fix: switch to port 587

awakari · Oct 8, 2024 · eae7310 · eae7310
1 parent d6f399c
commit eae7310
Show file tree

Hide file tree

Showing 7 changed files with 91 additions and 92 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -5,6 +5,8 @@ RUN \
     apk add protoc protobuf-dev make git && \
     make build
 
-FROM scratch
+FROM alpine:3.20
+RUN apk --no-cache add ca-certificates \
+    && update-ca-certificates
 COPY --from=builder /go/src/int-email/int-email /bin/int-email
 ENTRYPOINT ["/bin/int-email"]
diff --git a/api/smtp/backend.go b/api/smtp/backend.go
@@ -1,25 +1,31 @@
 package smtp
 
 import (
-    "github.com/awakari/int-email/service/writer"
-    "github.com/emersion/go-smtp"
+	"github.com/awakari/int-email/service/writer"
+	"github.com/emersion/go-smtp"
 )
 
 type backend struct {
-    svcWriter writer.Service
-    rcpts     map[string]bool
-    dataLimit int64
+	svcWriter writer.Service
+	rcpts     map[string]bool
+	dataLimit int64
 }
 
 func NewBackend(svcWriter writer.Service, rcpts map[string]bool, dataLimit int64) smtp.Backend {
-    return backend{
-        svcWriter: svcWriter,
-        rcpts:     rcpts,
-        dataLimit: dataLimit,
-    }
+	return backend{
+		svcWriter: svcWriter,
+		rcpts:     rcpts,
+		dataLimit: dataLimit,
+	}
 }
 
 func (b backend) NewSession(c *smtp.Conn) (s smtp.Session, err error) {
-    s = newSession(b.svcWriter, b.rcpts, b.dataLimit)
-    return
+	connState, tlsOk := c.TLSConnectionState()
+	switch {
+	case tlsOk && connState.Version != 0:
+		s = newSession(b.svcWriter, b.rcpts, b.dataLimit)
+	default:
+		err = smtp.ErrAuthRequired
+	}
+	return
 }
diff --git a/api/smtp/backend_logging.go b/api/smtp/backend_logging.go
@@ -1,31 +1,32 @@
 package smtp
 
 import (
-    "fmt"
-    "github.com/emersion/go-smtp"
-    "log/slog"
+	"fmt"
+	"github.com/emersion/go-smtp"
+	"log/slog"
 )
 
 type backendLogging struct {
-    b   smtp.Backend
-    log *slog.Logger
+	b   smtp.Backend
+	log *slog.Logger
 }
 
 func NewBackendLogging(b smtp.Backend, log *slog.Logger) smtp.Backend {
-    return backendLogging{
-        b:   b,
-        log: log,
-    }
+	return backendLogging{
+		b:   b,
+		log: log,
+	}
 }
 
 func (bl backendLogging) NewSession(c *smtp.Conn) (s smtp.Session, err error) {
-    s, err = bl.b.NewSession(c)
-    switch err {
-    case nil:
-        bl.log.Debug(fmt.Sprintf("backend.NewSession(%+v)", c.Server()))
-        s = NewSessionLogging(s, bl.log)
-    default:
-        bl.log.Error(fmt.Sprintf("backend.NewSession(%+v): err=%s", c.Server(), err))
-    }
-    return
+	tlsState, tlsOk := c.TLSConnectionState()
+	s, err = bl.b.NewSession(c)
+	switch err {
+	case nil:
+		bl.log.Debug(fmt.Sprintf("backend.NewSession(%s, %+v, %t)", c.Hostname(), tlsState, tlsOk))
+		s = NewSessionLogging(s, bl.log)
+	default:
+		bl.log.Error(fmt.Sprintf("backend.NewSession(%s, %+v, %t): err=%s", c.Hostname(), tlsState, tlsOk, err))
+	}
+	return
 }
diff --git a/config/config.go b/config/config.go
@@ -1,61 +1,61 @@
 package config
 
 import (
-    "github.com/kelseyhightower/envconfig"
-    "time"
+	"github.com/kelseyhightower/envconfig"
+	"time"
 )
 
