Implemented SMTP submission proxy service.

.gitignore

@@ -137,6 +137,8 @@ src/pop3-login/pop3-login
 src/pop3/pop3
 src/replication/replicator/replicator
 src/replication/aggregator/aggregator
+src/submission-login/submission-login
+src/submission/submission
 src/util/gdbhelper
 src/util/listview
 src/util/maildirlock

TODO

@@ -346,3 +346,25 @@
     - Fully support DSN extension (especially ORCPT)
     - Calculate incoming mail's hash, forward it via proxying, have the
       final delivery code verify that it's correct
+
+ - submission
+    - Implement support for Postfix XFORWARD (analogous to XCLIENT)
+    - Implement a re-connect attempt to the relay server if the connection is
+      lost at some point. We now terminate the whole client with a 421, which
+      is a waste of resources.
+    - Implement running submission service without access to mail storage.
+    - Implement auto-save-to-sent feature.
+    - Implement proxy support for various (sometimes bizarre) SMTP extensions.
+      We only announce the support if available on the relay and forward
+      commands and command options. We likely don't need to implement much
+      ourselves:
+       -> RFC 2852: Deliver By
+       -> RFC 3885: Message Tracking
+       -> RFC 4865: Future Message Release
+       -> RFC 6710: Message Transfer Priorities
+    - Implement Internationalized Email (RFC 6531) support
+    - Low priority:
+       - Investigate relevance of RFC 4405 (Responsible Submitter)
+       - Add RFC5451 Authentication-Results header
+       - Implement downgrading to always support BINARYMIME
+       - Implement downgrading to always support 8BITMIME

configure.ac

@@ -890,6 +890,8 @@ src/login-common/Makefile
 src/master/Makefile
 src/pop3/Makefile
 src/pop3-login/Makefile
+src/submission/Makefile
+src/submission-login/Makefile
 src/replication/Makefile
 src/replication/aggregator/Makefile
 src/replication/replicator/Makefile

doc/example-config/conf.d/10-director.conf

@@ -50,6 +50,9 @@ service imap-login {
 service pop3-login {
   #executable = pop3-login director
 }
+service submission-login {
+  #executable = submission-login director
+}
 
 # Enable director for LMTP proxying:
 protocol lmtp {

doc/example-config/conf.d/10-master.conf

@@ -45,6 +45,12 @@ service pop3-login {
   }
 }
 
+service submission-login {
+  inet_listener submission {
+    #port = 587
+  }
+}
+
 service lmtp {
   unix_listener lmtp {
     #mode = 0666
@@ -72,6 +78,11 @@ service pop3 {
   #process_limit = 1024
 }
 
+service submission {
+  # Max. number of SMTP Submission processes (connections)
+  #process_limit = 1024
+}
+
 service auth {
   # auth_socket_path points to this userdb socket by default. It's typically
   # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have

doc/example-config/conf.d/10-ssl.conf

@@ -27,9 +27,10 @@ ssl_key = </etc/ssl/private/dovecot.pem
 #ssl_require_crl = yes
 
 # Directory and/or file for trusted SSL CA certificates. These are used only
-# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
-# directory is usually /etc/ssl/certs in Debian-based systems and the file is
-# /etc/pki/tls/cert.pem in RedHat-based systems.
+# when Dovecot needs to act as an SSL client (e.g. imapc backend or
+# submission service). The directory is usually /etc/ssl/certs in
+# Debian-based systems and the file is /etc/pki/tls/cert.pem in
+# RedHat-based systems.
 #ssl_client_ca_dir =
 #ssl_client_ca_file =
 

doc/example-config/conf.d/20-submission.conf

@@ -0,0 +1,66 @@
+##
+## Settings specific to SMTP Submission
+##
+
+# SMTP Submission logout format string:
+#  %i - total number of bytes read from client
+#  %o - total number of bytes sent to client
+#  %{command_count} - Number of commands received from client
+#  %{reply_count} - Number of replies sent to client
+#  %{session} - Session ID of the login session
+#  %{transaction_id} - ID of the current transaction, if any
+#submission_logout_format = in=%i out=%o
+
+# Host name reported by the SMTP service, for example to the client in the
+# initial greeting and to the relay server in the HELO/EHLO command.
+# Default is the system's real hostname@domain.
+#hostname =
+
+# Maximum size of messages accepted for relay. This announced in the SIZE
+# capability. If not configured, this is either determined from the relay
+# server or left unlimited if no limit is known (relay will reply with error
+# if some unknown limit exists there, which is duly passed to our client).
+#submission_max_mail_size =
+
+# Maximum number of recipients accepted per connection (default: unlimited)
+#submission_max_recipients =
+
+# Relay server configuration:
+#
+# The Dovecot SMTP submission service directly proxies the mail transaction
+# to the SMTP relay configured here.
+
+# Host name for the relay server (required)
+#submission_relay_host =
+
+# Port for the relay server
+#submission_relay_port = 25
+
+# Is the relay server trusted? This determines whether we try to send
+# (Postfix-specific) XCLIENT data to the relay server
+#submission_relay_trusted = no
+
+# Authentication data for the relay server if authentication is required
+#submission_relay_user =
+#submission_relay_master_user =
+#submission_relay_password =
+
+# SSL configuration for connection to relay server
+#submission_relay_ssl = no
+#submission_relay_ssl_verify = yes
+
+# Write protocol logs for relay connection to this directory for debugging
+#submission_relay_rawlog_dir =
+
+# BURL is configured implicitly by IMAP URLAUTH
+
+protocol submission {
+  # Space-separated list of plugins to load (default is global mail_plugins).
+  #mail_plugins = $mail_plugins
+
+  # Maximum number of SMTP submission connections allowed for a user from
+  # each IP address.
+  # NOTE: The username is compared case-sensitively.
+  #mail_max_userip_connections = 10
+}
+

doc/example-config/dovecot.conf

@@ -21,7 +21,7 @@
 # --sysconfdir=/etc --localstatedir=/var
 
 # Protocols we want to be serving.
-#protocols = imap pop3 lmtp
+#protocols = imap pop3 lmtp submission
 
 # A comma separated list of IPs or hosts where to listen in for connections. 
 # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.

src/Makefile.am

@@ -58,6 +58,8 @@ SUBDIRS = \
 	imap-urlauth \
 	pop3-login \
 	pop3 \
+	submission-login \
+	submission \
 	lda \
 	lmtp \
 	log \

src/submission-login/Makefile.am

@@ -0,0 +1,32 @@
+pkglibexecdir = $(libexecdir)/dovecot
+
+pkglibexec_PROGRAMS = submission-login
+
+AM_CPPFLAGS = \
+	-I$(top_srcdir)/src/lib \
+	-I$(top_srcdir)/src/lib-settings \
+	-I$(top_srcdir)/src/lib-sasl \
+	-I$(top_srcdir)/src/lib-auth \
+	-I$(top_srcdir)/src/lib-master \
+	-I$(top_srcdir)/src/lib-smtp \
+	-I$(top_srcdir)/src/login-common
+
+submission_login_LDADD = \
+	$(LIBDOVECOT_LOGIN) \
+	$(LIBDOVECOT) \
+	$(SSL_LIBS)
+submission_login_DEPENDENCIES = \
+	$(LIBDOVECOT_LOGIN) \
+	$(LIBDOVECOT_DEPS)
+
+submission_login_SOURCES = \
+	client.c \
+	client-authenticate.c \
+	submission-login-settings.c \
+	submission-proxy.c
+
+noinst_HEADERS = \
+	client.h \
+	client-authenticate.h \
+	submission-login-settings.h \
+	submission-proxy.h