Documentation ¶
Overview ¶
Library for Simple Authentication and Security Layer (SASL) defined in RFC 4422.
Package smtp implements the Simple Mail Transfer Protocol as defined in RFC 5321.
It also implements the following extensions:
8BITMIME: RFC 1652 AUTH: RFC 2554 STARTTLS: RFC 3207 ENHANCEDSTATUSCODES: RFC 2034 SMTPUTF8: RFC 6531 REQUIRETLS: RFC 8689 CHUNKING: RFC 3030 BINARYMIME: RFC 3030
LMTP (RFC 2033) is also supported.
Additional extensions may be handled by other packages.
Index ¶
- Constants
- Variables
- type AnonymousAuthenticator
- type Backend
- type BodyType
- type Conn
- type CramMd5Authenticator
- type EnhancedCode
- type ExternalAuthenticator
- type LMTPSession
- type Logger
- type LoginAuthenticator
- type MailOptions
- type OAuthBearerAuthenticator
- type OAuthBearerError
- type OAuthBearerOptions
- type PlainAuthenticator
- type SMTPError
- type SaslClient
- func NewAnonymousClient(trace string) SaslClient
- func NewCramMd5Client(username, password string) SaslClient
- func NewExternalClient(identity string) SaslClient
- func NewLoginClient(username, password string) SaslClient
- func NewOAuthBearerClient(opt *OAuthBearerOptions) SaslClient
- func NewPlainClient(identity, username, password string) SaslClient
- type SaslServer
- func NewAnonymousServer(authenticator AnonymousAuthenticator) SaslServer
- func NewCramMd5Server(authenticator func(username string, password string) error) SaslServer
- func NewExternalServer(authenticator ExternalAuthenticator) SaslServer
- func NewLoginServer(authenticator func(username string, password string) error) SaslServer
- func NewOAuthBearerServer(auth OAuthBearerAuthenticator) SaslServer
- func NewPlainServer(authenticator PlainAuthenticator) SaslServer
- type SaslServerFactory
- type Server
- func (s *Server) AddCramMd5Login()
- func (s *Server) AddSaslLogin()
- func (s *Server) AddSaslPlain()
- func (s *Server) AddTokenLogin()
- func (s *Server) Close() error
- func (s *Server) EnableAuth(name string, f SaslServerFactory)
- func (s *Server) ForEachConn(f func(*Conn))
- func (s *Server) ListenAndServe() error
- func (s *Server) ListenAndServeTLS() error
- func (s *Server) Serve(l net.Listener) error
- func (s *Server) SetMinimumCaps(caps []string)
- func (s *Server) Shutdown(ctx context.Context) error
- type Session
- type StatusCollector
Constants ¶
const Anonymous = "ANONYMOUS"
The ANONYMOUS mechanism name.
const CramMd5 = "CRAM-MD5"
CramMd5 The LOGIN mechanism name.
const External = "EXTERNAL"
The EXTERNAL mechanism name.
const Login = "LOGIN"
The LOGIN mechanism name.
const OAuthBearer = "OAUTHBEARER"
The OAUTHBEARER mechanism name.
const Plain = "PLAIN"
The PLAIN mechanism name.
Variables ¶
var ( ErrUnexpectedClientResponse = errors.New("sasl: unexpected client response") ErrUnexpectedServerChallenge = errors.New("sasl: unexpected server challenge") )
Common SASL errors.
var ( ErrAuthFailed = &SMTPError{ Code: 535, EnhancedCode: EnhancedCode{5, 7, 8}, Message: "Authentication failed", } ErrAuthRequired = &SMTPError{ Code: 502, EnhancedCode: EnhancedCode{5, 7, 0}, Message: "Please authenticate first", } ErrAuthUnsupported = &SMTPError{ Code: 502, EnhancedCode: EnhancedCode{5, 7, 0}, Message: "Authentication not supported", } )
var EnhancedCodeNotSet = EnhancedCode{0, 0, 0}
EnhancedCodeNotSet is a nil value of EnhancedCode field in SMTPError, used to indicate that backend failed to provide enhanced status code. X.0.0 will be used (X is derived from error code).
var ErrDataReset = errors.New("smtp: message transmission aborted")
ErrDataReset is returned by Reader pased to Data function if client does not send another BDAT command and instead closes connection or issues RSET command.
var ErrDataTooLarge = &SMTPError{ Code: 552, EnhancedCode: EnhancedCode{5, 3, 4}, Message: "Maximum message size exceeded", }
var (
ErrServerClosed = errors.New("smtp: server already closed")
)
var ErrTooLongLine = errors.New("smtp: too long a line in input stream")
var NoEnhancedCode = EnhancedCode{-1, -1, -1}
NoEnhancedCode is used to indicate that enhanced error code should not be included in response.
