Exemple #1
// Process a single connection.
func process(cid int, nc net.Conn, certs []tls.Certificate, logf io.Writer, smtplog io.Writer, baserules []*Rule) {
	var evt smtpd.EventInfo
	var convo *smtpd.Conn
	var logger *smtpLogger
	var l2 io.Writer
	var gotsomewhere, stall, sesscounts bool
	var cfg smtpd.Config

	defer nc.Close()

	trans := &smtpTransaction{}
	trans.savedir = savedir
	trans.raddr = nc.RemoteAddr()
	trans.laddr = nc.LocalAddr()
	prefix := fmt.Sprintf("%d/%d", os.Getpid(), cid)
	trans.rip, _, _ = net.SplitHostPort(trans.raddr.String())
	trans.lip, _, _ = net.SplitHostPort(trans.laddr.String())

	var c *Context
	// nit: in the presence of yakkers, we must know whether or not
	// the rules are good because bad rules turn *everyone* into
	// yakkers (since they prevent clients from successfully EHLO'ing).
	rules, rulesgood := setupRules(baserules)

	// A yakker is a client that is repeatedly connecting to us
	// without doing anything successfully. After a certain number
	// of attempts we turn them off. We only do this if we're logging
	// SMTP commands; if we're not logging, we don't care.
	// This is kind of a hack, but this code is for Chris and this is
	// what Chris cares about.
	// sesscounts is true if this session should count for being a
	// 'bad' session if we don't get far enough. Sessions with TLS
	// errors don't count, as do sessions with bad rules or sessions
	// where yakCount == 0.
	sesscounts = rulesgood && yakCount > 0
	hit, cnt := yakkers.Lookup(trans.rip, yakTimeout)
	if yakCount > 0 && hit && cnt >= yakCount && smtplog != nil {
		// nit: if the rules are bad and we're stalling anyways,
		// yakkers still have their SMTP transactions not logged.
		c = newContext(trans, stallall)
		stall = true
		sesscounts = false
	} else {
		c = newContext(trans, rules)
	//fmt.Printf("rules are:\n%+v\n", c.ruleset)

	if smtplog != nil && !stall {
		logger = &smtpLogger{}
		logger.prefix = []byte(prefix)
		logger.writer = bufio.NewWriterSize(smtplog, 8*1024)
		trans.log = logger
		l2 = logger

	sname := trans.laddr.String()
	if srvname != "" {
		sname = srvname
	} else {
		lip, _, _ := net.SplitHostPort(sname)
		// we don't do a verified lookup of the local IP address
		// because it's theoretically under your control, so if
		// you want to forge stuff that's up to you.
		nlst, err := net.LookupAddr(lip)
		if err == nil && len(nlst) > 0 {
			sname = nlst[0]
			if sname[len(sname)-1] == '.' {
				sname = sname[:len(sname)-1]

	if connfile != "" {
		dm, err := loadConnFile(connfile)
		if err != nil {
			warnf("error loading per-connection rules '%s': %s\n", connfile, err)
		// dm.find() explicitly works even on nil dm, so we don't
		// need to guard it.
		if pd := dm.find(nc); pd != nil {
			if pd.myname != "" {
				sname = pd.myname
			certs = pd.certs

	cfg.LocalName = sname
	cfg.SayTime = true
	cfg.SftName = "sinksmtp"
	cfg.Announce = "This server does not deliver email."

	// stalled conversations are always slow, even if -S is not set.
	// TODO: make them even slower than this? I probably don't care.
	if goslow || stall {
		cfg.Delay = time.Second / 10

