import javax.naming.*;
import javax.naming.directory.*;
+// FIXME: inbound throttling/ratelimiting
+
// RFC's implemented
// RFC2554: SMTP Service Extension for Authentication
// - did not implement section 5, though
// FIXME: loop prevention
// FIXME: probably need some throttling on outbound mail
+// FEATURE: public static boolean validate(Address a)
+// FEATURE: rate-limiting
+
// FEATURE: infer messageid, date, if not present (?)
// FEATURE: exponential backoff on retry time?
// FEATURE: RFC2822, section 4.5.1: special "postmaster" address
Integer.parseInt(System.getProperty("org.ibex.mail.smtp.maxMessageSize", "-1"));
private static final Mailbox spool =
- FileBasedMailbox.getFileBasedMailbox(Mailbox.STORAGE_ROOT,false).slash("spool",true).slash("smtp",true);
+ FileBasedMailbox.getFileBasedMailbox(Mailbox.STORAGE_ROOT,false).slash("spool",true).slash("smtp",true).getMailbox();
static {
for(int i=0; i<numOutgoingThreads; i++)
new Outgoing().start();
}
- public static void accept(Message m) throws IOException {
- if (!m.envelopeTo.isLocal()) Outgoing.accept(m);
+ public static void enqueue(Message m) throws IOException {
+ if (!m.envelopeTo.isLocal()) Outgoing.enqueue(m);
else Target.root.accept(m);
}
public void handleRequest(Connection conn) throws IOException {
conn.setTimeout(5 * 60 * 1000);
conn.setNewline("\r\n");
- conn.println("220 " + conn.vhost + " SMTP " + this.getClass().getName());
+ conn.println("220 " + conn.vhost + " ESMTP " + this.getClass().getName());
Address from = null;
Vector to = new Vector();
boolean ehlo = false;
String remotehost = null;
+ String authenticatedAs = null;
+ int failedRcptCount = 0;
for(String command = conn.readln(); ; command = conn.readln()) try {
if (command == null) return;
- //Log.warn("**"+conn.getRemoteAddress()+"**", command);
+ Log.warn("**"+conn.getRemoteAddress()+"**", command);
String c = command.toUpperCase();
if (c.startsWith("HELO")) {
remotehost = c.substring(5).trim();
from = null; to = new Vector();
} else if (c.startsWith("EHLO")) {
remotehost = c.substring(5).trim();
- conn.println("250 "+conn.vhost+" greets " + remotehost);
+ conn.println("250-"+conn.vhost);
+ //conn.println("250-AUTH");
+ conn.println("250-AUTH PLAIN");
+ //conn.println("250-STARTTLS");
+ conn.println("250 HELP");
ehlo = true;
from = null; to = new Vector();
} else if (c.startsWith("RSET")) { conn.println("250 reset ok"); from = null; to = new Vector();
} else if (c.startsWith("EXPN")) { conn.println("502 EXPN not supported");
} else if (c.startsWith("NOOP")) { conn.println("250 OK");
} else if (c.startsWith("QUIT")) { conn.println("221 " + conn.vhost + " closing connection"); return;
+ } else if (c.startsWith("STARTTLS")) {
+ conn.println("220 starting TLS...");
+ conn.flush();
+ conn = conn.negotiateSSL(true);
+ from = null; to = new Vector();
+ } else if (c.startsWith("AUTH")) {
+ if (authenticatedAs != null) {
+ conn.println("503 you are already authenticated; you must reconnect to reauth");
+ } else {
+ String mechanism = command.substring(4).trim();
+ String rest = "";
+ if (mechanism.indexOf(' ')!=-1) {
+ rest = mechanism.substring(mechanism.indexOf(' ')+1).trim();
+ mechanism = mechanism.substring(0, mechanism.indexOf(' '));
+ }
+ if (mechanism.equals("PLAIN")) {
+ // 538 Encryption required for requested authentication mechanism?
