From 7613356cb802a0eb1e6e43aae482f2789b151cfc Mon Sep 17 00:00:00 2001 From: Andris Reinman Date: Sun, 10 Sep 2017 22:53:12 +0300 Subject: [PATCH] Allow disabling STARTTLS --- config/default.toml | 8 ++++---- config/imap.toml | 8 ++++++++ config/lmtp.toml | 9 +++++++++ config/pop3.toml | 3 +++ imap-core/lib/commands/authenticate-plain.js | 2 +- imap-core/lib/commands/capability.js | 8 +++++--- imap-core/lib/commands/login.js | 2 +- imap.js | 1 + lmtp.js | 4 ++-- 9 files changed, 34 insertions(+), 11 deletions(-) diff --git a/config/default.toml b/config/default.toml index 809e25e8..3636ed6a 100644 --- a/config/default.toml +++ b/config/default.toml @@ -70,7 +70,7 @@ bugsnagCode="" # @include "sender.toml" [smtp.setup] - # Public configuration for SMTP MDA - hostname="localtest.me" - secure=false - port=2587 +# Public configuration for SMTP MDA, needed for mobileconfig files +hostname="localhost" +secure=false +port=2587 diff --git a/config/imap.toml b/config/imap.toml index dff581ed..7f7f7fbb 100644 --- a/config/imap.toml +++ b/config/imap.toml @@ -17,6 +17,14 @@ retention=30 # if `true` then do not autodelete expired messages disableRetention=false +# If true, then disables STARTTLS support +disableSTARTTLS=false + +[id] +#name="Wild Duck IMAP" +#version="1.0.0" +#vendor="Wild Duck" + [setup] # Public configuration for IMAP hostname="localhost" diff --git a/config/lmtp.toml b/config/lmtp.toml index 564fcb41..c94d7906 100644 --- a/config/lmtp.toml +++ b/config/lmtp.toml @@ -7,6 +7,15 @@ host="127.0.0.1" # Max accepted size for messages pushed via LMTP maxMB=25 +# If true then disables STARTTLS usage +disableSTARTTLS=false + +# Greeting message for connecting client +banner="Welcome to Wild Duck Mail Server" + +# Server hostname. Defaults to os.hostname() if false +name=false + [tls] # If certificate path is not defined, use global or built-in self-signed certs for STARTTLS #key="/path/to/server/key.pem" diff --git a/config/pop3.toml b/config/pop3.toml index 2a658ed3..1d2e8ea7 100644 --- a/config/pop3.toml +++ b/config/pop3.toml @@ -8,6 +8,9 @@ host="127.0.0.1" # POP3 server is limited and does not support the STLS command secure=true +# If true, then do not show server info in CAPA response +disableVersionString=false + # How many latest messages to list for LIST and UIDL # POP3 server never lists all messages but only a limited length list maxMessages=250 diff --git a/imap-core/lib/commands/authenticate-plain.js b/imap-core/lib/commands/authenticate-plain.js index 8268c1e3..6479d6c3 100644 --- a/imap-core/lib/commands/authenticate-plain.js +++ b/imap-core/lib/commands/authenticate-plain.js @@ -14,7 +14,7 @@ module.exports = { handler(command, callback, next) { let token = ((command.attributes && command.attributes[0] && command.attributes[0].value) || '').toString().trim(); - if (!this.secure && !this._server.options.ignoreSTARTTLS) { + if (!this.secure && !this._server.options.disableSTARTTLS && !this._server.options.ignoreSTARTTLS) { // Only allow authentication using TLS return callback(null, { response: 'BAD', diff --git a/imap-core/lib/commands/capability.js b/imap-core/lib/commands/capability.js index 7d46ad35..ae2b63cc 100644 --- a/imap-core/lib/commands/capability.js +++ b/imap-core/lib/commands/capability.js @@ -5,9 +5,11 @@ module.exports = { let capabilities = []; if (!this.secure) { - capabilities.push('STARTTLS'); - if (!this._server.options.ignoreSTARTTLS) { - capabilities.push('LOGINDISABLED'); + if (!this._server.options.disableSTARTTLS) { + capabilities.push('STARTTLS'); + if (!this._server.options.ignoreSTARTTLS) { + capabilities.push('LOGINDISABLED'); + } } } diff --git a/imap-core/lib/commands/login.js b/imap-core/lib/commands/login.js index cb0818b3..6a213b06 100644 --- a/imap-core/lib/commands/login.js +++ b/imap-core/lib/commands/login.js @@ -18,7 +18,7 @@ module.exports = { let username = Buffer.from((command.attributes[0].value || '').toString().trim(), 'binary').toString(); let password = Buffer.from((command.attributes[1].value || '').toString().trim(), 'binary').toString(); - if (!this.secure && !this._server.options.ignoreSTARTTLS) { + if (!this.secure && !this._server.options.disableSTARTTLS && !this._server.options.ignoreSTARTTLS) { // Only allow authentication using TLS return callback(null, { response: 'BAD', diff --git a/imap.js b/imap.js index 4af64996..d7642f9b 100644 --- a/imap.js +++ b/imap.js @@ -41,6 +41,7 @@ const onGetQuota = require('./lib/handlers/on-get-quota'); // Setup server const serverOptions = { secure: config.imap.secure, + disableSTARTTLS: config.imap.disableSTARTTLS, ignoreSTARTTLS: config.imap.ignoreSTARTTLS, id: { diff --git a/lmtp.js b/lmtp.js index a1c08593..d0b8f4b1 100644 --- a/lmtp.js +++ b/lmtp.js @@ -41,12 +41,12 @@ const serverOptions = { } }, - name: false, + name: config.lmtp.name || false, // not required but nice-to-have banner: config.lmtp.banner || 'Welcome to Wild Duck Mail Server', - disabledCommands: ['AUTH'], + disabledCommands: ['AUTH'].concat(config.lmtp.disableSTARTTLS ? 'STARTTLS' : []), onMailFrom(address, session, callback) { // reset session entries