shell bypass 403
'use strict';
const packageInfo = require('../../package.json');
const EventEmitter = require('events').EventEmitter;
const net = require('net');
const tls = require('tls');
const os = require('os');
const crypto = require('crypto');
const DataStream = require('./data-stream');
const PassThrough = require('stream').PassThrough;
const shared = require('../shared');
// default timeout values in ms
const CONNECTION_TIMEOUT = 2 * 60 * 1000; // how much to wait for the connection to be established
const SOCKET_TIMEOUT = 10 * 60 * 1000; // how much to wait for socket inactivity before disconnecting the client
const GREETING_TIMEOUT = 30 * 1000; // how much to wait after connection is established but SMTP greeting is not receieved
const DNS_TIMEOUT = 30 * 1000; // how much to wait for resolveHostname
/**
* Generates a SMTP connection object
*
* Optional options object takes the following possible properties:
*
* * **port** - is the port to connect to (defaults to 587 or 465)
* * **host** - is the hostname or IP address to connect to (defaults to 'localhost')
* * **secure** - use SSL
* * **ignoreTLS** - ignore server support for STARTTLS
* * **requireTLS** - forces the client to use STARTTLS
* * **name** - the name of the client server
* * **localAddress** - outbound address to bind to (see: http://nodejs.org/api/net.html#net_net_connect_options_connectionlistener)
* * **greetingTimeout** - Time to wait in ms until greeting message is received from the server (defaults to 10000)
* * **connectionTimeout** - how many milliseconds to wait for the connection to establish
* * **socketTimeout** - Time of inactivity until the connection is closed (defaults to 1 hour)
* * **dnsTimeout** - Time to wait in ms for the DNS requests to be resolved (defaults to 30 seconds)
* * **lmtp** - if true, uses LMTP instead of SMTP protocol
* * **logger** - bunyan compatible logger interface
* * **debug** - if true pass SMTP traffic to the logger
* * **tls** - options for createCredentials
* * **socket** - existing socket to use instead of creating a new one (see: http://nodejs.org/api/net.html#net_class_net_socket)
* * **secured** - boolean indicates that the provided socket has already been upgraded to tls
*
* @constructor
* @namespace SMTP Client module
* @param {Object} [options] Option properties
*/
class SMTPConnection extends EventEmitter {
constructor(options) {
super(options);
this.id = crypto.randomBytes(8).toString('base64').replace(/\W/g, '');
this.stage = 'init';
this.options = options || {};
this.secureConnection = !!this.options.secure;
this.alreadySecured = !!this.options.secured;
this.port = Number(this.options.port) || (this.secureConnection ? 465 : 587);
this.host = this.options.host || 'localhost';
this.servername = this.options.servername ? this.options.servername : !net.isIP(this.host) ? this.host : false;
this.allowInternalNetworkInterfaces = this.options.allowInternalNetworkInterfaces || false;
if (typeof this.options.secure === 'undefined' && this.port === 465) {
// if secure option is not set but port is 465, then default to secure
this.secureConnection = true;
}
this.name = this.options.name || this._getHostname();
this.logger = shared.getLogger(this.options, {
component: this.options.component || 'smtp-connection',
sid: this.id
});
this.customAuth = new Map();
Object.keys(this.options.customAuth || {}).forEach(key => {
let mapKey = (key || '').toString().trim().toUpperCase();
if (!mapKey) {
return;
}
this.customAuth.set(mapKey, this.options.customAuth[key]);
});
/**
* Expose version nr, just for the reference
* @type {String}
*/
this.version = packageInfo.version;
/**
* If true, then the user is authenticated
* @type {Boolean}
*/
this.authenticated = false;
/**
* If set to true, this instance is no longer active
* @private
*/
this.destroyed = false;
/**
* Defines if the current connection is secure or not. If not,
* STARTTLS can be used if available
* @private
*/
this.secure = !!this.secureConnection;
/**
* Store incomplete messages coming from the server
* @private
*/
this._remainder = '';
/**
* Unprocessed responses from the server
* @type {Array}
*/
this._responseQueue = [];
this.lastServerResponse = false;
/**
* The socket connecting to the server
* @publick
*/
this._socket = false;
/**
* Lists supported auth mechanisms
* @private
*/
this._supportedAuth = [];
/**
* Set to true, if EHLO response includes "AUTH".
* If false then authentication is not tried
*/
this.allowsAuth = false;
/**
* Includes current envelope (from, to)
* @private
*/
this._envelope = false;
/**
* Lists supported extensions
* @private
*/
this._supportedExtensions = [];
/**
* Defines the maximum allowed size for a single message
* @private
*/
this._maxAllowedSize = 0;
/**
* Function queue to run if a data chunk comes from the server
* @private
*/
this._responseActions = [];
this._recipientQueue = [];
/**
* Timeout variable for waiting the greeting
* @private
*/
this._greetingTimeout = false;
/**
* Timeout variable for waiting the connection to start
* @private
*/
this._connectionTimeout = false;
/**
* If the socket is deemed already closed
* @private
*/
this._destroyed = false;
/**
* If the socket is already being closed
* @private
*/
this._closing = false;
/**
* Callbacks for socket's listeners
*/
this._onSocketData = chunk => this._onData(chunk);
this._onSocketError = error => this._onError(error, 'ESOCKET', false, 'CONN');
this._onSocketClose = () => this._onClose();
this._onSocketEnd = () => this._onEnd();
this._onSocketTimeout = () => this._onTimeout();
}
/**
* Creates a connection to a SMTP server and sets up connection
* listener
*/
connect(connectCallback) {
