;; Super-basic bell-and-whistle-free SMTP server. ;; ;; Intended for a single-user system (import tcp6 openssl (chicken port) (chicken io) (chicken string) (chicken pathname) (chicken file) (chicken time) (chicken time posix) (chicken process) (chicken process-context) (chicken process-context posix) (chicken condition) (chicken sort) (chicken random) srfi-1 srfi-13 matchable base64) (define lambdamail-version "LambdaMail v1.8.0") (define-record config host port spool-dir user group certfile keyfile) (define (tls-supported? config) (and (config-certfile config) (config-keyfile config))) (define (time-stamp) (time->string (seconds->local-time) "%d %b %Y %T %z")) ;;; Server initialization ;; (define (drop-privs config) (let ((uid (config-user config)) (gid (config-group config))) (if gid ; Group first, since only root can switch groups. (set! (current-group-id) gid)) (if uid (set! (current-user-id) uid)))) (define (run-server config) (set-buffering-mode! (current-output-port) #:line) (let ((listener (tcp-listen (config-port config) 10 "::"))) (print "Starting " lambdamail-version " with the following configuration:") (print "Host: '" (config-host config) "'\n" "Port: '" (config-port config) "'\n" "Spool dir: '" (config-spool-dir config) "'") (when (tls-supported? config) (print "Cert file: '" (config-certfile config) "'\n" "Key file: '" (config-keyfile config) "'")) (drop-privs config) (server-loop listener config '()))) ;;; Main server loop ;; (define (server-loop listener config undelivered-messages) (let* ((messages (append (receive-messages listener config) undelivered-messages))) (server-loop listener config (deliver-messages config messages)))) ;;; Messages ;; (define-record message to from text user password stamp) (define-record multi-message tos from text user password stamps) (define (make-empty-multi-message) (make-multi-message '() "" "" "" "" '())) ;;; Receiving messages ;; (define (receive-messages listener config) (let ((messages '())) (print "*** Waiting for incoming mail") (let-values (((in-port out-port) (tcp-accept listener))) (let-values (((local-ip remote-ip) (tcp-addresses in-port))) (print "Accepted connection from " remote-ip " on " (time-stamp))) (condition-case (set! messages (process-smtp (make-smtp-session in-port out-port config) config)) (o (exn) (print-error-message o))) (print "Terminating connection.") (close-input-port in-port) (close-output-port out-port)) messages)) (define (make-smtp-session in-port out-port config) (let ((helo "")) (lambda command (match command (('get-line) (read-line in-port)) (('send strings ...) (write-line (conc (apply conc strings) "\r") out-port)) (('set-helo! h) (set! helo h)) (('helo) helo) (('starttls) (let-values (((in-port-tls out-port-tls) (ssl-start* #t in-port out-port certificate: (config-certfile config) private-key: (config-keyfile config) protocol: (cons 'tlsv12 ssl-max-protocol)))) (set! in-port in-port-tls) (set! out-port out-port-tls))))))) (define (smtp-command? cmd-string input-string) (string-prefix? cmd-string (string-downcase input-string))) (define (smtp-command-args cmd-string input-string) (if (> (string-length input-string) (string-length cmd-string)) (string-trim (string-drop input-string (string-length cmd-string))) "")) (define (process-smtp smtp-session config) (smtp-session 'send "220 " (config-host config) " " lambdamail-version) (let loop ((mmsg (make-empty-multi-message)) (received-messages '())) (let ((line (smtp-session 'get-line))) (print "got " line) (if (not (string? line)) '() ; Don't keep anything on unexpected termination. (cond ((smtp-command? "helo" line) (smtp-session 'set-helo! (smtp-command-args "helo" line)) (smtp-session 'send "250 ok") (loop mmsg received-messages)) ((smtp-command? "ehlo" line) (smtp-session 'set-helo! (smtp-command-args "helo" line)) (smtp-session 'send "250-" (config-host config) " Hello " (smtp-command-args "ehlo" line)) (smtp-session 'send "250 AUTH PLAIN") (if (tls-supported? config) (smtp-session 'send "250 STARTTLS")) (loop mmsg received-messages)) ((smtp-command? "starttls" line) (let ((args (smtp-command-args "starttls" line))) (if (> 0 (string-length args)) (smtp-session 'send "501 Syntax error (no parameters allowed)") (begin (smtp-session 'send "220 Ready to start TLS") (smtp-session 'starttls)))) (loop mmsg received-messages)) ((smtp-command? "auth plain" line) (let* ((auth-string (smtp-command-args "auth plain" line)) (auth-decoded (base64-decode auth-string)) (auth-list (string-split auth-decoded "\x00")) (user (car auth-list)) (password (cadr auth-list))) (multi-message-user-set! mmsg user) (multi-message-password-set! mmsg password) (print "Attempted login, user: " user ", password: " password) (smtp-session 'send "235 authentication successful") (loop mmsg received-messages))) ((smtp-command? "mail from:" line) (multi-message-from-set! mmsg (smtp-command-args "mail from:" line)) (smtp-session 'send "250 ok") (loop mmsg received-messages)) ((smtp-command? "rcpt to:" line) (let* ((to (smtp-command-args "rcpt to:" line)) (stamp (make-message-stamp to mmsg config))) (print to) (if (car stamp) (begin (multi-message-tos-set! mmsg (cons to (multi-message-tos mmsg))) (multi-message-stamps-set! mmsg (cons stamp (multi-message-stamps mmsg))) (smtp-session 'send "250 ok")) (begin (smtp-session 'send "551 relay forbidden")))) (loop mmsg received-messages)) ((smtp-command? "data" line) (smtp-session 'send "354 intermediate") (let text-loop ((text "")) (let ((text-line (smtp-session 'get-line))) (if (string=? "." text-line) (multi-message-text-set! mmsg text) (text-loop (conc text text-line "\n"))))) (smtp-session 'send "250 ok") (loop (make-empty-multi-message) (append (make-single-recipient-messages mmsg smtp-session config) received-messages))) ((smtp-command? "quit" line) (smtp-session 'send "221 closing transmission channel") received-messages) ((string=? "" (string-trim line)) (loop mmsg received-messages)) (else (smtp-session 'send "502 command not implemented") (loop mmsg received-messages))))))) (define (make-single-recipient-messages mmsg smtp-session config) (map (lambda (to stamp) (print "making singleton messages: " to " " stamp) (make-message to (multi-message-from mmsg) (conc "Received: from " (smtp-session 'helo) "\n" "\tby " (config-host config) "\n" "\tfor " to ";\n" "\t" (time-stamp) "\n" (multi-message-text mmsg)) (multi-message-user mmsg) (multi-message-password mmsg) stamp)) (multi-message-tos mmsg) (multi-message-stamps mmsg))) ;;; Message stamping and validation ;; (define (get-local-addresses config) (map (lambda (p) (cons (conc "<" (car p) "@" (config-host config) ">") (cdr p))) (map (lambda (file) (list (pathname-file file) file (let ((password-file (conc file ".auth"))) (if (file-exists? password-file) (with-input-from-file password-file read-line) #f)))) (filter directory-exists? (glob (conc (config-spool-dir config) "/*")))))) (define (make-message-stamp to mmsg config) (let* ((local-addresses (get-local-addresses config)) (local-dest (assoc to local-addresses)) (local-src (assoc (multi-message-from mmsg) local-addresses))) (cond (local-dest (list #t 'local (cadr local-dest))) (local-src (let ((host-password (caddr local-src))) (if (and (string=? (conc "<" (multi-message-user mmsg) "@" (config-host config) ">") (multi-message-from mmsg)) host-password (string=? (multi-message-password mmsg) host-password)) (list #t 'remote) (begin (print "Provided password " (multi-message-password mmsg)) (print "Host password " host-password) (list #f 'remote))))) (else (list #f 'relay))))) ;;; Sending/Delivering messages ;; (define (deliver-messages config messages) (print "*** Attempting delivery of " (length messages) " mail items.") (filter (lambda (msg) (not (deliver-message msg config))) messages)) (define (deliver-message msg config) (print "From: " (message-from msg)) (print "To: " (message-to msg)) (condition-case (match (message-stamp msg) ((#t 'local dest-dir) (deliver-message-local msg dest-dir)) ((#t 'remote) (deliver-message-remote msg config)) ((#f 'remote) (print "* REMOTE DELIVERY NOT ALLOWED (auth failure)") #t) (else (print "* DELIVERY NOT ALLOWED (relay forbidden)") #t)) (o (exn) (print "* DELIVERY FAILED") (print-error-message o) #t))) ;; Local delivery (define unique-file-name (let ((counter 0)) (lambda () (set! counter (modulo (+ counter 1) 1000)) (conc (current-seconds) "_" counter)))) (define (deliver-message-local msg dest-dir) (with-output-to-file (conc dest-dir "/" (unique-file-name)) (lambda () (print (message-text msg)))) (print "* MESSAGE DELIVERED (local)") #t) ;; Remote delivery (define (get-domain-from-email email-string) (car (string-split (cadr (string-split email-string "@")) ">"))) ;; This is a hack - there's no built-in interface to res_query() ;; in chicken, so we have to resort to a system call to dig... (define (get-mail-servers-for-domain domain) (let* ((mx-lines (let-values (((in out id) (process (conc "dig " domain " mx +short")))) (with-input-from-port