;;
;; Intended for a single-user system
-(import tcp6
+(import tcp6 openssl
(chicken port)
(chicken io)
(chicken string)
(chicken process-context)
(chicken process-context posix)
(chicken condition)
+ (chicken sort)
+ (chicken random)
srfi-1 srfi-13 matchable base64)
-(define lambdamail-version "0.0.1")
+(define lambdamail-version "LambdaMail v1.8.0")
-(define-record config host port spool-dir user group)
-(define-record message to from text helo user password)
-(define (make-empty-message) (make-message "" "" "" "" "" ""))
+(define-record config host port spool-dir user group certfile keyfile)
+(define (tls-supported? config)
+ (and (config-certfile config)
+ (config-keyfile config)))
-(define outbound-mail-queue '())
+(define (time-stamp)
+ (time->string (seconds->local-time) "%d %b %Y %T %z"))
;;; Server initialization
(define (drop-privs config)
(let ((uid (config-user config))
(gid (config-group config)))
- (if (not (null? gid)) ; Group first, since only root can switch groups.
+ (if gid ; Group first, since only root can switch groups.
(set! (current-group-id) gid))
- (if (not (null? uid))
+ (if uid
(set! (current-user-id) uid))))
(define (run-server config)
(set-buffering-mode! (current-output-port) #:line)
(let ((listener (tcp-listen (config-port config) 10 "::")))
- (print "LambdaMail v" lambdamail-version
- " listening on port " (config-port config) " ...")
- (print "(Host name: " (config-host config)
- ", Spool dir: " (config-spool-dir config) ")")
+ (print "Starting " lambdamail-version " with the following configuration:")
+ (print "Host: '" (config-host config) "'\n"
+ "Port: '" (config-port config) "'\n"
+ "Spool dir: '" (config-spool-dir config) "'")
+ (when (tls-supported? config)
+ (print "Cert file: '" (config-certfile config) "'\n"
+ "Key file: '" (config-keyfile config) "'"))
(drop-privs config)
- (server-loop listener config)))
+ (server-loop listener config '())))
;;; Main server loop
;;
-(define (server-loop listener config)
- (let-values (((in-port out-port) (tcp-accept listener)))
- (let-values (((local-ip remote-ip) (tcp-addresses in-port)))
- (print "Accepted connection from " remote-ip " on " (seconds->string)))
- (condition-case
- (let ((smtp-session (make-smtp-session in-port out-port config)))
- (smtp-session 'greet)
- (process-smtp smtp-session config))
- (o (exn)
- (print-error-message o)))
- (print "Terminating connection.")
- (close-input-port in-port)
- (close-output-port out-port))
- (print "Attempting delivery of " (length outbound-mail-queue) " mail items.")
- (set! outbound-mail-queue
- (filter (lambda (msg) (not (deliver-message msg config)))
- outbound-mail-queue))
- (server-loop listener config))
-
-;;; SMTP processing loop
+(define (server-loop listener config undelivered-messages)
+ (let* ((messages (append (receive-messages listener config) undelivered-messages)))
+ (server-loop listener config (deliver-messages config messages))))
+
+
+;;; Messages
;;
+(define-record message to from text user password stamp)
+(define-record multi-message tos from text user password stamps)
+(define (make-empty-multi-message) (make-multi-message '() "" "" "" "" '()))
+
+
+;;; Receiving messages
+;;
+
+(define (receive-messages listener config)
+ (let ((messages '()))
+ (print "*** Waiting for incoming mail")
+ (let-values (((in-port out-port) (tcp-accept listener)))
+ (let-values (((local-ip remote-ip) (tcp-addresses in-port)))
+ (print "Accepted connection from " remote-ip " on " (time-stamp)))
+ (condition-case
+ (set! messages (process-smtp (make-smtp-session in-port out-port config) config))
+ (o (exn)
+ (print-error-message o)))
+ (print "Terminating connection.")