+ byte[] bytes = Encode.fromBase64(rest);
+ String authenticateUser = null;
+ String authorizeUser = null;
+ String password = null;
+ int start = 0;
+ for(int i=0; i<=bytes.length; i++) {
+ if (i<bytes.length && bytes[i]!=0) continue;
+ String result = new String(bytes, start, i-start, "UTF-8");
+ if (authenticateUser==null) authenticateUser = result;
+ else if (authorizeUser==null) authorizeUser = result;
+ else if (password==null) password = result;
+ start = i+1;
+ }
+ // FIXME: be smarter here
+ if (Main.auth.login(authorizeUser, password)!=null)
+ authenticatedAs = authenticateUser;
+ conn.println("235 Authentication successful");
+ /*
+ } else if (mechanism.equals("CRAM-MD5")) {
+ String challenge = ;
+ conn.println("334 "+challenge);
+ String resp = conn.readln();
+ if (resp.equals("*")) {
+ conn.println("501 client requested AUTH cancellation");
+ }
+ } else if (mechanism.equals("ANONYMOUS")) {
+ } else if (mechanism.equals("EXTERNAL")) {
+ } else if (mechanism.equals("DIGEST-MD5")) {
+ */
+ } else {
+ conn.println("504 unrecognized authentication type");
+ }
+ // on success, reset to initial state; client will EHLO again
+ from = null; to = new Vector();
+ }
} else if (c.startsWith("MAIL FROM:")) {
command = command.substring(10).trim();
from = command.equals("<>") ? null : new Address(command);
conn.println("250 " + from + " is syntactically correct");
+ // FEATURE: perform SMTP validation on the address, reject if invalid
} else if (c.startsWith("RCPT TO:")) {
// some clients are broken and put RCPT first; we will tolerate this
command = command.substring(8).trim();
if(command.indexOf(' ') != -1) command = command.substring(0, command.indexOf(' '));
Address addr = new Address(command);
- /*
- Log.warn("**"+conn.getRemoteAddress()+"**",
- "addr.isLocal(): " + addr.isLocal() + "\n" +
- "conn.getRemoteAddress().isLoopbackAddress(): " + conn.getRemoteAddress().isLoopbackAddress() + "\n" +
- "johnw: " + (from!=null&&from.toString().indexOf("johnw")!=-1) + "\n"
- );
- */
- if (addr.isLocal()) {
- // FEATURE: should check the address further and give 550 if undeliverable
- conn.println("250 " + addr + " is on this machine; I will deliver it");
- to.addElement(addr);
- } else if (conn.getRemoteAddress().isLoopbackAddress() || (from!=null&&from.toString().indexOf("johnw")!=-1)) {
+ if (conn.getRemoteAddress().isLoopbackAddress() || (from!=null&&from.toString().indexOf("johnw")!=-1)) {
conn.println("250 you are connected locally, so I will let you send");
to.addElement(addr);
+ if (!whitelist.isWhitelisted(addr))
+ whitelist.addWhitelist(addr);
+ } else if (authenticatedAs!=null) {
+ conn.println("250 you are authenticated as "+authenticatedAs+", so I will let you send");
+ to.addElement(addr);
+ if (!whitelist.isWhitelisted(addr))
+ whitelist.addWhitelist(addr);
+ } else if (addr.isLocal()) {
+ if (to.size() > 3) {
+ conn.println("536 sorry, limit on 3 RCPT TO's per DATA");
+ } else {
+ // FEATURE: should check the address further and give 550 if undeliverable
+ conn.println("250 " + addr + " is on this machine; I will deliver it");
+ to.addElement(addr);
+ }
} else {
- conn.println("551 sorry, " + addr + " is not on this machine");
+ conn.println("535 sorry, " + addr + " is not on this machine, you are not connected from localhost, and I will not relay without SMTP AUTH");
+ Log.warn("","535 sorry, " + addr + " is not on this machine, you are not connected from localhost, and I will not relay without SMTP AUTH");
+ failedRcptCount++;
+ if (failedRcptCount > 3) {
+ conn.close();
+ return;
+ }
}
conn.flush();
} else if (c.startsWith("DATA")) {
//if (from == null) { conn.println("503 MAIL FROM command must precede DATA"); continue; }
if (to == null || to.size()==0) { conn.println("503 RCPT TO command must precede DATA"); continue; }
- if (!graylist.isWhitelisted(conn.getRemoteAddress()) && !conn.getRemoteAddress().isLoopbackAddress()) {
+ if (!graylist.isWhitelisted(conn.getRemoteAddress()) && !conn.getRemoteAddress().isLoopbackAddress() && authenticatedAs==null) {
long when = graylist.getGrayListTimestamp(conn.getRemoteAddress(), from+"", to+"");
if (when == 0 || System.currentTimeMillis() - when > GRAYLIST_MAXWAIT) {
graylist.setGrayListTimestamp(conn.getRemoteAddress(), from+"", to+"", System.currentTimeMillis());
}
conn.flush();
try {
+ // FIXME: deal with messages larger than memory here?
