diff --git a/envelope.go b/envelope.go index 0e0f1bc..b23c992 100644 --- a/envelope.go +++ b/envelope.go @@ -3,7 +3,7 @@ package smtpd import ( "crypto/tls" "fmt" - "strings" + "net" "time" ) @@ -26,22 +26,65 @@ func (env *Envelope) AddReceivedLine(peer Peer) { tls.VersionTLS12: "TLS1.2", } + tlsCiphers := map[uint16]string{ + tls.TLS_RSA_WITH_RC4_128_SHA: "TLS_RSA_WITH_RC4_128_SHA", + tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA: "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + tls.TLS_RSA_WITH_AES_128_CBC_SHA: "TLS_RSA_WITH_AES_128_CBC_SHA", + tls.TLS_RSA_WITH_AES_256_CBC_SHA: "TLS_RSA_WITH_AES_256_CBC_SHA", + tls.TLS_RSA_WITH_AES_128_CBC_SHA256: "TLS_RSA_WITH_AES_128_CBC_SHA256", + tls.TLS_RSA_WITH_AES_128_GCM_SHA256: "TLS_RSA_WITH_AES_128_GCM_SHA256", + tls.TLS_RSA_WITH_AES_256_GCM_SHA384: "TLS_RSA_WITH_AES_256_GCM_SHA384", + tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA: "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305: "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", + tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305: "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", + tls.TLS_FALLBACK_SCSV: "TLS_FALLBACK_SCSV", + } + if peer.TLS != nil { + version := "unknown" + + if val, ok := tlsVersions[peer.TLS.Version]; ok { + version = val + } + + cipher := fmt.Sprintf("0x%x", peer.TLS.CipherSuite) + + if val, ok := tlsCiphers[peer.TLS.CipherSuite]; ok { + cipher = val + } + tlsDetails = fmt.Sprintf( - "\r\n\t(version=%s cipher=0x%x);", - tlsVersions[peer.TLS.Version], - peer.TLS.CipherSuite, + "\r\n\t(version=%s cipher=%s);", + version, + cipher, ) } + peerIP := "" + if addr, ok := peer.Addr.(*net.TCPAddr); ok { + peerIP = addr.IP.String() + } + line := wrap([]byte(fmt.Sprintf( - "Received: from %s [%s] by %s with %s;%s\r\n\t%s\r\n", + "Received: from %s ([%s]) by %s with %s;%s\r\n\t%s\r\n", peer.HeloName, - strings.Split(peer.Addr.String(), ":")[0], + peerIP, peer.ServerName, peer.Protocol, tlsDetails, - time.Now().Format("Mon Jan 2 15:04:05 -0700 2006"), + time.Now().Format("Mon, 02 Jan 2006 15:04:05 -0700 (MST)"), ))) env.Data = append(env.Data, line...) diff --git a/smtpd.go b/smtpd.go index 797ad8e..0dbf38c 100644 --- a/smtpd.go +++ b/smtpd.go @@ -119,6 +119,9 @@ func (srv *Server) newSession(c net.Conn) (s *session) { tlsConn, s.tls = c.(*tls.Conn) if s.tls { + // run handshake otherwise it's done when we first + // read/write and connection state will be invalid + tlsConn.Handshake() state := tlsConn.ConnectionState() s.peer.TLS = &state } diff --git a/smtpd_test.go b/smtpd_test.go index 3cc134f..eb1dfba 100644 --- a/smtpd_test.go +++ b/smtpd_test.go @@ -943,7 +943,7 @@ func TestEnvelopeReceived(t *testing.T) { Hostname: "foobar.example.net", Handler: func(peer smtpd.Peer, env smtpd.Envelope) error { env.AddReceivedLine(peer) - if !bytes.HasPrefix(env.Data, []byte("Received: from localhost [127.0.0.1] by foobar.example.net with ESMTP;")) { + if !bytes.HasPrefix(env.Data, []byte("Received: from localhost ([127.0.0.1]) by foobar.example.net with ESMTP;")) { t.Fatal("Wrong received line.") } return nil