will provide a machine-readable copy of the Source Code or indicate | ||||
| a repository where this Source will be easily and freely available for as long | ||||
| as the Licensee continues to distribute or communicate the Work. | ||||
| 
 | ||||
| Legal Protection: This Licence does not grant permission to use the trade names, | ||||
| trademarks, service marks, or names of the Licensor, except as required for | ||||
| reasonable and customary use in describing the origin of the Work and | ||||
| reproducing the content of the copyright notice. | ||||
| 
 | ||||
| 6. Chain of Authorship | ||||
| 
 | ||||
| The original Licensor warrants that the copyright in the Original Work granted | ||||
| hereunder is owned by him/her or licensed to him/her and that he/she has the | ||||
| power and authority to grant the Licence. | ||||
| 
 | ||||
| Each Contributor warrants that the copyright in the modifications he/she brings | ||||
| to the Work are owned by him/her or licensed to him/her and that he/she has the | ||||
| power and authority to grant the Licence. | ||||
| 
 | ||||
| Each time You accept the Licence, the original Licensor and subsequent | ||||
| Contributors grant You a licence to their contributions to the Work, under the | ||||
| terms of this Licence. | ||||
| 
 | ||||
| 7. Disclaimer of Warranty | ||||
| 
 | ||||
| The Work is a work in progress, which is continuously improved by numerous | ||||
| Contributors. It is not a finished work and may therefore contain defects or | ||||
| ‘bugs’ inherent to this type of development. | ||||
| 
 | ||||
| For the above reason, the Work is provided under the Licence on an ‘as is’ basis | ||||
| and without warranties of any kind concerning the Work, including without | ||||
| limitation merchantability, fitness for a particular purpose, absence of defects | ||||
| or errors, accuracy, non-infringement of intellectual property rights other than | ||||
| copyright as stated in Article 6 of this Licence. | ||||
| 
 | ||||
| This disclaimer of warranty is an essential part of the Licence and a condition | ||||
| for the grant of any rights to the Work. | ||||
| 
 | ||||
| 8. Disclaimer of Liability | ||||
| 
 | ||||
| Except in the cases of wilful misconduct or damages directly caused to natural | ||||
| persons, the Licensor will in no event be liable for any direct or indirect, | ||||
| material or moral, damages of any kind, arising out of the Licence or of the use | ||||
| of the Work, including without limitation, damages for loss of goodwill, work | ||||
| stoppage, computer failure or malfunction, loss of data or any commercial | ||||
| damage, even if the Licensor has been advised of the possibility of such damage. | ||||
| However, the Licensor will be liable under statutory product liability laws as | ||||
| far such laws apply to the Work. | ||||
| 
 | ||||
| 9. Additional agreements | ||||
| 
 | ||||
| While distributing the Work, You may choose to conclude an additional agreement, | ||||
| defining obligations or services consistent with this Licence. However, if | ||||
| accepting obligations, You may act only on your own behalf and on your sole | ||||
| responsibility, not on behalf of the original Licensor or any other Contributor, | ||||
| and only if You agree to indemnify, defend, and hold each Contributor harmless | ||||
| for any liability incurred by, or claims asserted against such Contributor by | ||||
| the fact You have accepted any warranty or additional liability. | ||||
| 
 | ||||
| 10. Acceptance of the Licence | ||||
| 
 | ||||
| The provisions of this Licence can be accepted by clicking on an icon ‘I agree’ | ||||
| placed under the bottom of a window displaying the text of this Licence or by | ||||
| affirming consent in any other similar way, in accordance with the rules of | ||||
| applicable law. Clicking on that icon indicates your clear and irrevocable | ||||
| acceptance of this Licence and all of its terms and conditions. | ||||