+ (close-input-port in-port)
+ (close-output-port out-port))
+ messages))
+
(define (make-smtp-session in-port out-port config)
- (let ((smtp-say (lambda args (write-line (conc (apply conc args) "\r") out-port)))
- (user "")
- (password ""))
- (lambda msg
- (match msg
+ (let ((helo ""))
+ (lambda command
+ (match command
(('get-line) (read-line in-port))
- (('set-user! u) (set! user u))
- (('set-password! p) (set! password p))
- (('user) user)
- (('password) password)
- (('auth-success) (smtp-say "235 Authentication successful"))
- (('greet) (smtp-say "220 " (config-host config)
- " LambdaMail v" lambdamail-version))
- (('ok) (smtp-say "250 ok"))
- (('ehlo host)
- (smtp-say "250-" (config-host config) " Hello " host)
- (smtp-say "250 AUTH PLAIN"))
- (('intermediate) (smtp-say "354 intermediate"))
- (('close) (smtp-say "221 closing transmission channel"))
- (('not-implemented) (smtp-say "502 command not implemented"))))))
+ (('send strings ...) (write-line (conc (apply conc strings) "\r") out-port))
+ (('set-helo! h) (set! helo h))
+ (('helo) helo)
+ (('starttls)
+ (let-values (((in-port-tls out-port-tls)
+ (ssl-start* tcp-in: in-port
+ tcp-out: out-port
+ certificate: (config-certfile config)
+ private-key: (config-keyfile config)
+ protocol: (cons 'tlsv12 ssl-max-protocol))))
+ (set! in-port in-port-tls)
+ (set! out-port out-port-tls)))))))
+
+(define (smtp-command? cmd-string input-string)
+ (string-prefix? cmd-string (string-downcase input-string)))
+
+(define (smtp-command-args cmd-string input-string)
+ (if (> (string-length input-string) (string-length cmd-string))
+ (string-trim (string-drop input-string (string-length cmd-string)))
+ ""))
(define (process-smtp smtp-session config)
- (let loop ((msg (make-empty-message)))
- (let ((line-orig (smtp-session 'get-line)))
- (if (string? line-orig)
- (let ((line (string-downcase line-orig)))
- (print "got " line-orig)
- (cond
- ((string-prefix? "helo" line)
- (message-helo-set! msg (string-drop line (string-length "helo")))
- (smtp-session 'ok)
- (loop msg))
- ((string-prefix? "ehlo" line)
- (smtp-session 'ehlo (string-drop line (+ 1 (string-length "ehlo"))))
- (loop msg))
- ((string-prefix? "auth plain" line)
- (let* ((auth-string (string-drop line-orig (+ 1 (string-length "auth plain"))))
- (auth-decoded (base64-decode auth-string))
- (auth-list (string-split auth-decoded "\x00"))
- (user (car auth-list))
- (password (cadr auth-list)))
- (smtp-session 'set-user! user)
- (smtp-session 'set-password! password)
- (print "Attempted login, user: " user ", password: " password)
- (smtp-session 'auth-success)
- (loop msg)))
- ((string-prefix? "mail from:" line)
- (message-from-set! msg (string-drop line (string-length "mail from:")))
- (smtp-session 'ok)
- (loop msg))
- ((string-prefix? "rcpt to:" line)
- (message-to-set! msg (string-drop line (string-length "rcpt to:")))
- (smtp-session 'ok)
- (loop msg))
- ((string-prefix? "data" line)
- (smtp-session 'intermediate)
- (let text-loop ((text-line (smtp-session 'get-line))
- (text ""))
+ (smtp-session 'send "220 " (config-host config) " " lambdamail-version)
+ (let loop ((mmsg (make-empty-multi-message))
+ (received-messages '()))
+ (let ((line (smtp-session 'get-line)))
+ (print "got " line)
+ (if (not (string? line))
+ '() ; Don't keep anything on unexpected termination.
