Add a ForceTLS flag for SMTP.

When this is enabled, the server listens with TLS instead of waiting for STARTTLS. Signed-off-by: Benson Margulies <bimargulies@google.com>
inbucket · Oct 13, 2023 · 86a7c2a · 86a7c2a
1 parent 3709aa8
commit 86a7c2a
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -90,6 +90,7 @@ type SMTP struct {
 	TLSPrivKey          string        `default:"cert.key" desc:"X509 Private Key file for TLS Support"`
 	TLSCert             string        `default:"cert.crt" desc:"X509 Public Certificate file for TLS Support"`
 	Debug               bool          `ignored:"true"`
+	ForceTLS            bool          `default:"false" desc:"Listen for connections with TLS."`
 }
 
 // POP3 contains the POP3 server configuration.

diff --git a/pkg/server/smtp/handler.go b/pkg/server/smtp/handler.go
@@ -119,7 +119,7 @@ func NewSession(server *Server, id int, conn net.Conn, logger zerolog.Logger) *S
 	reader := bufio.NewReader(conn)
 	host, _, _ := net.SplitHostPort(conn.RemoteAddr().String())
 
-	return &Session{
+	session := &Session{
 		Server:     server,
 		id:         id,
 		conn:       conn,
@@ -131,6 +131,11 @@ func NewSession(server *Server, id int, conn net.Conn, logger zerolog.Logger) *S
 		debug:      server.config.Debug,
 		text:       textproto.NewConn(conn),
 	}
+	if server.config.ForceTLS {
+		session.tlsState = new(tls.ConnectionState)
+		*session.tlsState = conn.(*tls.Conn).ConnectionState()
+	}
+	return session
 }
 
 func (s *Session) String() string {
@@ -289,7 +294,7 @@ func (s *Session) greetHandler(cmd string, arg string) {
 		s.send("250-" + readyBanner)
 		s.send("250-8BITMIME")
 		s.send("250-AUTH PLAIN LOGIN")
-		if s.Server.config.TLSEnabled && s.Server.tlsConfig != nil && s.tlsState == nil {
+		if s.Server.config.TLSEnabled && !s.Server.config.ForceTLS && s.Server.tlsConfig != nil && s.tlsState == nil {
 			s.send("250-STARTTLS")
 		}
 		s.send(fmt.Sprintf("250 SIZE %v", s.config.MaxMessageBytes))

diff --git a/pkg/server/smtp/listener.go b/pkg/server/smtp/listener.go
@@ -113,7 +113,11 @@ func (s *Server) Start(ctx context.Context, readyFunc func()) {
 		return
 	}
 	slog.Info().Str("addr", addr.String()).Msg("SMTP listening on tcp4")
-	s.listener, err = net.ListenTCP("tcp4", addr)
+	if s.config.ForceTLS {
+		s.listener, err = tls.Listen("tcp4", addr.String(), s.tlsConfig)
+	} else {
+		s.listener, err = net.ListenTCP("tcp4", addr)
+	}
 	if err != nil {
 		slog.Error().Err(err).Msg("Failed to start tcp4 listener")
 		s.notify <- err