serve.zone/dcrouter
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Philipp Kunz
2025-05-22 23:02:37 +00:00
parent f065a9c952
commit 50350bd78d
10 changed files with 633 additions and 779 deletions
Download Patch File Download Diff File Expand all files Collapse all files

180
ts/mail/delivery/smtpserver/command-handler.ts
View File

@ -6,7 +6,7 @@
import * as plugins from '../../../plugins.js';
import { SmtpState } from './interfaces.js';
import type { ISmtpSession, IEnvelopeRecipient } from './interfaces.js';
import type { ICommandHandler, ISessionManager, IDataHandler, ITlsHandler, ISecurityHandler } from './interfaces.js';
import type { ICommandHandler, ISmtpServer } from './interfaces.js';
import { SmtpCommand, SmtpResponseCode, SMTP_DEFAULTS, SMTP_EXTENSIONS } from './constants.js';
import { SmtpLogger } from './utils/logging.js';
import { adaptiveLogger } from './utils/adaptive-logging.js';
@ -18,72 +18,16 @@ import { validateEhlo, validateMailFrom, validateRcptTo, isValidCommandSequence
*/
export class CommandHandler implements ICommandHandler {
/**
* Session manager instance
* Reference to the SMTP server instance
*/
private sessionManager: ISessionManager;
/**
* Data handler instance (optional, injected when processing DATA command)
*/
private dataHandler?: IDataHandler;
/**
* TLS handler instance (optional, injected when processing STARTTLS command)
*/
private tlsHandler?: ITlsHandler;
/**
* Security handler instance (optional, used for IP reputation and authentication)
*/
private securityHandler?: ISecurityHandler;
/**
* SMTP server options
*/
private options: {
hostname: string;
size?: number;
maxRecipients: number;
auth?: {
required: boolean;
methods: ('PLAIN' | 'LOGIN' | 'OAUTH2')[];
};
};
private smtpServer: ISmtpServer;
/**
* Creates a new command handler
* @param sessionManager - Session manager instance
* @param options - Command handler options
* @param dataHandler - Optional data handler instance
* @param tlsHandler - Optional TLS handler instance
* @param securityHandler - Optional security handler instance
* @param smtpServer - SMTP server instance
*/
constructor(
sessionManager: ISessionManager,
options: {
hostname?: string;
size?: number;
maxRecipients?: number;
auth?: {
required: boolean;
methods: ('PLAIN' | 'LOGIN' | 'OAUTH2')[];
};
} = {},
dataHandler?: IDataHandler,
tlsHandler?: ITlsHandler,
securityHandler?: ISecurityHandler
) {
this.sessionManager = sessionManager;
this.dataHandler = dataHandler;
this.tlsHandler = tlsHandler;
this.securityHandler = securityHandler;
this.options = {
hostname: options.hostname || SMTP_DEFAULTS.HOSTNAME,
size: options.size || SMTP_DEFAULTS.MAX_MESSAGE_SIZE,
maxRecipients: options.maxRecipients || SMTP_DEFAULTS.MAX_RECIPIENTS,
auth: options.auth
};
constructor(smtpServer: ISmtpServer) {
this.smtpServer = smtpServer;
}
/**
@ -93,7 +37,7 @@ export class CommandHandler implements ICommandHandler {
*/
public processCommand(socket: plugins.net.Socket | plugins.tls.TLSSocket, commandLine: string): void {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
SmtpLogger.warn(`No session found for socket from ${socket.remoteAddress}`);
this.sendResponse(socket, `${SmtpResponseCode.LOCAL_ERROR} Internal server error - session not found`);
@ -105,9 +49,10 @@ export class CommandHandler implements ICommandHandler {
if (commandLine.startsWith('__RAW_DATA__')) {
const rawData = commandLine.substring('__RAW_DATA__'.length);
if (this.dataHandler) {
const dataHandler = this.smtpServer.getDataHandler();
if (dataHandler) {
// Let the data handler process the raw chunk
this.dataHandler.handleDataReceived(socket, rawData)
dataHandler.handleDataReceived(socket, rawData)
.catch(error => {
SmtpLogger.error(`Error processing raw email data: ${error.message}`, {
sessionId: session.id,
@ -140,9 +85,10 @@ export class CommandHandler implements ICommandHandler {
return;
}
if (this.dataHandler) {
const dataHandler = this.smtpServer.getDataHandler();
if (dataHandler) {
// Let the data handler process the line (legacy mode)
this.dataHandler.processEmailData(socket, commandLine)
dataHandler.processEmailData(socket, commandLine)
.catch(error => {
SmtpLogger.error(`Error processing email data: ${error.message}`, {
sessionId: session.id,
@ -268,8 +214,9 @@ export class CommandHandler implements ICommandHandler {
break;
case SmtpCommand.STARTTLS:
if (this.tlsHandler && this.tlsHandler.isTlsEnabled()) {
this.tlsHandler.handleStartTls(socket);
const tlsHandler = this.smtpServer.getTlsHandler();
if (tlsHandler && tlsHandler.isTlsEnabled()) {
tlsHandler.handleStartTls(socket);
} else {
SmtpLogger.warn('STARTTLS requested but TLS is not enabled', {
remoteAddress: socket.remoteAddress,
@ -369,7 +316,7 @@ export class CommandHandler implements ICommandHandler {
*/
private handleSocketError(socket: plugins.net.Socket | plugins.tls.TLSSocket, error: unknown, response: string): void {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
SmtpLogger.error(`Session not found when handling socket error`);
socket.destroy();
@ -427,7 +374,7 @@ export class CommandHandler implements ICommandHandler {
*/
public handleEhlo(socket: plugins.net.Socket | plugins.tls.TLSSocket, clientHostname: string): void {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
this.sendResponse(socket, `${SmtpResponseCode.LOCAL_ERROR} Internal server error - session not found`);
return;
@ -456,25 +403,29 @@ export class CommandHandler implements ICommandHandler {
// Update session state and client hostname
session.clientHostname = validation.hostname || hostname;
this.sessionManager.updateSessionState(session, SmtpState.AFTER_EHLO);
this.smtpServer.getSessionManager().updateSessionState(session, SmtpState.AFTER_EHLO);
// Get options once for this method
const options = this.smtpServer.getOptions();
// Set up EHLO response lines
const responseLines = [
`${this.options.hostname} greets ${session.clientHostname}`,
`${options.hostname || SMTP_DEFAULTS.HOSTNAME} greets ${session.clientHostname}`,
SMTP_EXTENSIONS.PIPELINING,
SMTP_EXTENSIONS.formatExtension(SMTP_EXTENSIONS.SIZE, this.options.size),
SMTP_EXTENSIONS.formatExtension(SMTP_EXTENSIONS.SIZE, options.size || SMTP_DEFAULTS.MAX_MESSAGE_SIZE),
SMTP_EXTENSIONS.EIGHTBITMIME,
SMTP_EXTENSIONS.ENHANCEDSTATUSCODES
];
// Add TLS extension if available and not already using TLS
if (this.tlsHandler && this.tlsHandler.isTlsEnabled() && !session.useTLS) {
const tlsHandler = this.smtpServer.getTlsHandler();
if (tlsHandler && tlsHandler.isTlsEnabled() && !session.useTLS) {
responseLines.push(SMTP_EXTENSIONS.STARTTLS);
}
// Add AUTH extension if configured
if (this.options.auth && this.options.auth.methods && this.options.auth.methods.length > 0) {
responseLines.push(`${SMTP_EXTENSIONS.AUTH} ${this.options.auth.methods.join(' ')}`);
if (options.auth && options.auth.methods && options.auth.methods.length > 0) {
responseLines.push(`${SMTP_EXTENSIONS.AUTH} ${options.auth.methods.join(' ')}`);
}
// Send multiline response
@ -488,7 +439,7 @@ export class CommandHandler implements ICommandHandler {
*/
public handleMailFrom(socket: plugins.net.Socket | plugins.tls.TLSSocket, args: string): void {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
this.sendResponse(socket, `${SmtpResponseCode.LOCAL_ERROR} Internal server error - session not found`);
return;
@ -512,8 +463,11 @@ export class CommandHandler implements ICommandHandler {
};
}
// Get options once for this method
const options = this.smtpServer.getOptions();
// Check if authentication is required but not provided
if (this.options.auth && this.options.auth.required && !session.authenticated) {
if (options.auth && options.auth.required && !session.authenticated) {
this.sendResponse(socket, `${SmtpResponseCode.AUTH_REQUIRED} Authentication required`);
return;
}
@ -573,19 +527,20 @@ export class CommandHandler implements ICommandHandler {
}
// Check against server maximum
if (size > this.options.size!) {
const maxSize = options.size || SMTP_DEFAULTS.MAX_MESSAGE_SIZE;
if (size > maxSize) {
// Generate informative error with the server's limit
this.sendResponse(socket, `${SmtpResponseCode.EXCEEDED_STORAGE} Message size exceeds limit of ${Math.floor(this.options.size! / 1024)} KB`);
