forwardemail.net/pop3-server.js at master · forwardemail/forwardemail.net · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
/*
 * Copyright (c) Forward Email LLC
 * SPDX-License-Identifier: MPL-2.0
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at https://mozilla.org/MPL/2.0/.
 *
 * This file incorporates work covered by the following copyright and
 * permission notice:
 *
 *   WildDuck Mail Agent is licensed under the European Union Public License 1.2 or later.
 *   https://github.com/nodemailer/wildduck
 */

const fs = require('node:fs');
const os = require('node:os');

const MessageHandler = require('@zone-eu/wildduck/lib/message-handler');
const POP3Server = require('@zone-eu/wildduck/lib/pop3/server');
const RateLimiter = require('async-ratelimiter');
const pify = require('pify');

const AttachmentStorage = require('#helpers/attachment-storage');
const POP3Notifier = require('#helpers/imap-notifier');
const Indexer = require('#helpers/indexer');
const config = require('#config');
const createTangerine = require('#helpers/create-tangerine');
// eslint-disable-next-line import/no-unassigned-import
require('#helpers/polyfill-towellformed');
const env = require('#config/env');
const pop3 = require('#helpers/pop3');
const logger = require('#helpers/logger');
const onAuth = require('#helpers/on-auth');
const refreshSession = require('#helpers/refresh-session');

//
// TODO: we need to wrap top and add to parse-payload for all handlers
//
class POP3 {
  constructor(
    options = {},
    secure = env.POP3_PORT === 995 || env.POP3_PORT === 2995
  ) {
    this.client = options.client;
    this.subscriber = options.subscriber;
    this.wsp = options.wsp;

    this.resolver = createTangerine(this.client, logger);

    //
    // NOTE: hard-coded values for now (switch to env later)
    //       (current limit is 10 failed login attempts per hour)
    //
    this.rateLimiter = new RateLimiter({
      db: this.client,
      max: config.smtpLimitMessages,
      duration: config.smtpLimitDuration,
      namespace: config.smtpLimitNamespace
    });

    this.logger = logger;

    const server = new POP3Server({
      secure,
      secured: false,
      disableSTARTTLS: secure,
      ignoreSTARTTLS: !secure,
      useProxy: false,
      ignoredHosts: [],
      socketTimeout: config.socketTimeout,
      // <https://brooker.co.za/blog/2024/05/09/nagle.html>
      // <https://nodejs.org/api/net.html#netcreateserveroptions-connectionlistener>
      noDelay: true,
      // TODO: submit PR to add ability to customize version string
      disableVersionString: true,
      id: {
        name: os.hostname(),
        version: config.pkg.version,
        //
        // NOTE: version and vendor not used right now since `disableVersionString`
        //       and existing WildDuck POP3 server doesn't let you customize version string (yet)
        //
        vendor: config.pkg.author
      },
      logger: this.logger,

      // <https://github.com/nodemailer/wildduck/issues/635>
      // <https://github.com/nodemailer/wildduck/blob/b9349f6e8315873668d605e6567ced2d7b1c0c80/imap-core/lib/imap-server.js#L413-L419>
      SNICallback(servername, cb) {
        cb(null, server.secureContext.get(servername));
      },

      ...(config.env === 'production'
        ? {
            key: fs.readFileSync(env.WEB_SSL_KEY_PATH),
            cert: fs.readFileSync(env.WEB_SSL_CERT_PATH),
            ca: fs.readFileSync(env.WEB_SSL_CA_PATH),
            ecdhCurve: 'auto'
          }
        : {})
    });

    // override logger
    server.logger = this.logger;
    server.loggelf = (...args) => this.logger.debug(...args);

    server.onAuth = onAuth.bind(this);
    server.onListMessages = pop3.onListMessages.bind(this);
    server.onFetchMessage = pop3.onFetchMessage.bind(this);
    server.onUpdate = pop3.onUpdate.bind(this);

    // kind of hacky but I filed a GH issue
    // <https://github.com/nodemailer/smtp-server/issues/135>
    server.address = server.server.address.bind(server.server);

    server.on('error', (err) => {
      logger.error(err);
    });

    this.attachmentStorage = new AttachmentStorage();

    this.indexer = new Indexer({ attachmentStorage: this.attachmentStorage });

    // override message handler to provider our own `indexer`
    this.prepareMessage = (options) => {
      return MessageHandler.prototype.prepareMessageAsync.call(
        {
          indexer: this.indexer,
          normalizeSubject: MessageHandler.prototype.normalizeSubject,
          generateIndexedHeaders:
            MessageHandler.prototype.generateIndexedHeaders
        },
        options
      );
    };

    //
    // the notifier is utilized in the POP3 connection (see `wildduck/imap-core/lib/imap-connection.js`)
    // in order to `getUpdates` and send them over the socket (e.g. `EXIST`, `EXPUNGE`, `FETCH`)
    // <https://github.com/nodemailer/wildduck/issues/509>
    //
    server.notifier = new POP3Notifier({
      publisher: this.client,
      subscriber: this.subscriber
    });

    this.server = server;
    this.refreshSession = refreshSession.bind(this);
    this.listen = this.listen.bind(this);
    this.close = this.close.bind(this);

    //
    // Subscribe to `sqlite_auth_reset` so that when a user changes
    // their alias password the shared Redis auth cache is immediately
    // evicted and active POP3 sessions are disconnected.
    //
    if (this.subscriber) {
      this.subscriber.subscribe('sqlite_auth_reset');
      this.subscriber.on('message', (channel, aliasId) => {
        if (channel !== 'sqlite_auth_reset') return;
        // Evict cached auth across all processes via Redis
        onAuth.clearAuthCache(this.client, aliasId).catch((err) => {
          logger.debug('clearAuthCache error', { err });
        });

        // Disconnect active POP3 sessions for this alias
        if (this.server?.connections) {
          for (const connection of this.server.connections) {
            if (connection?.session?.user?.alias_id !== aliasId) continue;
            connection.send('-ERR Password was changed');
            setImmediate(() => connection.close());
          }
        }
      });
    }
  }

  async listen(port = env.POP3_PORT, host = '::', ...args) {
    await pify(this.server.listen).bind(this.server)(port, host, ...args);
  }

  async close() {
    await pify(this.server.close).bind(this.server)();
  }
}

module.exports = POP3;