| 
 | ||||
| Similarly, you irrevocably accept this Licence and all of its terms and | ||||
| conditions by exercising any rights granted to You by Article 2 of this Licence, | ||||
| such as the use of the Work, the creation by You of a Derivative Work or the | ||||
| Distribution or Communication by You of the Work or copies thereof. | ||||
| 
 | ||||
| 11. Information to the public | ||||
| 
 | ||||
| In case of any Distribution or Communication of the Work by means of electronic | ||||
| communication by You (for example, by offering to download the Work from a | ||||
| remote location) the distribution channel or media (for example, a website) must | ||||
| at least provide to the public the information requested by the applicable law | ||||
| regarding the Licensor, the Licence and the way it may be accessible, concluded, | ||||
| stored and reproduced by the Licensee. | ||||
| 
 | ||||
| 12. Termination of the Licence | ||||
| 
 | ||||
| The Licence and the rights granted hereunder will terminate automatically upon | ||||
| any breach by the Licensee of the terms of the Licence. | ||||
| 
 | ||||
| Such a termination will not terminate the licences of any person who has | ||||
| received the Work from the Licensee under the Licence, provided such persons | ||||
| remain in full compliance with the Licence. | ||||
| 
 | ||||
| 13. Miscellaneous | ||||
| 
 | ||||
| Without prejudice of Article 9 above, the Licence represents the complete | ||||
| agreement between the Parties as to the Work. | ||||
| 
 | ||||
| If any provision of the Licence is invalid or unenforceable under applicable | ||||
| law, this will not affect the validity or enforceability of the Licence as a | ||||
| whole. Such provision will be construed or reformed so as necessary to make it | ||||
| valid and enforceable. | ||||
| 
 | ||||
| The European Commission may publish other linguistic versions or new versions of | ||||
| this Licence or updated versions of the Appendix, so far this is required and | ||||
| reasonable, without reducing the scope of the rights granted by the Licence. New | ||||
| versions of the Licence will be published with a unique version number. | ||||
| 
 | ||||
| All linguistic versions of this Licence, approved by the European Commission, | ||||
| have identical value. Parties can take advantage of the linguistic version of | ||||
| their choice. | ||||
| 
 | ||||
| 14. Jurisdiction | ||||
| 
 | ||||
| Without prejudice to specific agreement between parties, | ||||
| 
 | ||||
| - any litigation resulting from the interpretation of this License, arising | ||||
|   between the European Union institutions, bodies, offices or agencies, as a | ||||
|   Licensor, and any Licensee, will be subject to the jurisdiction of the Court | ||||
|   of Justice of the European Union, as laid down in article 272 of the Treaty on | ||||
|   the Functioning of the European Union, | ||||
| 
 | ||||
| - any litigation arising between other parties and resulting from the | ||||
|   interpretation of this License, will be subject to the exclusive jurisdiction | ||||
|   of the competent court where the Licensor resides or conducts its primary | ||||
|   business. | ||||
| 
 | ||||
| 15. Applicable Law | ||||
| 
 | ||||
| Without prejudice to specific agreement between parties, | ||||
| 
 | ||||
| - this Licence shall be governed by the law of the European Union Member State | ||||
|   where the Licensor has his seat, resides or has his registered office, | ||||
| 
 | ||||
| - this licence shall be governed by Belgian law if the Licensor has no seat, | ||||
|   residence or registered office inside a European Union Member State. | ||||
| 
 | ||||
| Appendix | ||||
| 
 | ||||
| ‘Compatible Licences’ according to Article 5 EUPL are: | ||||
| 
 | ||||
| - GNU General Public License (GPL) v. 2, v. 3 | ||||
| - GNU Affero General Public License (AGPL) v. 3 | ||||
| - Open Software License (OSL) v. 2.1, v. 3.0 | ||||