in read-lines))) (mx-entries (map (lambda (l) (let ((s (string-split l))) (list (string->number (car s)) (string-drop-right (cadr s) 1)))) ; remove trailing "." mx-lines)) (sorted-mx-entries (map cadr (sort mx-entries (lambda (e f) (< (car e) (car f))))))) (if (null? sorted-mx-entries) (list domain) ; fall-back to email address domain if no mx entries sorted-mx-entries))) ; otherwise pick the highest priority server (define (deliver-message-remote msg config) (let ((domain (get-domain-from-email (message-to msg)))) (let loop ((mail-servers (get-mail-servers-for-domain domain))) (if (null? mail-servers) (begin (print "* REMOTE DELIVERY FAILED (Could not connect to any mail server)") #f) (condition-case (let ((mail-server (car mail-servers))) (print "Attempting delivery to " mail-server) (let-values (((tcp-in tcp-out) (tcp-connect mail-server 25))) (let ((smtp-session (make-outgoing-smtp-session tcp-in tcp-out))) (let ((result (and (smtp-session 'expect "220") (smtp-session 'send "helo " (config-host config)) (smtp-session 'expect "250") (smtp-session 'send "mail from:" (message-from msg)) (smtp-session 'expect "250") (smtp-session 'send "rcpt to:" (message-to msg)) (smtp-session 'expect "250") (smtp-session 'send "data") (smtp-session 'expect "354") (smtp-session 'send (message-text msg)) (smtp-session 'send ".") (smtp-session 'expect "250" "5") ;Do not try again on rejects. (smtp-session 'send "quit")))) (close-input-port tcp-in) (close-output-port tcp-out) (print "Connection closed.") (if result (print "* MESSAGE DELIVERED (remote)") (print "* REMOTE DELIVERY FAILED (unexpected server response)")) result)))) (o (exn) (print-error-messsage o) (print "* Failed to connect. Trying next server.") (loop (cdr mail-servers)))))))) (define (or-list l) (fold (lambda (a b) (or a b)) #f l)) (define ((make-outgoing-smtp-session tcp-in tcp-out) . command) (match command (('expect codes ...) (let loop ((result (read-line tcp-in))) (if (and (> (string-length result) 3) (eq? (string-ref result 3) #\-)) (loop (read-line tcp-in)) ;status continues on next line (begin (print "Expecting one of " codes " got " result) (or-list (map (lambda (code) (string-prefix? code result)) codes)))))) (('send strings ...) (print "Sending " (if (> (string-length (car strings)) 30) (string-take (car strings) 30) (car strings))) (let ((processed-string (string-translate* (conc (apply conc strings) "\n") '(("\n" . "\r\n"))))) (write-string processed-string #f tcp-out))))) ;;; Command line argument parsing ;; (define (print-usage progname) (print "Usage:\n" progname " -h/--help\n" progname " -v/--version\n" progname " [-u/--user UID] [-g/--group GID] [-c/--certfile] [-k/--keyfile]\n" (make-string (string-length progname)) " hostname [[port [spooldir]]\n" "\n" "The -u and -g options can be used to set the UID and GID of the process\n" "following the creation of the TCP port listener (which often requires root).\n" "The -c and -k options specify certificate and key files in PEM format for\n" "optional STARTTLS support.")) (define (print-version) (print lambdamail-version)) (define (main) (let ((progname (pathname-file (car (argv)))) (config (make-config "" 25 "/var/spool/mail" #f #f #f #f))) (if (null? (cdr (argv))) (print-usage progname) (let loop ((args (cdr (argv)))) (let ((this-arg (car args)) (rest-args (cdr args))) (if (string-prefix? "-" this-arg) (cond ((or (equal? this-arg "-u") (equal? this-arg "--user")) (config-user-set! config (string->number (car rest-args))) (loop (cdr rest-args))) ((or (equal? this-arg "-g") (equal? this-arg "--group")) (config-group-set! config (string->number (car rest-args))) (loop (cdr rest-args))) ((or (equal? this-arg "-c") (equal? this-arg "--certfile")) (config-certfile-set! config (car rest-args)) (loop (cdr rest-args))) ((or (equal? this-arg "-k") (equal? this-arg "--keyfile")) (config-keyfile-set! config (car rest-args)) (loop (cdr rest-args))) ((or (equal? this-arg "-h") (equal? this-arg "--help")) (print-usage progname)) ((or (equal? this-arg "-v") (equal? this-arg "--version")) (print-version)) (else (print "Unknown option " this-arg "\n") (print-usage progname))) (begin (config-host-set! config this-arg) (unless (null? rest-args) (config-port-set! config (string->number (car rest-args))) (unless (null? (cdr rest-args)) (config-spool-dir-set! config (cadr rest-args)))) (run-server config)))))))) (main) ;; (define (test) ;; (run-server (make-config "localhost" 2525 "spool" '() '()))) ;; (test)