if (typeof connectCallback === 'function') {
this.once('connect', () => {
this.logger.debug(
{
tnx: 'smtp'
},
'SMTP handshake finished'
);
connectCallback();
});
const isDestroyedMessage = this._isDestroyedMessage('connect');
if (isDestroyedMessage) {
return connectCallback(this._formatError(isDestroyedMessage, 'ECONNECTION', false, 'CONN'));
}
}
let opts = {
port: this.port,
host: this.host,
allowInternalNetworkInterfaces: this.allowInternalNetworkInterfaces,
timeout: this.options.dnsTimeout || DNS_TIMEOUT
};
if (this.options.localAddress) {
opts.localAddress = this.options.localAddress;
}
let setupConnectionHandlers = () => {
this._connectionTimeout = setTimeout(() => {
this._onError('Connection timeout', 'ETIMEDOUT', false, 'CONN');
}, this.options.connectionTimeout || CONNECTION_TIMEOUT);
this._socket.on('error', this._onSocketError);
};
if (this.options.connection) {
// connection is already opened
this._socket = this.options.connection;
if (this.secureConnection && !this.alreadySecured) {
setImmediate(() =>
this._upgradeConnection(err => {
if (err) {
this._onError(new Error('Error initiating TLS - ' + (err.message || err)), 'ETLS', false, 'CONN');
return;
}
this._onConnect();
})
);
} else {
setImmediate(() => this._onConnect());
}
return;
} else if (this.options.socket) {
// socket object is set up but not yet connected
this._socket = this.options.socket;
return shared.resolveHostname(opts, (err, resolved) => {
if (err) {
return setImmediate(() => this._onError(err, 'EDNS', false, 'CONN'));
}
this.logger.debug(
{
tnx: 'dns',
source: opts.host,
resolved: resolved.host,
cached: !!resolved.cached
},
'Resolved %s as %s [cache %s]',
opts.host,
resolved.host,
resolved.cached ? 'hit' : 'miss'
);
Object.keys(resolved).forEach(key => {
if (key.charAt(0) !== '_' && resolved[key]) {
opts[key] = resolved[key];
}
});
try {
this._socket.connect(this.port, this.host, () => {
this._socket.setKeepAlive(true);
this._onConnect();
});
setupConnectionHandlers();
} catch (E) {
return setImmediate(() => this._onError(E, 'ECONNECTION', false, 'CONN'));
}
});
} else if (this.secureConnection) {
// connect using tls
if (this.options.tls) {
Object.keys(this.options.tls).forEach(key => {
opts[key] = this.options.tls[key];
});
}
// ensure servername for SNI
if (this.servername && !opts.servername) {
opts.servername = this.servername;
}
return shared.resolveHostname(opts, (err, resolved) => {
if (err) {
return setImmediate(() => this._onError(err, 'EDNS', false, 'CONN'));
}
this.logger.debug(
{
tnx: 'dns',
source: opts.host,
resolved: resolved.host,
cached: !!resolved.cached
},
'Resolved %s as %s [cache %s]',
opts.host,
resolved.host,
resolved.cached ? 'hit' : 'miss'
);
Object.keys(resolved).forEach(key => {
if (key.charAt(0) !== '_' && resolved[key]) {
opts[key] = resolved[key];
}
});
try {
this._socket = tls.connect(opts, () => {
this._socket.setKeepAlive(true);
this._onConnect();
});
setupConnectionHandlers();
} catch (E) {
return setImmediate(() => this._onError(E, 'ECONNECTION', false, 'CONN'));
}
});
} else {
// connect using plaintext
return shared.resolveHostname(opts, (err, resolved) => {
if (err) {
return setImmediate(() => this._onError(err, 'EDNS', false, 'CONN'));
}
this.logger.debug(
{
tnx: 'dns',
source: opts.host,
resolved: resolved.host,
cached: !!resolved.cached
},
'Resolved %s as %s [cache %s]',
opts.host,
resolved.host,
resolved.cached ? 'hit' : 'miss'
);
Object.keys(resolved).forEach(key => {
if (key.charAt(0) !== '_' && resolved[key]) {
opts[key] = resolved[key];
}
});
try {
this._socket = net.connect(opts, () => {
this._socket.setKeepAlive(true);
this._onConnect();
});
setupConnectionHandlers();
} catch (E) {
return setImmediate(() => this._onError(E, 'ECONNECTION', false, 'CONN'));
}
});
}
}
/**
* Sends QUIT
*/
quit() {
this._sendCommand('QUIT');
this._responseActions.push(this.close);
}
/**
* Closes the connection to the server
*/
close() {
clearTimeout(this._connectionTimeout);
clearTimeout(this._greetingTimeout);
this._responseActions = [];
// allow to run this function only once
if (this._closing) {
return;
}
this._closing = true;
let closeMethod = 'end';
if (this.stage === 'init') {
// Close the socket immediately when connection timed out
closeMethod = 'destroy';
}
this.logger.debug(
{
tnx: 'smtp'
},
'Closing connection to the server using "%s"',
closeMethod
);
let socket = (this._socket && this._socket.socket) || this._socket;
if (socket && !socket.destroyed) {
try {
this._socket[closeMethod]();
} catch (E) {
// just ignore
}
}
this._destroy();
}
/**
* Authenticate user
*/
login(authData, callback) {
const isDestroyedMessage = this._isDestroyedMessage('login');
if (isDestroyedMessage) {
return callback(this._formatError(isDestroyedMessage, 'ECONNECTION', false, 'API'));
}
this._auth = authData || {};
// Select SASL authentication method
this._authMethod = (this._auth.method || '').toString().trim().toUpperCase() || false;
if (!this._authMethod && this._auth.oauth2 && !this._auth.credentials) {
this._authMethod = 'XOAUTH2';
} else if (!this._authMethod || (this._authMethod === 'XOAUTH2' && !this._auth.oauth2)) {
// use first supported
this._authMethod = (this._supportedAuth[0] || 'PLAIN').toUpperCase().trim();
}
if (this._authMethod !== 'XOAUTH2' && (!this._auth.credentials || !this._auth.credentials.user || !this._auth.credentials.pass)) {
if ((this._auth.user && this._auth.pass) || this.customAuth.has(this._authMethod)) {
this._auth.credentials = {
user: this._auth.user,
pass: this._auth.pass,
options: this._auth.options
};
} else {
return callback(this._formatError('Missing credentials for "' + this._authMethod + '"', 'EAUTH', false, 'API'));
}
}
