Implement SASL PLAIN authentication in SMTP server

The previous method of handling authentication was replaced with SASL PLAIN mechanism, allowing to standardize and secure the authentication process. Also, the error response for unsupported authentication mechanisms is added. Lastly, some settings for the fake SMTP server are put in place, including enabling Delivery Status Notification (DSN). Signed-off-by: Christian Roessner <c@roessner.co>
croessner · Jul 9, 2024 · 29bb038 · 29bb038
1 parent fcf2243
commit 29bb038
Showing 1 changed file with 20 additions and 5 deletions.
diff --git a/contrib/smtp-server/smtp-server.go b/contrib/smtp-server/smtp-server.go
@@ -9,6 +9,7 @@ import (
 	"os"
 	"time"
 
+	"github.com/emersion/go-sasl"
 	"github.com/emersion/go-smtp"
 	"github.com/pires/go-proxyproto"
 )
@@ -37,13 +38,23 @@ type Session struct {
 	auth bool
 }
 
-func (s *Session) AuthPlain(username, password string) error {
-	_ = password
-	s.auth = true
+func (s *Session) AuthMechanisms() []string {
+	return []string{"PLAIN"}
+}
+
+func (s *Session) Auth(mech string) (sasl.Server, error) {
+	if mech != "PLAIN" {
+		return nil, smtp.ErrAuthUnsupported
+	}
 
-	log.Println(fmt.Sprintf("AUTH username=<%s>", username))
+	server := sasl.NewPlainServer(func(identity, username, password string) error {
+		s.auth = true
+		log.Println(fmt.Sprintf("AUTH username=<%s>", username))
 
-	return nil
+		return nil
+	})
+
+	return server, nil
 }
 
 func (s *Session) Mail(from string, opts *smtp.MailOptions) error {
@@ -106,13 +117,17 @@ func main() {
 
 	s.Addr = address
 	s.Domain = serverName
+
 	s.ReadTimeout = 10 * time.Second
 	s.WriteTimeout = 10 * time.Second
+
 	s.MaxMessageBytes = 1024 * 1024
 	s.MaxRecipients = 50
+
 	s.AllowInsecureAuth = true
 	s.EnableBINARYMIME = true
 	s.EnableSMTPUTF8 = true
+	s.EnableDSN = true
 
 	log.Println("Starting fake server at", s.Addr)