| - Eclipse Public License (EPL) v. 1.0 | ||||
| - CeCILL v. 2.0, v. 2.1 | ||||
| - Mozilla Public Licence (MPL) v. 2 | ||||
| - GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3 | ||||
| - Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for | ||||
|   works other than software | ||||
| - European Union Public Licence (EUPL) v. 1.1, v. 1.2 | ||||
| - Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong | ||||
|   Reciprocity (LiLiQ-R+). | ||||
| 
 | ||||
| The European Commission may update this Appendix to later versions of the above | ||||
| licences without producing a new version of the EUPL, as long as they provide | ||||
| the rights granted in Article 2 of this Licence and protect the covered Source | ||||
| Code from exclusive appropriation. | ||||
| 
 | ||||
| All other changes or additions to this Appendix require the production of a new | ||||
| EUPL version. | ||||
|  |  | |||
|  | @ -71,20 +71,22 @@ everything is configured using ENV strings , as follows | |||
| | ---------- | --------------------- | ------------------------------------------------------------ | | ||||
| | KEYFILE    | "/certs/mydomain.key" | Path for private key. Only needed when using TLS. Which means, well... it's your email. So you don't want to send it in clear, isn't it? | | ||||
| | CERTFILE   | "/certs/mydomain.crt" | Path for certificate. Only needed when using TLS. Which means, well... it's your email. So you don't want to send it in clear, isn't it? | | ||||
| | DOMAINNAME | "mydomain.tld"        | will declare this value on the banner. No impact on recipients. | | ||||
| | DOMAINNAME | "mydomain.tld"        | will declare this value on the banner. No impact on recipients. Used as CN in self-signed certificates | | ||||
| | LISTEN     | ":5025"               | Address to listen in golang format. This example will listen to port 5025 on all interfaces. You may specify a specific interface like "1.2.3.4:5025" | | ||||
| | RECIPIENTS | "recipients.conf"     | File containing a list with email to serve. One mail address per line. Please notice, that pippo@pluto.com and pippo@paperino.com will end in the same mailbox, "pippo". | | ||||
| | MAILFOLDER | "/zangmail"           | Root of mailfolder. Mail is stored in the default dovecot Maildir format, meaning in the example "/zangmail/%u/Maildir" . | | ||||
| | USETLS     | "true"                | Whether to force all to use TLS or not. yes. Do it.          | | ||||
| 
 | ||||
| 
 | ||||
| Of course , if you put your certificatesinto /certs, (likethe example), this folder MUST exist.  | ||||
| 
 | ||||
| 
 | ||||
| That's it. | ||||
| 
 | ||||
| # FAQ | ||||
| 
 | ||||
| - _This TLS behavior is violating RFC 2487_ | ||||
| - To give a shit of RFCs is a de facto standard. It works, and no spammer will ever buy a certificate per each spambot. | ||||
| - To give a shit of RFCs is a *de facto standard*. Zangtumb works, and no spammer will ever buy a certificate per each spambot. | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
|  |  | |||
|  | @ -5,6 +5,7 @@ import ( | |||
| 	"log" | ||||
| 	"os" | ||||
| 	"strings" | ||||
| 	"sync" | ||||
| ) | ||||
| 
 | ||||
| // The Backend implements SMTP server methods.
 | ||||
|  | @ -17,6 +18,8 @@ type Backend struct { | |||
| 
 | ||||
| var SmtpBackend *Backend | ||||
| 
 | ||||
| var mutex = &sync.Mutex{} | ||||
| 
 | ||||
| // Load Valid Recipients
 | ||||
| func (bkd *Backend) LoadValidRecipients() error { | ||||
| 	bkd.MaxRecipients = 0 | ||||
|  | @ -41,9 +44,13 @@ func (bkd *Backend) LoadValidRecipients() error { | |||
| 
 | ||||
| } | ||||
| 
 | ||||
| // Checks if Mail is a valid recipient
 | ||||
| // Checks if Mail is a valid local recipient
 | ||||
| func (bkd *Backend) CheckValidRcpt(to string) bool { | ||||
| 
 | ||||
| 	defer mutex.Unlock() | ||||
| 
 | ||||
| 	mutex.Lock() | ||||
| 
 | ||||
| 	_, isValid := bkd.ValidRecipientsMap[to] | ||||
| 
 | ||||
| 	return isValid | ||||
|  |  | |||
							
