Merge branch 'expose-mta' into 'main'

use postmoogle as general purpose SMTP server and allow other apps or scripts to send emails through it

See merge request etke.cc/postmoogle!33

.gitignore

@@ -1,3 +1,4 @@
 /local.db
 /local.db-journal
 /cover.out
+/e2e/main.go

README.md

@@ -4,8 +4,9 @@
 
 An Email to Matrix bridge. 1 room = 1 mailbox.
 
-Postmoogle is an actual SMTP server that allows you to receive emails on your matrix server.
-It can't be used with arbitrary email providers, but setup your own provider "with matrix interface" instead.
+Postmoogle is an actual SMTP server that allows you to send and receive emails on your matrix server.
+It can't be used with arbitrary email providers, because it acts as an actual email provider itself,
+so you can use it to send emails from your apps and scripts as well.
 
 ## Roadmap
 
@@ -30,6 +31,7 @@ It can't be used with arbitrary email providers, but setup your own provider "wi
 ### Send
 
 - [x] SMTP client
+- [x] SMTP server (you can use Postmoogle as general purpose SMTP server to send emails from your scripts or apps)
 - [x] Send a message to matrix room with special format to send a new email
 - [ ] Reply to matrix thread sends reply into email thread
 
@@ -237,6 +239,7 @@ If you want to change them - check available options in the help message (`!pm h
 
 * **!pm mailbox** - Get or set mailbox of the room
 * **!pm owner** - Get or set owner of the room
+* **!pm password** - Get or set SMTP password of the room's mailbox
 
 ---
 

bot/access.go

@@ -3,7 +3,10 @@ package bot
 import (
 	"context"
 	"regexp"
+	"strings"
 
+	"github.com/raja/argon2pw"
+	"gitlab.com/etke.cc/go/mxidwc"
 	"maunium.net/go/mautrix/id"
 
 	"gitlab.com/etke.cc/postmoogle/utils"
@@ -14,12 +17,12 @@ func parseMXIDpatterns(patterns []string, defaultPattern string) ([]*regexp.Rege
 		patterns = []string{defaultPattern}
 	}
 
-	return utils.WildcardMXIDsToRegexes(patterns)
+	return mxidwc.ParsePatterns(patterns)
 }
 
 func (b *Bot) allowUsers(actorID id.UserID) bool {
 	if len(b.allowedUsers) != 0 {
-		if !utils.Match(actorID.String(), b.allowedUsers) {
+		if !mxidwc.Match(actorID.String(), b.allowedUsers) {
 			return false
 		}
 	}
@@ -50,7 +53,7 @@ func (b *Bot) allowOwner(actorID id.UserID, targetRoomID id.RoomID) bool {
 }
 
 func (b *Bot) allowAdmin(actorID id.UserID, targetRoomID id.RoomID) bool {
-	return utils.Match(actorID.String(), b.allowedAdmins)
+	return mxidwc.Match(actorID.String(), b.allowedAdmins)
 }
 
 func (b *Bot) allowSend(actorID id.UserID, targetRoomID id.RoomID) bool {
@@ -66,3 +69,26 @@ func (b *Bot) allowSend(actorID id.UserID, targetRoomID id.RoomID) bool {
 
 	return !cfg.NoSend()
 }
+
+// AllowAuth check if SMTP login (email) and password are valid
+func (b *Bot) AllowAuth(email, password string) bool {
+	if !strings.HasSuffix(email, "@"+b.domain) {
+		return false
+	}
+
+	roomID, ok := b.GetMapping(utils.Mailbox(email))
+	if !ok {
+		return false
+	}
+	cfg, err := b.getRoomSettings(roomID)
+	if err != nil {
+		b.log.Error("failed to retrieve settings: %v", err)
+		return false
+	}
+
+	allow, err := argon2pw.CompareHashWithPassword(cfg.Password(), password)
+	if err != nil {
+		b.log.Warn("Password for %s is not valid: %v", email, err)
+	}
+	return allow
+}

bot/command.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"strings"
+	"time"
 
 	"maunium.net/go/mautrix/event"
 	"maunium.net/go/mautrix/id"
@@ -72,11 +73,16 @@ func (b *Bot) initCommands() commandList {
 			sanitizer:   func(s string) string { return s },
 			allowed:     b.allowOwner,
 		},
+		{
+			key:         roomOptionPassword,
+			description: "Get or set SMTP password of the room's mailbox",
+			allowed:     b.allowOwner,
+		},
 		{allowed: b.allowOwner}, // delimiter
 		{
 			key: roomOptionNoSend,
 			description: fmt.Sprintf(
-				"Get or set `%s` of the room (`true` - enable email sending; `false` - disable email sending)",
+				"Get or set `%s` of the room (`true` - disable email sending; `false` - enable email sending)",
 				roomOptionNoSend,
 			),
 			sanitizer: utils.SanitizeBoolString,
@@ -156,6 +162,11 @@ func (b *Bot) handleCommand(ctx context.Context, evt *event.Event, commandSlice
 	if cmd == nil {
 		return
 	}
+	_, err := b.lp.GetClient().UserTyping(evt.RoomID, true, 30*time.Second)
+	if err != nil {
+		b.log.Error("cannot send typing notification: %v", err)
+	}
+	defer b.lp.GetClient().UserTyping(evt.RoomID, false, 30*time.Second) //nolint:errcheck
 