 type Config struct {
-    Api ApiConfig
-    Log struct {
-        Level int `envconfig:"LOG_LEVEL" default:"-4" required:"true"`
-    }
+	Api ApiConfig
+	Log struct {
+		Level int `envconfig:"LOG_LEVEL" default:"-4" required:"true"`
+	}
 }
 
 type ApiConfig struct {
-    Smtp struct {
-        Host string `envconfig:"API_SMTP_HOST" required:"true"`
-        Port uint16 `envconfig:"API_SMTP_PORT" default:"25" required:"true"`
-        Data struct {
-            Limit uint32 `envconfig:"API_SMTP_DATA_LIMIT" default:"1048576" required:"true"`
-        }
-        Recipients struct {
-            Names []string `envconfig:"API_SMTP_RECIPIENTS_NAMES" default:"publish" required:"true"`
-            Limit uint16   `envconfig:"API_SMTP_RECIPIENTS_LIMIT" default:"100" required:"true"`
-        }
-        Timeout struct {
-            Read  time.Duration `envconfig:"API_SMTP_TIMEOUT_READ" default:"1m" required:"true"`
-            Write time.Duration `envconfig:"API_SMTP_TIMEOUT_WRITE" default:"1m" required:"true"`
-        }
-    }
-    EventType EventTypeConfig
-    Interests struct {
-        Uri              string `envconfig:"API_INTERESTS_URI" required:"true" default:"subscriptions-proxy:50051"`
-        DetailsUriPrefix string `envconfig:"API_INTERESTS_DETAILS_URI_PREFIX" required:"true" default:"https://awakari.com/sub-details.html?id="`
-    }
-    Reader ReaderConfig
-    Writer struct {
-        Backoff   time.Duration `envconfig:"API_WRITER_BACKOFF" default:"10s" required:"true"`
-        BatchSize uint32        `envconfig:"API_WRITER_BATCH_SIZE" default:"16" required:"true"`
-        Cache     WriterCacheConfig
-        Uri       string `envconfig:"API_WRITER_URI" default:"resolver:50051" required:"true"`
-    }
+	Smtp struct {
+		Host string `envconfig:"API_SMTP_HOST" required:"true"`
+		Port uint16 `envconfig:"API_SMTP_PORT" default:"587" required:"true"`
+		Data struct {
+			Limit uint32 `envconfig:"API_SMTP_DATA_LIMIT" default:"1048576" required:"true"`
+		}
+		Recipients struct {
+			Names []string `envconfig:"API_SMTP_RECIPIENTS_NAMES" default:"publish" required:"true"`
+			Limit uint16   `envconfig:"API_SMTP_RECIPIENTS_LIMIT" default:"100" required:"true"`
+		}
+		Timeout struct {
+			Read  time.Duration `envconfig:"API_SMTP_TIMEOUT_READ" default:"1m" required:"true"`
+			Write time.Duration `envconfig:"API_SMTP_TIMEOUT_WRITE" default:"1m" required:"true"`
+		}
+	}
+	EventType EventTypeConfig
+	Interests struct {
+		Uri              string `envconfig:"API_INTERESTS_URI" required:"true" default:"subscriptions-proxy:50051"`
+		DetailsUriPrefix string `envconfig:"API_INTERESTS_DETAILS_URI_PREFIX" required:"true" default:"https://awakari.com/sub-details.html?id="`
+	}
+	Reader ReaderConfig
+	Writer struct {
+		Backoff   time.Duration `envconfig:"API_WRITER_BACKOFF" default:"10s" required:"true"`
+		BatchSize uint32        `envconfig:"API_WRITER_BATCH_SIZE" default:"16" required:"true"`
+		Cache     WriterCacheConfig
+		Uri       string `envconfig:"API_WRITER_URI" default:"resolver:50051" required:"true"`
+	}
 }
 