								
								
									
										5
									
								
								go.mod
								
								
								
								
							
							
						
						
									
										5
									
								
								go.mod
								
								
								
								
							|  | @ -2,7 +2,4 @@ module zangtumb | |||
| 
 | ||||
| go 1.13 | ||||
| 
 | ||||
| require ( | ||||
| 	github.com/amalfra/maildir v0.0.7 | ||||
| 	github.com/emersion/go-smtp v0.12.1 // indirect | ||||
| ) | ||||
| require github.com/amalfra/maildir v0.0.7 | ||||
|  |  | |||
							
								
								
									
										4
									
								
								go.sum
								
								
								
								
							
							
						
						
									
										4
									
								
								go.sum
								
								
								
								
							|  | @ -1,6 +1,2 @@ | |||
| github.com/amalfra/maildir v0.0.7 h1:quK6vVGmjqP1zbeo9g7jtx37htGoYrKKlSpcDcplD04= | ||||
| github.com/amalfra/maildir v0.0.7/go.mod h1:+ynYowCpUHTWebUhg3Sb6Jp2dq+SUSWLTSLIf7Vy+ak= | ||||
| github.com/emersion/go-sasl v0.0.0-20190817083125-240c8404624e h1:ba7YsgX5OV8FjGi5ZWml8Jng6oBrJAb3ahqWMJ5Ce8Q= | ||||
| github.com/emersion/go-sasl v0.0.0-20190817083125-240c8404624e/go.mod h1:G/dpzLu16WtQpBfQ/z3LYiYJn3ZhKSGWn83fyoyQe/k= | ||||
| github.com/emersion/go-smtp v0.12.1 h1:1R8BDqrR2HhlGwgFYcOi+BVTvK1bMjAB65QcVpJ5sNA= | ||||
| github.com/emersion/go-smtp v0.12.1/go.mod h1:SD9V/xa4ndMw77lR3Mf7htkp8RBNYuPh9UeuBs9tpUQ= | ||||
|  |  | |||
							
								
								
									
										23
									
								
								handler.go
								
								
								
								
							
							
						
						
									
										23
									
								
								handler.go
								
								
								
								
							|  | @ -4,8 +4,12 @@ import ( | |||
| 	"bytes" | ||||
| 	"log" | ||||
| 	"net" | ||||
|     "time" | ||||
| 	 | ||||
| ) | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| func mailHandler(origin net.Addr, from string, to []string, data []byte) { | ||||
| 	SmtpSession := new(Session) | ||||
| 
 | ||||
|  | @ -20,7 +24,7 @@ func mailHandler(origin net.Addr, from string, to []string, data []byte) { | |||
| 			if dataErr := SmtpSession.Data(bytes.NewReader(data)); dataErr != nil { | ||||
| 				log.Println("Problem Saving Message: ", dataErr.Error()) | ||||
| 			} | ||||
| 			log.Println("Session is: ", SmtpSession) | ||||
| 			 | ||||
| 		} else { | ||||
| 			log.Println(rcptErr) | ||||
| 		} | ||||
|  | @ -28,3 +32,20 @@ func mailHandler(origin net.Addr, from string, to []string, data []byte) { | |||
| 	} | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| func handlerRcpt(remoteAddr net.Addr, from string, to string) bool { | ||||
| 
 | ||||
| 	log.Println("CHECK #2 Rcpt to:", to) | ||||
| 	if !SmtpBackend.CheckValidRcpt(to) { | ||||
| 		log.Printf("%s [ %s -> %s ] %s BAD!!!!", "YU NO MAIL!!! WE NU RELAY!!! ", from, to, remoteAddr.String() ) | ||||
| 		time.Sleep(10 * time.Second) | ||||
| 		return false | ||||
| 	}else{ | ||||
| 		log.Printf("%s [ %s -> %s ] %s GOOD!!!!", "WE DO!!!", from, to, remoteAddr.String() ) | ||||
| 	} | ||||
| 
 | ||||
| 	return true | ||||
| 
 | ||||
| 
 | ||||
| } | ||||
|  |  | |||
							
								
								
									
										4
									
								
								run.sh
								
								
								
								
							
							
						
						
									
										4
									
								
								run.sh
								
								
								
								
							|  | @ -8,11 +8,11 @@ export LISTEN=":1025" | |||
| 
 | ||||
| 
 | ||||
| ##SESSION | ||||
| export RECIPIENTS="./recipients.conf" | ||||
| export RECIPIENTS="./recipients.conf.example" | ||||
| export MAILFOLDER="mail" | ||||
| 
 | ||||
| ##MAIN | ||||
| export USETLS="false" | ||||
| export USETLS="true" | ||||
| 
 | ||||
| ##RUN | ||||
| 
 | ||||
|  |  | |||
							
								
								
									
										10
									
								
								session.go
								
								
								
								
							
							
						
						
									