	// Don't offer TLS to hosts that have too many TLS failures.
	// We give hosts *two* tries at setting up TLS because some
	// hosts start by offering SSLv2, which is an instant-fail,
	// even if they support stuff that we do. We hope that their
	// SSLv2 failure will cause them to try again in another
	// connection with TLS only.
	// See https://code.google.com/p/go/issues/detail?id=3930
	blocktls, blcount := notls.Lookup(trans.rip, tlsTimeout)
	if len(certs) > 0 && !(blocktls && blcount >= 2) {
		var tlsc tls.Config
		tlsc.Certificates = certs
		// if there is already one TLS failure for this host,
		// it might be because of a bad client certificate.
		// so on the second time around we don't ask for one.
		// (More precisely we only ask for a client cert if
		// there are no failures so far.)
		// Another reason for failure here is a SSLv3 only
		// host without a client certificate. This produces
		// the error:
		// tls: received unexpected handshake message of type *tls.clientKeyExchangeMsg when waiting for *tls.certificateMsg
		//if blcount == 0 {
		//	tlsc.ClientAuth = tls.VerifyClientCertIfGiven
		// Now generally disabled since I discovered it causes
		// SSLv3 handshakes to always fail. TODO: better fix with
		// config-file control or something.
		tlsc.SessionTicketsDisabled = true
		tlsc.ServerName = sname
		cfg.TLSConfig = &tlsc

	// With everything set up we can now create the connection.
	convo = smtpd.NewConn(nc, cfg, l2)

	// Yes, we do rDNS lookup before our initial greeting banner and
	// thus can pause a bit here. Clients will cope, or at least we
	// don't care if impatient ones don't.
	trans.rdns, _ = LookupAddrVerified(trans.rip)

	// Check for an immediate result on the initial connection. This
	// may disable TLS or refuse things immediately.
	if decider(pConnect, evt, c, convo, "") {
		// TODO: somehow write a message and maybe log it.
		// this probably needs smtpd.go cooperation.
		// Right now we just close abruptly.
		if !stall {
			writeLog(logger, "! %s dropped on connect due to rule at %s\n", trans.rip, time.Now().Format(smtpd.TimeFmt))

	// Main transaction loop. We gather up email messages as they come
	// in, possibly failing various operations as we're told to.
	for {
		evt = convo.Next()
		switch evt.What {
		case smtpd.COMMAND:
			switch evt.Cmd {
			case smtpd.EHLO, smtpd.HELO:
				if decider(pHelo, evt, c, convo, "") {
				trans.heloname = evt.Arg
				trans.from = ""
				trans.data = ""
				trans.hash = ""
				trans.bodyhash = ""
				trans.rcptto = []string{}
				if minphase == "helo" {
					gotsomewhere = true
			case smtpd.MAILFROM:
				if decider(pMfrom, evt, c, convo, "") {
				if trans.from != "" && !gotsomewhere && sesscounts {
					// We've been RSET, which potentially
					// counts as a failure for do-nothing
					// client detection. Note that we are
					// implicitly adding the *last* failed
					// attempt, the one that was RSET from.
					cnt = yakkers.Add(trans.rip, yakTimeout)
					// We're slightly generous with RSETs.
					// This has no net effect unless this
					// final attempt succeeds.
					if cnt > yakCount {
						writeLog(logger, "! %s added as a yakker at hit %d due to RSET\n", trans.rip, cnt)
						convo.TempfailMsg("Too many unsuccessful delivery attempts")
						// this will implicitly close
						// the connection.
				trans.from = evt.Arg
				trans.data = ""
				trans.rcptto = []string{}
				if minphase == "from" {
					gotsomewhere = true
				doAccept(convo, c, "")
			case smtpd.RCPTTO:
				if decider(pRto, evt, c, convo, "") {
				trans.rcptto = append(trans.rcptto, evt.Arg)
				if minphase == "to" {
					gotsomewhere = true
				doAccept(convo, c, "")
			case smtpd.DATA:
				if decider(pData, evt, c, convo, "") {
				if minphase == "data" {
					gotsomewhere = true
				doAccept(convo, c, "")
		case smtpd.GOTDATA:
			// -minphase=message means 'message
			// successfully transmitted to us' as opposed
			// to 'message accepted'.
			if minphase == "message" {
				gotsomewhere = true
			// message rejection is deferred until after logging
			// et al.
			trans.data = evt.Arg
			trans.when = time.Now()
			trans.tlson = convo.TLSOn
			trans.cipher = convo.TLSState.CipherSuite
			trans.servername = convo.TLSState.ServerName
			trans.tlsversion = convo.TLSState.Version
			trans.hash, trans.bodyhash = getHashes(trans)
			transid, err := handleMessage(prefix, trans, logf)
			// errors when handling a message always force
			// a tempfail regardless of how we're
			// configured.
			switch {
			case err != nil:
				gotsomewhere = true
			case decider(pMessage, evt, c, convo, transid):
				// do nothing, already handled
				if minphase == "accepted" {
					gotsomewhere = true
				doAccept(convo, c, transid)
		case smtpd.TLSERROR:
			// any TLS error means we'll avoid offering TLS
			// to this source IP for a while.
			notls.Add(trans.rip, tlsTimeout)
			sesscounts = false
		if evt.What == smtpd.DONE || evt.What == smtpd.ABORT {
	// if the client did not issue any successful meaningful commands,
	// remember this. we squelch people who yak too long.
	// Once people are yakkers we don't count their continued failure
	// to do anything against them.
	// And we have to have good rules to start with because duh.
	switch {
	case !gotsomewhere && sesscounts:
		cnt = yakkers.Add(trans.rip, yakTimeout)
		// See if this transaction has pushed the client over the
		// edge to becoming a yakker. If so, report it to the SMTP
		// log.
		if cnt >= yakCount {
			writeLog(logger, "! %s added as a yakker at hit %d\n", trans.rip, cnt)
	case yakCount > 0 && gotsomewhere:
Exemple #2
// Decide what to do and then do it if it is a rejection or a tempfail.
// If given an id (and it is in the message handling phase) we call
// RejectData(). This is our convenience driver for the rules engine,
// Decide().
// Returns false if the message was accepted, true if decider() handled
// a rejection or tempfail.
func decider(ph Phase, evt smtpd.EventInfo, c *Context, convo *smtpd.Conn, id string) bool {
	res := Decide(ph, evt, c)

