Merge pull request decke#11 from JonathonReinhart/minor-cleanup-fixes

decke · web-flow · commit c781938999ee · 2021-02-16T15:36:52.000+01:00
Minor cleanup and fixes
diff --git a/cmd/hasher.go b/cmd/hasher.go
@@ -8,11 +8,15 @@ import (
 )
 
 func main() {
+	if len(os.Args) != 2 {
+		fmt.Fprintln(os.Stderr, "Usage: hasher PASSWORD")
+		os.Exit(1)
+	}
 	password := os.Args[1]
 
 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
-		fmt.Println("Error generating hash: %s", err)
+		fmt.Fprintln(os.Stderr, "Error generating hash: %s", err)
 	}
 	fmt.Println(string(hash))
 }
diff --git a/main.go b/main.go
@@ -33,6 +33,7 @@ func connectionChecker(peer smtpd.Peer) error {
 		}
 	}
 
+	log.Printf("Connection from peer=[%s] denied: Not in allowed_nets\n", peerIP)
 	return smtpd.Error{Code: 421, Message: "Denied"}
 }
 
@@ -84,10 +85,13 @@ func senderChecker(peer smtpd.Peer, addr string) error {
 	if *allowedUsers != "" && peer.Username != "" {
 		user, err := AuthFetch(peer.Username)
 		if err != nil {
+			// Shouldn't happen: authChecker already validated username+password
 			return smtpd.Error{Code: 451, Message: "Bad sender address"}
 		}
 
 		if !addrAllowed(addr, user.allowedAddresses) {
+			log.Printf("Mail from=<%s> not allowed for authenticated user %s (%v)\n",
+				addr, peer.Username, peer.Addr)
 			return smtpd.Error{Code: 451, Message: "Bad sender address"}
 		}
 	}
@@ -106,6 +110,8 @@ func senderChecker(peer smtpd.Peer, addr string) error {
 		return nil
 	}
 
+	log.Printf("Mail from=<%s> not allowed by allowed_sender pattern for peer %v\n",
+		addr, peer.Addr)
 	return smtpd.Error{Code: 451, Message: "Bad sender address"}
 }
 
@@ -124,13 +130,15 @@ func recipientChecker(peer smtpd.Peer, addr string) error {
 		return nil
 	}
 
+	log.Printf("Mail to=<%s> not allowed by allowed_recipients pattern for peer %v\n",
+		addr, peer.Addr)
 	return smtpd.Error{Code: 451, Message: "Bad recipient address"}
 }
 
 func authChecker(peer smtpd.Peer, username string, password string) error {
 	err := AuthCheckPassword(username, password)
 	if err != nil {
-		log.Printf("Auth error: %v\n", err)
+		log.Printf("Auth error for peer %v: %v\n", peer.Addr, err)
 		return smtpd.Error{Code: 535, Message: "Authentication credentials invalid"}
 	}
 	return nil
@@ -188,7 +196,7 @@ func mailHandler(peer smtpd.Peer, env smtpd.Envelope) error {
 	return nil
 }
 
-func main() {
+func getTLSConfig() *tls.Config {
 	// Ciphersuites as defined in stock Go but without 3DES and RC4
 	// https://golang.org/src/crypto/tls/cipher_suites.go
 	var tlsCipherSuites = []uint16{
@@ -214,6 +222,24 @@ func main() {
 		tls.TLS_RSA_WITH_AES_256_CBC_SHA,
 	}
 
+	if *localCert == "" || *localKey == "" {
+		log.Fatal("TLS certificate/key not defined in config")
+	}
+
+	cert, err := tls.LoadX509KeyPair(*localCert, *localKey)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	return &tls.Config{
+		PreferServerCipherSuites: true,
+		MinVersion:               tls.VersionTLS11,
+		CipherSuites:             tlsCipherSuites,
+		Certificates:             []tls.Certificate{cert},
+	}
+}
+
+func main() {
 	ConfigLoad()
 
 	if *versionInfo {
@@ -231,11 +257,16 @@ func main() {
 		log.SetOutput(io.MultiWriter(os.Stdout, f))
 	}
 
-	listeners := strings.Split(*listen, " ")
-
-	for i := range listeners {
-		listener := listeners[i]
+	// Load allowed users file
+	if *allowedUsers != "" {
+		err := AuthLoadFile(*allowedUsers)
+		if err != nil {
+			log.Fatalf("Authentication file: %s\n", err)
+		}
+	}
 