+ (cond
+ ((smtp-command? "helo" line)
+ (smtp-session 'set-helo! (smtp-command-args "helo" line))
+ (smtp-session 'send "250 ok")
+ (loop mmsg received-messages))
+ ((smtp-command? "ehlo" line)
+ (smtp-session 'set-helo! (smtp-command-args "helo" line))
+ (smtp-session 'send
+ "250-" (config-host config)
+ " Hello " (smtp-command-args "ehlo" line))
+ (smtp-session 'send "250 AUTH PLAIN")
+ (smtp-session 'send "250 STARTTLS")
+ (loop mmsg received-messages))
+ ((smtp-command? "starttls" line)
+ (let ((args (smtp-command-args "starttls" line)))
+ (if (> 0 (string-length args))
+ (smtp-session 'send "501 Syntax error (no parameters allowed)")
+ (begin
+ (smtp-session 'send "220 Ready to start TLS")
+ (smtp-session 'starttls)))))
+ ((smtp-command? "auth plain" line)
+ (let* ((auth-string (smtp-command-args "auth plain" line))
+ (auth-decoded (base64-decode auth-string))
+ (auth-list (string-split auth-decoded "\x00"))
+ (user (car auth-list))
+ (password (cadr auth-list)))
+ (multi-message-user-set! mmsg user)
+ (multi-message-password-set! mmsg password)
+ (print "Attempted login, user: " user ", password: " password)
+ (smtp-session 'send "235 authentication successful")
+ (loop mmsg received-messages)))
+ ((smtp-command? "mail from:" line)
+ (multi-message-from-set! mmsg (smtp-command-args "mail from:" line))
+ (smtp-session 'send "250 ok")
+ (loop mmsg received-messages))
+ ((smtp-command? "rcpt to:" line)
+ (let* ((to (smtp-command-args "rcpt to:" line))
+ (stamp (make-message-stamp to mmsg config)))
+ (print to)
+ (if (car stamp)
+ (begin
+ (multi-message-tos-set! mmsg (cons to (multi-message-tos mmsg)))
+ (multi-message-stamps-set! mmsg (cons stamp (multi-message-stamps mmsg)))
+ (smtp-session 'send "250 ok"))
+ (begin
+ (smtp-session 'send "551 relay forbidden"))))
+ (loop mmsg received-messages))
+ ((smtp-command? "data" line)
+ (smtp-session 'send "354 intermediate")
+ (let text-loop ((text ""))
+ (let ((text-line (smtp-session 'get-line)))
(if (string=? "." text-line)
- (message-text-set! msg text)
- (text-loop (smtp-session 'get-line)
- (conc text text-line "\n"))))
- (message-user-set! msg (smtp-session 'user))
- (message-password-set! msg (smtp-session 'password))
- (set! outbound-mail-queue (cons msg outbound-mail-queue))
- (smtp-session 'ok)
- (loop (make-empty-message)))
- ((string-prefix? "quit" line)
- (smtp-session 'close)
- 'done)
- ((string=? "" line)
- (loop msg))
- (else
- (smtp-session 'not-implemented)
- (loop msg))))
- 'done))))
-
-
-;;; Message delivery
+ (multi-message-text-set! mmsg text)
+ (text-loop (conc text text-line "\n")))))
+ (smtp-session 'send "250 ok")
+ (loop (make-empty-multi-message)
+ (append (make-single-recipient-messages mmsg smtp-session config)
+ received-messages)))
+ ((smtp-command? "quit" line)
+ (smtp-session 'send "221 closing transmission channel")
+ received-messages)
+ ((string=? "" (string-trim line))
+ (loop mmsg received-messages))
+ (else
+ (smtp-session 'send "502 command not implemented")
+ (loop mmsg received-messages)))))))
+
+(define (make-single-recipient-messages mmsg smtp-session config)
+ (map
+ (lambda (to stamp)
+ (print "making singleton messages: " to " " stamp)
+ (make-message to (multi-message-from mmsg)
+ (conc "Received: from " (smtp-session 'helo) "\n"
+ "\tby " (config-host config) "\n"
+ "\tfor " to ";\n"
+ "\t" (time-stamp) "\n"
+ (multi-message-text mmsg))
+ (multi-message-user mmsg)
+ (multi-message-password mmsg)
+ stamp))
+ (multi-message-tos mmsg)
+ (multi-message-stamps mmsg)))
+
+
+;;; Message stamping and validation
;;
-(define (get-to-addresses config)
+(define (get-local-addresses config)
(map (lambda (p) (cons
(conc "<" (car p) "@" (config-host config) ">")
(cdr p)))
- (map (lambda (file) (cons (pathname-file file) file))
- (glob (conc (config-spool-dir config) "/*")))))
+ (map (lambda (file)
+ (list (pathname-file file) file
+ (let ((password-file (conc file ".auth")))
+ (if (file-exists? password-file)
+ (with-input-from-file password-file read-line)
+ #f))))
+ (filter directory-exists?