StringBuffer buf = new StringBuffer();
buf.append("Received: from " + conn.getRemoteHostname() + " (" + remotehost + ")\r\n");
buf.append(" by "+conn.vhost+" ("+SMTP.class.getName()+") with "+(ehlo?"ESMTP":"SMTP") + "\r\n");
// FIXME: this is leaking BCC addrs
// for(int i=0; i<to.size(); i++) buf.append(to.elementAt(i) + " ");
buf.append("; " + dateFormat.format(new Date()) + "\r\n");
+
+ // FIXME: some sort of stream transformer here?
while(true) {
String s = conn.readln();
if (s == null) throw new RuntimeException("connection closed");
if (s.equals(".")) break;
if (s.startsWith(".")) s = s.substring(1);
buf.append(s + "\r\n");
- if (MAX_MESSAGE_SIZE != -1 && buf.length() > MAX_MESSAGE_SIZE) {
+ if (MAX_MESSAGE_SIZE != -1 && buf.length() > MAX_MESSAGE_SIZE && (from+"").indexOf("paperless")==-1) {
Log.error("**"+conn.getRemoteAddress()+"**",
"sorry, this mail server only accepts messages of less than " +
ByteSize.toString(MAX_MESSAGE_SIZE));
ByteSize.toString(MAX_MESSAGE_SIZE));
}
}
- String body = buf.toString();
+ String message = buf.toString();
Message m = null;
- for(int i=0; i<to.size(); i++) {
- m = Message.newMessage(new Fountain.StringFountain(body), from, (Address)to.elementAt(i));
- accept(m);
- }
+ for(int i=0; i<to.size(); i++)
+ enqueue(m = Message.newMessage(Fountain.Util.create(message)).withEnvelope(from, (Address)to.elementAt(i)));
if (m != null) Log.info(SMTP.class, "accepted message: " + m.summary());
conn.println("250 message accepted");
conn.flush();
public static class Outgoing extends Thread {
private static final HashMap deadHosts = new HashMap();
- public static void accept(Message m) throws IOException {
- if (m == null) { Log.warn(Outgoing.class, "attempted to accept(null)"); return; }
+ public static void enqueue(Message m) throws IOException {
+ if (m == null) { Log.warn(Outgoing.class, "attempted to enqueue(null)"); return; }
String traces = m.headers.get("Received");
if (traces!=null) {
int lines = 0;
InetAddress[] mx = getMailExchangerIPs(m.envelopeTo.host);
if (mx.length == 0) {
if (!noBounces) {
- accept(m.bounce("could not resolve " + m.envelopeTo.host));
+ enqueue(m.bounce("could not resolve " + m.envelopeTo.host));
return true;
} else {
Log.warn(SMTP.Outgoing.class, "could not resolve " + m.envelopeTo.host);
}
if (new Date().getTime() - m.arrival.getTime() > 1000 * 60 * 60 * 24 * 5) {
if (!noBounces) {
- accept(m.bounce("could not send for 5 days"));
+ enqueue(m.bounce("could not send for 5 days"));
return true;
} else {
Log.warn(SMTP.Outgoing.class, "could not send for 5 days: " + m.summary());
}
for(int i=0; i<mx.length; i++) {
//if (deadHosts.contains(mx[i])) continue;
- if (attempt(m, mx[i])) { return true; }
