public void handleRequest(Connection conn) throws IOException {
conn.setTimeout(5 * 60 * 1000);
conn.setNewline("\r\n");
- conn.println("220 " + conn.vhost + " SMTP " + this.getClass().getName());
+ conn.println("220 " + conn.vhost + " ESMTP " + this.getClass().getName());
Address from = null;
Vector to = new Vector();
boolean ehlo = false;
String remotehost = null;
+ String authenticatedAs = null;
for(String command = conn.readln(); ; command = conn.readln()) try {
if (command == null) return;
- //Log.warn("**"+conn.getRemoteAddress()+"**", command);
+ Log.warn("**"+conn.getRemoteAddress()+"**", command);
String c = command.toUpperCase();
if (c.startsWith("HELO")) {
remotehost = c.substring(5).trim();
from = null; to = new Vector();
} else if (c.startsWith("EHLO")) {
remotehost = c.substring(5).trim();
- conn.println("250 "+conn.vhost+" greets " + remotehost);
+ conn.println("250-"+conn.vhost);
+ //conn.println("250-AUTH");
+ conn.println("250-AUTH PLAIN");
+ //conn.println("250-STARTTLS");
+ conn.println("250 HELP");
ehlo = true;
from = null; to = new Vector();
} else if (c.startsWith("RSET")) { conn.println("250 reset ok"); from = null; to = new Vector();
} else if (c.startsWith("EXPN")) { conn.println("502 EXPN not supported");
} else if (c.startsWith("NOOP")) { conn.println("250 OK");
} else if (c.startsWith("QUIT")) { conn.println("221 " + conn.vhost + " closing connection"); return;
+ } else if (c.startsWith("STARTTLS")) {
+ conn.println("220 starting TLS...");
+ conn.flush();
+ conn = conn.negotiateSSL(true);
+ from = null; to = new Vector();
+ } else if (c.startsWith("AUTH")) {
+ if (authenticatedAs != null) {
+ conn.println("503 you are already authenticated; you must reconnect to reauth");
+ } else {
+ String mechanism = command.substring(4).trim();
+ String rest = "";
+ if (mechanism.indexOf(' ')!=-1) {
+ rest = mechanism.substring(mechanism.indexOf(' ')+1).trim();
+ mechanism = mechanism.substring(0, mechanism.indexOf(' '));
+ }
+ if (mechanism.equals("PLAIN")) {
+ // 538 Encryption required for requested authentication mechanism?
+ byte[] bytes = Encode.fromBase64(rest);
+ String authenticateUser = null;
+ String authorizeUser = null;
+ String password = null;
+ int start = 0;
+ for(int i=0; i<=bytes.length; i++) {
+ if (i<bytes.length && bytes[i]!=0) continue;
+ String result = new String(bytes, start, i-start, "UTF-8");
+ if (authenticateUser==null) authenticateUser = result;
+ else if (authorizeUser==null) authorizeUser = result;
+ else if (password==null) password = result;
+ start = i+1;
+ }
+ // FIXME: be smarter here
+ if (Main.auth.login(authorizeUser, password)!=null)
+ authenticatedAs = authenticateUser;
+ conn.println("235 Authentication successful");
+ /*
+ } else if (mechanism.equals("CRAM-MD5")) {
+ String challenge = ;
+ conn.println("334 "+challenge);
+ String resp = conn.readln();
+ if (resp.equals("*")) {
+ conn.println("501 client requested AUTH cancellation");
+ }
+ } else if (mechanism.equals("ANONYMOUS")) {
+ } else if (mechanism.equals("EXTERNAL")) {
+ } else if (mechanism.equals("DIGEST-MD5")) {
+ */
+ } else {
+ conn.println("504 unrecognized authentication type");
+ }
+ // on success, reset to initial state; client will EHLO again
+ from = null; to = new Vector();
+ }
} else if (c.startsWith("MAIL FROM:")) {
command = command.substring(10).trim();
from = command.equals("<>") ? null : new Address(command);
command = command.substring(8).trim();
if(command.indexOf(' ') != -1) command = command.substring(0, command.indexOf(' '));
Address addr = new Address(command);
- /*
- Log.warn("**"+conn.getRemoteAddress()+"**",
- "addr.isLocal(): " + addr.isLocal() + "\n" +
- "conn.getRemoteAddress().isLoopbackAddress(): " + conn.getRemoteAddress().isLoopbackAddress() + "\n" +
- "johnw: " + (from!=null&&from.toString().indexOf("johnw")!=-1) + "\n"
- );
- */
if (addr.isLocal()) {
// FEATURE: should check the address further and give 550 if undeliverable
conn.println("250 " + addr + " is on this machine; I will deliver it");
} else if (conn.getRemoteAddress().isLoopbackAddress() || (from!=null&&from.toString().indexOf("johnw")!=-1)) {
conn.println("250 you are connected locally, so I will let you send");
to.addElement(addr);
+ whitelist.addWhitelist(addr);
+ } else if (authenticatedAs!=null) {
+ conn.println("250 you are authenticated as "+authenticatedAs+", so I will let you send");
+ to.addElement(addr);
+ whitelist.addWhitelist(addr);
} else {
- conn.println("551 sorry, " + addr + " is not on this machine");
+ conn.println("535 sorry, " + addr + " is not on this machine, you are not connected from localhost, and I will not relay without SMTP AUTH");
+ Log.warn("","535 sorry, " + addr + " is not on this machine, you are not connected from localhost, and I will not relay without SMTP AUTH");
}
conn.flush();
} else if (c.startsWith("DATA")) {
//if (from == null) { conn.println("503 MAIL FROM command must precede DATA"); continue; }
if (to == null || to.size()==0) { conn.println("503 RCPT TO command must precede DATA"); continue; }
- if (!graylist.isWhitelisted(conn.getRemoteAddress()) && !conn.getRemoteAddress().isLoopbackAddress()) {
+ if (!graylist.isWhitelisted(conn.getRemoteAddress()) && !conn.getRemoteAddress().isLoopbackAddress() && authenticatedAs==null) {
long when = graylist.getGrayListTimestamp(conn.getRemoteAddress(), from+"", to+"");
if (when == 0 || System.currentTimeMillis() - when > GRAYLIST_MAXWAIT) {
graylist.setGrayListTimestamp(conn.getRemoteAddress(), from+"", to+"", System.currentTimeMillis());
}
conn.flush();
try {
+ // FIXME: deal with messages larger than memory here?
