Initial import

9 files changed, 222 insertions, 0 deletions

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..e9eafac
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,5 @@
+Dockerfile
+go.mod
+go.sum
+main.go
+Makefile
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..8769110
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+ses-smtpd-proxy
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..f32f39f
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,6 @@
+FROM alpine:latest
+
+RUN apk add --no-cache ca-certificates
+ADD ses-smtpd-proxy /
+
+CMD [ "/ses-smtpd-proxy" ]
diff --git a/LICENSE.txt b/LICENSE.txt
new file mode 100644
index 0000000..205da82
--- /dev/null
+++ b/LICENSE.txt
@@ -0,0 +1,19 @@
+Copyright (c) 2019 Michael Crute
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..76bbcc6
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,16 @@
+DOCKER_REGISTRY ?= docker.crute.me
+DOCKER_IMAGE_NAME ?= ses-email-proxy
+DOCKER_TAG ?= latest
+
+DOCKER_IMAGE_SPEC = $(DOCKER_REGISTRY)/$(DOCKER_IMAGE_NAME):$(DOCKER_TAG)
+
+.PHONY: docker
+docker: ses-smtpd-proxy
+        docker build -t $(DOCKER_IMAGE_SPEC) .
+
+.PHONY: publish
+publish: docker
+        docker push $(DOCKER_IMAGE_SPEC)
+
+ses-smtpd-proxy: main.go
+        CGO_ENABLED=0 go build -o $@ $<
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..080e39c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,58 @@
+# SMTP to SES Mail Proxy
+
+This is a tiny little proxy that speaks unauthenticated SMTP on the front side
+and makes calls to the SES
+[SendRawEmail](https://docs.aws.amazon.com/ses/latest/APIReference/API_SendRawEmail.html)
+on the back side.
+
+Everything this software does is possible with a more fully-featured mail
+server like Postfix but requires setting up Postfix (which is complicated) and,
+if following best practices, rotating credentials every 90 days (which is
+annoying). Because this integrates with the AWS SDK it can be configured
+through the normal SDK configuration channels such as the instance metadata
+service which provides dynamic credentials or environment variables, in which
+case you should still manually rotate credentials but have one choke-point to
+do that.
+
+## Usage
+By default the command takes no arguments and will listen on port 2500 on all
+interfaces. The listen interfaces and port can be specified as the only
+argument separated with a colon like so:
+
+```
+./ses-smtpd-proxy 127.0.0.1:2600
+```
+
+## Security Warning
+This server speaks plain unauthenticated SMTP (no TLS) so it's not suitable for
+use in an untrusted environment nor on the public internet. I don't have these
+use-cases but I would accept pull requests implementing these features if you
+do have the use-case and want to add them.
+
+## Building
+To build the binary run `make ses-smtpd-proxy`. 
+
+To build a Docker image, which is based on Alpine Latest, run `make docker` or
+`make publish`. The later command will build and push the image. To override
+the defaults specify `DOCKER_REGISTRY`, `DOCKER_IMAGE_NAME`, and `DOCKER_TAG`
+in the make command like so:
+
+```
+make DOCKER_REGISTRY=reg.example.com DOCKER_IMAGE_NAME=ses-proxy DOCKER_TAG=foo docker
+```
+## Contributing
+If you would like to contribute please visit the project's GitHub page and open
+a pull request with your changes. To have the best experience contributing,
+please:
+
+* Don't break backwards compatibility of public interfaces
+* Update the readme, if necessary
+* Follow the coding style of the current code-base
+* Ensure that your code is formatted by gofmt
+* Validate that your changes work with Go 1.11+
+
+All code is reviewed before acceptance and changes may be requested to better
+follow the conventions of the existing API.