+ if (attempt(m, mx[i])) return true;
}
return false;
}
private static void check(String s, Connection conn) {
if (s==null) return;
while (s.length() > 3 && s.charAt(3) == '-') s = conn.readln();
- if (s.startsWith("4")||s.startsWith("5")) throw new SMTPException(s);
+ //if (s.startsWith("4")||s.startsWith("5")) throw new SMTPException(s);
+ if (!s.startsWith("2")&&!s.startsWith("3")) throw new SMTPException(s);
}
private static boolean attempt(final Message m, final InetAddress mx) {
boolean accepted = false;
Connection conn = null;
try {
- Log.note("connecting to " + mx + "...");
conn = new Connection(new Socket(mx, 25), InetAddress.getLocalHost().getHostName());
conn.setNewline("\r\n");
conn.setTimeout(60 * 1000);
- Log.note(" connected");
check(conn.readln(), conn); // banner
try {
conn.println("EHLO " + conn.vhost);
conn.println("HELO " + conn.vhost);
check(conn.readln(), conn);
}
- if (m.envelopeFrom==null) {
- Log.warn("", "MAIL FROM:<>");
- conn.println("MAIL FROM:<>"); check(conn.readln(), conn);
- } else {
- Log.warn("", "MAIL FROM:<" + m.envelopeFrom.toString()+">");
- conn.println("MAIL FROM:<" + m.envelopeFrom.toString()+">"); check(conn.readln(), conn);
- }
- conn.println("RCPT TO:<" + m.envelopeTo.toString()+">"); check(conn.readln(), conn);
- conn.println("DATA"); check(conn.readln(), conn);
- Headers head = m.headers;
- head = head.remove("return-path");
- head = head.remove("bcc");
+ String envelopeFrom = m.envelopeFrom==null ? "" : m.envelopeFrom.toString();
+ conn.println("MAIL FROM:<" + envelopeFrom +">"); check(conn.readln(), conn);
+ conn.println("RCPT TO:<" + m.envelopeTo.toString()+">"); check(conn.readln(), conn);
+ conn.println("DATA"); check(conn.readln(), conn);
+
+ Headers head = new Headers(m.headers,
+ new String[] {
+ "return-path", null,
+ "bcc", null
+ });
Stream stream = head.getStream();
for(String s = stream.readln(); s!=null; s=stream.readln()) {
if (s.startsWith(".")) conn.print(".");
Log.warn(SMTP.Outgoing.class, " unable to send; error=" + e);
Log.warn(SMTP.Outgoing.class, " message: " + m.summary());
Log.warn(SMTP.Outgoing.class, e);
+ /*
+ // FIXME: we should not be bouncing here!
if (e.code >= 500 && e.code <= 599) {
try {
attempt(m.bounce("unable to deliver: " + e), true);
}
return true;
}
+ */
return false;
} catch (Exception e) {
if (accepted) return true;
Log.warn(SMTP.Outgoing.class, " unable to send; error=" + e);
Log.warn(SMTP.Outgoing.class, " message: " + m.summary());
Log.warn(SMTP.Outgoing.class, e);
- if (conn != null) Log.warn(SMTP.Outgoing.class, conn.dumpLog());
+ //if (conn != null) Log.warn(SMTP.Outgoing.class, conn.dumpLog());
return false;
} finally {
if (conn != null) conn.close();
projects / org.ibex.mail.git / blobdiff