										10
									
								
								session.go
								
								
								
								
							|  | @ -1,13 +1,13 @@ | |||
| package main | ||||
| 
 | ||||
| import ( | ||||
| 	"errors" | ||||
| 	 | ||||
| 	"fmt" | ||||
| 	"io" | ||||
| 	"io/ioutil" | ||||
| 	"log" | ||||
| 	"strings" | ||||
| 	"time" | ||||
| 	 | ||||
| 
 | ||||
| 	"github.com/amalfra/maildir" | ||||
| ) | ||||
|  | @ -22,11 +22,7 @@ type Session struct { | |||
| } | ||||
| 
 | ||||
| func (s *Session) Rcpt(to string) error { | ||||
| 	log.Println("Rcpt to:", to) | ||||
| 	if !SmtpBackend.CheckValidRcpt(to) { | ||||
| 		time.Sleep(10 * time.Second) | ||||
| 		return errors.New("YU NO MAIL!!! WE NU RELAY") | ||||
| 	} | ||||
| 	log.Println("CHECK #1 Rcpt to:", to) | ||||
| 	s.RcptTo = to | ||||
| 	if strings.Contains(to, "@") { | ||||
| 		rcptArray := strings.Split(to, "@") | ||||
|  |  | |||
|  | @ -41,9 +41,10 @@ type AuthHandler func(remoteAddr net.Addr, mechanism string, username []byte, pa | |||
| // ListenAndServe listens on the TCP network address addr
 | ||||
| // and then calls Serve with handler to handle requests
 | ||||
| // on incoming connections.
 | ||||
| func ListenAndServe(addr string, handler Handler, appname string, hostname string, instance *Server) error { | ||||
| func ListenAndServe(addr string, handler Handler, rcpthandler HandlerRcpt, appname string, hostname string, instance *Server) error { | ||||
| 	srv := instance | ||||
| 	srv.Addr = addr | ||||
| 	srv.HandlerRcpt = rcpthandler | ||||
| 	srv.Handler = handler | ||||
| 	srv.Appname = appname | ||||
| 	srv.Hostname = hostname | ||||
|  | @ -258,6 +259,11 @@ loop: | |||
| 			to = nil | ||||
| 			buffer.Reset() | ||||
| 		case "MAIL": | ||||
| 
 | ||||
| 		    log.Println("TlsConfigExists: " , s.srv.TLSConfig != nil) | ||||
| 			log.Println("TLS_Required: " , s.srv.TLSRequired) | ||||
| 			log.Println("We Are in Clear: ", !s.tls) | ||||
| 		     | ||||
| 			if s.srv.TLSConfig != nil && s.srv.TLSRequired && !s.tls { | ||||
| 				s.writef("530 5.7.0 Must issue a STARTTLS command first") | ||||
| 				break | ||||
|  |  | |||
|  | @ -0,0 +1,289 @@ | |||
| package main | ||||
| 
 | ||||
| 
 | ||||
| import ( | ||||
| 
 | ||||
| 	"crypto/ecdsa" | ||||
| 	"crypto/ed25519" | ||||
| 	"crypto/elliptic" | ||||
| 	"crypto/rand" | ||||
| 	"crypto/rsa" | ||||
| 	"crypto/x509" | ||||
| 	"crypto/x509/pkix" | ||||
| 	"encoding/pem" | ||||
| 	"log" | ||||
| 	"math/big" | ||||
| 	"net" | ||||
| 	"os" | ||||
| 	"strings" | ||||
| 	"time" | ||||
| ) | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| func publicKey(priv interface{}) interface{} { | ||||
| 
 | ||||
| 	switch k := priv.(type) { | ||||
| 
 | ||||
| 	case *rsa.PrivateKey: | ||||
| 
 | ||||
| 		return &k.PublicKey | ||||
| 
 | ||||
| 	case *ecdsa.PrivateKey: | ||||
| 
 | ||||
| 		return &k.PublicKey | ||||
| 
 | ||||
| 	case ed25519.PrivateKey: | ||||
| 
 | ||||
| 		return k.Public().(ed25519.PublicKey) | ||||
| 
 | ||||
| 	default: | ||||
| 
 | ||||
| 		return nil | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| func ZMakecert() { | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 		host       :=  ZangSmtpServer.Hostname | ||||
| 	 | ||||
| 		validFrom  := "" | ||||
| 	 | ||||
| 		validFor   := time.Duration(3650 * 24 * time.Hour)  | ||||
| 	 | ||||
| 		isCA       := true | ||||
| 	 | ||||
| 		rsaBits    := 4096 | ||||
| 	 | ||||
| 		ecdsaCurve := "P256"  | ||||
| 	 | ||||
| 		ed25519Key := true | ||||
| 	 | ||||
| 
 | ||||
| 	var priv interface{} | ||||
| 
 | ||||
| 	var err error | ||||
| 
 | ||||
| 	switch ecdsaCurve { | ||||
| 
 | ||||
| 	case "": | ||||
| 
 | ||||
| 		if ed25519Key { | ||||
| 
 | ||||
| 			_, priv, err = ed25519.GenerateKey(rand.Reader) | ||||
| 
 | ||||
| 		} else { | ||||
| 
 | ||||
| 			priv, err = rsa.GenerateKey(rand.Reader, rsaBits) | ||||
| 
 | ||||
| 		} | ||||
| 
 | ||||
| 	case "P224": | ||||
| 
 | ||||
| 		priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader) | ||||
| 
 | ||||
| 	case "P256": | ||||
| 
 | ||||
| 		priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader) | ||||
| 
 | ||||
| 	case "P384": | ||||
| 
 | ||||
| 		priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader) | ||||
| 
 | ||||
| 	case "P521": | ||||
| 
 | ||||
| 		priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader) | ||||
| 
 | ||||
| 	default: | ||||
| 
 | ||||
| 		log.Fatalf("Unrecognized elliptic curve: %q", ecdsaCurve) | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 	if err != nil { | ||||
| 
 | ||||
| 		log.Fatalf("Failed to generate private key: %v", err) | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 
 | ||||
| 	// ECDSA, ED25519 and RSA subject keys should have the DigitalSignature