if (this.customAuth.has(this._authMethod)) {
let handler = this.customAuth.get(this._authMethod);
let lastResponse;
let returned = false;
let resolve = () => {
if (returned) {
return;
}
returned = true;
this.logger.info(
{
tnx: 'smtp',
username: this._auth.user,
action: 'authenticated',
method: this._authMethod
},
'User %s authenticated',
JSON.stringify(this._auth.user)
);
this.authenticated = true;
callback(null, true);
};
let reject = err => {
if (returned) {
return;
}
returned = true;
callback(this._formatError(err, 'EAUTH', lastResponse, 'AUTH ' + this._authMethod));
};
let handlerResponse = handler({
auth: this._auth,
method: this._authMethod,
extensions: [].concat(this._supportedExtensions),
authMethods: [].concat(this._supportedAuth),
maxAllowedSize: this._maxAllowedSize || false,
sendCommand: (cmd, done) => {
let promise;
if (!done) {
promise = new Promise((resolve, reject) => {
done = shared.callbackPromise(resolve, reject);
});
}
this._responseActions.push(str => {
lastResponse = str;
let codes = str.match(/^(\d+)(?:\s(\d+\.\d+\.\d+))?\s/);
let data = {
command: cmd,
response: str
};
if (codes) {
data.status = Number(codes[1]) || 0;
if (codes[2]) {
data.code = codes[2];
}
data.text = str.substr(codes[0].length);
} else {
data.text = str;
data.status = 0; // just in case we need to perform numeric comparisons
}
done(null, data);
});
setImmediate(() => this._sendCommand(cmd));
return promise;
},
resolve,
reject
});
if (handlerResponse && typeof handlerResponse.catch === 'function') {
// a promise was returned
handlerResponse.then(resolve).catch(reject);
}
return;
}
switch (this._authMethod) {
case 'XOAUTH2':
this._handleXOauth2Token(false, callback);
return;
case 'LOGIN':
this._responseActions.push(str => {
this._actionAUTH_LOGIN_USER(str, callback);
});
this._sendCommand('AUTH LOGIN');
return;
case 'PLAIN':
this._responseActions.push(str => {
this._actionAUTHComplete(str, callback);
});
this._sendCommand(
'AUTH PLAIN ' +
Buffer.from(
//this._auth.user+'\u0000'+
'\u0000' + // skip authorization identity as it causes problems with some servers
this._auth.credentials.user +
'\u0000' +
this._auth.credentials.pass,
'utf-8'
).toString('base64'),
// log entry without passwords
'AUTH PLAIN ' +
Buffer.from(
//this._auth.user+'\u0000'+
'\u0000' + // skip authorization identity as it causes problems with some servers
this._auth.credentials.user +
'\u0000' +
'/* secret */',
'utf-8'
).toString('base64')
);
return;
case 'CRAM-MD5':
this._responseActions.push(str => {
this._actionAUTH_CRAM_MD5(str, callback);
});
this._sendCommand('AUTH CRAM-MD5');
return;
}
return callback(this._formatError('Unknown authentication method "' + this._authMethod + '"', 'EAUTH', false, 'API'));
}
/**
* Sends a message
*
* @param {Object} envelope Envelope object, {from: addr, to: [addr]}
* @param {Object} message String, Buffer or a Stream
* @param {Function} callback Callback to return once sending is completed
*/
send(envelope, message, done) {
if (!message) {
return done(this._formatError('Empty message', 'EMESSAGE', false, 'API'));
}
const isDestroyedMessage = this._isDestroyedMessage('send message');
if (isDestroyedMessage) {
return done(this._formatError(isDestroyedMessage, 'ECONNECTION', false, 'API'));
}
// reject larger messages than allowed
if (this._maxAllowedSize && envelope.size > this._maxAllowedSize) {
return setImmediate(() => {
done(this._formatError('Message size larger than allowed ' + this._maxAllowedSize, 'EMESSAGE', false, 'MAIL FROM'));
});
}
// ensure that callback is only called once
let returned = false;
let callback = function () {
if (returned) {
return;
}
returned = true;
done(...arguments);
};
if (typeof message.on === 'function') {
message.on('error', err => callback(this._formatError(err, 'ESTREAM', false, 'API')));
}
let startTime = Date.now();
this._setEnvelope(envelope, (err, info) => {
if (err) {
// create passthrough stream to consume to prevent OOM
let stream = new PassThrough();
if (typeof message.pipe === 'function') {
message.pipe(stream);
} else {
stream.write(message);
stream.end();
}
return callback(err);
}
let envelopeTime = Date.now();
let stream = this._createSendStream((err, str) => {
if (err) {
return callback(err);
}
info.envelopeTime = envelopeTime - startTime;
info.messageTime = Date.now() - envelopeTime;
info.messageSize = stream.outByteCount;
info.response = str;
return callback(null, info);
});
if (typeof message.pipe === 'function') {
message.pipe(stream);
} else {
stream.write(message);
stream.end();
}
});
}
/**
* Resets connection state
*
* @param {Function} callback Callback to return once connection is reset
*/
reset(callback) {
this._sendCommand('RSET');
this._responseActions.push(str => {
if (str.charAt(0) !== '2') {
return callback(this._formatError('Could not reset session state. response=' + str, 'EPROTOCOL', str, 'RSET'));
}
this._envelope = false;
return callback(null, true);
});
}
/**
* Connection listener that is run when the connection to
* the server is opened
*
* @event
*/
_onConnect() {
clearTimeout(this._connectionTimeout);
this.logger.info(
{
tnx: 'network',
localAddress: this._socket.localAddress,
localPort: this._socket.localPort,
remoteAddress: this._socket.remoteAddress,
remotePort: this._socket.remotePort
},
'%s established to %s:%s',
this.secure ? 'Secure connection' : 'Connection',
this._socket.remoteAddress,
this._socket.remotePort
);
if (this._destroyed) {
// Connection was established after we already had canceled it
this.close();
return;
}
this.stage = 'connected';
// clear existing listeners for the socket
this._socket.removeListener('data', this._onSocketData);
this._socket.removeListener('timeout', this._onSocketTimeout);
