From fab84974d967f8d351a94c72f8e3d92cc0300b66 Mon Sep 17 00:00:00 2001
From: Chris <christian@haschek.at>
Date: Tue, 28 Nov 2023 21:48:23 +0000
Subject: [PATCH] updated settings based on new understanding of TLS and
 STARTTLS

---
 .gitignore             |  3 ++-
 docker/rootfs/start.sh |  2 +-
 example.config.ini     |  2 +-
 python/mailserver3.py  | 34 ++++++++++++++++++++--------------
 4 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/.gitignore b/.gitignore
index e0cbdae..72650d2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 config.ini
-web/version.txt
\ No newline at end of file
+web/version.txt
+python/*.pem
\ No newline at end of file
diff --git a/docker/rootfs/start.sh b/docker/rootfs/start.sh
index fe724da..f1f54db 100644
--- a/docker/rootfs/start.sh
+++ b/docker/rootfs/start.sh
@@ -40,7 +40,7 @@ _buildConfig() {
     echo "MAILPORT=${MAILPORT:-25}"
     echo "DISCARD_UNKNOWN=${DISCARD_UNKNOWN:-true}"
     echo "ATTACHMENTS_MAX_SIZE=${ATTACHMENTS_MAX_SIZE:-0}"
-    echo "MAILPORT_STARTTLS=${MAILPORT_STARTTLS:-0}"
+    echo "MAILPORT_TLS=${MAILPORT_TLS:-0}"
     echo "TLS_CERTIFICATE=${TLS_CERTIFICATE:-}"
     echo "TLS_PRIVATE_KEY=${TLS_PRIVATE_KEY:-0}"
     echo ""
diff --git a/example.config.ini b/example.config.ini
index 1a30675..41a115b 100644
--- a/example.config.ini
+++ b/example.config.ini
@@ -33,7 +33,7 @@ MAILPORT=25
 
 ; TLS settings
 ;
-; MAILPORT_STARTTLS=587
+; MAILPORT_TLS=587
 ; TLS_CERTIFICATE=/path/to/your/fullchain.pem
 ; TLS_PRIVATE_KEY=/path/to/your/privkey.pem
 
diff --git a/python/mailserver3.py b/python/mailserver3.py
index 1912bfe..17235d3 100644
--- a/python/mailserver3.py
+++ b/python/mailserver3.py
@@ -23,7 +23,7 @@ ATTACHMENTS_MAX_SIZE = 0
 DOMAINS = []
 LAST_CLEANUP = 0
 URL = ""
-MAILPORT_STARTTLS = 0
+MAILPORT_TLS = 0
 TLS_CERTIFICATE = ""
 TLS_PRIVATE_KEY = ""
 
@@ -34,9 +34,9 @@ class CustomHandler:
         for rcpt in envelope.rcpt_tos:
             rcpts.append(rcpt)
         if(server.tls_context != None):
-            logger.debug('Receiving message from: %s:%d (TLS)' % peer)
+            logger.debug('Receiving message from: %s:%d (STARTTLS)' % peer)
         else:
-            logger.debug('Receiving message from: %s:%d (Plaintext)' % peer)
+            logger.debug('Receiving message from: %s:%d (Plaintext (or TLS))' % peer)
         logger.debug('Message addressed from: %s' % envelope.mail_from)
         logger.debug('Message addressed to: %s' % str(rcpts))
 
@@ -183,17 +183,23 @@ def cleanup():
 
 async def run(port):
 
-    if MAILPORT_STARTTLS > 0 and TLS_CERTIFICATE != "" and TLS_PRIVATE_KEY != "":
+    if TLS_CERTIFICATE != "" and TLS_PRIVATE_KEY != "":
         context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
         context.load_cert_chain(TLS_CERTIFICATE, TLS_PRIVATE_KEY)
-        controller_starttls = Controller(CustomHandler(), hostname='0.0.0.0', port=MAILPORT_STARTTLS, tls_context=context)
-        controller_starttls.start()
-        logger.info("[i] Starting TLS Mailserver on port " + str(MAILPORT_STARTTLS))
+        if MAILPORT_TLS > 0:
+            controller_tls = Controller(CustomHandler(), hostname='0.0.0.0', port=MAILPORT_TLS, ssl_context=context)
+            controller_tls.start()
 
-    controller_plaintext = Controller(CustomHandler(), hostname='0.0.0.0', port=port)
-    controller_plaintext.start()
+        controller_plaintext = Controller(CustomHandler(), hostname='0.0.0.0', port=port,tls_context=context)
+        controller_plaintext.start()
 
-    logger.info("[i] Starting plaintext Mailserver on port " + str(port))
+        logger.info("[i] Starting TLS only Mailserver on port " + str(MAILPORT_TLS))
+        logger.info("[i] Starting plaintext Mailserver (with STARTTLS support) on port " + str(port))
+    else:
+        controller_plaintext = Controller(CustomHandler(), hostname='0.0.0.0', port=port)
+        controller_plaintext.start()
+
+        logger.info("[i] Starting plaintext Mailserver on port " + str(port))
 
 
     logger.info("[i] Ready to receive Emails")
@@ -204,8 +210,8 @@ async def run(port):
             await asyncio.sleep(1)
     except KeyboardInterrupt:
         controller_plaintext.stop()
-        if(MAILPORT_STARTTLS > 0 and TLS_CERTIFICATE != "" and TLS_PRIVATE_KEY != ""):
-            controller_starttls.stop()
+        if(MAILPORT_TLS > 0 and TLS_CERTIFICATE != "" and TLS_PRIVATE_KEY != ""):
+            controller_tls.stop()
 
 if __name__ == '__main__':
     ch = logging.StreamHandler()
@@ -232,8 +238,8 @@ if __name__ == '__main__':
         if("CLEANUP" in Config.sections() and "delete_older_than_days" in Config.options("CLEANUP")):
             DELETE_OLDER_THAN_DAYS = (Config.get("CLEANUP", "DELETE_OLDER_THAN_DAYS").lower() == "true")
         
-        if("mailport_starttls" in Config.options("MAILSERVER")):
-            MAILPORT_STARTTLS = int(Config.get("MAILSERVER", "MAILPORT_STARTTLS"))
+        if("mailport_tls" in Config.options("MAILSERVER")):
+            MAILPORT_TLS = int(Config.get("MAILSERVER", "MAILPORT_TLS"))
         if("tls_certificate" in Config.options("MAILSERVER")):
             TLS_CERTIFICATE = Config.get("MAILSERVER", "TLS_CERTIFICATE")
         if("tls_private_key" in Config.options("MAILSERVER")):