this.sendResponse(socket, `${SmtpResponseCode.EXCEEDED_STORAGE} Message size exceeds limit of ${Math.floor(maxSize / 1024)} KB`);
return;
}
// Log large messages for monitoring
if (size > this.options.size! * 0.8) {
if (size > maxSize * 0.8) {
SmtpLogger.info(`Large message detected (${Math.floor(size / 1024)} KB)`, {
sessionId: session.id,
remoteAddress: session.remoteAddress,
sizeBytes: size,
percentOfMax: Math.floor((size / this.options.size!) * 100)
percentOfMax: Math.floor((size / maxSize) * 100)
});
}
}
@ -606,7 +561,7 @@ export class CommandHandler implements ICommandHandler {
};
// Update session state
this.sessionManager.updateSessionState(session, SmtpState.MAIL_FROM);
this.smtpServer.getSessionManager().updateSessionState(session, SmtpState.MAIL_FROM);
// Send success response
this.sendResponse(socket, `${SmtpResponseCode.OK} OK`);
@ -619,7 +574,7 @@ export class CommandHandler implements ICommandHandler {
*/
public handleRcptTo(socket: plugins.net.Socket | plugins.tls.TLSSocket, args: string): void {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
this.sendResponse(socket, `${SmtpResponseCode.LOCAL_ERROR} Internal server error - session not found`);
return;
@ -652,7 +607,9 @@ export class CommandHandler implements ICommandHandler {
}
// Check if we've reached maximum recipients
if (session.rcptTo.length >= this.options.maxRecipients) {
const options = this.smtpServer.getOptions();
const maxRecipients = options.maxRecipients || SMTP_DEFAULTS.MAX_RECIPIENTS;
if (session.rcptTo.length >= maxRecipients) {
this.sendResponse(socket, `${SmtpResponseCode.TRANSACTION_FAILED} Too many recipients`);
return;
}
@ -668,7 +625,7 @@ export class CommandHandler implements ICommandHandler {
session.envelope.rcptTo.push(recipient);
// Update session state
this.sessionManager.updateSessionState(session, SmtpState.RCPT_TO);
this.smtpServer.getSessionManager().updateSessionState(session, SmtpState.RCPT_TO);
// Send success response
this.sendResponse(socket, `${SmtpResponseCode.OK} Recipient ok`);
@ -680,7 +637,7 @@ export class CommandHandler implements ICommandHandler {
*/
public handleData(socket: plugins.net.Socket | plugins.tls.TLSSocket): void {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
this.sendResponse(socket, `${SmtpResponseCode.LOCAL_ERROR} Internal server error - session not found`);
return;
@ -707,7 +664,7 @@ export class CommandHandler implements ICommandHandler {
}
// Update session state
this.sessionManager.updateSessionState(session, SmtpState.DATA_RECEIVING);
this.smtpServer.getSessionManager().updateSessionState(session, SmtpState.DATA_RECEIVING);
// Reset email data storage
session.emailData = '';
@ -741,7 +698,7 @@ export class CommandHandler implements ICommandHandler {
*/
public handleRset(socket: plugins.net.Socket | plugins.tls.TLSSocket): void {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
this.sendResponse(socket, `${SmtpResponseCode.LOCAL_ERROR} Internal server error - session not found`);
return;
@ -760,14 +717,14 @@ export class CommandHandler implements ICommandHandler {
*/
public handleNoop(socket: plugins.net.Socket | plugins.tls.TLSSocket): void {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
this.sendResponse(socket, `${SmtpResponseCode.LOCAL_ERROR} Internal server error - session not found`);
return;
}
// Update session activity timestamp
this.sessionManager.updateSessionActivity(session);
this.smtpServer.getSessionManager().updateSessionActivity(session);
// Send success response
this.sendResponse(socket, `${SmtpResponseCode.OK} OK`);
@ -779,17 +736,17 @@ export class CommandHandler implements ICommandHandler {
*/
public handleQuit(socket: plugins.net.Socket | plugins.tls.TLSSocket): void {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
// Send goodbye message
this.sendResponse(socket, `${SmtpResponseCode.SERVICE_CLOSING} ${this.options.hostname} Service closing transmission channel`);
this.sendResponse(socket, `${SmtpResponseCode.SERVICE_CLOSING} ${this.smtpServer.getOptions().hostname} Service closing transmission channel`);
// End the connection
socket.end();
// Clean up session if we have one
if (session) {
this.sessionManager.removeSession(socket);
this.smtpServer.getSessionManager().removeSession(socket);
}
}
@ -800,14 +757,14 @@ export class CommandHandler implements ICommandHandler {
*/
private handleAuth(socket: plugins.net.Socket | plugins.tls.TLSSocket, args: string): void {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
this.sendResponse(socket, `${SmtpResponseCode.LOCAL_ERROR} Internal server error - session not found`);
return;
}
// Check if we have auth config
if (!this.options.auth || !this.options.auth.methods || !this.options.auth.methods.length) {
if (!this.smtpServer.getOptions().auth || !this.smtpServer.getOptions().auth.methods || !this.smtpServer.getOptions().auth.methods.length) {
this.sendResponse(socket, `${SmtpResponseCode.COMMAND_NOT_IMPLEMENTED} Authentication not supported`);
return;
}
@ -829,14 +786,14 @@ export class CommandHandler implements ICommandHandler {
*/
private handleHelp(socket: plugins.net.Socket | plugins.tls.TLSSocket, args: string): void {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
this.sendResponse(socket, `${SmtpResponseCode.LOCAL_ERROR} Internal server error - session not found`);
return;
}
// Update session activity timestamp
this.sessionManager.updateSessionActivity(session);
this.smtpServer.getSessionManager().updateSessionActivity(session);
// Provide help information based on arguments
const helpCommand = args.trim().toUpperCase();
@ -856,11 +813,12 @@ export class CommandHandler implements ICommandHandler {
];
// Add conditional commands
if (this.tlsHandler && this.tlsHandler.isTlsEnabled()) {
const tlsHandler = this.smtpServer.getTlsHandler();
if (tlsHandler && tlsHandler.isTlsEnabled()) {
helpLines.push('STARTTLS - Start TLS negotiation');
}
if (this.options.auth && this.options.auth.methods.length) {
if (this.smtpServer.getOptions().auth && this.smtpServer.getOptions().auth.methods.length) {
helpLines.push('AUTH mechanism - Authenticate with the server');
}
@ -906,7 +864,7 @@ export class CommandHandler implements ICommandHandler {
break;
case 'AUTH':
helpText = `AUTH mechanism - Authenticate with the server. Supported methods: ${this.options.auth?.methods.join(', ')}`;
helpText = `AUTH mechanism - Authenticate with the server. Supported methods: ${this.smtpServer.getOptions().auth?.methods.join(', ')}`;
break;
default:
@ -925,14 +883,14 @@ export class CommandHandler implements ICommandHandler {
*/
private handleVrfy(socket: plugins.net.Socket | plugins.tls.TLSSocket, args: string): void {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
this.sendResponse(socket, `${SmtpResponseCode.LOCAL_ERROR} Internal server error - session not found`);
return;
}
// Update session activity timestamp
this.sessionManager.updateSessionActivity(session);
this.smtpServer.getSessionManager().updateSessionActivity(session);
const username = args.trim();
@ -962,14 +920,14 @@ export class CommandHandler implements ICommandHandler {
*/
private handleExpn(socket: plugins.net.Socket | plugins.tls.TLSSocket, args: string): void {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
this.sendResponse(socket, `${SmtpResponseCode.LOCAL_ERROR} Internal server error - session not found`);
return;
}
// Update session activity timestamp
this.sessionManager.updateSessionActivity(session);
this.smtpServer.getSessionManager().updateSessionActivity(session);
const listname = args.trim();
@ -1007,7 +965,7 @@ export class CommandHandler implements ICommandHandler {
};
// Reset state to after EHLO
this.sessionManager.updateSessionState(session, SmtpState.AFTER_EHLO);
this.smtpServer.getSessionManager().updateSessionState(session, SmtpState.AFTER_EHLO);
}
/**
@ -1059,4 +1017,12 @@ export class CommandHandler implements ICommandHandler {
// Check standard command sequence
return isValidCommandSequence(command, session.state);
}
/**
* Clean up resources
*/
public destroy(): void {
// CommandHandler doesn't have timers or event listeners to clean up
SmtpLogger.debug('CommandHandler destroyed');
}
}