this._socket.removeListener('close', this._onSocketClose);
this._socket.removeListener('end', this._onSocketEnd);
this._socket.on('data', this._onSocketData);
this._socket.once('close', this._onSocketClose);
this._socket.once('end', this._onSocketEnd);
this._socket.setTimeout(this.options.socketTimeout || SOCKET_TIMEOUT);
this._socket.on('timeout', this._onSocketTimeout);
this._greetingTimeout = setTimeout(() => {
// if still waiting for greeting, give up
if (this._socket && !this._destroyed && this._responseActions[0] === this._actionGreeting) {
this._onError('Greeting never received', 'ETIMEDOUT', false, 'CONN');
}
}, this.options.greetingTimeout || GREETING_TIMEOUT);
this._responseActions.push(this._actionGreeting);
// we have a 'data' listener set up so resume socket if it was paused
this._socket.resume();
}
/**
* 'data' listener for data coming from the server
*
* @event
* @param {Buffer} chunk Data chunk coming from the server
*/
_onData(chunk) {
if (this._destroyed || !chunk || !chunk.length) {
return;
}
let data = (chunk || '').toString('binary');
let lines = (this._remainder + data).split(/\r?\n/);
let lastline;
this._remainder = lines.pop();
for (let i = 0, len = lines.length; i < len; i++) {
if (this._responseQueue.length) {
lastline = this._responseQueue[this._responseQueue.length - 1];
if (/^\d+-/.test(lastline.split('\n').pop())) {
this._responseQueue[this._responseQueue.length - 1] += '\n' + lines[i];
continue;
}
}
this._responseQueue.push(lines[i]);
}
if (this._responseQueue.length) {
lastline = this._responseQueue[this._responseQueue.length - 1];
if (/^\d+-/.test(lastline.split('\n').pop())) {
return;
}
}
this._processResponse();
}
/**
* 'error' listener for the socket
*
* @event
* @param {Error} err Error object
* @param {String} type Error name
*/
_onError(err, type, data, command) {
clearTimeout(this._connectionTimeout);
clearTimeout(this._greetingTimeout);
if (this._destroyed) {
// just ignore, already closed
// this might happen when a socket is canceled because of reached timeout
// but the socket timeout error itself receives only after
return;
}
err = this._formatError(err, type, data, command);
this.logger.error(data, err.message);
this.emit('error', err);
this.close();
}
_formatError(message, type, response, command) {
let err;
if (/Error\]$/i.test(Object.prototype.toString.call(message))) {
err = message;
} else {
err = new Error(message);
}
if (type && type !== 'Error') {
err.code = type;
}
if (response) {
err.response = response;
err.message += ': ' + response;
}
let responseCode = (typeof response === 'string' && Number((response.match(/^\d+/) || [])[0])) || false;
if (responseCode) {
err.responseCode = responseCode;
}
if (command) {
err.command = command;
}
return err;
}
/**
* 'close' listener for the socket
*
* @event
*/
_onClose() {
let serverResponse = false;
if (this._remainder && this._remainder.trim()) {
if (this.options.debug || this.options.transactionLog) {
this.logger.debug(
{
tnx: 'server'
},
this._remainder.replace(/\r?\n$/, '')
);
}
this.lastServerResponse = serverResponse = this._remainder.trim();
}
this.logger.info(
{
tnx: 'network'
},
'Connection closed'
);
if (this.upgrading && !this._destroyed) {
return this._onError(new Error('Connection closed unexpectedly'), 'ETLS', serverResponse, 'CONN');
} else if (![this._actionGreeting, this.close].includes(this._responseActions[0]) && !this._destroyed) {
return this._onError(new Error('Connection closed unexpectedly'), 'ECONNECTION', serverResponse, 'CONN');
} else if (/^[45]\d{2}\b/.test(serverResponse)) {
return this._onError(new Error('Connection closed unexpectedly'), 'ECONNECTION', serverResponse, 'CONN');
}
this._destroy();
}
/**
* 'end' listener for the socket
*
* @event
*/
_onEnd() {
if (this._socket && !this._socket.destroyed) {
this._socket.destroy();
}
}
/**
* 'timeout' listener for the socket
*
* @event
*/
_onTimeout() {
return this._onError(new Error('Timeout'), 'ETIMEDOUT', false, 'CONN');
}
/**
* Destroys the client, emits 'end'
*/
_destroy() {
if (this._destroyed) {
return;
}
this._destroyed = true;
this.emit('end');
}
/**
* Upgrades the connection to TLS
*
* @param {Function} callback Callback function to run when the connection
* has been secured
*/
_upgradeConnection(callback) {
// do not remove all listeners or it breaks node v0.10 as there's
// apparently a 'finish' event set that would be cleared as well
// we can safely keep 'error', 'end', 'close' etc. events
this._socket.removeListener('data', this._onSocketData); // incoming data is going to be gibberish from this point onwards
this._socket.removeListener('timeout', this._onSocketTimeout); // timeout will be re-set for the new socket object
let socketPlain = this._socket;
let opts = {
socket: this._socket,
host: this.host
};
Object.keys(this.options.tls || {}).forEach(key => {
opts[key] = this.options.tls[key];
});
// ensure servername for SNI
if (this.servername && !opts.servername) {
opts.servername = this.servername;
}
this.upgrading = true;
// tls.connect is not an asynchronous function however it may still throw errors and requires to be wrapped with try/catch
try {
this._socket = tls.connect(opts, () => {
this.secure = true;
this.upgrading = false;
this._socket.on('data', this._onSocketData);
socketPlain.removeListener('close', this._onSocketClose);
socketPlain.removeListener('end', this._onSocketEnd);
return callback(null, true);
});
} catch (err) {
return callback(err);
}
this._socket.on('error', this._onSocketError);
this._socket.once('close', this._onSocketClose);
this._socket.once('end', this._onSocketEnd);
this._socket.setTimeout(this.options.socketTimeout || SOCKET_TIMEOUT); // 10 min.