 	if !cmd.allowed(evt.Sender, evt.RoomID) {
 		b.SendNotice(ctx, evt.RoomID, "not allowed to do that, kupo")
@@ -287,6 +298,11 @@ func (b *Bot) runSend(ctx context.Context) {
 		return
 	}
 
+	if !utils.AddressValid(to) {
+		b.Error(ctx, evt.RoomID, "email address is not valid")
+		return
+	}
+
 	cfg, err := b.getRoomSettings(evt.RoomID)
 	if err != nil {
 		b.Error(ctx, evt.RoomID, "failed to retrieve room settings: %v", err)

bot/command_owner.go

@@ -3,6 +3,8 @@ package bot
 import (
 	"context"
 	"fmt"
+
+	"github.com/raja/argon2pw"
 )
 
 func (b *Bot) runStop(ctx context.Context) {
@@ -62,12 +64,20 @@ func (b *Bot) getOption(ctx context.Context, name string) {
 	msg := fmt.Sprintf("`%s` of this room is `%s`\n"+
 		"To set it to a new value, send a `%s %s VALUE` command.",
 		name, value, b.prefix, name)
+	if name == roomOptionPassword {
+		msg = fmt.Sprintf("There is an SMTP password already set for this room/mailbox. "+
+			"It's stored in a secure hashed manner, so we can't tell you what the original raw password was. "+
+			"To find the raw password, try to find your old message which had originally set it, "+
+			"or just set a new one with `%s %s NEW_PASSWORD`.",
+			b.prefix, name)
+	}
 	b.SendNotice(ctx, evt.RoomID, msg)
 }
 
+//nolint:gocognit
 func (b *Bot) setOption(ctx context.Context, name, value string) {
 	cmd := b.commands.get(name)
-	if cmd != nil {
+	if cmd != nil && cmd.sanitizer != nil {
 		value = cmd.sanitizer(value)
 	}
 
@@ -86,6 +96,14 @@ func (b *Bot) setOption(ctx context.Context, name, value string) {
 		return
 	}
 
+	if name == roomOptionPassword {
+		value, err = argon2pw.GenerateSaltedHash(value)
+		if err != nil {
+			b.Error(ctx, evt.RoomID, "failed to hash password: %v", err)
+			return
+		}
+	}
+
 	old := cfg.Get(name)
 	cfg.Set(name, value)
 
@@ -104,5 +122,9 @@ func (b *Bot) setOption(ctx context.Context, name, value string) {
 		return
 	}
 
-	b.SendNotice(ctx, evt.RoomID, fmt.Sprintf("`%s` of this room set to `%s`", name, value))
+	msg := fmt.Sprintf("`%s` of this room set to `%s`", name, value)
+	if name == roomOptionPassword {
+		msg = "SMTP password has been set"
+	}
+	b.SendNotice(ctx, evt.RoomID, msg)
 }

bot/email.go

@@ -46,8 +46,8 @@ func (b *Bot) GetMapping(mailbox string) (id.RoomID, bool) {
 }
 
 // Send email to matrix room
-func (b *Bot) Send2Matrix(ctx context.Context, email *utils.Email) error {
-	roomID, ok := b.GetMapping(utils.Mailbox(email.To))
+func (b *Bot) Send2Matrix(ctx context.Context, email *utils.Email, incoming bool) error {
+	roomID, ok := b.GetMapping(email.Mailbox(incoming))
 	if !ok {
 		return errors.New("room not found")
 	}
@@ -59,6 +59,10 @@ func (b *Bot) Send2Matrix(ctx context.Context, email *utils.Email) error {
 		b.Error(ctx, roomID, "cannot get settings: %v", err)
 	}
 