+	// Create a server for each desired listen address
+	for _, listenAddr := range strings.Split(*listen, " ") {
 		server := &smtpd.Server{
 			Hostname:          *hostName,
 			WelcomeMessage:    *welcomeMsg,
@@ -246,76 +277,41 @@ func main() {
 		}
 
 		if *allowedUsers != "" {
-			err := AuthLoadFile(*allowedUsers)
-			if err != nil {
-				log.Fatalf("Authentication file: %s\n", err)
-			}
-
 			server.Authenticator = authChecker
 		}
 
-		if strings.Index(listeners[i], "://") == -1 {
-			log.Printf("Listen on %s ...\n", listener)
-			go server.ListenAndServe(listener)
-		} else if strings.HasPrefix(listeners[i], "starttls://") {
-			listener = strings.TrimPrefix(listener, "starttls://")
+		var lsnr net.Listener
+		var err error
 
-			if *localCert == "" || *localKey == "" {
-				log.Fatal("TLS certificate/key not defined in config")
-			}
+		if strings.Index(listenAddr, "://") == -1 {
+			log.Printf("Listen on %s ...\n", listenAddr)
 
-			cert, err := tls.LoadX509KeyPair(*localCert, *localKey)
-			if err != nil {
-				log.Fatal(err)
-			}
+			lsnr, err = net.Listen("tcp", listenAddr)
+		} else if strings.HasPrefix(listenAddr, "starttls://") {
+			listenAddr = strings.TrimPrefix(listenAddr, "starttls://")
 
-			server.TLSConfig = &tls.Config{
-				PreferServerCipherSuites: true,
-				MinVersion:               tls.VersionTLS11,
-				CipherSuites:             tlsCipherSuites,
-				Certificates:             []tls.Certificate{cert},
-			}
+			server.TLSConfig = getTLSConfig()
 			server.ForceTLS = *localForceTLS
 
-			log.Printf("Listen on %s (STARTSSL) ...\n", listener)
-			lsnr, err := net.Listen("tcp", listener)
-			if err != nil {
-				log.Fatal(err)
-			}
-			defer lsnr.Close()
-
-			go server.Serve(lsnr)
-		} else if strings.HasPrefix(listeners[i], "tls://") {
-
-			listener = strings.TrimPrefix(listener, "tls://")
-
-			if *localCert == "" || *localKey == "" {
-				log.Fatal("TLS certificate/key not defined in config")
-			}
-
-			cert, err := tls.LoadX509KeyPair(*localCert, *localKey)
-			if err != nil {
-				log.Fatal(err)
-			}
-
-			server.TLSConfig = &tls.Config{
-				PreferServerCipherSuites: true,
-				MinVersion:               tls.VersionTLS11,
-				CipherSuites:             tlsCipherSuites,
-				Certificates:             []tls.Certificate{cert},
-			}
+			log.Printf("Listen on %s (STARTTLS) ...\n", listenAddr)
+			lsnr, err = net.Listen("tcp", listenAddr)
+		} else if strings.HasPrefix(listenAddr, "tls://") {
+			listenAddr = strings.TrimPrefix(listenAddr, "tls://")
 
-			log.Printf("Listen on %s (TLS) ...\n", listener)
-			lsnr, err := tls.Listen("tcp", listener, server.TLSConfig)
-			if err != nil {
-				log.Fatal(err)
-			}
-			defer lsnr.Close()
+			server.TLSConfig = getTLSConfig()
 
-			go server.Serve(lsnr)
+			log.Printf("Listen on %s (TLS) ...\n", listenAddr)
+			lsnr, err = tls.Listen("tcp", listenAddr, server.TLSConfig)
 		} else {
-			log.Fatal("Unknown protocol in listener ", listener)
+			log.Fatal("Unknown protocol in listen address ", listenAddr)
 		}
+
+		if err != nil {
+			log.Fatal(err)
+		}
+		defer lsnr.Close()
+
+		go server.Serve(lsnr)
 	}
 
 	for true {

Original file line number	Diff line number	Diff line change
`@@ -8,11 +8,15 @@ import (`
`8`	`8`	`)`
`9`	`9`
`10`	`10`	`func main() {`
	`11`	`+ if len(os.Args) != 2 {`
	`12`	`+ fmt.Fprintln(os.Stderr, "Usage: hasher PASSWORD")`
	`13`	`+ os.Exit(1)`
	`14`	`+ }`
`11`	`15`	`password := os.Args[1]`
`12`	`16`
`13`	`17`	`hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)`
`14`	`18`	`if err != nil {`
`15`		`- fmt.Println("Error generating hash: %s", err)`
	`19`	`+ fmt.Fprintln(os.Stderr, "Error generating hash: %s", err)`
`16`	`20`	`}`
`17`	`21`	`fmt.Println(string(hash))`
`18`	`22`	`}`