this._socket.on('timeout', this._onSocketTimeout);
// resume in case the socket was paused
socketPlain.resume();
}
/**
* Processes queued responses from the server
*
* @param {Boolean} force If true, ignores _processing flag
*/
_processResponse() {
if (!this._responseQueue.length) {
return false;
}
let str = (this.lastServerResponse = (this._responseQueue.shift() || '').toString());
if (/^\d+-/.test(str.split('\n').pop())) {
// keep waiting for the final part of multiline response
return;
}
if (this.options.debug || this.options.transactionLog) {
this.logger.debug(
{
tnx: 'server'
},
str.replace(/\r?\n$/, '')
);
}
if (!str.trim()) {
// skip unexpected empty lines
setImmediate(() => this._processResponse());
}
let action = this._responseActions.shift();
if (typeof action === 'function') {
action.call(this, str);
setImmediate(() => this._processResponse());
} else {
return this._onError(new Error('Unexpected Response'), 'EPROTOCOL', str, 'CONN');
}
}
/**
* Send a command to the server, append \r\n
*
* @param {String} str String to be sent to the server
* @param {String} logStr Optional string to be used for logging instead of the actual string
*/
_sendCommand(str, logStr) {
if (this._destroyed) {
// Connection already closed, can't send any more data
return;
}
if (this._socket.destroyed) {
return this.close();
}
if (this.options.debug || this.options.transactionLog) {
this.logger.debug(
{
tnx: 'client'
},
(logStr || str || '').toString().replace(/\r?\n$/, '')
);
}
this._socket.write(Buffer.from(str + '\r\n', 'utf-8'));
}
/**
* Initiates a new message by submitting envelope data, starting with
* MAIL FROM: command
*
* @param {Object} envelope Envelope object in the form of
* {from:'...', to:['...']}
* or
* {from:{address:'...',name:'...'}, to:[address:'...',name:'...']}
*/
_setEnvelope(envelope, callback) {
let args = [];
let useSmtpUtf8 = false;
this._envelope = envelope || {};
this._envelope.from = ((this._envelope.from && this._envelope.from.address) || this._envelope.from || '').toString().trim();
this._envelope.to = [].concat(this._envelope.to || []).map(to => ((to && to.address) || to || '').toString().trim());
if (!this._envelope.to.length) {
return callback(this._formatError('No recipients defined', 'EENVELOPE', false, 'API'));
}
if (this._envelope.from && /[\r\n<>]/.test(this._envelope.from)) {
return callback(this._formatError('Invalid sender ' + JSON.stringify(this._envelope.from), 'EENVELOPE', false, 'API'));
}
// check if the sender address uses only ASCII characters,
// otherwise require usage of SMTPUTF8 extension
if (/[\x80-\uFFFF]/.test(this._envelope.from)) {
useSmtpUtf8 = true;
}
for (let i = 0, len = this._envelope.to.length; i < len; i++) {
if (!this._envelope.to[i] || /[\r\n<>]/.test(this._envelope.to[i])) {
return callback(this._formatError('Invalid recipient ' + JSON.stringify(this._envelope.to[i]), 'EENVELOPE', false, 'API'));
}
// check if the recipients addresses use only ASCII characters,
// otherwise require usage of SMTPUTF8 extension
if (/[\x80-\uFFFF]/.test(this._envelope.to[i])) {
useSmtpUtf8 = true;
}
}
// clone the recipients array for latter manipulation
this._envelope.rcptQueue = JSON.parse(JSON.stringify(this._envelope.to || []));
this._envelope.rejected = [];
this._envelope.rejectedErrors = [];
this._envelope.accepted = [];
if (this._envelope.dsn) {
try {
this._envelope.dsn = this._setDsnEnvelope(this._envelope.dsn);
} catch (err) {
return callback(this._formatError('Invalid DSN ' + err.message, 'EENVELOPE', false, 'API'));
}
}
this._responseActions.push(str => {
this._actionMAIL(str, callback);
});
// If the server supports SMTPUTF8 and the envelope includes an internationalized
// email address then append SMTPUTF8 keyword to the MAIL FROM command
if (useSmtpUtf8 && this._supportedExtensions.includes('SMTPUTF8')) {
args.push('SMTPUTF8');
this._usingSmtpUtf8 = true;
}
// If the server supports 8BITMIME and the message might contain non-ascii bytes
// then append the 8BITMIME keyword to the MAIL FROM command
if (this._envelope.use8BitMime && this._supportedExtensions.includes('8BITMIME')) {
args.push('BODY=8BITMIME');
this._using8BitMime = true;
}
if (this._envelope.size && this._supportedExtensions.includes('SIZE')) {
args.push('SIZE=' + this._envelope.size);
}
// If the server supports DSN and the envelope includes an DSN prop
// then append DSN params to the MAIL FROM command
if (this._envelope.dsn && this._supportedExtensions.includes('DSN')) {
if (this._envelope.dsn.ret) {
args.push('RET=' + shared.encodeXText(this._envelope.dsn.ret));
}
if (this._envelope.dsn.envid) {
args.push('ENVID=' + shared.encodeXText(this._envelope.dsn.envid));
}
}
this._sendCommand('MAIL FROM:<' + this._envelope.from + '>' + (args.length ? ' ' + args.join(' ') : ''));
}
_setDsnEnvelope(params) {
let ret = (params.ret || params.return || '').toString().toUpperCase() || null;
if (ret) {
switch (ret) {
case 'HDRS':
case 'HEADERS':
ret = 'HDRS';
break;
case 'FULL':
case 'BODY':
ret = 'FULL';
break;
}
}
if (ret && !['FULL', 'HDRS'].includes(ret)) {
throw new Error('ret: ' + JSON.stringify(ret));
}
let envid = (params.envid || params.id || '').toString() || null;
let notify = params.notify || null;
if (notify) {
if (typeof notify === 'string') {
notify = notify.split(',');
}
notify = notify.map(n => n.trim().toUpperCase());
let validNotify = ['NEVER', 'SUCCESS', 'FAILURE', 'DELAY'];
let invaliNotify = notify.filter(n => !validNotify.includes(n));