 | ||||
| 
 | ||||
| 	// KeyUsage bits set in the x509.Certificate template
 | ||||
| 
 | ||||
| 	keyUsage := x509.KeyUsageDigitalSignature | ||||
| 
 | ||||
| 	// Only RSA subject keys should have the KeyEncipherment KeyUsage bits set. In
 | ||||
| 
 | ||||
| 	// the context of TLS this KeyUsage is particular to RSA key exchange and
 | ||||
| 
 | ||||
| 	// authentication.
 | ||||
| 
 | ||||
| 	if _, isRSA := priv.(*rsa.PrivateKey); isRSA { | ||||
| 
 | ||||
| 		keyUsage |= x509.KeyUsageKeyEncipherment | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 
 | ||||
| 	var notBefore time.Time | ||||
| 
 | ||||
| 	if len(validFrom) == 0 { | ||||
| 
 | ||||
| 		notBefore = time.Now() | ||||
| 
 | ||||
| 	} else { | ||||
| 
 | ||||
| 		notBefore, err = time.Parse("Jan 2 15:04:05 2006", validFrom) | ||||
| 
 | ||||
| 		if err != nil { | ||||
| 
 | ||||
| 			log.Fatalf("Failed to parse creation date: %v", err) | ||||
| 
 | ||||
| 		} | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 
 | ||||
| 	notAfter := notBefore.Add(validFor) | ||||
| 
 | ||||
| 
 | ||||
| 	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) | ||||
| 
 | ||||
| 	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) | ||||
| 
 | ||||
| 	if err != nil { | ||||
| 
 | ||||
| 		log.Fatalf("Failed to generate serial number: %v", err) | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 
 | ||||
| 	template := x509.Certificate{ | ||||
| 
 | ||||
| 		SerialNumber: serialNumber, | ||||
| 
 | ||||
| 		Subject: pkix.Name{ | ||||
| 
 | ||||
| 			Organization:  []string{"ZangTumb Internal CA"}, | ||||
| 			Country:       []string{"00"}, | ||||
| 			Province:      []string{"5a622d3c-f218-11eb-9a03-0242ac130003"}, | ||||
| 			Locality:      []string{"8927f2fa-f218-11eb-9a03-0242ac130003"}, | ||||
| 			StreetAddress: []string{"8927f3ea-f218-11eb-9a03-0242ac130003"}, | ||||
| 			PostalCode:    []string{"666"}, | ||||
| 
 | ||||
| 		}, | ||||
| 
 | ||||
| 		NotBefore: notBefore, | ||||
| 
 | ||||
| 		NotAfter:  notAfter, | ||||
| 
 | ||||
| 
 | ||||
| 		KeyUsage:              keyUsage, | ||||
| 
 | ||||
| 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, | ||||
| 
 | ||||
| 		BasicConstraintsValid: true, | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 
 | ||||
| 	hosts := strings.Split(host, ",") | ||||
| 
 | ||||
| 	for _, h := range hosts { | ||||
| 
 | ||||
| 		if ip := net.ParseIP(h); ip != nil { | ||||
| 
 | ||||
| 			template.IPAddresses = append(template.IPAddresses, ip) | ||||
| 
 | ||||
| 		} else { | ||||
| 
 | ||||
| 			template.DNSNames = append(template.DNSNames, h) | ||||
| 
 | ||||
| 		} | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 
 | ||||
| 	if isCA { | ||||
| 
 | ||||
| 		template.IsCA = true | ||||
| 
 | ||||
| 		template.KeyUsage |= x509.KeyUsageCertSign | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 
 | ||||
| 	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) | ||||
| 
 | ||||
| 	if err != nil { | ||||
| 
 | ||||
| 		log.Fatalf("Failed to create certificate: %v", err) | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 	certOut, err := os.Create(CrtFile) | ||||
| 
 | ||||
| 	if err != nil { | ||||
| 
 | ||||
| 		log.Fatalf("Failed to open cert.pem for writing: %v", err) | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 	if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil { | ||||
| 
 | ||||
| 		log.Fatalf("Failed to write data to cert.pem: %v", err) | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 	if err := certOut.Close(); err != nil { | ||||
| 
 | ||||
| 		log.Fatalf("Error closing cert.pem: %v", err) | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 	log.Println("Finished creating: ", CrtFile) | ||||
| 
 | ||||
| 
 | ||||
| 	keyOut, err := os.OpenFile(KeyFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) | ||||
| 
 | ||||
| 	if err != nil { | ||||
| 
 | ||||
| 		log.Fatalf("Failed to open key.pem for writing: %v", err) | ||||
| 
 | ||||
| 		return | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 	privBytes, err := x509.MarshalPKCS8PrivateKey(priv) | ||||
| 
 | ||||
| 	if err != nil { | ||||
| 
 | ||||
| 		log.Fatalf("Unable to marshal private key: %v", err) | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 	if err := pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil { | ||||
| 
 | ||||
| 		log.Fatalf("Failed to write data to key.pem: %v", err) | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 	if err := keyOut.Close(); err != nil { | ||||
| 
 | ||||
| 		log.Fatalf("Error closing key.pem: %v", err) | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 	log.Println("Finished creating: ", KeyFile) | ||||
| 
 | ||||
| } | ||||
							