Note that RFC 2034 requires an enhanced code to be included in all 2xx, 4xx and 5xx responses. This constant is exported for use by extensions, you should probably use EnhancedCodeNotSet instead.
var (
Smtp_Message_Welcome = "Hello %s"
)
Functions ¶
This section is empty.
Types ¶
type AnonymousAuthenticator ¶ added in v0.0.1
Get trace information from clients logging in anonymously.
type Conn ¶
type Conn struct {
// contains filtered or unexported fields
}
func (*Conn) TLSConnectionState ¶
func (c *Conn) TLSConnectionState() (state tls.ConnectionState, ok bool)
TLSConnectionState returns the connection's TLS connection state. Zero values are returned if the connection doesn't use TLS.
type CramMd5Authenticator ¶ added in v0.0.8
CramMd5Authenticator Authenticates users with an username and a password.
type EnhancedCode ¶
type EnhancedCode [3]int
func ResponseBadPipe ¶ added in v0.0.8
func ResponseBadPipe() (int, EnhancedCode, string)
func ResponseNoEhlo ¶ added in v0.0.8
func ResponseNoEhlo() (int, EnhancedCode, string)
func ResponseWelcome ¶ added in v0.0.8
func ResponseWelcome(ehlo string) (int, EnhancedCode, string)
type ExternalAuthenticator ¶ added in v0.0.1
ExternalAuthenticator authenticates users with the EXTERNAL mechanism. If the identity is left blank, it indicates that it is the same as the one used in the external credentials. If identity is not empty and the server doesn't support it, an error must be returned.
type LMTPSession ¶
type LMTPSession interface { // LMTPData is the LMTP-specific version of Data method. // It can be optionally implemented by the backend to provide // per-recipient status information when it is used over LMTP // protocol. // // LMTPData implementation sets status information using passed // StatusCollector by calling SetStatus once per each AddRcpt // call, even if AddRcpt was called multiple times with // the same argument. SetStatus must not be called after // LMTPData returns. // // Return value of LMTPData itself is used as a status for // recipients that got no status set before using StatusCollector. LMTPData(r io.Reader, status StatusCollector) error }
LMTPSession is an add-on interface for Session. It can be implemented by LMTP servers to provide extra functionality.
type Logger ¶
type Logger interface { Printf(format string, v ...interface{}) Println(v ...interface{}) }
Logger interface is used by Server to report unexpected internal errors.
type LoginAuthenticator ¶ added in v0.0.1
Authenticates users with an username and a password.
type MailOptions ¶
type MailOptions struct { // Value of BODY= argument, 7BIT, 8BITMIME or BINARYMIME. Body BodyType // Size of the body. Can be 0 if not specified by client. Size int // TLS is required for the message transmission. // // The message should be rejected if it can't be transmitted // with TLS. RequireTLS bool // The message envelope or message header contains UTF-8-encoded strings. // This flag is set by SMTPUTF8-aware (RFC 6531) client. UTF8 bool // The authorization identity asserted by the message sender in decoded // form with angle brackets stripped. // // nil value indicates missing AUTH, non-nil empty string indicates // AUTH=<>. // // Defined in RFC 4954. Auth *string }
MailOptions contains custom arguments that were passed as an argument to the MAIL command.
