serve.zone/dcrouter
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Philipp Kunz
2025-05-21 17:33:16 +00:00
parent 535b055664
commit 645790d0c2
5 changed files with 13 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ts/mail/delivery/classes.smtpserver.ts
View File

@@ -116,8 +116,7 @@ export class SMTPServer {
sessionTimeout: 600, sessionTimeout: 600,
// Use a broader set of ciphers for maximum compatibility // Use a broader set of ciphers for maximum compatibility
ciphers: 'HIGH:MEDIUM:!aNULL:!eNULL:!NULL:!ADH:!RC4', ciphers: 'HIGH:MEDIUM:!aNULL:!eNULL:!NULL:!ADH:!RC4',
// Allow client-initiated renegotiation for SMTP // TLS renegotiation option (removed - not supported in newer Node.js)
allowRenegotiation: true,
// Longer handshake timeout for reliability // Longer handshake timeout for reliability
handshakeTimeout: 30000, handshakeTimeout: 30000,
// Disable secure options to allow more flexibility // Disable secure options to allow more flexibility

3
ts/mail/delivery/smtpserver/certificate-utils.ts
View File

@@ -262,8 +262,7 @@ export function createTlsOptions(
rejectUnauthorized: false, rejectUnauthorized: false,
// Longer handshake timeout for reliability // Longer handshake timeout for reliability
handshakeTimeout: 30000, handshakeTimeout: 30000,
// Allow renegotiation for better compatibility // TLS renegotiation option (removed - not supported in newer Node.js)
allowRenegotiation: true,
// Increase timeout for better reliability under test conditions // Increase timeout for better reliability under test conditions
sessionTimeout: 600, sessionTimeout: 600,
// Let the client choose the cipher for better compatibility // Let the client choose the cipher for better compatibility

16
ts/mail/delivery/smtpserver/connection-manager.ts
View File

@@ -346,12 +346,8 @@ export class ConnectionManager implements IConnectionManager {
try { try {
// Here we set reasonable buffer limits to prevent memory exhaustion attacks // Here we set reasonable buffer limits to prevent memory exhaustion attacks
const highWaterMark = 64 * 1024; // 64 KB const highWaterMark = 64 * 1024; // 64 KB
if (typeof socket.// setReadableHighWaterMark === 'function') { // Note: Socket high water mark methods can't be set directly in newer Node.js versions
socket.// setReadableHighWaterMark(highWaterMark); // These would need to be set during socket creation or with a different API
}
if (typeof socket.// setWritableHighWaterMark === 'function') {
socket.// setWritableHighWaterMark(highWaterMark);
}
} catch (error) { } catch (error) {
// Ignore errors from older Node.js versions that don't support these methods // Ignore errors from older Node.js versions that don't support these methods
SmtpLogger.debug(`Could not set socket buffer limits: ${error instanceof Error ? error.message : String(error)}`); SmtpLogger.debug(`Could not set socket buffer limits: ${error instanceof Error ? error.message : String(error)}`);
@@ -503,12 +499,8 @@ export class ConnectionManager implements IConnectionManager {
try { try {
// Here we set reasonable buffer limits to prevent memory exhaustion attacks // Here we set reasonable buffer limits to prevent memory exhaustion attacks
const highWaterMark = 64 * 1024; // 64 KB const highWaterMark = 64 * 1024; // 64 KB
if (typeof socket.// setReadableHighWaterMark === 'function') { // Note: Socket high water mark methods can't be set directly in newer Node.js versions
socket.// setReadableHighWaterMark(highWaterMark); // These would need to be set during socket creation or with a different API
}
if (typeof socket.// setWritableHighWaterMark === 'function') {
socket.// setWritableHighWaterMark(highWaterMark);
}
} catch (error) { } catch (error) {
// Ignore errors from older Node.js versions that don't support these methods // Ignore errors from older Node.js versions that don't support these methods
SmtpLogger.debug(`Could not set socket buffer limits: ${error instanceof Error ? error.message : String(error)}`); SmtpLogger.debug(`Could not set socket buffer limits: ${error instanceof Error ? error.message : String(error)}`);

11
ts/mail/delivery/smtpserver/data-handler.ts
View File

@@ -356,10 +356,12 @@ export class DataHandler implements IDataHandler {
to: to.split(',').map(addr => addr.trim()), to: to.split(',').map(addr => addr.trim()),
subject: subject, subject: subject,
text: bodyText, text: bodyText,
messageId: messageId, // Add original session envelope data for accurate routing as headers
// Add original session envelope data for accurate routing headers: {
originalMailFrom: session.envelope.mailFrom.address, 'X-Original-Mail-From': session.envelope.mailFrom.address,
originalRcptTo: session.envelope.rcptTo.map(r => r.address) 'X-Original-Rcpt-To': session.envelope.rcptTo.map(r => r.address).join(', '),
'Message-Id': messageId
}
}); });
// Add received header // Add received header
@@ -554,4 +556,3 @@ export class DataHandler implements IDataHandler {
}, 100); // Short delay before retry }, 100); // Short delay before retry
} }
} }
}

2
ts/mail/delivery/smtpserver/starttls-handler.ts
View File

@@ -125,8 +125,6 @@ export async function performStartTLS(
const tlsSocket = new plugins.tls.TLSSocket(socket, { const tlsSocket = new plugins.tls.TLSSocket(socket, {
isServer: true, isServer: true,
secureContext, secureContext,
// Enable handshake timeout for STARTTLS
handshakeTimeout,
// Server-side options (simpler is more reliable for STARTTLS) // Server-side options (simpler is more reliable for STARTTLS)
requestCert: false, requestCert: false,
rejectUnauthorized: false rejectUnauthorized: false