if (invaliNotify.length || (notify.length > 1 && notify.includes('NEVER'))) {
throw new Error('notify: ' + JSON.stringify(notify.join(',')));
}
notify = notify.join(',');
}
let orcpt = (params.recipient || params.orcpt || '').toString() || null;
if (orcpt && orcpt.indexOf(';') < 0) {
orcpt = 'rfc822;' + orcpt;
}
return {
ret,
envid,
notify,
orcpt
};
}
_getDsnRcptToArgs() {
let args = [];
// If the server supports DSN and the envelope includes an DSN prop
// then append DSN params to the RCPT TO command
if (this._envelope.dsn && this._supportedExtensions.includes('DSN')) {
if (this._envelope.dsn.notify) {
args.push('NOTIFY=' + shared.encodeXText(this._envelope.dsn.notify));
}
if (this._envelope.dsn.orcpt) {
args.push('ORCPT=' + shared.encodeXText(this._envelope.dsn.orcpt));
}
}
return args.length ? ' ' + args.join(' ') : '';
}
_createSendStream(callback) {
let dataStream = new DataStream();
let logStream;
if (this.options.lmtp) {
this._envelope.accepted.forEach((recipient, i) => {
let final = i === this._envelope.accepted.length - 1;
this._responseActions.push(str => {
this._actionLMTPStream(recipient, final, str, callback);
});
});
} else {
this._responseActions.push(str => {
this._actionSMTPStream(str, callback);
});
}
dataStream.pipe(this._socket, {
end: false
});
if (this.options.debug) {
logStream = new PassThrough();
logStream.on('readable', () => {
let chunk;
while ((chunk = logStream.read())) {
this.logger.debug(
{
tnx: 'message'
},
chunk.toString('binary').replace(/\r?\n$/, '')
);
}
});
dataStream.pipe(logStream);
}
dataStream.once('end', () => {
this.logger.info(
{
tnx: 'message',
inByteCount: dataStream.inByteCount,
outByteCount: dataStream.outByteCount
},
'<%s bytes encoded mime message (source size %s bytes)>',
dataStream.outByteCount,
dataStream.inByteCount
);
});
return dataStream;
}
/** ACTIONS **/
/**
* Will be run after the connection is created and the server sends
* a greeting. If the incoming message starts with 220 initiate
* SMTP session by sending EHLO command
*
* @param {String} str Message from the server
*/
_actionGreeting(str) {
clearTimeout(this._greetingTimeout);
if (str.substr(0, 3) !== '220') {
this._onError(new Error('Invalid greeting. response=' + str), 'EPROTOCOL', str, 'CONN');
return;
}
if (this.options.lmtp) {
this._responseActions.push(this._actionLHLO);
this._sendCommand('LHLO ' + this.name);
} else {
this._responseActions.push(this._actionEHLO);
this._sendCommand('EHLO ' + this.name);
}
}
/**
* Handles server response for LHLO command. If it yielded in
* error, emit 'error', otherwise treat this as an EHLO response
*
* @param {String} str Message from the server
*/
_actionLHLO(str) {
if (str.charAt(0) !== '2') {
this._onError(new Error('Invalid LHLO. response=' + str), 'EPROTOCOL', str, 'LHLO');
return;
}
this._actionEHLO(str);
}
/**
* Handles server response for EHLO command. If it yielded in
* error, try HELO instead, otherwise initiate TLS negotiation
* if STARTTLS is supported by the server or move into the
* authentication phase.
*
* @param {String} str Message from the server
*/
_actionEHLO(str) {
let match;
if (str.substr(0, 3) === '421') {
this._onError(new Error('Server terminates connection. response=' + str), 'ECONNECTION', str, 'EHLO');
return;
}
if (str.charAt(0) !== '2') {
if (this.options.requireTLS) {
this._onError(new Error('EHLO failed but HELO does not support required STARTTLS. response=' + str), 'ECONNECTION', str, 'EHLO');
return;
}
// Try HELO instead
this._responseActions.push(this._actionHELO);
this._sendCommand('HELO ' + this.name);
return;
}
this._ehloLines = str
.split(/\r?\n/)
.map(line => line.replace(/^\d+[ -]/, '').trim())
.filter(line => line)
.slice(1);
// Detect if the server supports STARTTLS
if (!this.secure && !this.options.ignoreTLS && (/[ -]STARTTLS\b/im.test(str) || this.options.requireTLS)) {
this._sendCommand('STARTTLS');
this._responseActions.push(this._actionSTARTTLS);
return;
}
// Detect if the server supports SMTPUTF8
if (/[ -]SMTPUTF8\b/im.test(str)) {
this._supportedExtensions.push('SMTPUTF8');
}
// Detect if the server supports DSN
if (/[ -]DSN\b/im.test(str)) {
this._supportedExtensions.push('DSN');
}
// Detect if the server supports 8BITMIME
if (/[ -]8BITMIME\b/im.test(str)) {
this._supportedExtensions.push('8BITMIME');
}
// Detect if the server supports PIPELINING
if (/[ -]PIPELINING\b/im.test(str)) {
this._supportedExtensions.push('PIPELINING');
}
// Detect if the server supports AUTH
if (/[ -]AUTH\b/i.test(str)) {
this.allowsAuth = true;
}
// Detect if the server supports PLAIN auth
if (/[ -]AUTH(?:(\s+|=)[^\n]*\s+|\s+|=)PLAIN/i.test(str)) {
this._supportedAuth.push('PLAIN');
}
// Detect if the server supports LOGIN auth
if (/[ -]AUTH(?:(\s+|=)[^\n]*\s+|\s+|=)LOGIN/i.test(str)) {
this._supportedAuth.push('LOGIN');
}
// Detect if the server supports CRAM-MD5 auth
if (/[ -]AUTH(?:(\s+|=)[^\n]*\s+|\s+|=)CRAM-MD5/i.test(str)) {
this._supportedAuth.push('CRAM-MD5');
}
// Detect if the server supports XOAUTH2 auth
if (/[ -]AUTH(?:(\s+|=)[^\n]*\s+|\s+|=)XOAUTH2/i.test(str)) {
this._supportedAuth.push('XOAUTH2');
}
// Detect if the server supports SIZE extensions (and the max allowed size)
if ((match = str.match(/[ -]SIZE(?:[ \t]+(\d+))?/im))) {
this._supportedExtensions.push('SIZE');
this._maxAllowedSize = Number(match[1]) || 0;
}
this.emit('connect');
}
/**
* Handles server response for HELO command. If it yielded in
* error, emit 'error', otherwise move into the authentication phase.
