Merge branch 'decke-fixes-for-upstream'

envelope.go

@@ -3,7 +3,7 @@ package smtpd
 import (
 	"crypto/tls"
 	"fmt"
-	"strings"
+	"net"
 	"time"
 )
 
@@ -26,22 +26,65 @@ func (env *Envelope) AddReceivedLine(peer Peer) {
 		tls.VersionTLS12: "TLS1.2",
 	}
 
+	tlsCiphers := map[uint16]string{
+		tls.TLS_RSA_WITH_RC4_128_SHA: "TLS_RSA_WITH_RC4_128_SHA",
+		tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA: "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+		tls.TLS_RSA_WITH_AES_128_CBC_SHA: "TLS_RSA_WITH_AES_128_CBC_SHA",
+		tls.TLS_RSA_WITH_AES_256_CBC_SHA: "TLS_RSA_WITH_AES_256_CBC_SHA",
+		tls.TLS_RSA_WITH_AES_128_CBC_SHA256: "TLS_RSA_WITH_AES_128_CBC_SHA256",
+		tls.TLS_RSA_WITH_AES_128_GCM_SHA256: "TLS_RSA_WITH_AES_128_GCM_SHA256",
+		tls.TLS_RSA_WITH_AES_256_GCM_SHA384: "TLS_RSA_WITH_AES_256_GCM_SHA384",
+		tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+		tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA: "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+		tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+		tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305: "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305: "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+		tls.TLS_FALLBACK_SCSV: "TLS_FALLBACK_SCSV",
+	}
+
 	if peer.TLS != nil {
+		version := "unknown"
+
+		if val, ok := tlsVersions[peer.TLS.Version]; ok {
+			version = val
+		}
+
+		cipher := fmt.Sprintf("0x%x", peer.TLS.CipherSuite)
+
+		if val, ok := tlsCiphers[peer.TLS.CipherSuite]; ok {
+			cipher = val
+		}
+
 		tlsDetails = fmt.Sprintf(
-			"\r\n\t(version=%s cipher=0x%x);",
-			tlsVersions[peer.TLS.Version],
-			peer.TLS.CipherSuite,
+			"\r\n\t(version=%s cipher=%s);",
+			version,
+			cipher,
 		)
 	}
 
+	peerIP := ""
+	if addr, ok := peer.Addr.(*net.TCPAddr); ok {
+		peerIP = addr.IP.String()
+	}
+
 	line := wrap([]byte(fmt.Sprintf(
-		"Received: from %s [%s] by %s with %s;%s\r\n\t%s\r\n",
+		"Received: from %s ([%s]) by %s with %s;%s\r\n\t%s\r\n",
 		peer.HeloName,
-		strings.Split(peer.Addr.String(), ":")[0],
+		peerIP,
 		peer.ServerName,
 		peer.Protocol,
 		tlsDetails,
-		time.Now().Format("Mon Jan 2 15:04:05 -0700 2006"),
+		time.Now().Format("Mon, 02 Jan 2006 15:04:05 -0700 (MST)"),
 	)))
 
 	env.Data = append(env.Data, line...)

smtpd.go

@@ -119,6 +119,9 @@ func (srv *Server) newSession(c net.Conn) (s *session) {
 	tlsConn, s.tls = c.(*tls.Conn)
 
 	if s.tls {
+		// run handshake otherwise it's done when we first
+		// read/write and connection state will be invalid
+		tlsConn.Handshake()
 		state := tlsConn.ConnectionState()
 		s.peer.TLS = &state
 	}

smtpd_test.go

@@ -943,7 +943,7 @@ func TestEnvelopeReceived(t *testing.T) {
 		Hostname: "foobar.example.net",
 		Handler: func(peer smtpd.Peer, env smtpd.Envelope) error {
 			env.AddReceivedLine(peer)
-			if !bytes.HasPrefix(env.Data, []byte("Received: from localhost [127.0.0.1] by foobar.example.net with ESMTP;")) {
+			if !bytes.HasPrefix(env.Data, []byte("Received: from localhost ([127.0.0.1]) by foobar.example.net with ESMTP;")) {
 				t.Fatal("Wrong received line.")
 			}
 			return nil