+	if !incoming && cfg.NoSend() {
+		return errors.New("that mailbox is receive-only")
+	}
+
 	var threadID id.EventID
 	if email.InReplyTo != "" && !cfg.NoThreads() {
 		threadID = b.getThreadID(roomID, email.InReplyTo)
@@ -81,6 +85,11 @@ func (b *Bot) Send2Matrix(ctx context.Context, email *utils.Email) error {
 	if !cfg.NoFiles() {
 		b.sendFiles(ctx, roomID, email.Files, cfg.NoThreads(), threadID)
 	}
+
+	if !incoming {
+		email.MessageID = fmt.Sprintf("<%s@%s>", eventID, b.domain)
+		return b.mta.Send(email.From, email.To, email.Compose(b.getBotSettings().DKIMPrivateKey()))
+	}
 	return nil
 }
 

bot/message.go

@@ -7,6 +7,11 @@ import (
 
 func (b *Bot) handle(ctx context.Context) {
 	evt := eventFromContext(ctx)
+	err := b.lp.GetClient().MarkRead(evt.RoomID, evt.ID)
+	if err != nil {
+		b.log.Error("cannot send read receipt: %v", err)
+	}
+
 	content := evt.Content.AsMessage()
 	if content == nil {
 		b.Error(ctx, evt.RoomID, "cannot read message")

bot/settings_room.go

@@ -21,6 +21,7 @@ const (
 	roomOptionNoHTML    = "nohtml"
 	roomOptionNoThreads = "nothreads"
 	roomOptionNoFiles   = "nofiles"
+	roomOptionPassword  = "password"
 )
 
 type roomSettings map[string]string
@@ -43,6 +44,10 @@ func (s roomSettings) Owner() string {
 	return s.Get(roomOptionOwner)
 }
 
+func (s roomSettings) Password() string {
+	return s.Get(roomOptionPassword)
+}
+
 func (s roomSettings) NoSend() bool {
 	return utils.Bool(s.Get(roomOptionNoSend))
 }

bot/sync.go

@@ -3,10 +3,9 @@ package bot
 import (
 	"context"
 
+	"gitlab.com/etke.cc/go/mxidwc"
 	"maunium.net/go/mautrix"
 	"maunium.net/go/mautrix/event"
-
-	"gitlab.com/etke.cc/postmoogle/utils"
 )
 
 func (b *Bot) initSync() {
@@ -32,7 +31,7 @@ func (b *Bot) initSync() {
 
 // joinPermit is called by linkpearl when processing "invite" events and deciding if rooms should be auto-joined or not
 func (b *Bot) joinPermit(evt *event.Event) bool {
-	if !utils.Match(evt.Sender.String(), b.allowedUsers) {
+	if !mxidwc.Match(evt.Sender.String(), b.allowedUsers) {
 		b.log.Debug("Rejecting room invitation from unallowed user: %s", evt.Sender)
 		return false
 	}

go.mod

@@ -5,23 +5,25 @@ go 1.18
 require (
 	git.sr.ht/~xn/cache/v2 v2.0.0
 	github.com/emersion/go-msgauth v0.6.6
+	github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21
 	github.com/emersion/go-smtp v0.15.0
 	github.com/gabriel-vasile/mimetype v1.4.1
 	github.com/getsentry/sentry-go v0.13.0
 	github.com/jhillyerd/enmime v0.10.0
 	github.com/lib/pq v1.10.6
-	github.com/mattn/go-sqlite3 v1.14.14
+	github.com/mattn/go-sqlite3 v1.14.15
+	github.com/raja/argon2pw v1.0.2-0.20210910183755-a391af63bd39
 	gitlab.com/etke.cc/go/env v1.0.0
 	gitlab.com/etke.cc/go/logger v1.1.0
+	gitlab.com/etke.cc/go/mxidwc v1.0.0
 	gitlab.com/etke.cc/go/secgen v1.1.1
-	gitlab.com/etke.cc/linkpearl v0.0.0-20220831124140-598117f26c77
-	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b
-	maunium.net/go/mautrix v0.12.0
+	gitlab.com/etke.cc/linkpearl v0.0.0-20220921080011-9407dc599571
+	golang.org/x/net v0.0.0-20220920203100-d0c6ba3f52d9
+	maunium.net/go/mautrix v0.12.1
 )
 
 require (
 	github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a // indirect
-	github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21 // indirect
 	github.com/gogs/chardet v0.0.0-20191104214054-4b6791f73a28 // indirect
 	github.com/google/go-cmp v0.5.8 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
@@ -40,9 +42,9 @@ require (
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
 	github.com/tidwall/sjson v1.2.5 // indirect
-	github.com/yuin/goldmark v1.4.12 // indirect
-	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 // indirect
-	golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 // indirect
+	github.com/yuin/goldmark v1.4.13 // indirect
+	golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0 // indirect
+	golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	maunium.net/go/maulogger/v2 v2.3.2 // indirect

