Skip to content

Commit d13c69e

Browse files
committed
fix: smtp running tls 1.0 with STARTTLS on 2555 and with SSL on 2455
1 parent 44d6b13 commit d13c69e

File tree

3 files changed

+44
-20
lines changed

3 files changed

+44
-20
lines changed

ansible/playbooks/smtp.yml

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -79,10 +79,17 @@
7979
rule: allow
8080
port: 2465
8181
proto: tcp
82-
- name: Allow port 2355
82+
# tls 1.0 with SSL
83+
- name: Allow port 2455
8384
ufw:
8485
rule: allow
85-
port: 2355
86+
port: 2455
87+
proto: tcp
88+
# tls 1.0 with STARTTLS
89+
- name: Allow port 2555
90+
ufw:
91+
rule: allow
92+
port: 2555
8693
proto: tcp
8794
- name: Allow http
8895
ufw:

ecosystem-smtp.json

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,23 @@
8585
}
8686
},
8787
{
88-
"name": "smtp-tls-2355",
88+
"name": "smtp-tls-2455",
89+
"script": "smtp.js",
90+
"max_restarts": 999,
91+
"max_memory_restart": "8G",
92+
"exec_mode": "fork",
93+
"wait_ready": true,
94+
"instances": "1",
95+
"pmx": false,
96+
"node_args": "--tls-min-v1.0",
97+
"env_production": {
98+
"NODE_ENV": "production",
99+
"SMTP_PORT": 2555,
100+
"SMTP_TLS_MIN_VERSION": "TLSv1"
101+
}
102+
},
103+
{
104+
"name": "smtp-ssl-2555",
89105
"script": "smtp.js",
90106
"max_restarts": 999,
91107
"max_memory_restart": "8G",

smtp-server.js

Lines changed: 18 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ class SMTP {
3939
options = {},
4040
secure = env.SMTP_PORT === 465 ||
4141
env.SMTP_PORT === 2465 ||
42-
env.SMTP_PORT === 2355
42+
env.SMTP_PORT === 2455
4343
) {
4444
this.client = options.client;
4545

@@ -97,34 +97,35 @@ class SMTP {
9797
needsUpgrade: secure,
9898
authMethods: ['PLAIN', 'LOGIN'], // XOAUTH2, CRAM-MD5
9999

100-
// TLS version control
101-
...(env.SMTP_TLS_MIN_VERSION
102-
? {
103-
minVersion: env.SMTP_TLS_MIN_VERSION
104-
}
105-
: {}),
106-
...(env.SMTP_TLS_MAX_VERSION
107-
? {
108-
maxVersion: env.SMTP_TLS_MAX_VERSION
109-
}
110-
: {}),
111-
112-
// just in case smtp-server changes default and patch semver bump (unlikely but safeguard)
100+
// just in case smtp-server changes default and patch semver bump (unlikely but safeguard )
113101
allowInsecureAuth:
114102
config.env === 'production' ? false : env.SMTP_ALLOW_INSECURE_AUTH,
115103
authOptional: false,
116104

117105
// <https://github.com/nodemailer/wildduck/issues/563>
118106
// hide8BITMIME: true,
119107

120-
// keys
108+
// keys and TLS options together
121109
...(config.env === 'production'
122110
? {
123111
key: fs.readFileSync(env.WEB_SSL_KEY_PATH),
124112
cert: fs.readFileSync(env.WEB_SSL_CERT_PATH),
125-
ca: fs.readFileSync(env.WEB_SSL_CA_PATH)
113+
ca: fs.readFileSync(env.WEB_SSL_CA_PATH),
114+
...(env.SMTP_TLS_MIN_VERSION
115+
? { minVersion: env.SMTP_TLS_MIN_VERSION }
116+
: {}),
117+
...(env.SMTP_TLS_MAX_VERSION
118+
? { maxVersion: env.SMTP_TLS_MAX_VERSION }
119+
: {})
126120
}
127-
: {})
121+
: {
122+
...(env.SMTP_TLS_MIN_VERSION
123+
? { minVersion: env.SMTP_TLS_MIN_VERSION }
124+
: {}),
125+
...(env.SMTP_TLS_MAX_VERSION
126+
? { maxVersion: env.SMTP_TLS_MAX_VERSION }
127+
: {})
128+
})
128129
});
129130

130131
// override logger

0 commit comments

Comments
 (0)