StringBuffer buf = new StringBuffer();
buf.append("Received: from " + conn.getRemoteHostname() + " (" + remotehost + ")\r\n");
buf.append(" by "+conn.vhost+" ("+SMTP.class.getName()+") with "+(ehlo?"ESMTP":"SMTP") + "\r\n");
// FIXME: this is leaking BCC addrs
// for(int i=0; i<to.size(); i++) buf.append(to.elementAt(i) + " ");
buf.append("; " + dateFormat.format(new Date()) + "\r\n");
+
+ // FIXME: some sort of stream transformer here?
while(true) {
String s = conn.readln();
if (s == null) throw new RuntimeException("connection closed");
String body = buf.toString();
Message m = null;
for(int i=0; i<to.size(); i++) {
- m = Message.newMessage(new Fountain.StringFountain(body), from, (Address)to.elementAt(i));
- accept(m);
+ m = Message.newMessage(Fountain.Util.create(body), from, (Address)to.elementAt(i));
+ enqueue(m);
}
if (m != null) Log.info(SMTP.class, "accepted message: " + m.summary());
conn.println("250 message accepted");
public static class Outgoing extends Thread {
private static final HashMap deadHosts = new HashMap();
- public static void accept(Message m) throws IOException {
- if (m == null) { Log.warn(Outgoing.class, "attempted to accept(null)"); return; }
+ public static void enqueue(Message m) throws IOException {
+ if (m == null) { Log.warn(Outgoing.class, "attempted to enqueue(null)"); return; }
String traces = m.headers.get("Received");
if (traces!=null) {
int lines = 0;
InetAddress[] mx = getMailExchangerIPs(m.envelopeTo.host);
if (mx.length == 0) {
if (!noBounces) {
- accept(m.bounce("could not resolve " + m.envelopeTo.host));
+ enqueue(m.bounce("could not resolve " + m.envelopeTo.host));
return true;
} else {
Log.warn(SMTP.Outgoing.class, "could not resolve " + m.envelopeTo.host);
}
if (new Date().getTime() - m.arrival.getTime() > 1000 * 60 * 60 * 24 * 5) {
if (!noBounces) {
- accept(m.bounce("could not send for 5 days"));
+ enqueue(m.bounce("could not send for 5 days"));
return true;
} else {
Log.warn(SMTP.Outgoing.class, "could not send for 5 days: " + m.summary());
boolean accepted = false;
Connection conn = null;
try {
- Log.note("connecting to " + mx + "...");
conn = new Connection(new Socket(mx, 25), InetAddress.getLocalHost().getHostName());
conn.setNewline("\r\n");
conn.setTimeout(60 * 1000);
- Log.note(" connected");
check(conn.readln(), conn); // banner
try {
conn.println("EHLO " + conn.vhost);
conn.println("HELO " + conn.vhost);
check(conn.readln(), conn);
}
- if (m.envelopeFrom==null) {
- Log.warn("", "MAIL FROM:<>");
- conn.println("MAIL FROM:<>"); check(conn.readln(), conn);
- } else {
- Log.warn("", "MAIL FROM:<" + m.envelopeFrom.toString()+">");
- conn.println("MAIL FROM:<" + m.envelopeFrom.toString()+">"); check(conn.readln(), conn);
- }
- conn.println("RCPT TO:<" + m.envelopeTo.toString()+">"); check(conn.readln(), conn);
- conn.println("DATA"); check(conn.readln(), conn);
- Headers head = m.headers;
- head = head.remove("return-path");
- head = head.remove("bcc");
+ String envelopeFrom = m.envelopeFrom==null ? "" : m.envelopeFrom.toString();
+ conn.println("MAIL FROM:<" + envelopeFrom +">"); check(conn.readln(), conn);
+ conn.println("RCPT TO:<" + m.envelopeTo.toString()+">"); check(conn.readln(), conn);
+ conn.println("DATA"); check(conn.readln(), conn);
+
+ Headers head = new Headers(m.headers,
+ new String[] {
+ "return-path", null,
+ "bcc", null
+ });
Stream stream = head.getStream();
for(String s = stream.readln(); s!=null; s=stream.readln()) {
if (s.startsWith(".")) conn.print(".");