go.sum

@@ -50,8 +50,8 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.12 h1:Y41i/hVW3Pgwr8gV+J23B9YEY0zxjptBuCWEaxmAOow=
 github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
-github.com/mattn/go-sqlite3 v1.14.14 h1:qZgc/Rwetq+MtyE18WhzjokPD93dNqLGNT3QJuLvBGw=
-github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
+github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/mikesmitty/edkey v0.0.0-20170222072505-3356ea4e686a h1:eU8j/ClY2Ty3qdHnn0TyW3ivFoPC/0F1gQZz8yTxbbE=
 github.com/mikesmitty/edkey v0.0.0-20170222072505-3356ea4e686a/go.mod h1:v8eSC2SMp9/7FTKUncp7fH9IwPfw+ysMObcEz5FWheQ=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
@@ -61,6 +61,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/raja/argon2pw v1.0.2-0.20210910183755-a391af63bd39 h1:2by0+lF6NfaNWhlpsv1DfBQzwbAyYUPIsMWYapek/Sk=
+github.com/raja/argon2pw v1.0.2-0.20210910183755-a391af63bd39/go.mod h1:idX/fPqwjX31YMTF2iIpEpNApV2YbQhSFr4iIhJaqp4=
 github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
@@ -82,24 +84,26 @@ github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
 github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY=
 github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28=
-github.com/yuin/goldmark v1.4.12 h1:6hffw6vALvEDqJ19dOJvJKOoAOKe4NDaTqvd2sktGN0=
-github.com/yuin/goldmark v1.4.12/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/yuin/goldmark v1.4.13 h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 gitlab.com/etke.cc/go/env v1.0.0 h1:J98BwzOuELnjsVPFvz5wa79L7IoRV9CmrS41xLYXtSw=
 gitlab.com/etke.cc/go/env v1.0.0/go.mod h1:e1l4RM5MA1sc0R1w/RBDAESWRwgo5cOG9gx8BKUn2C4=
 gitlab.com/etke.cc/go/logger v1.1.0 h1:Yngp/DDLmJ0jJNLvLXrfan5Gi5QV+r7z6kCczTv8t4U=
 gitlab.com/etke.cc/go/logger v1.1.0/go.mod h1:8Vw5HFXlZQ5XeqvUs5zan+GnhrQyYtm/xe+yj8H/0zk=
+gitlab.com/etke.cc/go/mxidwc v1.0.0 h1:6EAlJXvs3nU4RaMegYq6iFlyVvLw7JZYnZmNCGMYQP0=
+gitlab.com/etke.cc/go/mxidwc v1.0.0/go.mod h1:E/0kh45SAN9+ntTG0cwkAEKdaPxzvxVmnjwivm9nmz8=
 gitlab.com/etke.cc/go/secgen v1.1.1 h1:RmKOki725HIhWJHzPtAc9X4YvBneczndchpMgoDkE8w=
 gitlab.com/etke.cc/go/secgen v1.1.1/go.mod h1:3pJqRGeWApzx7qXjABqz2o2SMCNpKSZao/gXVdasqE8=
-gitlab.com/etke.cc/linkpearl v0.0.0-20220831124140-598117f26c77 h1:O9t4Sw/nu0JDUX+3KYjaqBi887opyNZ0imE+i2sV+q8=
-gitlab.com/etke.cc/linkpearl v0.0.0-20220831124140-598117f26c77/go.mod h1:CqwzwxVogKG6gDWTPTen3NyWbTESg42jxoTfXXwDGKQ=
+gitlab.com/etke.cc/linkpearl v0.0.0-20220921080011-9407dc599571 h1:ool1wnAnnIhZjwPMd0LUebpfxqXZcVhRli2UDhay0bA=
+gitlab.com/etke.cc/linkpearl v0.0.0-20220921080011-9407dc599571/go.mod h1:4qbyfbuJSj89jFW7F+YjIbYrwJTrALQf4Otw0KGkIWE=
 golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
-golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0 h1:a5Yg6ylndHHYJqIPrdq0AhvR6KTvDTAvgBtaidhEevY=
+golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/net v0.0.0-20210501142056-aec3718b3fa0/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY=
-golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.0.0-20220920203100-d0c6ba3f52d9 h1:asZqf0wXastQr+DudYagQS8uBO8bHKeYD1vbAvGmFL8=
+golang.org/x/net v0.0.0-20220920203100-d0c6ba3f52d9/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -107,8 +111,8 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 h1:v6hYoSR9T5oet+pMXwUWkbiVqx/63mlHjefrHmxwfeY=
-golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8 h1:h+EGohizhe9XlX18rfpa8k8RAc5XyaeamM+0VHRd4lc=
+golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -124,5 +128,5 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 maunium.net/go/maulogger/v2 v2.3.2 h1:1XmIYmMd3PoQfp9J+PaHhpt80zpfmMqaShzUTC7FwY0=
 maunium.net/go/maulogger/v2 v2.3.2/go.mod h1:TYWy7wKwz/tIXTpsx8G3mZseIRiC5DoMxSZazOHy68A=
-maunium.net/go/mautrix v0.12.0 h1:jyT1TkJBIRJ7+OW7NhmMHmnEEBLsQe9ml+FYwSLhlaU=
-maunium.net/go/mautrix v0.12.0/go.mod h1:hHvNi5iKVAiI2MAdAeXHtP4g9BvNEX2rsQpSF/x6Kx4=
+maunium.net/go/mautrix v0.12.1 h1:MLfkWkpRIgUn7lueDSlPwYOeIuGF+NrAHW0hInIuVAw=
+maunium.net/go/mautrix v0.12.1/go.mod h1:/jxQFIipObSsjZPH6o3xyUi8uoULz3Hfr/8p9loqpYE=

smtp/msa.go

@@ -2,10 +2,13 @@ package smtp
 
 import (
 	"context"
+	"errors"
 