type OAuthBearerAuthenticator ¶ added in v0.0.2
type OAuthBearerAuthenticator func(opts OAuthBearerOptions) *OAuthBearerError
type OAuthBearerError ¶ added in v0.0.2
type OAuthBearerError struct { Status string `json:"status"` Schemes string `json:"schemes"` Scope string `json:"scope"` }
func (*OAuthBearerError) Error ¶ added in v0.0.2
func (err *OAuthBearerError) Error() string
Implements error
type OAuthBearerOptions ¶ added in v0.0.2
type PlainAuthenticator ¶ added in v0.0.1
Authenticates users with an identity, a username and a password. If the identity is left blank, it indicates that it is the same as the username. If identity is not empty and the server doesn't support it, an error must be returned.
type SMTPError ¶
type SMTPError struct { Code int EnhancedCode EnhancedCode Message string }
SMTPError specifies the error code, enhanced error code (if any) and message returned by the server.
type SaslClient ¶ added in v0.0.1
type SaslClient interface { // Begins SASL authentication with the server. It returns the // authentication mechanism name and "initial response" data (if required by // the selected mechanism). A non-nil error causes the client to abort the // authentication attempt. // // A nil ir value is different from a zero-length value. The nil value // indicates that the selected mechanism does not use an initial response, // while a zero-length value indicates an empty initial response, which must // be sent to the server. Start() (mech string, ir []byte, err error) // Continues challenge-response authentication. A non-nil error causes // the client to abort the authentication attempt. Next(challenge []byte) (response []byte, err error) }
Client interface to perform challenge-response authentication.
func NewAnonymousClient ¶ added in v0.0.1
func NewAnonymousClient(trace string) SaslClient
A client implementation of the ANONYMOUS authentication mechanism, as described in RFC 4505.
func NewCramMd5Client ¶ added in v0.0.8
func NewCramMd5Client(username, password string) SaslClient
func NewExternalClient ¶ added in v0.0.1
func NewExternalClient(identity string) SaslClient
An implementation of the EXTERNAL authentication mechanism, as described in RFC 4422. Authorization identity may be left blank to indicate that the client is requesting to act as the identity associated with the authentication credentials.
func NewLoginClient ¶ added in v0.0.1
func NewLoginClient(username, password string) SaslClient
A client implementation of the LOGIN authentication mechanism for SMTP, as described in http://www.iana.org/go/draft-murchison-sasl-login
It is considered obsolete, and should not be used when other mechanisms are available. For plaintext password authentication use PLAIN mechanism.
func NewOAuthBearerClient ¶ added in v0.0.2
func NewOAuthBearerClient(opt *OAuthBearerOptions) SaslClient
An implementation of the OAUTHBEARER authentication mechanism, as described in RFC 7628.
func NewPlainClient ¶ added in v0.0.1
func NewPlainClient(identity, username, password string) SaslClient
A client implementation of the PLAIN authentication mechanism, as described in RFC 4616. Authorization identity may be left blank to indicate that it is the same as the username.
type SaslServer ¶ added in v0.0.1
type SaslServer interface { // Begins or continues challenge-response authentication. If the client // supplies an initial response, response is non-nil. // // If the authentication is finished, done is set to true. If the // authentication has failed, an error is returned. Next(response []byte) (challenge []byte, done bool, err error) }
Server interface to perform challenge-response authentication.
func NewAnonymousServer ¶ added in v0.0.1
func NewAnonymousServer(authenticator AnonymousAuthenticator) SaslServer
A server implementation of the ANONYMOUS authentication mechanism, as described in RFC 4505.
func NewCramMd5Server ¶ added in v0.0.8
func NewCramMd5Server(authenticator func(username string, password string) error) SaslServer
A server implementation of the LOGIN authentication mechanism, as described in https://tools.ietf.org/html/draft-murchison-sasl-login-00.
LOGIN is obsolete and should only be enabled for legacy clients that cannot be updated to use PLAIN.
func NewExternalServer ¶ added in v0.0.1
func NewExternalServer(authenticator ExternalAuthenticator) SaslServer
NewExternalServer creates a server implementation of the EXTERNAL authentication mechanism, as described in RFC 4422.
func NewLoginServer ¶ added in v0.0.1
func NewLoginServer(authenticator func(username string, password string) error) SaslServer
A server implementation of the LOGIN authentication mechanism, as described in https://tools.ietf.org/html/draft-murchison-sasl-login-00.
