diff --git a/CHANGES b/CHANGES index e44fd907e..834b37470 100644 --- a/CHANGES +++ b/CHANGES @@ -2515,4 +2515,5 @@ * ldap: remove virtual user and admin groups to ldap user records * Randomize certificate generation cronjob to lighten load on Let's Encrypt servers * mail: catch all address can be any domain +* mail: accept only STARTTLS servers for relay diff --git a/package-lock.json b/package-lock.json index 676c4580f..7c130ee40 100644 --- a/package-lock.json +++ b/package-lock.json @@ -42,7 +42,6 @@ "multiparty": "^4.2.3", "mysql": "^2.18.1", "nodemailer": "^6.7.3", - "nodemailer-smtp-transport": "^2.7.4", "progress-stream": "^2.0.0", "qrcode": "^1.5.0", "readdirp": "^3.6.0", @@ -3598,31 +3597,6 @@ "npm": ">=1.3.7" } }, - "node_modules/httpntlm": { - "version": "1.6.1", - "resolved": "https://registry.npmjs.org/httpntlm/-/httpntlm-1.6.1.tgz", - "integrity": "sha1-rQFScUOi6Hc8+uapb1hla7UqNLI=", - "dependencies": { - "httpreq": ">=0.4.22", - "underscore": "~1.7.0" - }, - "engines": { - "node": ">=0.8.0" - } - }, - "node_modules/httpntlm/node_modules/underscore": { - "version": "1.7.0", - "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.7.0.tgz", - "integrity": "sha1-a7rwh3UA02vjTsqlhODbn+8DUgk=" - }, - "node_modules/httpreq": { - "version": "0.4.24", - "resolved": "https://registry.npmjs.org/httpreq/-/httpreq-0.4.24.tgz", - "integrity": "sha1-QzX/2CzZaWaKOUZckprGHWOTYn8=", - "engines": { - "node": ">= 0.8.0" - } - }, "node_modules/https-proxy-agent": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", @@ -5626,34 +5600,6 @@ "node": ">=6.0.0" } }, - "node_modules/nodemailer-fetch": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/nodemailer-fetch/-/nodemailer-fetch-1.6.0.tgz", - "integrity": "sha1-ecSQihwPXzdbc/6IjamCj23JY6Q=" - }, - "node_modules/nodemailer-shared": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/nodemailer-shared/-/nodemailer-shared-1.1.0.tgz", - "integrity": "sha1-z1mU4v0mjQD1zw+nZ6CBae2wfsA=", - "dependencies": { - "nodemailer-fetch": "1.6.0" - } - }, - "node_modules/nodemailer-smtp-transport": { - "version": "2.7.4", - "resolved": "https://registry.npmjs.org/nodemailer-smtp-transport/-/nodemailer-smtp-transport-2.7.4.tgz", - "integrity": "sha1-DYmvAZoUSkgP2OzJmZfZ+DjxNoU=", - "dependencies": { - "nodemailer-shared": "1.1.0", - "nodemailer-wellknown": "0.1.10", - "smtp-connection": "2.12.0" - } - }, - "node_modules/nodemailer-wellknown": { - "version": "0.1.10", - "resolved": "https://registry.npmjs.org/nodemailer-wellknown/-/nodemailer-wellknown-0.1.10.tgz", - "integrity": "sha1-WG24EB2zDLRDjrVGc3pBqtDPE9U=" - }, "node_modules/nopt": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz", @@ -7035,15 +6981,6 @@ "npm": ">= 3.0.0" } }, - "node_modules/smtp-connection": { - "version": "2.12.0", - "resolved": "https://registry.npmjs.org/smtp-connection/-/smtp-connection-2.12.0.tgz", - "integrity": "sha1-1275EnyyPCJZ7bHoNJwujV4tdME=", - "dependencies": { - "httpntlm": "1.6.1", - "nodemailer-shared": "1.1.0" - } - }, "node_modules/snakeize": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/snakeize/-/snakeize-0.1.0.tgz", @@ -11174,27 +11111,6 @@ "sshpk": "^1.7.0" } }, - "httpntlm": { - "version": "1.6.1", - "resolved": "https://registry.npmjs.org/httpntlm/-/httpntlm-1.6.1.tgz", - "integrity": "sha1-rQFScUOi6Hc8+uapb1hla7UqNLI=", - "requires": { - "httpreq": ">=0.4.22", - "underscore": "~1.7.0" - }, - "dependencies": { - "underscore": { - "version": "1.7.0", - "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.7.0.tgz", - "integrity": "sha1-a7rwh3UA02vjTsqlhODbn+8DUgk=" - } - } - }, - "httpreq": { - "version": "0.4.24", - "resolved": "https://registry.npmjs.org/httpreq/-/httpreq-0.4.24.tgz", - "integrity": "sha1-QzX/2CzZaWaKOUZckprGHWOTYn8=" - }, "https-proxy-agent": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", @@ -12738,34 +12654,6 @@ "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-6.7.3.tgz", "integrity": "sha512-KUdDsspqx89sD4UUyUKzdlUOper3hRkDVkrKh/89G+d9WKsU5ox51NWS4tB1XR5dPUdR4SP0E3molyEfOvSa3g==" }, - "nodemailer-fetch": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/nodemailer-fetch/-/nodemailer-fetch-1.6.0.tgz", - "integrity": "sha1-ecSQihwPXzdbc/6IjamCj23JY6Q=" - }, - "nodemailer-shared": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/nodemailer-shared/-/nodemailer-shared-1.1.0.tgz", - "integrity": "sha1-z1mU4v0mjQD1zw+nZ6CBae2wfsA=", - "requires": { - "nodemailer-fetch": "1.6.0" - } - }, - "nodemailer-smtp-transport": { - "version": "2.7.4", - "resolved": "https://registry.npmjs.org/nodemailer-smtp-transport/-/nodemailer-smtp-transport-2.7.4.tgz", - "integrity": "sha1-DYmvAZoUSkgP2OzJmZfZ+DjxNoU=", - "requires": { - "nodemailer-shared": "1.1.0", - "nodemailer-wellknown": "0.1.10", - "smtp-connection": "2.12.0" - } - }, - "nodemailer-wellknown": { - "version": "0.1.10", - "resolved": "https://registry.npmjs.org/nodemailer-wellknown/-/nodemailer-wellknown-0.1.10.tgz", - "integrity": "sha1-WG24EB2zDLRDjrVGc3pBqtDPE9U=" - }, "nopt": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz", @@ -13849,15 +13737,6 @@ "integrity": "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==", "dev": true }, - "smtp-connection": { - "version": "2.12.0", - "resolved": "https://registry.npmjs.org/smtp-connection/-/smtp-connection-2.12.0.tgz", - "integrity": "sha1-1275EnyyPCJZ7bHoNJwujV4tdME=", - "requires": { - "httpntlm": "1.6.1", - "nodemailer-shared": "1.1.0" - } - }, "snakeize": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/snakeize/-/snakeize-0.1.0.tgz", diff --git a/package.json b/package.json index cd7189d58..ec0fa3281 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,6 @@ "multiparty": "^4.2.3", "mysql": "^2.18.1", "nodemailer": "^6.7.3", - "nodemailer-smtp-transport": "^2.7.4", "progress-stream": "^2.0.0", "qrcode": "^1.5.0", "readdirp": "^3.6.0", diff --git a/src/mail.js b/src/mail.js index a20b1f4d6..489804953 100644 --- a/src/mail.js +++ b/src/mail.js @@ -97,13 +97,11 @@ const assert = require('assert'), services = require('./services.js'), settings = require('./settings.js'), shell = require('./shell.js'), - smtpTransport = require('nodemailer-smtp-transport'), superagent = require('superagent'), sysinfo = require('./sysinfo.js'), system = require('./system.js'), tasks = require('./tasks.js'), users = require('./users.js'), - util = require('util'), validator = require('validator'), _ = require('underscore'); @@ -237,7 +235,8 @@ async function checkSmtpRelay(relay) { connectionTimeout: 5000, greetingTimeout: 5000, host: relay.host, - port: relay.port + port: relay.port, + secure: false // haraka relay only supports STARTTLS }; // only set auth if either username or password is provided, some relays auth based on IP (range) @@ -250,9 +249,9 @@ async function checkSmtpRelay(relay) { if (relay.acceptSelfSignedCerts) options.tls = { rejectUnauthorized: false }; - const transporter = nodemailer.createTransport(smtpTransport(options)); + const transporter = nodemailer.createTransport(options); - const [error] = await safe(util.promisify(transporter.verify)()); + const [error] = await safe(transporter.verify()); result.status = !error; if (error) { result.value = result.errorMessage = error.message; diff --git a/src/mailer.js b/src/mailer.js index 771b38a56..2d6740f6b 100644 --- a/src/mailer.js +++ b/src/mailer.js @@ -25,7 +25,6 @@ const assert = require('assert'), safe = require('safetydance'), settings = require('./settings.js'), translation = require('./translation.js'), - smtpTransport = require('nodemailer-smtp-transport'), util = require('util'); const MAIL_TEMPLATES_DIR = path.join(__dirname, 'mail_templates'); @@ -52,14 +51,14 @@ async function sendMail(mailOptions) { const data = await mail.getMailAuth(); - const transport = nodemailer.createTransport(smtpTransport({ + const transport = nodemailer.createTransport({ host: data.ip, port: data.port, auth: { user: mailOptions.authUser || `no-reply@${settings.dashboardDomain()}`, pass: data.relayToken } - })); + }); const transportSendMail = util.promisify(transport.sendMail.bind(transport)); const [error] = await safe(transportSendMail(mailOptions));