 	"github.com/emersion/go-smtp"
 	"github.com/getsentry/sentry-go"
 	"gitlab.com/etke.cc/go/logger"
+
+	"gitlab.com/etke.cc/postmoogle/utils"
 )
 
 // msa is mail submission agent, implements smtp.Backend
@@ -13,21 +16,33 @@ type msa struct {
 	log    *logger.Logger
 	domain string
 	bot    Bot
+	mta    utils.MTA
 }
 
-func (m *msa) newSession() *msasession {
+func (m *msa) newSession(from string, incoming bool) *msasession {
 	return &msasession{
-		ctx:    sentry.SetHubOnContext(context.Background(), sentry.CurrentHub().Clone()),
-		log:    m.log,
-		bot:    m.bot,
-		domain: m.domain,
+		ctx:      sentry.SetHubOnContext(context.Background(), sentry.CurrentHub().Clone()),
+		mta:      m.mta,
+		from:     from,
+		incoming: incoming,
+		log:      m.log,
+		bot:      m.bot,
+		domain:   m.domain,
 	}
 }
 
 func (m *msa) Login(state *smtp.ConnectionState, username, password string) (smtp.Session, error) {
-	return nil, smtp.ErrAuthUnsupported
+	if !utils.AddressValid(username) {
+		return nil, errors.New("please, provide an email address")
+	}
+
+	if !m.bot.AllowAuth(username, password) {
+		return nil, errors.New("email or password is invalid")
+	}
+
+	return m.newSession(username, false), nil
 }
 
 func (m *msa) AnonymousLogin(state *smtp.ConnectionState) (smtp.Session, error) {
-	return m.newSession(), nil
+	return m.newSession("", true), nil
 }

smtp/msasession.go

@@ -2,6 +2,7 @@ package smtp
 
 import (
 	"context"
+	"errors"
 	"io"
 
 	"github.com/emersion/go-smtp"
@@ -12,35 +13,48 @@ import (
 	"gitlab.com/etke.cc/postmoogle/utils"
 )
 
+// msasession represents an SMTP-submission session.
+// This can be used in 2 directions:
+// - receiving emails from remote servers, in which case: `incoming = true`
+// - sending emails from local users, in which case: `incoming = false`
 type msasession struct {
 	log    *logger.Logger
 	bot    Bot
+	mta    utils.MTA
 	domain string
 
-	ctx  context.Context
-	to   string
-	from string
+	ctx      context.Context
+	incoming bool
+	to       string
+	from     string
 }
 
 func (s *msasession) Mail(from string, opts smtp.MailOptions) error {
 	sentry.GetHubFromContext(s.ctx).Scope().SetTag("from", from)
-	s.from = from
-	s.log.Debug("mail from %s, options: %+v", from, opts)
+	if !utils.AddressValid(from) {
+		return errors.New("please, provide email address")
+	}
+	if s.incoming {
+		s.from = from
+		s.log.Debug("mail from %s, options: %+v", from, opts)
+	}
 	return nil
 }
 
 func (s *msasession) Rcpt(to string) error {
 	sentry.GetHubFromContext(s.ctx).Scope().SetTag("to", to)
 
-	if utils.Hostname(to) != s.domain {
-		s.log.Debug("wrong domain of %s", to)
-		return smtp.ErrAuthRequired
-	}
+	if s.incoming {
+		if utils.Hostname(to) != s.domain {
+			s.log.Debug("wrong domain of %s", to)
+			return smtp.ErrAuthRequired
+		}
 
-	_, ok := s.bot.GetMapping(utils.Mailbox(to))
-	if !ok {
-		s.log.Debug("mapping for %s not found", to)
-		return smtp.ErrAuthRequired
+		_, ok := s.bot.GetMapping(utils.Mailbox(to))
+		if !ok {
+			s.log.Debug("mapping for %s not found", to)
+			return smtp.ErrAuthRequired
+		}
 	}
 
 	s.to = to
@@ -80,7 +94,7 @@ func (s *msasession) Data(r io.Reader) error {
 		eml.HTML,
 		files)
 