LOGIN is obsolete and should only be enabled for legacy clients that cannot be updated to use PLAIN.
func NewOAuthBearerServer ¶ added in v0.0.2
func NewOAuthBearerServer(auth OAuthBearerAuthenticator) SaslServer
func NewPlainServer ¶ added in v0.0.1
func NewPlainServer(authenticator PlainAuthenticator) SaslServer
A server implementation of the PLAIN authentication mechanism, as described in RFC 4616.
type SaslServerFactory ¶
type SaslServerFactory func(conn *Conn) SaslServer
SaslServerFactory A function that creates SASL servers.
type Server ¶
type Server struct { // TCP or Unix address to listen on. Addr string // The server TLS configuration. TLSConfig *tls.Config // Enable LMTP mode, as defined in RFC 2033. LMTP mode cannot be used with a // TCP listener. LMTP bool Domain string MaxRecipients int MaxMessageBytes int MaxLineLength int AllowInsecureAuth bool Strict bool Debug io.Writer ErrorLog Logger ReadTimeout time.Duration WriteTimeout time.Duration // Advertise SMTPUTF8 (RFC 6531) capability. // Should be used only if backend supports it. EnableSMTPUTF8 bool // Advertise REQUIRETLS (RFC 8689) capability. // Should be used only if backend supports it. EnableREQUIRETLS bool // Advertise BINARYMIME (RFC 3030) capability. // Should be used only if backend supports it. EnableBINARYMIME bool // If set, the AUTH command will not be advertised and authentication // attempts will be rejected. This setting overrides AllowInsecureAuth. AuthDisabled bool // The server backend. Backend Backend // contains filtered or unexported fields }
Server A SMTP server.
func (*Server) AddCramMd5Login ¶ added in v0.0.8
func (s *Server) AddCramMd5Login()
func (*Server) AddSaslLogin ¶ added in v0.0.8
func (s *Server) AddSaslLogin()
func (*Server) AddSaslPlain ¶ added in v0.0.8
func (s *Server) AddSaslPlain()
func (*Server) AddTokenLogin ¶ added in v0.0.11
func (s *Server) AddTokenLogin()
func (*Server) Close ¶
Close immediately closes all active listeners and connections.
Close returns any error returned from closing the server's underlying listener(s).
func (*Server) EnableAuth ¶
func (s *Server) EnableAuth(name string, f SaslServerFactory)
EnableAuth enables an authentication mechanism on this server.
This function should not be called directly, it must only be used by libraries implementing extensions of the SMTP protocol.
func (*Server) ForEachConn ¶
ForEachConn iterates through all opened connections.
func (*Server) ListenAndServe ¶
ListenAndServe listens on the network address s.Addr and then calls Serve to handle requests on incoming connections.
If s.Addr is blank and LMTP is disabled, ":smtp" is used.
func (*Server) ListenAndServeTLS ¶
ListenAndServeTLS listens on the TCP network address s.Addr and then calls Serve to handle requests on incoming TLS connections.
If s.Addr is blank, ":smtps" is used.
func (*Server) SetMinimumCaps ¶
func (*Server) Shutdown ¶
Shutdown gracefully shuts down the server without interrupting any active connections. Shutdown works by first closing all open listeners and then waiting indefinitely for connections to return to idle and then shut down. If the provided context expires before the shutdown is complete, Shutdown returns the context's error, otherwise it returns any error returned from closing the Server's underlying Listener(s).
type Session ¶
type Session interface { // Discard currently processed message. Reset() // Free all resources associated with session. Logout() error // Authenticate the user using SASL PLAIN. AuthPlain(username, password string) error // Authenticate the user using SASL LOGIN. AuthLogin(username, password string) error // Authenticate the user using SASL LOGIN. AuthCramMd5(username, password string) error // Authenticate the user using SASL LOGIN. AuthToken(token string) error // Set return path for currently processed message. Mail(from string, opts *MailOptions) error // Add recipient for currently processed message. Rcpt(to string) error // Set currently processed message contents and send it. // // r must be consumed before Data returns. Data(r io.Reader) error // Var CanContinue() error Verp() string }
Session is used by servers to respond to an SMTP client.
The methods are called when the remote client issues the matching command.
type StatusCollector ¶
StatusCollector allows a backend to provide per-recipient status information.