From 926733dea49d64072ecddf67fd18d19ff4804a06 Mon Sep 17 00:00:00 2001 From: Christoph Haas Date: Thu, 22 Apr 2021 14:11:54 +0200 Subject: [PATCH] add ssl/tls option for email encryption (#13) --- README.md | 3 ++- internal/common/email.go | 35 ++++++++++++++++++++++++-------- internal/server/configuration.go | 1 + 3 files changed, 30 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 5eba79c..145f6fb 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,8 @@ The following configuration options are available: | DATABASE_PASSWORD | password | database | | The mysql password. | | EMAIL_HOST | host | email | 127.0.0.1 | The email server address. | | EMAIL_PORT | port | email | 25 | The email server port. | -| EMAIL_TLS | tls | email | false | Use STARTTLS. | +| EMAIL_TLS | tls | email | false | Use STARTTLS. DEPRECATED: use EMAIL_ENCRYPTION instead. | +| EMAIL_ENCRYPTION | encryption | email | none | Either none, tls or starttls. | | EMAIL_CERT_VALIDATION | certcheck | email | false | Validate the email server certificate. | | EMAIL_USERNAME | user | email | | An optional username for SMTP authentication. | | EMAIL_PASSWORD | pass | email | | An optional password for SMTP authentication. | diff --git a/internal/common/email.go b/internal/common/email.go index b4bbd59..781e49d 100644 --- a/internal/common/email.go +++ b/internal/common/email.go @@ -7,16 +7,27 @@ import ( "strconv" "strings" + "github.com/pkg/errors" + "github.com/jordan-wright/email" ) +type MailEncryption string + +const ( + MailEncryptionNone MailEncryption = "none" + MailEncryptionTLS MailEncryption = "tls" + MailEncryptionStartTLS MailEncryption = "starttls" +) + type MailConfig struct { - Host string `yaml:"host" envconfig:"EMAIL_HOST"` - Port int `yaml:"port" envconfig:"EMAIL_PORT"` - TLS bool `yaml:"tls" envconfig:"EMAIL_TLS"` - CertValidation bool `yaml:"certcheck" envconfig:"EMAIL_CERT_VALIDATION"` - Username string `yaml:"user" envconfig:"EMAIL_USERNAME"` - Password string `yaml:"pass" envconfig:"EMAIL_PASSWORD"` + Host string `yaml:"host" envconfig:"EMAIL_HOST"` + Port int `yaml:"port" envconfig:"EMAIL_PORT"` + TLS bool `yaml:"tls" envconfig:"EMAIL_TLS"` // Deprecated, use MailConfig.Encryption instead. + Encryption MailEncryption `yaml:"encryption" envconfig:"EMAIL_ENCRYPTION"` + CertValidation bool `yaml:"certcheck" envconfig:"EMAIL_CERT_VALIDATION"` + Username string `yaml:"user" envconfig:"EMAIL_USERNAME"` + Password string `yaml:"pass" envconfig:"EMAIL_PASSWORD"` } type MailAttachment struct { @@ -64,16 +75,24 @@ func SendEmailWithAttachments(cfg MailConfig, sender, replyTo, subject, body str for _, attachment := range attachments { a, err := e.Attach(attachment.Data, attachment.Name, attachment.ContentType) if err != nil { - return err + return errors.Wrapf(err, "failed to attach %s to mailbody", attachment.Name) } if attachment.Embedded { a.HTMLRelated = true } } + // TODO: remove this once the deprecated MailConfig.TLS config option has been removed if cfg.TLS { + cfg.Encryption = MailEncryptionStartTLS + } + + switch cfg.Encryption { + case MailEncryptionTLS: + return e.SendWithTLS(hostname, auth, &tls.Config{InsecureSkipVerify: !cfg.CertValidation}) + case MailEncryptionStartTLS: return e.SendWithStartTLS(hostname, auth, &tls.Config{InsecureSkipVerify: !cfg.CertValidation}) - } else { + default: // MailEncryptionNone return e.Send(hostname, auth) } } diff --git a/internal/server/configuration.go b/internal/server/configuration.go index 2727967..7cf6ed6 100644 --- a/internal/server/configuration.go +++ b/internal/server/configuration.go @@ -112,6 +112,7 @@ func NewConfig() *Config { cfg.WG.ManageIPAddresses = true cfg.Email.Host = "127.0.0.1" cfg.Email.Port = 25 + cfg.Email.Encryption = common.MailEncryptionNone // Load config from file and environment cfgFile, ok := os.LookupEnv("CONFIG_FILE")