106
ts/mail/delivery/smtpserver/connection-manager.ts
View File

@ -4,8 +4,7 @@
*/
import * as plugins from '../../../plugins.js';
import type { IConnectionManager } from './interfaces.js';
import type { ISessionManager } from './interfaces.js';
import type { IConnectionManager, ISmtpServer } from './interfaces.js';
import { SmtpResponseCode, SMTP_DEFAULTS, SmtpState } from './constants.js';
import { SmtpLogger } from './utils/logging.js';
import { adaptiveLogger } from './utils/adaptive-logging.js';
@ -17,6 +16,11 @@ import { getSocketDetails, formatMultilineResponse } from './utils/helpers.js';
* Provides resource management, connection tracking, and monitoring
*/
export class ConnectionManager implements IConnectionManager {
/**
* Reference to the SMTP server instance
*/
private smtpServer: ISmtpServer;
/**
* Set of active socket connections
*/
@ -49,11 +53,6 @@ export class ConnectionManager implements IConnectionManager {
*/
private resourceCheckInterval: NodeJS.Timeout | null = null;
/**
* Reference to the session manager
*/
private sessionManager: ISessionManager;
/**
* SMTP server options with enhanced resource controls
*/
@ -68,33 +67,15 @@ export class ConnectionManager implements IConnectionManager {
resourceCheckInterval: number;
};
/**
* Command handler function
*/
private commandHandler: (socket: plugins.net.Socket | plugins.tls.TLSSocket, line: string) => void;
/**
* Creates a new connection manager with enhanced resource management
* @param sessionManager - Session manager instance
* @param commandHandler - Command handler function
* @param options - Connection manager options
* @param smtpServer - SMTP server instance
*/
constructor(
sessionManager: ISessionManager,
commandHandler: (socket: plugins.net.Socket | plugins.tls.TLSSocket, line: string) => void,
options: {
hostname?: string;
maxConnections?: number;
socketTimeout?: number;
maxConnectionsPerIP?: number;
connectionRateLimit?: number;
connectionRateWindow?: number;
bufferSizeLimit?: number;
resourceCheckInterval?: number;
} = {}
) {
this.sessionManager = sessionManager;
this.commandHandler = commandHandler;
constructor(smtpServer: ISmtpServer) {
this.smtpServer = smtpServer;
// Get options from server
const serverOptions = this.smtpServer.getOptions();
// Default values for resource management - adjusted for production scalability
const DEFAULT_MAX_CONNECTIONS_PER_IP = 50; // Increased to support high-concurrency scenarios
@ -104,14 +85,14 @@ export class ConnectionManager implements IConnectionManager {
const DEFAULT_RESOURCE_CHECK_INTERVAL = 30 * 1000; // 30 seconds
this.options = {
hostname: options.hostname || SMTP_DEFAULTS.HOSTNAME,
maxConnections: options.maxConnections || SMTP_DEFAULTS.MAX_CONNECTIONS,
socketTimeout: options.socketTimeout || SMTP_DEFAULTS.SOCKET_TIMEOUT,
maxConnectionsPerIP: options.maxConnectionsPerIP || DEFAULT_MAX_CONNECTIONS_PER_IP,
connectionRateLimit: options.connectionRateLimit || DEFAULT_CONNECTION_RATE_LIMIT,
connectionRateWindow: options.connectionRateWindow || DEFAULT_CONNECTION_RATE_WINDOW,
bufferSizeLimit: options.bufferSizeLimit || DEFAULT_BUFFER_SIZE_LIMIT,
resourceCheckInterval: options.resourceCheckInterval || DEFAULT_RESOURCE_CHECK_INTERVAL
hostname: serverOptions.hostname || SMTP_DEFAULTS.HOSTNAME,
maxConnections: serverOptions.maxConnections || SMTP_DEFAULTS.MAX_CONNECTIONS,
socketTimeout: serverOptions.socketTimeout || SMTP_DEFAULTS.SOCKET_TIMEOUT,
maxConnectionsPerIP: DEFAULT_MAX_CONNECTIONS_PER_IP,
connectionRateLimit: DEFAULT_CONNECTION_RATE_LIMIT,
connectionRateWindow: DEFAULT_CONNECTION_RATE_WINDOW,
bufferSizeLimit: DEFAULT_BUFFER_SIZE_LIMIT,
resourceCheckInterval: DEFAULT_RESOURCE_CHECK_INTERVAL
};
// Start resource monitoring
@ -280,7 +261,7 @@ export class ConnectionManager implements IConnectionManager {
}
// 3. Check for sessions without corresponding active connections
const sessionCount = this.sessionManager.getSessionCount();
const sessionCount = this.smtpServer.getSessionManager().getSessionCount();
if (sessionCount > this.activeConnections.size) {
inconsistenciesFound.push({
issue: 'Orphaned sessions',
@ -361,7 +342,7 @@ export class ConnectionManager implements IConnectionManager {
this.setupSocketEventHandlers(socket);
// Create a session for this connection
this.sessionManager.createSession(socket, false);
this.smtpServer.getSessionManager().createSession(socket, false);
// Log the new connection using adaptive logger
const socketDetails = getSocketDetails(socket);
@ -517,7 +498,7 @@ export class ConnectionManager implements IConnectionManager {
this.setupSocketEventHandlers(socket);
// Create a session for this connection
this.sessionManager.createSession(socket, true);
this.smtpServer.getSessionManager().createSession(socket, true);
// Log the new secure connection using adaptive logger
adaptiveLogger.logConnection(socket, 'connect');
@ -553,9 +534,9 @@ export class ConnectionManager implements IConnectionManager {
socket.on('data', (data) => {
try {
// Get current session and update activity timestamp
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (session) {
this.sessionManager.updateSessionActivity(session);
this.smtpServer.getSessionManager().updateSessionActivity(session);
}
// Check if we're in DATA receiving mode - handle differently
@ -565,7 +546,7 @@ export class ConnectionManager implements IConnectionManager {
try {
const dataString = data.toString('utf8');
// Use a special prefix to indicate this is raw data, not a command line
this.commandHandler(socket, `__RAW_DATA__${dataString}`);
this.smtpServer.getCommandHandler().processCommand(socket, `__RAW_DATA__${dataString}`);
return;
} catch (dataError) {
SmtpLogger.error(`Data handler error during DATA mode: ${dataError instanceof Error ? dataError.message : String(dataError)}`);
@ -619,7 +600,7 @@ export class ConnectionManager implements IConnectionManager {
if (line.length > 0) {
try {
// In DATA state, the command handler will process the data differently
this.commandHandler(socket, line);
this.smtpServer.getCommandHandler().processCommand(socket, line);
} catch (cmdError) {
// Handle any errors in command processing
SmtpLogger.error(`Command handler error: ${cmdError instanceof Error ? cmdError.message : String(cmdError)}`);
@ -744,13 +725,13 @@ export class ConnectionManager implements IConnectionManager {
}
// Get the session before removing it
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
// Remove from active connections
this.activeConnections.delete(socket);
// Remove from session manager
this.sessionManager.removeSession(socket);
this.smtpServer.getSessionManager().removeSession(socket);
// Cancel any timeout ID stored in the session
if (session?.dataTimeoutId) {
@ -786,7 +767,7 @@ export class ConnectionManager implements IConnectionManager {
const socketId = `${socketDetails.remoteAddress}:${socketDetails.remotePort}`;
// Get the session
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
// Detailed error logging with context information
SmtpLogger.error(`Socket error for ${socketId}: ${error.message}`, {
@ -815,7 +796,7 @@ export class ConnectionManager implements IConnectionManager {
this.activeConnections.delete(socket);
// Remove from session manager
this.sessionManager.removeSession(socket);
this.smtpServer.getSessionManager().removeSession(socket);
} catch (handlerError) {
// Meta-error handling (errors in the error handler)
SmtpLogger.error(`Error in handleSocketError: ${handlerError instanceof Error ? handlerError.message : String(handlerError)}`);
@ -842,7 +823,7 @@ export class ConnectionManager implements IConnectionManager {
const socketId = `${socketDetails.remoteAddress}:${socketDetails.remotePort}`;
// Get the session
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
// Get timing information for better debugging
const now = Date.now();
@ -894,7 +875,7 @@ export class ConnectionManager implements IConnectionManager {
// Clean up resources
this.activeConnections.delete(socket);
this.sessionManager.removeSession(socket);
this.smtpServer.getSessionManager().removeSession(socket);
} catch (handlerError) {
// Handle any unexpected errors during timeout handling
SmtpLogger.error(`Error in handleSocketTimeout: ${handlerError instanceof Error ? handlerError.message : String(handlerError)}`);
@ -979,4 +960,25 @@ export class ConnectionManager implements IConnectionManager {
socket.destroy();
}
}
/**
* Clean up resources
*/
public destroy(): void {
// Clear resource monitoring interval
if (this.resourceCheckInterval) {
clearInterval(this.resourceCheckInterval);
this.resourceCheckInterval = null;
}
// Close all active connections
this.closeAllConnections();
// Clear maps
this.activeConnections.clear();
this.connectionTimestamps.clear();
this.ipConnectionCounts.clear();
SmtpLogger.debug('ConnectionManager destroyed');
}
}

73
ts/mail/delivery/smtpserver/create-server.ts
View File

@ -20,73 +20,12 @@ import { UnifiedEmailServer } from '../../routing/classes.unified.email.server.j
* @returns Configured SMTP server instance
*/
export function createSmtpServer(emailServer: UnifiedEmailServer, options: ISmtpServerOptions): SmtpServer {
// Create session manager
const sessionManager = new SessionManager({
socketTimeout: options.socketTimeout,
connectionTimeout: options.connectionTimeout,
cleanupInterval: options.cleanupInterval
// First create the SMTP server instance
const smtpServer = new SmtpServer({
emailServer,
options
});
// Create security handler
const securityHandler = new SecurityHandler(
emailServer,
undefined, // IP reputation service
options.auth
);
// Create TLS handler
const tlsHandler = new TlsHandler(
sessionManager,
{
key: options.key,
cert: options.cert,
ca: options.ca
}
);
// Create data handler
const dataHandler = new DataHandler(
sessionManager,
emailServer,
{
size: options.size
}
);
// Create command handler
const commandHandler = new CommandHandler(
sessionManager,
{
hostname: options.hostname,
size: options.size,
maxRecipients: options.maxRecipients,
auth: options.auth
},
dataHandler,
tlsHandler,
securityHandler
);
// Create connection manager
const connectionManager = new ConnectionManager(
sessionManager,
(socket, line) => commandHandler.processCommand(socket, line),
{
hostname: options.hostname,
maxConnections: options.maxConnections,
socketTimeout: options.socketTimeout
}
);
// Create and return SMTP server
return new SmtpServer({
emailServer,
options,
sessionManager,
connectionManager,
commandHandler,
dataHandler,
tlsHandler,
securityHandler
});
// Return the configured server
return smtpServer;
}

134
ts/mail/delivery/smtpserver/data-handler.ts
View File

@ -8,74 +8,27 @@ import * as fs from 'fs';
import * as path from 'path';
import { SmtpState } from './interfaces.js';
import type { ISmtpSession, ISmtpTransactionResult } from './interfaces.js';
import type { IDataHandler, ISessionManager } from './interfaces.js';
import type { IDataHandler, ISmtpServer } from './interfaces.js';
import { SmtpResponseCode, SMTP_PATTERNS, SMTP_DEFAULTS } from './constants.js';
import { SmtpLogger } from './utils/logging.js';
import { detectHeaderInjection } from './utils/validation.js';
import { Email } from '../../core/classes.email.js';
import { UnifiedEmailServer } from '../../routing/classes.unified.email.server.js';
/**
* Handles SMTP DATA command and email data processing
*/
export class DataHandler implements IDataHandler {
/**
* Session manager instance
* Reference to the SMTP server instance
*/
private sessionManager: ISessionManager;
/**
* Email server reference
*/
private emailServer: UnifiedEmailServer;
/**
* SMTP server options
*/
private options: {
size: number;
tempDir?: string;
hostname?: string;
};
private smtpServer: ISmtpServer;
/**
* Creates a new data handler
* @param sessionManager - Session manager instance
* @param emailServer - Email server reference
* @param options - Data handler options
* @param smtpServer - SMTP server instance
*/
constructor(
sessionManager: ISessionManager,
emailServer: UnifiedEmailServer,
options: {
size?: number;
tempDir?: string;
hostname?: string;
} = {}
) {
this.sessionManager = sessionManager;
this.emailServer = emailServer;
this.options = {
size: options.size || SMTP_DEFAULTS.MAX_MESSAGE_SIZE,
tempDir: options.tempDir,
hostname: options.hostname || SMTP_DEFAULTS.HOSTNAME
};
// Create temp directory if specified and doesn't exist
if (this.options.tempDir) {
try {
if (!fs.existsSync(this.options.tempDir)) {
fs.mkdirSync(this.options.tempDir, { recursive: true });
}
} catch (error) {
SmtpLogger.error(`Failed to create temp directory: ${error instanceof Error ? error.message : String(error)}`, {
error: error instanceof Error ? error : new Error(String(error)),
tempDir: this.options.tempDir
});
this.options.tempDir = undefined;
}
}
constructor(smtpServer: ISmtpServer) {
this.smtpServer = smtpServer;
}
/**
@ -86,7 +39,7 @@ export class DataHandler implements IDataHandler {
*/
public async processEmailData(socket: plugins.net.Socket | plugins.tls.TLSSocket, data: string): Promise<void> {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
this.sendResponse(socket, `${SmtpResponseCode.LOCAL_ERROR} Internal server error - session not found`);
return;
@ -106,7 +59,7 @@ export class DataHandler implements IDataHandler {
}, SMTP_DEFAULTS.DATA_TIMEOUT);
// Update activity timestamp
this.sessionManager.updateSessionActivity(session);
this.smtpServer.getSessionManager().updateSessionActivity(session);
// Store data in chunks for better memory efficiency
if (!session.emailDataChunks) {
@ -118,14 +71,16 @@ export class DataHandler implements IDataHandler {
session.emailDataSize = (session.emailDataSize || 0) + data.length;
// Check if we've reached the max size (using incremental tracking)
if (session.emailDataSize > this.options.size) {
const options = this.smtpServer.getOptions();
const maxSize = options.size || SMTP_DEFAULTS.MAX_MESSAGE_SIZE;
if (session.emailDataSize > maxSize) {
SmtpLogger.warn(`Message size exceeds limit for session ${session.id}`, {
sessionId: session.id,
size: session.emailDataSize,
limit: this.options.size
limit: maxSize
});
this.sendResponse(socket, `${SmtpResponseCode.EXCEEDED_STORAGE} Message too big, size limit is ${this.options.size} bytes`);
this.sendResponse(socket, `${SmtpResponseCode.EXCEEDED_STORAGE} Message too big, size limit is ${maxSize} bytes`);
this.resetSession(session);
return;
}
@ -164,7 +119,7 @@ export class DataHandler implements IDataHandler {
*/
public async handleDataReceived(socket: plugins.net.Socket | plugins.tls.TLSSocket, data: string): Promise<void> {
// Get the session
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
this.sendResponse(socket, `${SmtpResponseCode.LOCAL_ERROR} Internal server error - session not found`);
return;
@ -293,14 +248,16 @@ export class DataHandler implements IDataHandler {
});
// Generate a message ID since queueEmail is not available
const messageId = `${Date.now()}-${Math.floor(Math.random() * 1000000)}@${this.options.hostname || 'mail.example.com'}`;
const options = this.smtpServer.getOptions();
const hostname = options.hostname || SMTP_DEFAULTS.HOSTNAME;
const messageId = `${Date.now()}-${Math.floor(Math.random() * 1000000)}@${hostname}`;
// Process the email through the emailServer
try {
// Process the email via the UnifiedEmailServer
// Pass the email object, session data, and specify the mode (mta, forward, or process)
// This connects SMTP reception to the overall email system
const processResult = await this.emailServer.processEmailByMode(email, session, 'mta');
const processResult = await this.smtpServer.getEmailServer().processEmailByMode(email, session, 'mta');
SmtpLogger.info(`Email processed through UnifiedEmailServer: ${email.getMessageId()}`, {
sessionId: session.id,
@ -350,7 +307,7 @@ export class DataHandler implements IDataHandler {
// Process the email via the UnifiedEmailServer in forward mode
try {
const processResult = await this.emailServer.processEmailByMode(email, session, 'forward');
const processResult = await this.smtpServer.getEmailServer().processEmailByMode(email, session, 'forward');
SmtpLogger.info(`Email forwarded through UnifiedEmailServer: ${email.getMessageId()}`, {
sessionId: session.id,
@ -389,7 +346,7 @@ export class DataHandler implements IDataHandler {
// Process the email via the UnifiedEmailServer in process mode
try {
const processResult = await this.emailServer.processEmailByMode(email, session, 'process');
const processResult = await this.smtpServer.getEmailServer().processEmailByMode(email, session, 'process');
SmtpLogger.info(`Email processed directly through UnifiedEmailServer: ${email.getMessageId()}`, {
sessionId: session.id,
@ -446,27 +403,11 @@ export class DataHandler implements IDataHandler {
* @param session - SMTP session
*/
public saveEmail(session: ISmtpSession): void {
if (!this.options.tempDir) {
return;
}
try {
const timestamp = Date.now();
const filename = `${session.id}-${timestamp}.eml`;
const filePath = path.join(this.options.tempDir, filename);
fs.writeFileSync(filePath, session.emailData);
SmtpLogger.debug(`Saved email to disk: ${filePath}`, {
sessionId: session.id,
filePath
});
} catch (error) {
SmtpLogger.error(`Failed to save email to disk: ${error instanceof Error ? error.message : String(error)}`, {
sessionId: session.id,
error: error instanceof Error ? error : new Error(String(error))
});
}
// Email saving to disk is currently disabled in the refactored architecture
// This functionality can be re-enabled by adding a tempDir option to ISmtpServerOptions
SmtpLogger.debug(`Email saving to disk is disabled`, {
sessionId: session.id
});
}
/**
@ -500,7 +441,7 @@ export class DataHandler implements IDataHandler {
// Get message ID or generate one
const messageId = parsed.messageId ||
headers['message-id'] ||
`<${Date.now()}.${Math.random().toString(36).substring(2)}@${this.options.hostname}>`;
`<${Date.now()}.${Math.random().toString(36).substring(2)}@${this.smtpServer.getOptions().hostname}>`;
// Get From, To, and Subject from parsed email or envelope
const from = parsed.from?.value?.[0]?.address ||
@ -618,7 +559,7 @@ SmtpLogger.debug(`Parsed email subject: ${subject}`, { subject });
// Add received header
const timestamp = new Date().toUTCString();
const receivedHeader = `from ${session.clientHostname || 'unknown'} (${session.remoteAddress}) by ${this.options.hostname} with ESMTP id ${session.id}; ${timestamp}`;
const receivedHeader = `from ${session.clientHostname || 'unknown'} (${session.remoteAddress}) by ${this.smtpServer.getOptions().hostname} with ESMTP id ${session.id}; ${timestamp}`;
email.addHeader('Received', receivedHeader);
// Add all original headers
@ -781,7 +722,7 @@ SmtpLogger.debug(`Parsed email subject: ${subject}`, { subject });
const subject = headers['subject'] || 'No Subject';
const from = headers['from'] || session.envelope.mailFrom.address;
const to = headers['to'] || session.envelope.rcptTo.map(r => r.address).join(', ');
const messageId = headers['message-id'] || `<${Date.now()}.${Math.random().toString(36).substring(2)}@${this.options.hostname}>`;
const messageId = headers['message-id'] || `<${Date.now()}.${Math.random().toString(36).substring(2)}@${this.smtpServer.getOptions().hostname}>`;
// Create email object
const email = new Email({
@ -804,7 +745,7 @@ SmtpLogger.debug(`Parsed email subject: ${subject}`, { subject });
// Add received header
const timestamp = new Date().toUTCString();
const receivedHeader = `from ${session.clientHostname || 'unknown'} (${session.remoteAddress}) by ${this.options.hostname} with ESMTP id ${session.id}; ${timestamp}`;
const receivedHeader = `from ${session.clientHostname || 'unknown'} (${session.remoteAddress}) by ${this.smtpServer.getOptions().hostname} with ESMTP id ${session.id}; ${timestamp}`;
email.addHeader('Received', receivedHeader);
// Add all original headers
@ -1078,7 +1019,7 @@ SmtpLogger.debug(`Parsed email subject: ${subject}`, { subject });
try {
// Update session state
this.sessionManager.updateSessionState(session, SmtpState.FINISHED);
this.smtpServer.getSessionManager().updateSessionState(session, SmtpState.FINISHED);
// Optionally save email to disk
this.saveEmail(session);
@ -1130,7 +1071,7 @@ SmtpLogger.debug(`Parsed email subject: ${subject}`, { subject });
};
// Reset state to after EHLO
this.sessionManager.updateSessionState(session, SmtpState.AFTER_EHLO);
this.smtpServer.getSessionManager().updateSessionState(session, SmtpState.AFTER_EHLO);
}
/**
@ -1199,7 +1140,7 @@ SmtpLogger.debug(`Parsed email subject: ${subject}`, { subject });
*/
private handleSocketError(socket: plugins.net.Socket | plugins.tls.TLSSocket, error: unknown, response: string): void {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
SmtpLogger.error(`Session not found when handling socket error`);
if (!socket.destroyed) {
@ -1253,4 +1194,13 @@ SmtpLogger.debug(`Parsed email subject: ${subject}`, { subject });
}
}, 100); // Short delay before retry
}
}
}
/**
* Clean up resources
*/
public destroy(): void {
// DataHandler doesn't have timers or event listeners to clean up
SmtpLogger.debug('DataHandler destroyed');
}
}

606
ts/mail/delivery/smtpserver/interfaces.ts
View File

@ -1,61 +1,61 @@
/**
* SMTP Server Module Interfaces
* This file contains all interfaces for the refactored SMTP server implementation
* SMTP Server Interfaces
* Defines all the interfaces used by the SMTP server implementation
*/
import * as plugins from '../../../plugins.js';
import type { Email } from '../../core/classes.email.js';
import type { UnifiedEmailServer } from '../../routing/classes.unified.email.server.js';
import { SmtpState } from '../interfaces.js';
// Define all needed types/interfaces directly in this file
export { SmtpState };
// Define EmailProcessingMode directly in this file
export type EmailProcessingMode = 'forward' | 'mta' | 'process';
import type { SmtpState, SmtpCommand } from './constants.js';
/**
* Envelope recipient information
* Interface for components that need cleanup
*/
export interface IEnvelopeRecipient {
export interface IDestroyable {
/**
* Email address of the recipient
* Clean up all resources (timers, listeners, etc)
*/
address: string;
/**
* Additional SMTP command arguments
*/
args: Record<string, string>;
destroy(): void | Promise<void>;
}
/**
* SMTP session envelope information
* SMTP authentication credentials
*/
export interface ISmtpAuth {
/**
* Username for authentication
*/
username: string;
/**
* Password for authentication
*/
password: string;
}
/**
* SMTP envelope (sender and recipients)
*/
export interface ISmtpEnvelope {
/**
* Envelope sender (MAIL FROM) information
* Mail from address
*/
mailFrom: {
/**
* Email address of the sender
*/
address: string;
/**
* Additional SMTP command arguments
*/
args: Record<string, string>;
args?: Record<string, string>;
};
/**
* Envelope recipients (RCPT TO) information
* Recipients list
*/
rcptTo: IEnvelopeRecipient[];
rcptTo: Array<{
address: string;
args?: Record<string, string>;
}>;
}
/**
* SMTP Session interface - represents an active SMTP connection
* SMTP session representing a client connection
*/
export interface ISmtpSession {
/**
@ -64,104 +64,264 @@ export interface ISmtpSession {
id: string;
/**
* Current session state in the SMTP conversation
* Current state of the SMTP session
*/
state: SmtpState;
/**
* Hostname provided by the client in EHLO/HELO command
* Client's hostname from EHLO/HELO
*/
clientHostname: string;
clientHostname: string | null;
/**
* MAIL FROM email address (legacy format)
*/
mailFrom: string;
/**
* RCPT TO email addresses (legacy format)
*/
rcptTo: string[];
/**
* Raw email data being received
*/
emailData: string;
/**
* Chunks of email data for more efficient buffer management
*/
emailDataChunks?: string[];
/**
* Total size of email data chunks (tracked incrementally for performance)
*/
emailDataSize?: number;
/**
* Whether the connection is using TLS
*/
useTLS: boolean;
/**
* Whether the connection has ended
*/
connectionEnded: boolean;
/**
* Remote IP address of the client
*/
remoteAddress: string;
/**
* Whether the connection is secure (TLS)
* Whether TLS is active for this session
*/
secure: boolean;
/**
* Whether the client has been authenticated
* Authentication status
*/
authenticated: boolean;
/**
* SMTP envelope information (structured format)
* Authentication username if authenticated
*/
username?: string;
/**
* Transaction envelope
*/
envelope: ISmtpEnvelope;
/**
* Email processing mode to use for this session
* When the session was created
*/
processingMode?: EmailProcessingMode;
createdAt: Date;
/**
* Timestamp of last activity for session timeout tracking
* Last activity timestamp
*/
lastActivity?: number;
lastActivity: Date;
/**
* Timeout ID for DATA command timeout
* Client's IP address
*/
dataTimeoutId?: NodeJS.Timeout;
remoteAddress: string;
/**
* Client's port
*/
remotePort: number;
/**
* Additional session data
*/
data?: Record<string, any>;
/**
* Message size if SIZE extension is used
*/
messageSize?: number;
/**
* Server capabilities advertised to client
*/
capabilities?: string[];
/**
* Buffer for incomplete data
*/
dataBuffer?: string;
/**
* Flag to track if we're currently receiving DATA
*/
receivingData?: boolean;
/**
* The raw email data being received
*/
rawData?: string;
/**
* Greeting sent to client
*/
greeting?: string;
/**
* Whether EHLO has been sent
*/
ehloSent?: boolean;
/**
* Whether HELO has been sent
*/
heloSent?: boolean;
/**
* TLS options for this session
*/
tlsOptions?: any;
}
/**
* SMTP authentication data
* Session manager interface
*/
export interface ISmtpAuth {
export interface ISessionManager extends IDestroyable {
/**
* Authentication method used
* Create a new session for a socket
*/
method: 'PLAIN' | 'LOGIN' | 'OAUTH2' | string;
createSession(socket: plugins.net.Socket | plugins.tls.TLSSocket): ISmtpSession;
/**
* Username for authentication
* Get session by socket
*/
username: string;
getSession(socket: plugins.net.Socket | plugins.tls.TLSSocket): ISmtpSession | undefined;
/**
* Password or token for authentication
* Update session state
*/
password: string;
updateSessionState(socket: plugins.net.Socket | plugins.tls.TLSSocket, newState: SmtpState): void;
/**
* Remove a session
*/
removeSession(socket: plugins.net.Socket | plugins.tls.TLSSocket): void;
/**
* Clear all sessions
*/
clearAllSessions(): void;
/**
* Get all active sessions
*/
getAllSessions(): ISmtpSession[];
/**
* Get session count
*/
getSessionCount(): number;
/**
* Update last activity for a session
*/
updateLastActivity(socket: plugins.net.Socket | plugins.tls.TLSSocket): void;
/**
* Check for timed out sessions
*/
checkTimeouts(timeoutMs: number): ISmtpSession[];
}
/**
* Connection manager interface
*/
export interface IConnectionManager extends IDestroyable {
/**
* Handle a new connection
*/
handleConnection(socket: plugins.net.Socket | plugins.tls.TLSSocket, secure: boolean): Promise<void>;
/**
* Close all active connections
*/
closeAllConnections(): void;
/**
* Get active connection count
*/
getConnectionCount(): number;
/**
* Check if accepting new connections
*/
canAcceptConnection(): boolean;
}
/**
* Command handler interface
*/
export interface ICommandHandler extends IDestroyable {
/**
* Handle an SMTP command
*/
handleCommand(
socket: plugins.net.Socket | plugins.tls.TLSSocket,
command: SmtpCommand,
args: string,
session: ISmtpSession
): Promise<void>;
/**
* Get supported commands for current session state
*/
getSupportedCommands(session: ISmtpSession): SmtpCommand[];
}
/**
* Data handler interface
*/
export interface IDataHandler extends IDestroyable {
/**
* Handle email data
*/
handleData(
socket: plugins.net.Socket | plugins.tls.TLSSocket,
data: string,
session: ISmtpSession
): Promise<void>;
/**
* Process a complete email
*/
processEmail(
rawData: string,
session: ISmtpSession
): Promise<Email>;
}
/**
* TLS handler interface
*/
export interface ITlsHandler extends IDestroyable {
/**
* Handle STARTTLS command
*/
handleStartTls(
socket: plugins.net.Socket,
session: ISmtpSession
): Promise<plugins.tls.TLSSocket | null>;
/**
* Check if TLS is available
*/
isTlsAvailable(): boolean;
/**
* Get TLS options
*/
getTlsOptions(): plugins.tls.TlsOptions;
}
/**
* Security handler interface
*/
export interface ISecurityHandler extends IDestroyable {
/**
* Check IP reputation
*/
checkIpReputation(socket: plugins.net.Socket | plugins.tls.TLSSocket): Promise<boolean>;
/**
* Validate email address
*/
isValidEmail(email: string): boolean;
/**
* Authenticate user
*/
authenticate(auth: ISmtpAuth): Promise<boolean>;
}
/**
@ -174,29 +334,19 @@ export interface ISmtpServerOptions {
port: number;
/**
* TLS private key (PEM format)
* Hostname of the server
*/
key: string;
hostname: string;
/**
* TLS certificate (PEM format)
* TLS/SSL private key (PEM format)
*/
cert: string;
key?: string;
/**
* Server hostname for SMTP banner
* TLS/SSL certificate (PEM format)
*/
hostname?: string;
/**
* Host address to bind to (defaults to all interfaces)
*/
host?: string;
/**
* Secure port for dedicated TLS connections
*/
securePort?: number;
cert?: string;
/**
* CA certificates for TLS (PEM format)
@ -300,229 +450,9 @@ export interface ISessionEvents {
}
/**
* Interface for the session manager component
* SMTP Server interface
*/
export interface ISessionManager {
/**
* Creates a new session for a socket connection
*/
createSession(socket: plugins.net.Socket | plugins.tls.TLSSocket, secure: boolean): ISmtpSession;
/**
* Updates the session state
*/
updateSessionState(session: ISmtpSession, newState: SmtpState): void;
/**
* Updates the session's last activity timestamp
*/
updateSessionActivity(session: ISmtpSession): void;
/**
* Removes a session
*/
removeSession(socket: plugins.net.Socket | plugins.tls.TLSSocket): void;
/**
* Gets a session for a socket
*/
getSession(socket: plugins.net.Socket | plugins.tls.TLSSocket): ISmtpSession | undefined;
/**
* Cleans up idle sessions
*/
cleanupIdleSessions(): void;
/**
* Gets the current number of active sessions
*/
getSessionCount(): number;
/**
* Clears all sessions (used when shutting down)
*/
clearAllSessions(): void;
/**
* Register an event listener
*/
on<K extends keyof ISessionEvents>(event: K, listener: ISessionEvents[K]): void;
/**
* Remove an event listener
*/
off<K extends keyof ISessionEvents>(event: K, listener: ISessionEvents[K]): void;
}
/**
* Interface for the connection manager component
*/
export interface IConnectionManager {
/**
* Handle a new connection
*/
handleNewConnection(socket: plugins.net.Socket): void;
/**
* Handle a new secure TLS connection
*/
handleNewSecureConnection(socket: plugins.tls.TLSSocket): void;
/**
* Set up event handlers for a socket
*/
setupSocketEventHandlers(socket: plugins.net.Socket | plugins.tls.TLSSocket): void;
/**
* Get the current connection count
*/
getConnectionCount(): number;
/**
* Check if the server has reached the maximum number of connections
*/
hasReachedMaxConnections(): boolean;
/**
* Close all active connections
*/
closeAllConnections(): void;
}
/**
* Interface for the command handler component
*/
export interface ICommandHandler {
/**
* Process a command from the client
*/
processCommand(socket: plugins.net.Socket | plugins.tls.TLSSocket, commandLine: string): void;
/**
* Send a response to the client
*/
sendResponse(socket: plugins.net.Socket | plugins.tls.TLSSocket, response: string): void;
/**
* Handle EHLO command
*/
handleEhlo(socket: plugins.net.Socket | plugins.tls.TLSSocket, clientHostname: string): void;
/**
* Handle MAIL FROM command
*/
handleMailFrom(socket: plugins.net.Socket | plugins.tls.TLSSocket, args: string): void;
/**
* Handle RCPT TO command
*/
handleRcptTo(socket: plugins.net.Socket | plugins.tls.TLSSocket, args: string): void;
/**
* Handle DATA command
*/
handleData(socket: plugins.net.Socket | plugins.tls.TLSSocket): void;
/**
* Handle RSET command
*/
handleRset(socket: plugins.net.Socket | plugins.tls.TLSSocket): void;
/**
* Handle NOOP command
*/
handleNoop(socket: plugins.net.Socket | plugins.tls.TLSSocket): void;
/**
* Handle QUIT command
*/
handleQuit(socket: plugins.net.Socket | plugins.tls.TLSSocket): void;
}
/**
* Interface for the data handler component
*/
export interface IDataHandler {
/**
* Process incoming email data (legacy line-based)
*/
processEmailData(socket: plugins.net.Socket | plugins.tls.TLSSocket, data: string): Promise<void>;
/**
* Handle raw data chunks during DATA mode (optimized for large messages)
*/
handleDataReceived(socket: plugins.net.Socket | plugins.tls.TLSSocket, data: string): Promise<void>;
/**
* Process a complete email
*/
processEmail(session: ISmtpSession): Promise<ISmtpTransactionResult>;
/**
* Save an email to disk
*/
saveEmail(session: ISmtpSession): void;
/**
* Parse an email into an Email object
*/
parseEmail(session: ISmtpSession): Promise<Email>;
}
/**
* Interface for the TLS handler component
*/
export interface ITlsHandler {
/**
* Handle STARTTLS command
*/
handleStartTls(socket: plugins.net.Socket | plugins.tls.TLSSocket): void;
/**
* Upgrade a connection to TLS
*/
startTLS(socket: plugins.net.Socket): void;
/**
* Create a secure server
*/
createSecureServer(): plugins.tls.Server | undefined;
/**
* Check if TLS is enabled
*/
isTlsEnabled(): boolean;
}
/**
* Interface for the security handler component
*/
export interface ISecurityHandler {
/**
* Check IP reputation for a connection
*/
checkIpReputation(socket: plugins.net.Socket | plugins.tls.TLSSocket): Promise<boolean>;
/**
* Validate an email address
*/
isValidEmail(email: string): boolean;
/**
* Validate authentication credentials
*/
authenticate(session: ISmtpSession, username: string, password: string, method: string): Promise<boolean>;
/**
* Log a security event
*/
logSecurityEvent(event: string, level: string, message: string, details: Record<string, any>): void;
}
/**
* Interface for the SMTP server component
*/
export interface ISmtpServer {
export interface ISmtpServer extends IDestroyable {
/**
* Start the SMTP server
*/
@ -575,46 +505,46 @@ export interface ISmtpServer {
}
/**
* Configuration for creating an SMTP server
* Configuration for creating SMTP server
*/
export interface ISmtpServerConfig {
/**
* Email server reference
* Email server instance
*/
emailServer: UnifiedEmailServer;
/**
* SMTP server options
* Server options
*/
options: ISmtpServerOptions;
/**
* Optional session manager
* Optional custom session manager
*/
sessionManager?: ISessionManager;
/**
* Optional connection manager
* Optional custom connection manager
*/
connectionManager?: IConnectionManager;
/**
* Optional command handler
* Optional custom command handler
*/
commandHandler?: ICommandHandler;
/**
* Optional data handler
* Optional custom data handler
*/
dataHandler?: IDataHandler;
/**
* Optional TLS handler
* Optional custom TLS handler
*/
tlsHandler?: ITlsHandler;
/**
* Optional security handler
* Optional custom security handler
*/
securityHandler?: ISecurityHandler;
}

112
ts/mail/delivery/smtpserver/security-handler.ts
View File

@ -6,12 +6,12 @@
import * as plugins from '../../../plugins.js';
import type { ISmtpSession, ISmtpAuth } from './interfaces.js';
import type { ISecurityHandler } from './interfaces.js';
import type { ISecurityHandler, ISmtpServer } from './interfaces.js';
import { SmtpLogger } from './utils/logging.js';
import { SecurityEventType, SecurityLogLevel } from './constants.js';
import { isValidEmail } from './utils/validation.js';
import { getSocketDetails, getTlsDetails } from './utils/helpers.js';
import { UnifiedEmailServer } from '../../routing/classes.unified.email.server.js';
import { IPReputationChecker } from '../../../security/classes.ipreputationchecker.js';
/**
* Interface for IP denylist entry
@ -27,23 +27,14 @@ interface IIpDenylistEntry {
*/
export class SecurityHandler implements ISecurityHandler {
/**
* Email server reference
* Reference to the SMTP server instance
*/
private emailServer: UnifiedEmailServer;
private smtpServer: ISmtpServer;
/**
* IP reputation service
* IP reputation checker service
*/
private ipReputationService?: any;
/**
* Authentication options
*/
private authOptions?: {
required: boolean;
methods: ('PLAIN' | 'LOGIN' | 'OAUTH2')[];
validateUser?: (username: string, password: string) => Promise<boolean>;
};
private ipReputationService: IPReputationChecker;
/**
* Simple in-memory IP denylist
@ -51,26 +42,22 @@ export class SecurityHandler implements ISecurityHandler {
private ipDenylist: IIpDenylistEntry[] = [];
/**
* Creates a new security handler
* @param emailServer - Email server reference
* @param ipReputationService - Optional IP reputation service
* @param authOptions - Authentication options
* Cleanup interval timer
*/
constructor(
emailServer: UnifiedEmailServer,
ipReputationService?: any,
authOptions?: {
required: boolean;
methods: ('PLAIN' | 'LOGIN' | 'OAUTH2')[];
validateUser?: (username: string, password: string) => Promise<boolean>;
}
) {
this.emailServer = emailServer;
this.ipReputationService = ipReputationService;
this.authOptions = authOptions;
private cleanupInterval: NodeJS.Timeout | null = null;
/**
* Creates a new security handler
* @param smtpServer - SMTP server instance
*/
constructor(smtpServer: ISmtpServer) {
this.smtpServer = smtpServer;
// Initialize IP reputation checker
this.ipReputationService = new IPReputationChecker();
// Clean expired denylist entries periodically
setInterval(() => this.cleanExpiredDenylistEntries(), 60000); // Every minute
this.cleanupInterval = setInterval(() => this.cleanExpiredDenylistEntries(), 60000); // Every minute
}
/**
@ -95,18 +82,28 @@ export class SecurityHandler implements ISecurityHandler {
return false;
}
// If no reputation service, allow by default
// Check with IP reputation service
if (!this.ipReputationService) {
return true;
}
try {
// Check with IP reputation service
const reputationResult = await this.ipReputationService.checkIp(ip);
const reputationResult = await this.ipReputationService.checkReputation(ip);
if (!reputationResult.allowed) {
// Block if score is below HIGH_RISK threshold (20) or if it's spam/proxy/tor/vpn
const isBlocked = reputationResult.score < 20 ||
reputationResult.isSpam ||
reputationResult.isTor ||
reputationResult.isProxy;
if (isBlocked) {
// Add to local denylist temporarily
this.addToDenylist(ip, reputationResult.reason, 3600000); // 1 hour
const reason = reputationResult.isSpam ? 'spam' :
reputationResult.isTor ? 'tor' :
reputationResult.isProxy ? 'proxy' :
`low reputation score: ${reputationResult.score}`;
this.addToDenylist(ip, reason, 3600000); // 1 hour
// Log the blocked connection
this.logSecurityEvent(
@ -114,9 +111,12 @@ export class SecurityHandler implements ISecurityHandler {
SecurityLogLevel.WARN,
`Connection blocked by reputation service: ${ip}`,
{
reason: reputationResult.reason,
reason,
score: reputationResult.score,
categories: reputationResult.categories
isSpam: reputationResult.isSpam,
isTor: reputationResult.isTor,
isProxy: reputationResult.isProxy,
isVPN: reputationResult.isVPN
}
);
@ -130,7 +130,8 @@ export class SecurityHandler implements ISecurityHandler {
`IP reputation check passed: ${ip}`,
{
score: reputationResult.score,
categories: reputationResult.categories
country: reputationResult.country,
org: reputationResult.org
}
);
@ -165,8 +166,12 @@ export class SecurityHandler implements ISecurityHandler {
* @returns Promise that resolves to true if authenticated
*/
public async authenticate(session: ISmtpSession, username: string, password: string, method: string): Promise<boolean> {
// Get auth options from server
const options = this.smtpServer.getOptions();
const authOptions = options.auth;
// Check if authentication is enabled
if (!this.authOptions) {
if (!authOptions) {
this.logSecurityEvent(
SecurityEventType.AUTHENTICATION,
SecurityLogLevel.WARN,
@ -178,7 +183,7 @@ export class SecurityHandler implements ISecurityHandler {
}
// Check if method is supported
if (!this.authOptions.methods.includes(method as any)) {
if (!authOptions.methods.includes(method as any)) {
this.logSecurityEvent(
SecurityEventType.AUTHENTICATION,
SecurityLogLevel.WARN,
@ -205,8 +210,8 @@ export class SecurityHandler implements ISecurityHandler {
let authenticated = false;
// Use custom validation function if provided
if (this.authOptions.validateUser) {
authenticated = await this.authOptions.validateUser(username, password);
if ((authOptions as any).validateUser) {
authenticated = await (authOptions as any).validateUser(username, password);
} else {
// Default behavior - no authentication
authenticated = false;
@ -339,4 +344,25 @@ export class SecurityHandler implements ISecurityHandler {
);
}
}
/**
* Clean up resources
*/
public destroy(): void {
// Clear the cleanup interval
if (this.cleanupInterval) {
clearInterval(this.cleanupInterval);
this.cleanupInterval = null;
}
// Clear the denylist
this.ipDenylist = [];
// Clean up IP reputation service if it has a destroy method
if (this.ipReputationService && typeof (this.ipReputationService as any).destroy === 'function') {
(this.ipReputationService as any).destroy();
}
SmtpLogger.debug('SecurityHandler destroyed');
}
}

57
ts/mail/delivery/smtpserver/session-manager.ts
View File

@ -453,6 +453,44 @@ export class SessionManager implements ISessionManager {
}
}
/**
* Replace socket mapping for STARTTLS upgrades
* @param oldSocket - Original plain socket
* @param newSocket - New TLS socket
* @returns Whether the replacement was successful
*/
public replaceSocket(oldSocket: plugins.net.Socket | plugins.tls.TLSSocket, newSocket: plugins.net.Socket | plugins.tls.TLSSocket): boolean {
const socketKey = this.socketIds.get(oldSocket);
if (!socketKey) {
SmtpLogger.warn('Cannot replace socket - original socket not found in session manager');
return false;
}
const session = this.sessions.get(socketKey);
if (!session) {
SmtpLogger.warn('Cannot replace socket - session not found for socket key');
return false;
}
// Remove old socket mapping
this.socketIds.delete(oldSocket);
// Add new socket mapping
this.socketIds.set(newSocket, socketKey);
// Set socket timeout for new socket
newSocket.setTimeout(this.options.socketTimeout);
SmtpLogger.info(`Socket replaced for session ${session.id} (STARTTLS upgrade)`, {
sessionId: session.id,
remoteAddress: session.remoteAddress,
oldSocketType: oldSocket.constructor.name,
newSocketType: newSocket.constructor.name
});
return true;
}
/**
* Gets a unique key for a socket
* @param socket - Client socket
@ -462,4 +500,23 @@ export class SessionManager implements ISessionManager {
const details = getSocketDetails(socket);
return `${details.remoteAddress}:${details.remotePort}-${Date.now()}`;
}
/**
* Clean up resources
*/
public destroy(): void {
// Clear the cleanup timer
if (this.cleanupTimer) {
clearInterval(this.cleanupTimer);
this.cleanupTimer = null;
}
// Clear all sessions
this.clearAllSessions();
// Clear event listeners
this.eventListeners = {};
SmtpLogger.debug('SessionManager destroyed');
}
}

52
ts/mail/delivery/smtpserver/smtp-server.ts
View File

@ -122,58 +122,18 @@ export class SmtpServer implements ISmtpServer {
this.emailServer = config.emailServer;
this.options = mergeWithDefaults(config.options);
// Create components or use provided ones
// Create components - all components now receive the SMTP server instance
this.sessionManager = config.sessionManager || new SessionManager({
socketTimeout: this.options.socketTimeout,
connectionTimeout: this.options.connectionTimeout,
cleanupInterval: this.options.cleanupInterval
});
this.securityHandler = config.securityHandler || new SecurityHandler(
this.emailServer,
undefined, // IP reputation service
this.options.auth
);
this.tlsHandler = config.tlsHandler || new TlsHandler(
this.sessionManager,
{
key: this.options.key,
cert: this.options.cert,
ca: this.options.ca
}
);
this.dataHandler = config.dataHandler || new DataHandler(
this.sessionManager,
this.emailServer,
{
size: this.options.size
}
);
this.commandHandler = config.commandHandler || new CommandHandler(
this.sessionManager,
{
hostname: this.options.hostname,
size: this.options.size,
maxRecipients: this.options.maxRecipients,
auth: this.options.auth
},
this.dataHandler,
this.tlsHandler,
this.securityHandler
);
this.connectionManager = config.connectionManager || new ConnectionManager(
this.sessionManager,
(socket, line) => this.commandHandler.processCommand(socket, line),
{
hostname: this.options.hostname,
maxConnections: this.options.maxConnections,
socketTimeout: this.options.socketTimeout
}
);
this.securityHandler = config.securityHandler || new SecurityHandler(this);
this.tlsHandler = config.tlsHandler || new TlsHandler(this);
this.dataHandler = config.dataHandler || new DataHandler(this);
this.commandHandler = config.commandHandler || new CommandHandler(this);
this.connectionManager = config.connectionManager || new ConnectionManager(this);
}
/**

32
ts/mail/delivery/smtpserver/starttls-handler.ts
View File

@ -11,7 +11,7 @@ import {
type ICertificateData
} from './certificate-utils.js';
import { getSocketDetails } from './utils/helpers.js';
import type { ISmtpSession } from './interfaces.js';
import type { ISmtpSession, ISessionManager, IConnectionManager } from './interfaces.js';
import { SmtpState } from '../interfaces.js';
/**
@ -24,6 +24,8 @@ export async function performStartTLS(
cert: string;
ca?: string;
session?: ISmtpSession;
sessionManager?: ISessionManager;
connectionManager?: IConnectionManager;
onSuccess?: (tlsSocket: plugins.tls.TLSSocket) => void;
onFailure?: (error: Error) => void;
updateSessionState?: (session: ISmtpSession, state: SmtpState) => void;
@ -190,6 +192,34 @@ export async function performStartTLS(
cipher: cipher?.name || 'unknown'
});
// Update socket mapping in session manager
if (options.sessionManager) {
const socketReplaced = options.sessionManager.replaceSocket(socket, tlsSocket);
if (!socketReplaced) {
SmtpLogger.error('Failed to replace socket in session manager after STARTTLS', {
remoteAddress: socketDetails.remoteAddress,
remotePort: socketDetails.remotePort
});
}
}
// Re-attach event handlers from connection manager
if (options.connectionManager) {
try {
options.connectionManager.setupSocketEventHandlers(tlsSocket);
SmtpLogger.debug('Successfully re-attached connection manager event handlers to TLS socket', {
remoteAddress: socketDetails.remoteAddress,
remotePort: socketDetails.remotePort
});
} catch (handlerError) {
SmtpLogger.error('Failed to re-attach event handlers to TLS socket after STARTTLS', {
remoteAddress: socketDetails.remoteAddress,
remotePort: socketDetails.remotePort,
error: handlerError instanceof Error ? handlerError : new Error(String(handlerError))
});
}
}
// Update session if provided
if (options.session) {
// Update session properties to indicate TLS is active

60
ts/mail/delivery/smtpserver/tls-handler.ts
View File

@ -4,7 +4,7 @@
*/
import * as plugins from '../../../plugins.js';
import type { ITlsHandler, ISessionManager } from './interfaces.js';
import type { ITlsHandler, ISmtpServer } from './interfaces.js';
import { SmtpResponseCode, SecurityEventType, SecurityLogLevel } from './constants.js';
import { SmtpLogger } from './utils/logging.js';
import { getSocketDetails, getTlsDetails } from './utils/helpers.js';
@ -21,19 +21,9 @@ import { SmtpState } from '../interfaces.js';
*/
export class TlsHandler implements ITlsHandler {
/**
* Session manager instance
* Reference to the SMTP server instance
*/
private sessionManager: ISessionManager;
/**
* TLS options
*/
private options: {
key: string;
cert: string;
ca?: string;
rejectUnauthorized?: boolean;
};
private smtpServer: ISmtpServer;
/**
* Certificate data
@ -42,22 +32,13 @@ export class TlsHandler implements ITlsHandler {
/**
* Creates a new TLS handler
* @param sessionManager - Session manager instance
* @param options - TLS options
* @param smtpServer - SMTP server instance
*/
constructor(
sessionManager: ISessionManager,
options: {
key: string;
cert: string;
ca?: string;
rejectUnauthorized?: boolean;
}
) {
this.sessionManager = sessionManager;
this.options = options;
constructor(smtpServer: ISmtpServer) {
this.smtpServer = smtpServer;
// Initialize certificates
const options = this.smtpServer.getOptions();
try {
// Try to load certificates from provided options
this.certificates = loadCertificatesFromString({
@ -81,7 +62,7 @@ export class TlsHandler implements ITlsHandler {
*/
public handleStartTls(socket: plugins.net.Socket | plugins.tls.TLSSocket): void {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
if (!session) {
this.sendResponse(socket, `${SmtpResponseCode.LOCAL_ERROR} Internal server error - session not found`);
return;
@ -129,7 +110,7 @@ export class TlsHandler implements ITlsHandler {
*/
public async startTLS(socket: plugins.net.Socket): Promise<void> {
// Get the session for this socket
const session = this.sessionManager.getSession(socket);
const session = this.smtpServer.getSessionManager().getSession(socket);
try {
// Import the enhanced STARTTLS handler
@ -139,11 +120,14 @@ export class TlsHandler implements ITlsHandler {
SmtpLogger.info('Using enhanced STARTTLS implementation');
// Use the enhanced STARTTLS handler with better error handling and socket management
const options = this.smtpServer.getOptions();
const tlsSocket = await performStartTLS(socket, {
key: this.options.key,
cert: this.options.cert,
ca: this.options.ca,
key: options.key,
cert: options.cert,
ca: options.ca,
session: session,
sessionManager: this.smtpServer.getSessionManager(),
connectionManager: this.smtpServer.getConnectionManager(),
// Callback for successful upgrade
onSuccess: (secureSocket) => {
SmtpLogger.info('TLS connection successfully established via enhanced STARTTLS', {
@ -187,7 +171,7 @@ export class TlsHandler implements ITlsHandler {
);
},
// Function to update session state
updateSessionState: this.sessionManager.updateSessionState?.bind(this.sessionManager)
updateSessionState: this.smtpServer.getSessionManager().updateSessionState?.bind(this.smtpServer.getSessionManager())
});
// If STARTTLS failed with the enhanced implementation, log the error
@ -291,7 +275,8 @@ export class TlsHandler implements ITlsHandler {
* @returns Whether TLS is enabled
*/
public isTlsEnabled(): boolean {
return !!(this.options.key && this.options.cert);
const options = this.smtpServer.getOptions();
return !!(options.key && options.cert);
}
/**
@ -326,4 +311,13 @@ export class TlsHandler implements ITlsHandler {
socket.destroy();
}
}
/**
* Clean up resources
*/
public destroy(): void {
// Clear any cached certificates or TLS contexts
// TlsHandler doesn't have timers but may have cached resources
SmtpLogger.debug('TlsHandler destroyed');
}
}