 type WriterCacheConfig struct {
-    Size uint32        `envconfig:"API_WRITER_CACHE_SIZE" default:"100" required:"true"`
-    Ttl  time.Duration `envconfig:"API_WRITER_CACHE_TTL" default:"24h" required:"true"`
+	Size uint32        `envconfig:"API_WRITER_CACHE_SIZE" default:"100" required:"true"`
+	Ttl  time.Duration `envconfig:"API_WRITER_CACHE_TTL" default:"24h" required:"true"`
 }
 
 type ReaderConfig struct {
-    UriEventBase string `envconfig:"API_READER_URI_EVT_BASE" default:"https://awakari.com/pub-msg.html?id=" required:"true"`
+	UriEventBase string `envconfig:"API_READER_URI_EVT_BASE" default:"https://awakari.com/pub-msg.html?id=" required:"true"`
 }
 
 type EventTypeConfig struct {
-    Self string `envconfig:"API_EVENT_TYPE_SELF" required:"true" default:"com_awakari_email_v1"`
+	Self string `envconfig:"API_EVENT_TYPE_SELF" required:"true" default:"com_awakari_email_v1"`
 }
 
 func NewConfigFromEnv() (cfg Config, err error) {
-    err = envconfig.Process("", &cfg)
-    return
+	err = envconfig.Process("", &cfg)
+	return
 }
diff --git a/helm/int-email/templates/deployment.yaml b/helm/int-email/templates/deployment.yaml
@@ -71,16 +71,8 @@ spec:
             - name: smtp
               containerPort: {{ .Values.service.port }}
               protocol: TCP
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.port }}
-            initialDelaySeconds: 30
-            periodSeconds: 604800
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.port }}
-            initialDelaySeconds: 30
-            periodSeconds: 604800
+          livenessProbe: {}
+          readinessProbe: {}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       volumes:

diff --git a/helm/int-email/values.yaml b/helm/int-email/values.yaml
@@ -37,7 +37,7 @@ securityContext: {}
 
 service:
   type: LoadBalancer
-  port: 465
+  port: 587
 
 ingress:
   enabled: false

diff --git a/main.go b/main.go
@@ -9,7 +9,6 @@ import (
 	"github.com/awakari/int-email/service/writer"
 	"github.com/emersion/go-smtp"
 	"log/slog"
-	"net"
 	"os"
 )
 
@@ -53,12 +52,12 @@ func main() {
 	b = apiSmtp.NewBackendLogging(b, log)
 	srv := smtp.NewServer(b)
 	srv.Addr = fmt.Sprintf(":%d", cfg.Api.Smtp.Port)
-	srv.AllowInsecureAuth = false
 	srv.Domain = cfg.Api.Smtp.Host
 	srv.MaxMessageBytes = int64(cfg.Api.Smtp.Data.Limit)
 	srv.MaxRecipients = int(cfg.Api.Smtp.Recipients.Limit)
 	srv.ReadTimeout = cfg.Api.Smtp.Timeout.Read
 	srv.WriteTimeout = cfg.Api.Smtp.Timeout.Write
+	srv.AllowInsecureAuth = false
 
 	// Load the TLS certificate and key from the mounted volume
 	var cert tls.Certificate
@@ -67,17 +66,16 @@ func main() {
 		panic(err)
 	}
 	tlsConfig := &tls.Config{
-		Certificates: []tls.Certificate{cert},
-		MinVersion:   tls.VersionTLS12, // Enforce TLS 1.2 or higher
+		Certificates: []tls.Certificate{
+			cert,
+		},
+		Renegotiation: tls.RenegotiateNever,
+		ClientAuth:    tls.NoClientCert,
+		MinVersion:    tls.VersionTLS12,
 	}
+	srv.TLSConfig = tlsConfig
 	log.Info("starting to listen for emails...")
-	// Start listening with TLS immediately (Implicit TLS on port 465)
-	var listener net.Listener
-	listener, err = tls.Listen("tcp", srv.Addr, tlsConfig)
-	if err != nil {
-		panic(err)
-	}
-	if err = srv.Serve(listener); err != nil {
+	if err = srv.ListenAndServe(); err != nil {
 		panic(err)
 	}
 }