*
* @param {String} str Message from the server
*/
_actionHELO(str) {
if (str.charAt(0) !== '2') {
this._onError(new Error('Invalid HELO. response=' + str), 'EPROTOCOL', str, 'HELO');
return;
}
// assume that authentication is enabled (most probably is not though)
this.allowsAuth = true;
this.emit('connect');
}
/**
* Handles server response for STARTTLS command. If there's an error
* try HELO instead, otherwise initiate TLS upgrade. If the upgrade
* succeedes restart the EHLO
*
* @param {String} str Message from the server
*/
_actionSTARTTLS(str) {
if (str.charAt(0) !== '2') {
if (this.options.opportunisticTLS) {
this.logger.info(
{
tnx: 'smtp'
},
'Failed STARTTLS upgrade, continuing unencrypted'
);
return this.emit('connect');
}
this._onError(new Error('Error upgrading connection with STARTTLS'), 'ETLS', str, 'STARTTLS');
return;
}
this._upgradeConnection((err, secured) => {
if (err) {
this._onError(new Error('Error initiating TLS - ' + (err.message || err)), 'ETLS', false, 'STARTTLS');
return;
}
this.logger.info(
{
tnx: 'smtp'
},
'Connection upgraded with STARTTLS'
);
if (secured) {
// restart session
if (this.options.lmtp) {
this._responseActions.push(this._actionLHLO);
this._sendCommand('LHLO ' + this.name);
} else {
this._responseActions.push(this._actionEHLO);
this._sendCommand('EHLO ' + this.name);
}
} else {
this.emit('connect');
}
});
}
/**
* Handle the response for AUTH LOGIN command. We are expecting
* '334 VXNlcm5hbWU6' (base64 for 'Username:'). Data to be sent as
* response needs to be base64 encoded username. We do not need
* exact match but settle with 334 response in general as some
* hosts invalidly use a longer message than VXNlcm5hbWU6
*
* @param {String} str Message from the server
*/
_actionAUTH_LOGIN_USER(str, callback) {
if (!/^334[ -]/.test(str)) {
// expecting '334 VXNlcm5hbWU6'
callback(this._formatError('Invalid login sequence while waiting for "334 VXNlcm5hbWU6"', 'EAUTH', str, 'AUTH LOGIN'));
return;
}
this._responseActions.push(str => {
this._actionAUTH_LOGIN_PASS(str, callback);
});
this._sendCommand(Buffer.from(this._auth.credentials.user + '', 'utf-8').toString('base64'));
}
/**
* Handle the response for AUTH CRAM-MD5 command. We are expecting
* '334 <challenge string>'. Data to be sent as response needs to be
* base64 decoded challenge string, MD5 hashed using the password as
* a HMAC key, prefixed by the username and a space, and finally all
* base64 encoded again.
*
* @param {String} str Message from the server
*/
_actionAUTH_CRAM_MD5(str, callback) {
let challengeMatch = str.match(/^334\s+(.+)$/);
let challengeString = '';
if (!challengeMatch) {
return callback(this._formatError('Invalid login sequence while waiting for server challenge string', 'EAUTH', str, 'AUTH CRAM-MD5'));
} else {
challengeString = challengeMatch[1];
}
// Decode from base64
let base64decoded = Buffer.from(challengeString, 'base64').toString('ascii'),
hmacMD5 = crypto.createHmac('md5', this._auth.credentials.pass);
hmacMD5.update(base64decoded);
let prepended = this._auth.credentials.user + ' ' + hmacMD5.digest('hex');
this._responseActions.push(str => {
this._actionAUTH_CRAM_MD5_PASS(str, callback);
});
this._sendCommand(
Buffer.from(prepended).toString('base64'),
// hidden hash for logs
Buffer.from(this._auth.credentials.user + ' /* secret */').toString('base64')
);
}
/**
* Handles the response to CRAM-MD5 authentication, if there's no error,
* the user can be considered logged in. Start waiting for a message to send
*
* @param {String} str Message from the server
*/
_actionAUTH_CRAM_MD5_PASS(str, callback) {
if (!str.match(/^235\s+/)) {
return callback(this._formatError('Invalid login sequence while waiting for "235"', 'EAUTH', str, 'AUTH CRAM-MD5'));
}
this.logger.info(
{
tnx: 'smtp',
username: this._auth.user,
action: 'authenticated',
method: this._authMethod
},
'User %s authenticated',
JSON.stringify(this._auth.user)
);
this.authenticated = true;
callback(null, true);
}
/**
* Handle the response for AUTH LOGIN command. We are expecting
* '334 UGFzc3dvcmQ6' (base64 for 'Password:'). Data to be sent as
* response needs to be base64 encoded password.
*
* @param {String} str Message from the server
*/
_actionAUTH_LOGIN_PASS(str, callback) {
if (!/^334[ -]/.test(str)) {
// expecting '334 UGFzc3dvcmQ6'
return callback(this._formatError('Invalid login sequence while waiting for "334 UGFzc3dvcmQ6"', 'EAUTH', str, 'AUTH LOGIN'));
}
this._responseActions.push(str => {
this._actionAUTHComplete(str, callback);
});
this._sendCommand(
Buffer.from((this._auth.credentials.pass || '').toString(), 'utf-8').toString('base64'),
// Hidden pass for logs
Buffer.from('/* secret */', 'utf-8').toString('base64')
);
}
/**
* Handles the response for authentication, if there's no error,
* the user can be considered logged in. Start waiting for a message to send
*
* @param {String} str Message from the server
*/
_actionAUTHComplete(str, isRetry, callback) {
if (!callback && typeof isRetry === 'function') {
callback = isRetry;
isRetry = false;
}
if (str.substr(0, 3) === '334') {
this._responseActions.push(str => {
if (isRetry || this._authMethod !== 'XOAUTH2') {
this._actionAUTHComplete(str, true, callback);
} else {
// fetch a new OAuth2 access token
setImmediate(() => this._handleXOauth2Token(true, callback));
}
});
this._sendCommand('');
return;
}
if (str.charAt(0) !== '2') {
this.logger.info(
{
tnx: 'smtp',
username: this._auth.user,
action: 'authfail',
method: this._authMethod
},
'User %s failed to authenticate',
JSON.stringify(this._auth.user)
);
return callback(this._formatError('Invalid login', 'EAUTH', str, 'AUTH ' + this._authMethod));
}
this.logger.info(
{
tnx: 'smtp',
username: this._auth.user,
action: 'authenticated',
method: this._authMethod
},
'User %s authenticated',
JSON.stringify(this._auth.user)
);
this.authenticated = true;
callback(null, true);
}
/**
* Handle response for a MAIL FROM: command
*
* @param {String} str Message from the server
*/
_actionMAIL(str, callback) {
let message, curRecipient;
if (Number(str.charAt(0)) !== 2) {