	// Terrible hack to log DNS lookup failure specifics.
	if c.domerr != nil && c.trans.log != nil {
		lmsg := fmt.Sprintf("! %s\n", c.domerr)
		if lmsg != c.trans.lastamsg {
			c.trans.lastamsg = lmsg
	// The moment a rule sets a savedir, it becomes sticky.
	// This lets you select a savedir based on eg from matching
	// instead of having to do games later.
	if sd := c.withprops["savedir"]; sd != "" {
		c.trans.savedir = sd
	// rule notes are deliberately logged every time they hit.
	// this may be a mistake given EHLO retrying as HELO, but
	// I'll see.
	if note := c.withprops["note"]; note != "" {
		c.trans.log.Write([]byte(fmt.Sprintf("! rule note: %s\n", note)))
	// Disable TLS if desired, or just disable asking for client certs.
	switch c.withprops["tls-opt"] {
	case "off":
		convo.Config.TLSConfig = nil
	case "no-client":
		// 'tls-opt no-client' without certificates should not
		// crash.
		if convo.Config.TLSConfig != nil {
			convo.Config.TLSConfig.ClientAuth = tls.NoClientCert

	if res == aNoresult || res == aAccept {
		return false

	if ph == pConnect {
		// TODO: have some way to stall or reject connections
		// in smtpd. Or should that be handled outside of it?
		// Right now a reject result means 'drop', stall will
		// implicitly cause us to go on.
		return res == aReject

	msg := c.withprops["message"]
	switch res {
	case aReject:
		// This is kind of a hack.
		// We assume that 'id' is only set when we should report it,
		// which is kind of safe.
		if msg != "" {
			if id != "" {
				msg += "\nRejected with ID " + id
			return true
		// Default messages are kind of intricate.
		switch {
		case id != "" && ph == pMessage:
			convo.RejectMsg("We do not consent to you emailing %s\nRejected with ID %s", pluralRecips(c), id)
		case ph == pMessage || ph == pData:
			convo.RejectMsg("We do not consent to you emailing %s", pluralRecips(c))
		case ph == pRto:
			convo.RejectMsg("We do not consent to you emailing that address")
	case aStall:
		if msg != "" {
		} else {
		panic("impossible res")
	return true