-	return s.bot.Send2Matrix(s.ctx, email)
+	return s.bot.Send2Matrix(s.ctx, email, s.incoming)
 }
 
 func (s *msasession) Reset() {}

smtp/mta.go

@@ -17,8 +17,9 @@ import (
 
 // Bot interface to send emails into matrix
 type Bot interface {
+	AllowAuth(string, string) bool
 	GetMapping(string) (id.RoomID, bool)
-	Send2Matrix(ctx context.Context, email *utils.Email) error
+	Send2Matrix(ctx context.Context, email *utils.Email, incoming bool) error
 	SetMTA(mta utils.MTA)
 }
 

smtp/server.go

@@ -40,6 +40,7 @@ func NewServer(cfg *Config) *Server {
 	sender := NewMTA(cfg.LogLevel)
 	receiver := &msa{
 		log:    log,
+		mta:    sender,
 		bot:    cfg.Bot,
 		domain: cfg.Domain,
 	}
@@ -50,7 +51,9 @@ func NewServer(cfg *Config) *Server {
 	s.ReadTimeout = 10 * time.Second
 	s.WriteTimeout = 10 * time.Second
 	s.MaxMessageBytes = cfg.MaxSize * 1024 * 1024
+	s.AllowInsecureAuth = !cfg.TLSRequired
 	s.EnableREQUIRETLS = cfg.TLSRequired
+	s.EnableSMTPUTF8 = true
 	if log.GetLevel() == "DEBUG" || log.GetLevel() == "TRACE" {
 		s.Debug = os.Stdout
 	}

utils/email.go

@@ -4,6 +4,7 @@ import (
 	"crypto"
 	"crypto/x509"
 	"encoding/pem"
+	"net/mail"
 	"strings"
 	"time"
 
@@ -46,6 +47,12 @@ type ContentOptions struct {
 	FromKey      string
 }
 
+// AddressValid checks if email address is valid
+func AddressValid(email string) bool {
+	_, err := mail.ParseAddress(email)
+	return err == nil
+}
+
 // NewEmail constructs Email object
 func NewEmail(messageID, inReplyTo, subject, from, to, text, html string, files []*File) *Email {
 	email := &Email{
@@ -71,6 +78,14 @@ func NewEmail(messageID, inReplyTo, subject, from, to, text, html string, files
 	return email
 }
 
+// Mailbox returns postmoogle's mailbox, parsing it from FROM (if incoming=false) or TO (incoming=true)
+func (e *Email) Mailbox(incoming bool) string {
+	if incoming {
+		return Mailbox(e.To)
+	}
+	return Mailbox(e.From)
+}
+
 // Content converts the email object to a Matrix event content
 func (e *Email) Content(threadID id.EventID, options *ContentOptions) *event.Content {
 	var text strings.Builder
@@ -110,6 +125,10 @@ func (e *Email) Compose(privkey string) string {
 	var data strings.Builder
 
 	domain := strings.SplitN(e.From, "@", 2)[1]
+
+	data.WriteString("Content-Type: text/plain; charset=\"UTF-8\"")
+	data.WriteString("\r\n")
+
 	data.WriteString("From: ")
 	data.WriteString(e.From)
 	data.WriteString("\r\n")