if (this._usingSmtpUtf8 && /^550 /.test(str) && /[\x80-\uFFFF]/.test(this._envelope.from)) {
message = 'Internationalized mailbox name not allowed';
} else {
message = 'Mail command failed';
}
return callback(this._formatError(message, 'EENVELOPE', str, 'MAIL FROM'));
}
if (!this._envelope.rcptQueue.length) {
return callback(this._formatError('Can\x27t send mail - no recipients defined', 'EENVELOPE', false, 'API'));
} else {
this._recipientQueue = [];
if (this._supportedExtensions.includes('PIPELINING')) {
while (this._envelope.rcptQueue.length) {
curRecipient = this._envelope.rcptQueue.shift();
this._recipientQueue.push(curRecipient);
this._responseActions.push(str => {
this._actionRCPT(str, callback);
});
this._sendCommand('RCPT TO:<' + curRecipient + '>' + this._getDsnRcptToArgs());
}
} else {
curRecipient = this._envelope.rcptQueue.shift();
this._recipientQueue.push(curRecipient);
this._responseActions.push(str => {
this._actionRCPT(str, callback);
});
this._sendCommand('RCPT TO:<' + curRecipient + '>' + this._getDsnRcptToArgs());
}
}
}
/**
* Handle response for a RCPT TO: command
*
* @param {String} str Message from the server
*/
_actionRCPT(str, callback) {
let message,
err,
curRecipient = this._recipientQueue.shift();
if (Number(str.charAt(0)) !== 2) {
// this is a soft error
if (this._usingSmtpUtf8 && /^553 /.test(str) && /[\x80-\uFFFF]/.test(curRecipient)) {
message = 'Internationalized mailbox name not allowed';
} else {
message = 'Recipient command failed';
}
this._envelope.rejected.push(curRecipient);
// store error for the failed recipient
err = this._formatError(message, 'EENVELOPE', str, 'RCPT TO');
err.recipient = curRecipient;
this._envelope.rejectedErrors.push(err);
} else {
this._envelope.accepted.push(curRecipient);
}
if (!this._envelope.rcptQueue.length && !this._recipientQueue.length) {
if (this._envelope.rejected.length < this._envelope.to.length) {
this._responseActions.push(str => {
this._actionDATA(str, callback);
});
this._sendCommand('DATA');
} else {
err = this._formatError('Can\x27t send mail - all recipients were rejected', 'EENVELOPE', str, 'RCPT TO');
err.rejected = this._envelope.rejected;
err.rejectedErrors = this._envelope.rejectedErrors;
return callback(err);
}
} else if (this._envelope.rcptQueue.length) {
curRecipient = this._envelope.rcptQueue.shift();
this._recipientQueue.push(curRecipient);
this._responseActions.push(str => {
this._actionRCPT(str, callback);
});
this._sendCommand('RCPT TO:<' + curRecipient + '>' + this._getDsnRcptToArgs());
}
}
/**
* Handle response for a DATA command
*
* @param {String} str Message from the server
*/
_actionDATA(str, callback) {
// response should be 354 but according to this issue https://github.com/eleith/emailjs/issues/24
// some servers might use 250 instead, so lets check for 2 or 3 as the first digit
if (!/^[23]/.test(str)) {
return callback(this._formatError('Data command failed', 'EENVELOPE', str, 'DATA'));
}
let response = {
accepted: this._envelope.accepted,
rejected: this._envelope.rejected
};
if (this._ehloLines && this._ehloLines.length) {
response.ehlo = this._ehloLines;
}
if (this._envelope.rejectedErrors.length) {
response.rejectedErrors = this._envelope.rejectedErrors;
}
callback(null, response);
}
/**
* Handle response for a DATA stream when using SMTP
* We expect a single response that defines if the sending succeeded or failed
*
* @param {String} str Message from the server
*/
_actionSMTPStream(str, callback) {
if (Number(str.charAt(0)) !== 2) {
// Message failed
return callback(this._formatError('Message failed', 'EMESSAGE', str, 'DATA'));
} else {
// Message sent succesfully
return callback(null, str);
}
}
/**
* Handle response for a DATA stream
* We expect a separate response for every recipient. All recipients can either
* succeed or fail separately
*
* @param {String} recipient The recipient this response applies to
* @param {Boolean} final Is this the final recipient?
* @param {String} str Message from the server
*/
_actionLMTPStream(recipient, final, str, callback) {
let err;
if (Number(str.charAt(0)) !== 2) {
// Message failed
err = this._formatError('Message failed for recipient ' + recipient, 'EMESSAGE', str, 'DATA');
err.recipient = recipient;
this._envelope.rejected.push(recipient);
this._envelope.rejectedErrors.push(err);
for (let i = 0, len = this._envelope.accepted.length; i < len; i++) {
if (this._envelope.accepted[i] === recipient) {
this._envelope.accepted.splice(i, 1);
}
}
}
if (final) {
return callback(null, str);
}
}
_handleXOauth2Token(isRetry, callback) {
this._auth.oauth2.getToken(isRetry, (err, accessToken) => {
if (err) {
this.logger.info(
{
tnx: 'smtp',
username: this._auth.user,
action: 'authfail',
method: this._authMethod
},
'User %s failed to authenticate',
JSON.stringify(this._auth.user)
);
return callback(this._formatError(err, 'EAUTH', false, 'AUTH XOAUTH2'));
}
this._responseActions.push(str => {
this._actionAUTHComplete(str, isRetry, callback);
});
this._sendCommand(
'AUTH XOAUTH2 ' + this._auth.oauth2.buildXOAuth2Token(accessToken),
// Hidden for logs
'AUTH XOAUTH2 ' + this._auth.oauth2.buildXOAuth2Token('/* secret */')
);
});
}
/**
*
* @param {string} command
* @private
*/
_isDestroyedMessage(command) {
if (this._destroyed) {
return 'Cannot ' + command + ' - smtp connection is already destroyed.';
}
if (this._socket) {
if (this._socket.destroyed) {
return 'Cannot ' + command + ' - smtp connection socket is already destroyed.';
}
if (!this._socket.writable) {
return 'Cannot ' + command + ' - smtp connection socket is already half-closed.';
}
}
}
_getHostname() {
// defaul hostname is machine hostname or [IP]
let defaultHostname;
try {
defaultHostname = os.hostname() || '';
} catch (err) {
// fails on windows 7
defaultHostname = 'localhost';
}
// ignore if not FQDN
if (!defaultHostname || defaultHostname.indexOf('.') < 0) {
defaultHostname = '[127.0.0.1]';
}
// IP should be enclosed in []
if (defaultHostname.match(/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)) {
defaultHostname = '[' + defaultHostname + ']';
}
return defaultHostname;
}
}
module.exports = SMTPConnection;