+ (glob (conc (config-spool-dir config) "/*"))))))
-(define (remove-angle-brackets addr)
- (let ((left-idx (substring-index "<" addr))
- (right-idx (substring-index ">" addr)))
- (substring addr (+ left-idx 1) right-idx)))
+(define (make-message-stamp to mmsg config)
+ (let* ((local-addresses (get-local-addresses config))
+ (local-dest (assoc to local-addresses))
+ (local-src (assoc (multi-message-from mmsg) local-addresses)))
+ (cond
+ (local-dest
+ (list #t 'local (cadr local-dest)))
+ (local-src
+ (let ((host-password (caddr local-src)))
+ (if (and (string=? (conc "<" (multi-message-user mmsg) "@" (config-host config) ">")
+ (multi-message-from mmsg))
+ host-password
+ (string=? (multi-message-password mmsg) host-password))
+ (list #t 'remote)
+ (begin
+ (print "Provided password " (multi-message-password mmsg))
+ (print "Host password " host-password)
+ (list #f 'remote)))))
+ (else
+ (list #f 'relay)))))
-(define (deliver-message-local msg dest-dir)
- (print "Delivering to maildir " dest-dir)
- (with-output-to-file (conc dest-dir "/" (current-seconds))
- (lambda ()
- (print (message-text msg)))))
+
+;;; Sending/Delivering messages
+;;
+
+(define (deliver-messages config messages)
+ (print "*** Attempting delivery of " (length messages) " mail items.")
+ (filter (lambda (msg) (not (deliver-message msg config)))
+ messages))
(define (deliver-message msg config)
- (let ((dest (assoc (message-to msg) (get-to-addresses config))))
- (if dest
- (let ((dest-file (cdr dest)))
- (if (directory-exists? dest-file)
- (deliver-message-local msg dest-file))
- (print "Message DELIVERED:"))
- (print "Message REJECTED:"))
- (print " * From: " (message-from msg))
- (print " * To: " (message-to msg)))
+ (print "From: " (message-from msg))
+ (print "To: " (message-to msg))
+ (condition-case
+ (match (message-stamp msg)
+ ((#t 'local dest-dir) (deliver-message-local msg dest-dir))
+ ((#t 'remote) (deliver-message-remote msg config))
+ ((#f 'remote)
+ (print "* REMOTE DELIVERY NOT ALLOWED (auth failure)")
+ #t)
+ (else
+ (print "* DELIVERY NOT ALLOWED (relay forbidden)")
+ #t))
+ (o (exn)
+ (print "* DELIVERY FAILED")
+ (print-error-message o)
+ #t)))
+
+;; Local delivery
+
+(define unique-file-name
+ (let ((counter 0))
+ (lambda ()
+ (set! counter (modulo (+ counter 1) 1000))
+ (conc (current-seconds) "_" counter))))
+
+(define (deliver-message-local msg dest-dir)
+ (with-output-to-file (conc dest-dir "/" (unique-file-name))
+ (lambda ()
+ (print (message-text msg))))
+ (print "* MESSAGE DELIVERED (local)")
#t)
+;; Remote delivery
+
+(define (get-domain-from-email email-string)
+ (car (string-split (cadr (string-split email-string "@")) ">")))
+
+;; This is a hack - there's no built-in interface to res_query()
+;; in chicken, so we have to resort to a system call to dig...
+(define (get-mail-servers-for-domain domain)
+ (let* ((mx-lines (let-values (((in out id) (process (conc "dig " domain " mx +short"))))
+ (with-input-from-port in read-lines)))
+ (mx-entries (map (lambda (l)
+ (let ((s (string-split l)))
+ (list (string->number (car s))
+ (string-drop-right (cadr s) 1)))) ; remove trailing "."
+ mx-lines))
+ (sorted-mx-entries (map cadr (sort mx-entries (lambda (e f) (< (car e) (car f)))))))
+ (if (null? sorted-mx-entries)
+ (list domain) ; fall-back to email address domain if no mx entries
+ sorted-mx-entries))) ; otherwise pick the highest priority server
+
+(define (deliver-message-remote msg config)
+ (let ((domain (get-domain-from-email (message-to msg))))
+ (let loop ((mail-servers (get-mail-servers-for-domain domain)))
+ (if (null? mail-servers)
+ (begin
+ (print "* REMOTE DELIVERY FAILED (Could not connect to any mail server)")
+ #f)
+ (condition-case
+ (let ((mail-server (car mail-servers)))
+ (print "Attempting delivery to " mail-server)
+ (let-values (((tcp-in tcp-out) (tcp-connect mail-server 25)))
+ (let ((smtp-session (make-outgoing-smtp-session tcp-in tcp-out)))
+ (let ((result (and
+ (smtp-session 'expect "220")
+ (smtp-session 'send "helo " (config-host config))
+ (smtp-session 'expect "250")
+ (smtp-session 'send "mail from:" (message-from msg))
+ (smtp-session 'expect "250")
+ (smtp-session 'send "rcpt to:" (message-to msg))
+ (smtp-session 'expect "250")
+ (smtp-session 'send "data")
+ (smtp-session 'expect "354")
+ (smtp-session 'send (message-text msg))
+ (smtp-session 'send ".")