utils/user.go

@@ -1,104 +0,0 @@
-package utils
-
-import (
-	"fmt"
-	"regexp"
-	"strings"
-)
-
-// WildcardMXIDsToRegexes converts a list of wildcard patterns to a list of regular expressions
-func WildcardMXIDsToRegexes(wildCardPatterns []string) ([]*regexp.Regexp, error) {
-	regexPatterns := make([]*regexp.Regexp, len(wildCardPatterns))
-
-	for idx, wildCardPattern := range wildCardPatterns {
-		regex, err := parseMXIDWildcard(wildCardPattern)
-		if err != nil {
-			return nil, fmt.Errorf("failed to parse allowed user rule `%s`: %s", wildCardPattern, err)
-		}
-		regexPatterns[idx] = regex
-	}
-
-	return regexPatterns, nil
-}
-
-// Match tells if the given user id is allowed to use the bot, according to the given whitelist
-func Match(userID string, allowed []*regexp.Regexp) bool {
-	for _, regex := range allowed {
-		if regex.MatchString(userID) {
-			return true
-		}
-	}
-
-	return false
-}
-
-// parseMXIDWildcard parses a user whitelisting wildcard rule and returns a regular expression which corresponds to it
-//
-// Example conversion: `@bot.*.something:*.example.com` -> `^bot\.([^:@]*)\.something:([^:@]*)\.example.com$`
-// Example of recognized wildcard patterns: `@someone:example.com`, `@*:example.com`, `@bot.*:example.com`, `@someone:*`, `@someone:*.example.com`
-//
-// The `*` wildcard character is normally interpretted as "a number of literal characters or an empty string".
-// Our implementation below matches this (yielding `([^:@])*`), which could provide a slightly suboptimal regex in these cases:
-// - `@*:example.com` -> `^@([^:@])*:example\.com$`, although `^@([^:@])+:example\.com$` would be preferable
-// - `@someone:*` -> `@someone:([^:@])*$`, although `@someone:([^:@])+$` would be preferable
-// When it's a bare wildcard (`*`, instead of `*.example.com`) we likely prefer to yield a regex that matches **at least one character**.
-// This probably doesn't matter because mxids that we'll match against are all valid and fully complete.
-func parseMXIDWildcard(wildCardRule string) (*regexp.Regexp, error) {
-	if !strings.HasPrefix(wildCardRule, "@") {
-		return nil, fmt.Errorf("rules need to be fully-qualified, starting with a @")
-	}
-
-	remainingRule := wildCardRule[1:]
-	if strings.Contains(remainingRule, "@") {
-		return nil, fmt.Errorf("rules cannot contain more than one @")
-	}
-
-	parts := strings.Split(remainingRule, ":")
-	if len(parts) != 2 {
-		return nil, fmt.Errorf("expected exactly 2 parts in the rule, separated by `:`")
-	}
-
-	localPart := parts[0]
-	localPartPattern, err := getRegexPatternForPart(localPart)
-	if err != nil {
-		return nil, fmt.Errorf("failed to convert local part `%s` to regex: %s", localPart, err)
-	}
-
-	domainPart := parts[1]
-	domainPartPattern, err := getRegexPatternForPart(domainPart)
-	if err != nil {
-		return nil, fmt.Errorf("failed to convert domain part `%s` to regex: %s", domainPart, err)
-	}
-
-	finalPattern := fmt.Sprintf("^@%s:%s$", localPartPattern, domainPartPattern)
-
-	regex, err := regexp.Compile(finalPattern)
-	if err != nil {
-		return nil, fmt.Errorf("failed to compile regex `%s`: %s", finalPattern, err)
-	}
-
-	return regex, nil
-}
-
-func getRegexPatternForPart(part string) (string, error) {
-	if part == "" {
-		return "", fmt.Errorf("rejecting empty part")
-	}
-
-	var pattern strings.Builder
-	for _, rune := range part {
-		if rune == '*' {
-			// We match everything except for `:` and `@`, because that would be an invalid MXID anyway.
-			//
-			// If the whole part is `*` (only) instead of merely containing `*` within it,
-			// we may also consider replacing it with `([^:@]+)` (+, instead of *).
-			// See parseMXIDWildcard for notes about this.
-			pattern.WriteString("([^:@]*)")
-			continue
-		}
-
-		pattern.WriteString(regexp.QuoteMeta(string(rune)))
-	}
-
-	return pattern.String(), nil
-}