+
+## Contributors
+* Mike Crute (@mcrute)
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..d0651d8
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,9 @@
+module github.com/mcrute/ses-smtpd-proxy
+
+require (
+        github.com/aws/aws-sdk-go v1.17.9
+        github.com/mcrute/go-smtpd v0.0.0-20190302041702-3bbdd47ced7e
+        github.com/stretchr/testify v1.3.0 // indirect
+        golang.org/x/net v0.0.0-20190301231341-16b79f2e4e95 // indirect
+        golang.org/x/text v0.3.0 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..232ee49
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,17 @@
+github.com/aws/aws-sdk-go v1.17.9 h1:umGyqfZNxB4waFNvARXzBalEwoYz+8Cqk3xM45No9GI=
+github.com/aws/aws-sdk-go v1.17.9/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/mcrute/go-smtpd v0.0.0-20190302041702-3bbdd47ced7e h1:/FsR+P4lNGpbB/yh/PEg36RLbPHPM6dVi3mSY0Rwu5Q=
+github.com/mcrute/go-smtpd v0.0.0-20190302041702-3bbdd47ced7e/go.mod h1:m8WdV6PyiYKhiWhfdLfBG0UksKK1cKtZzNE/DZgiVTg=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+golang.org/x/net v0.0.0-20190301231341-16b79f2e4e95 h1:fY7Dsw114eJN4boqzVSbpVHO6rTdhq6/GnXeu+PKnzU=
+golang.org/x/net v0.0.0-20190301231341-16b79f2e4e95/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
diff --git a/main.go b/main.go
new file mode 100644
index 0000000..0e1beed
--- /dev/null
+++ b/main.go
@@ -0,0 +1,91 @@
+package main
+
+import (
+        "bytes"
+        "fmt"
+        "log"
+        "os"
+
+        "github.com/aws/aws-sdk-go/aws/session"
+        "github.com/aws/aws-sdk-go/service/ses"
+        "github.com/mcrute/go-smtpd/smtpd"
+)
+
+const (
+        SES_SIZE_LIMIT = 10000000
+        DEFAULT_ADDR   = ":2500"
+)
+
+var sesClient *ses.SES
+
+type Envelope struct {
+        rcpts []*string
+        b     bytes.Buffer
+}
+
+func (e *Envelope) AddRecipient(rcpt smtpd.MailAddress) error {
+        email := rcpt.Email()
+        e.rcpts = append(e.rcpts, &email)
+        return nil
+}
+
+func (e *Envelope) BeginData() error {
+        if len(e.rcpts) == 0 {
+                return smtpd.SMTPError("554 5.5.1 Error: no valid recipients")
+        }
+        return nil
+}
+
+func (e *Envelope) Write(line []byte) error {
+        e.b.Write(line)
+        if e.b.Len() > SES_SIZE_LIMIT { // SES limitation
+                log.Println("message size %d exceeds SES limit of %d", e.b.Len(), SES_SIZE_LIMIT)
+                return smtpd.SMTPError("554 5.5.1 Error: maximum message size exceeded")
+        }
+        return nil
+}
+
+func (e *Envelope) logMessageSend() {
+        dr := make([]string, len(e.rcpts))
+        for i := range e.rcpts {
+                dr[i] = *e.rcpts[i]
+        }
+        log.Printf("sending message to %+v", dr)
+}
+
+func (e *Envelope) Close() error {
+        e.logMessageSend()
+        r := &ses.SendRawEmailInput{
+                Destinations: e.rcpts,
+                RawMessage:   &ses.RawMessage{Data: e.b.Bytes()},
+        }
+        _, err := sesClient.SendRawEmail(r)
+        if err != nil {
+                log.Printf("ERROR: ses: %v", err)
+                return smtpd.SMTPError(fmt.Sprintf("554 5.5.1 Error: %v", err))
+        }
+        return err
+}
+
+func main() {
+        sesClient = ses.New(session.New())
+        addr := DEFAULT_ADDR
+
+        if len(os.Args) == 2 {
+                addr = os.Args[1]
+        } else if len(os.Args) > 2 {
+                log.Fatalf("usage: %s [listen_host:port]", os.Args[0])
+        }
+
+        s := &smtpd.Server{
+                Addr: addr,
+                OnNewMail: func(c smtpd.Connection, from smtpd.MailAddress) (smtpd.Envelope, error) {
+                        return &Envelope{}, nil
+                },
+        }
+        log.Printf("ListenAndServe on %s", addr)
+        err := s.ListenAndServe()
+        if err != nil {
+                log.Fatalf("ListenAndServe: %v", err)
+        }
+}