								
								
									
										19
									
								
								zangtumb.go
								
								
								
								
							
							
						
						
									
										19
									
								
								zangtumb.go
								
								
								
								
							|  | @ -36,11 +36,11 @@ func init() { | |||
| 	} | ||||
| 
 | ||||
| 	if os.Getenv("USETLS") == "true" { | ||||
| 
 | ||||
| 		ZangSmtpServer.ConfigureTLS(CrtFile, KeyFile) | ||||
| 		log.Println("Preparing TLS Keys") | ||||
| 		ZMakecert() | ||||
| 		ZangSmtpServer.TLSListener = false | ||||
| 		ZangSmtpServer.TLSRequired = true | ||||
| 		log.Println("Using TLS") | ||||
| 		log.Println("Using TLS: ", ZangSmtpServer.TLSRequired) | ||||
| 
 | ||||
| 	} else { | ||||
| 
 | ||||
|  | @ -49,12 +49,21 @@ func init() { | |||
| 		log.Println("WARNING: NOT Using TLS") | ||||
| 	} | ||||
| 
 | ||||
| 	 | ||||
| 
 | ||||
| 	log.Println("Ready to start the server.") | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| func main() { | ||||
| 
 | ||||
| 	if err := smtpd.ListenAndServe(ListenAddr, mailHandler, AppName, ServerName, ZangSmtpServer); err != nil { | ||||
| 	log.Println("Starting the server....") | ||||
| 	 | ||||
| 	ZangSmtpServer.ConfigureTLS(CrtFile, KeyFile) | ||||
| 
 | ||||
| 	defer log.Println("Shutting down the server") | ||||
| 
 | ||||
| 	if err := smtpd.ListenAndServe(ListenAddr, mailHandler, handlerRcpt, AppName, ServerName, ZangSmtpServer); err != nil { | ||||
| 		log.Panicln("Ops. Something went wrong: ", err.Error()) | ||||
| 	} | ||||
| 
 | ||||
| } | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue