update
This commit is contained in:
parent
535b055664
commit
645790d0c2
@ -116,8 +116,7 @@ export class SMTPServer {
|
||||
sessionTimeout: 600,
|
||||
// Use a broader set of ciphers for maximum compatibility
|
||||
ciphers: 'HIGH:MEDIUM:!aNULL:!eNULL:!NULL:!ADH:!RC4',
|
||||
// Allow client-initiated renegotiation for SMTP
|
||||
allowRenegotiation: true,
|
||||
// TLS renegotiation option (removed - not supported in newer Node.js)
|
||||
// Longer handshake timeout for reliability
|
||||
handshakeTimeout: 30000,
|
||||
// Disable secure options to allow more flexibility
|
||||
|
@ -262,8 +262,7 @@ export function createTlsOptions(
|
||||
rejectUnauthorized: false,
|
||||
// Longer handshake timeout for reliability
|
||||
handshakeTimeout: 30000,
|
||||
// Allow renegotiation for better compatibility
|
||||
allowRenegotiation: true,
|
||||
// TLS renegotiation option (removed - not supported in newer Node.js)
|
||||
// Increase timeout for better reliability under test conditions
|
||||
sessionTimeout: 600,
|
||||
// Let the client choose the cipher for better compatibility
|
||||
|
@ -346,12 +346,8 @@ export class ConnectionManager implements IConnectionManager {
|
||||
try {
|
||||
// Here we set reasonable buffer limits to prevent memory exhaustion attacks
|
||||
const highWaterMark = 64 * 1024; // 64 KB
|
||||
if (typeof socket.// setReadableHighWaterMark === 'function') {
|
||||
socket.// setReadableHighWaterMark(highWaterMark);
|
||||
}
|
||||
if (typeof socket.// setWritableHighWaterMark === 'function') {
|
||||
socket.// setWritableHighWaterMark(highWaterMark);
|
||||
}
|
||||
// Note: Socket high water mark methods can't be set directly in newer Node.js versions
|
||||
// These would need to be set during socket creation or with a different API
|
||||
} catch (error) {
|
||||
// Ignore errors from older Node.js versions that don't support these methods
|
||||
SmtpLogger.debug(`Could not set socket buffer limits: ${error instanceof Error ? error.message : String(error)}`);
|
||||
@ -503,12 +499,8 @@ export class ConnectionManager implements IConnectionManager {
|
||||
try {
|
||||
// Here we set reasonable buffer limits to prevent memory exhaustion attacks
|
||||
const highWaterMark = 64 * 1024; // 64 KB
|
||||
if (typeof socket.// setReadableHighWaterMark === 'function') {
|
||||
socket.// setReadableHighWaterMark(highWaterMark);
|
||||
}
|
||||
if (typeof socket.// setWritableHighWaterMark === 'function') {
|
||||
socket.// setWritableHighWaterMark(highWaterMark);
|
||||
}
|
||||
// Note: Socket high water mark methods can't be set directly in newer Node.js versions
|
||||
// These would need to be set during socket creation or with a different API
|
||||
} catch (error) {
|
||||
// Ignore errors from older Node.js versions that don't support these methods
|
||||
SmtpLogger.debug(`Could not set socket buffer limits: ${error instanceof Error ? error.message : String(error)}`);
|
||||
|
@ -356,10 +356,12 @@ export class DataHandler implements IDataHandler {
|
||||
to: to.split(',').map(addr => addr.trim()),
|
||||
subject: subject,
|
||||
text: bodyText,
|
||||
messageId: messageId,
|
||||
// Add original session envelope data for accurate routing
|
||||
originalMailFrom: session.envelope.mailFrom.address,
|
||||
originalRcptTo: session.envelope.rcptTo.map(r => r.address)
|
||||
// Add original session envelope data for accurate routing as headers
|
||||
headers: {
|
||||
'X-Original-Mail-From': session.envelope.mailFrom.address,
|
||||
'X-Original-Rcpt-To': session.envelope.rcptTo.map(r => r.address).join(', '),
|
||||
'Message-Id': messageId
|
||||
}
|
||||
});
|
||||
|
||||
// Add received header
|
||||
@ -553,5 +555,4 @@ export class DataHandler implements IDataHandler {
|
||||
}
|
||||
}, 100); // Short delay before retry
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -125,8 +125,6 @@ export async function performStartTLS(
|
||||
const tlsSocket = new plugins.tls.TLSSocket(socket, {
|
||||
isServer: true,
|
||||
secureContext,
|
||||
// Enable handshake timeout for STARTTLS
|
||||
handshakeTimeout,
|
||||
// Server-side options (simpler is more reliable for STARTTLS)
|
||||
requestCert: false,
|
||||
rejectUnauthorized: false
|
||||
|
Loading…
x
Reference in New Issue
Block a user