utils/user_test.go

@@ -1,221 +0,0 @@
-package utils
-
-import "testing"
-
-func TestRuleToRegex(t *testing.T) {
-	type testDataDefinition struct {
-		name           string
-		checkedValue   string
-		expectedResult string
-		expectedError  bool
-	}
-
-	tests := []testDataDefinition{
-		{
-			name:           "simple pattern without wildcards succeeds",
-			checkedValue:   "@someone:example.com",
-			expectedResult: `^@someone:example\.com$`,
-			expectedError:  false,
-		},
-		{
-			name:           "pattern with wildcard as the whole local part succeeds",
-			checkedValue:   "@*:example.com",
-			expectedResult: `^@([^:@]*):example\.com$`,
-			expectedError:  false,
-		},
-		{
-			name:           "pattern with wildcard within the local part succeeds",
-			checkedValue:   "@bot.*.something:example.com",
-			expectedResult: `^@bot\.([^:@]*)\.something:example\.com$`,
-			expectedError:  false,
-		},
-		{
-			name:           "pattern with wildcard as the whole domain part succeeds",
-			checkedValue:   "@someone:*",
-			expectedResult: `^@someone:([^:@]*)$`,
-			expectedError:  false,
-		},
-		{
-			name:           "pattern with wildcard within the domain part succeeds",
-			checkedValue:   "@someone:*.organization.com",
-			expectedResult: `^@someone:([^:@]*)\.organization\.com$`,
-			expectedError:  false,
-		},
-		{
-			name:           "pattern with wildcard in both parts succeeds",
-			checkedValue:   "@*:*",
-			expectedResult: `^@([^:@]*):([^:@]*)$`,
-			expectedError:  false,
-		},
-		{
-			name:           "pattern that does not appear fully-qualified fails",
-			checkedValue:   "someone:example.com",
-			expectedResult: ``,
-			expectedError:  true,
-		},
-		{
-			name:           "pattern that does not appear fully-qualified fails",
-			checkedValue:   "@someone",
-			expectedResult: ``,
-			expectedError:  true,
-		},
-		{
-			name:           "pattern with empty domain part fails",
-			checkedValue:   "@someone:",
-			expectedResult: ``,
-			expectedError:  true,
-		},
-		{
-			name:           "pattern with empty local part fails",
-			checkedValue:   "@:example.com",
-			expectedResult: ``,
-			expectedError:  true,
-		},
-		{
-			name:           "pattern with multiple @ fails",
-			checkedValue:   "@someone@someone:example.com",
-			expectedResult: ``,
-			expectedError:  true,
-		},
-		{
-			name:           "pattern with multiple : fails",
-			checkedValue:   "@someone:someone:example.com",
-			expectedResult: ``,
-			expectedError:  true,
-		},
-	}
-
-	for _, testData := range tests {
-		func(testData testDataDefinition) {
-			t.Run(testData.name, func(t *testing.T) {
-				actualResult, err := parseMXIDWildcard(testData.checkedValue)
-
-				if testData.expectedError {
-					if err != nil {
-						return
-					}
-
-					t.Errorf("expected an error, but did not get one")
-				}
-
-				if err != nil {
-					t.Errorf("did not expect an error, but got one: %s", err)
-				}
-
-				if actualResult.String() == testData.expectedResult {
-					return
-				}
-
-				t.Errorf(
-					"Expected `%s` to yield `%s`, not `%s`",
-					testData.checkedValue,
-					testData.expectedResult,
-					actualResult.String(),
-				)
-			})
-		}(testData)
-	}
-}
-
-func TestMatch(t *testing.T) {
-	type testDataDefinition struct {
-		name           string
-		checkedValue   string
-		allowedUsers   []string
-		expectedResult bool
-	}
-
-	tests := []testDataDefinition{
-		{
-			name:           "Empty allowed users allows no one",
-			checkedValue:   "@someone:example.com",
-			allowedUsers:   []string{},
-			expectedResult: false,
-		},
-		{
-			name:           "Direct full mxid match is allowed",
-			checkedValue:   "@someone:example.com",
-			allowedUsers:   []string{"@someone:example.com"},
-			expectedResult: true,
-		},
-		{
-			name:           "Direct full mxid match later on is allowed",
-			checkedValue:   "@someone:example.com",
-			allowedUsers:   []string{"@another:example.com", "@someone:example.com"},
-			expectedResult: true,
-		},
-		{
-			name:           "No mxid match is not allowed",
-			checkedValue:   "@someone:example.com",
-			allowedUsers:   []string{"@another:example.com"},
-			expectedResult: false,
-		},
-		{
-			name:           "mxid localpart only wildcard match is allowed",
-			checkedValue:   "@someone:example.com",
-			allowedUsers:   []string{"@*:example.com"},
-			expectedResult: true,
-		},
-		{
-			name:           "mxid localpart with wildcard match is allowed",
-			checkedValue:   "@bot.abc:example.com",
-			allowedUsers:   []string{"@bot.*:example.com"},
-			expectedResult: true,
-		},
-		{
-			name:           "mxid localpart with wildcard match is not allowed when it does not match",
-			checkedValue:   "@bot.abc:example.com",
-			allowedUsers:   []string{"@employee.*:example.com"},
-			expectedResult: false,
-		},
-		{
-			name:           "mxid localpart wildcard for another domain is not allowed",
-			checkedValue:   "@someone:example.com",
-			allowedUsers:   []string{"@*:another.com"},
-			expectedResult: false,
-		},
-		{
-			name:           "mxid domainpart with only wildcard match is allowed",
-			checkedValue:   "@someone:example.com",
-			allowedUsers:   []string{"@someone:*"},
-			expectedResult: true,
-		},
-		{
-			name:           "mxid domainpart with wildcard match is allowed",
-			checkedValue:   "@someone:example.organization.com",
-			allowedUsers:   []string{"@someone:*.organization.com"},
-			expectedResult: true,
-		},
-		{
-			name:           "mxid domainpart with wildcard match is not allowed when it does not match",
-			checkedValue:   "@someone:example.another.com",
-			allowedUsers:   []string{"@someone:*.organization.com"},
-			expectedResult: false,
-		},
-	}
-
-	for _, testData := range tests {
-		func(testData testDataDefinition) {
-			t.Run(testData.name, func(t *testing.T) {
-				allowedUserRegexes, err := WildcardMXIDsToRegexes(testData.allowedUsers)
-				if err != nil {
-					t.Error(err)
-				}
-
-				actualResult := Match(testData.checkedValue, allowedUserRegexes)
-
-				if actualResult == testData.expectedResult {
-					return
-				}
-
-				t.Errorf(
-					"Expected `%s` compared against `%v` to yield `%v`, not `%v`",
-					testData.checkedValue,
-					testData.allowedUsers,
-					testData.expectedResult,
-					actualResult,
-				)
-			})
-		}(testData)
-	}
-}