+ (smtp-session 'expect "250" "5") ;Do not try again on rejects.
+ (smtp-session 'send "quit"))))
+ (close-input-port tcp-in)
+ (close-output-port tcp-out)
+ (print "Connection closed.")
+ (if result
+ (print "* MESSAGE DELIVERED (remote)")
+ (print "* REMOTE DELIVERY FAILED (unexpected server response)"))
+ result))))
+ (o (exn)
+ (print-error-messsage o)
+ (print "* Failed to connect. Trying next server.")
+ (loop (cdr mail-servers))))))))
+
+(define (or-list l)
+ (fold (lambda (a b) (or a b)) #f l))
+
+(define ((make-outgoing-smtp-session tcp-in tcp-out) . command)
+ (match command
+ (('expect codes ...)
+ (let loop ((result (read-line tcp-in)))
+ (if (and (> (string-length result) 3)
+ (eq? (string-ref result 3) #\-))
+ (loop (read-line tcp-in)) ;status continues on next line
+ (begin
+ (print "Expecting one of " codes " got " result)
+ (or-list (map (lambda (code)
+ (string-prefix? code result))
+ codes))))))
+ (('send strings ...)
+ (print "Sending " (if (> (string-length (car strings)) 30)
+ (string-take (car strings) 30)
+ (car strings)))
+ (let ((processed-string
+ (string-translate* (conc (apply conc strings) "\n")
+ '(("\n" . "\r\n")))))
+ (write-string processed-string #f tcp-out)))))
+
+
;;; Command line argument parsing
;;
(define (print-usage progname)
(print "Usage:\n"
progname " -h/--help\n"
- progname " [-u/--user UID] [-g/--group GID] hostname [[port [spooldir]]\n"
+ progname " -v/--version\n"
+ progname " [-u/--user UID] [-g/--group GID] [-c/--certfile] [-k/--keyfile]\n"
+ (make-string (string-length progname)) " hostname [[port [spooldir]]\n"
"\n"
"The -u and -g options can be used to set the UID and GID of the process\n"
- "following the creation of the TCP port listener (which often requires root)."))
+ "following the creation of the TCP port listener (which often requires root).\n"
+ "The -c and -k options specify certificate and key files in PEM format for\n"
+ "optional STARTTLS support."))
+
+(define (print-version)
+ (print lambdamail-version))
(define (main)
(let ((progname (pathname-file (car (argv))))
- (config (make-config "" 25 "/var/spool/mail" '() '())))
+ (config (make-config "" 25 "/var/spool/mail" #f #f #f #f)))
(if (null? (cdr (argv)))
(print-usage progname)
(let loop ((args (cdr (argv))))
(equal? this-arg "--group"))
(config-group-set! config (string->number (car rest-args)))
(loop (cdr rest-args)))
+ ((or (equal? this-arg "-c")
+ (equal? this-arg "--certfile"))
+ (config-certfile-set! config (car rest-args))
+ (loop (cdr rest-args)))
+ ((or (equal? this-arg "-k")
+ (equal? this-arg "--keyfile"))
+ (config-keyfile-set! config (car rest-args))
+ (loop (cdr rest-args)))
((or (equal? this-arg "-h")
(equal? this-arg "--help"))
(print-usage progname))
+ ((or (equal? this-arg "-v")
+ (equal? this-arg "--version"))
+ (print-version))
(else
(print "Unknown option " this-arg "\n")
(print-usage progname)))
(main)
-;; (run-server (make-config "thelambdalab.xyz" 2525 "/var/spool/mail"))
+;; (define (test)
+;; (run-server (make-config "localhost" 2525 "spool" '() '())))
+
+;; (test)