ChangemakerStudios / Papercut-SMTP

Papercut SMTP -- The Simple Desktop Email Server
2.95k stars 272 forks source link

Support for SMTP Auth and TLS #102

Open markusschaber opened 6 years ago

markusschaber commented 6 years ago

Hi,

As far as I can see, Papercut supports neither SMTP auth, nor TLS via STARTTLS.

(At least we wanted to test our client with Papercut, and didn't find any docs nor config options in the UI to configure this.)

Thus, I file this ticket as a suggestion to either implement it, or document it if it's already there :-)

Thanks a lot for your great work!

jijiechen commented 6 years ago

Very good idea. Thanks. Any thoughts? @Jaben

Jaben commented 6 years ago

I never felt that Papercut should be a reference/test SMTP server due to effort required to fully support more advanced features of an SMTP protocol -- that begin said, I would consider removing the existing SMTP server implementation all together and switching to a better open source/nuget implementation instead which would give Papercut more advanced SMTP options.

Not the highest priority, though.

markusschaber commented 6 years ago

Papercut is advertised as a test SMTP receiver (See "What it does" on https://github.com/ChangemakerStudios/Papercut). And as far as I can see, most software nowadays needs to use STARTTLS and/or SMTP auth in production, open relays are getting extinct due to spammers. So if we want to use Papercut as test endpoint, we need to special case the code path to not use those options when we run against Papercut. :-( That said, I fully understand if this use case is not in your focus, or too much effort.

jijiechen commented 6 years ago

It seems at least the web UI need to support secure connection ASAP, otherwise the notification functionalities will not be available... :-(

https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-powerful-features-on-insecure-origins

markusschaber commented 6 years ago

@jjchen-tw I'm not completely sure about that - the site explicitly states: "http://localhost is treated as a secure origin"

jijiechen commented 6 years ago

@markusschaber You are right, and I am able to verify that. I'm thinking of the scenario of using Papercut at a central service, and several QAs use a same instance. In fact, that's the original reason why I contributed to the web UI feature.

On a local machine, even the HTML5 notification works great.

markusschaber commented 6 years ago

Ah, I never thought about using Papercut in a non-localhost scenario. :-( It seems Papercut needs a good security feature enhancement Upgrade then. :-)

markusschaber commented 6 years ago

I just found those while doing some research for our projects:

https://github.com/cosullivan/SmtpServer seems to be a SMTP server in C# with MIT license.

https://github.com/pmengal/MailSystem.NET also contains SMTP, but it's LGPL, which is technically compatible with the Papercut Apache License, but not in spirit. :-)

jijiechen commented 6 years ago

We are working on switching to the SMTPServer to support SMTP, So we get a chance to review this. I'll follow up soon.

markusschaber commented 6 years ago

That's good news, thanks!

stale[bot] commented 5 years ago

Aloha! I'm ScissorBot :scissors: -- the bot in charge of keeping the issues tidy. It looks like this issue is stale due to lack of activity. Unfortunately, I'll be closing it if there is no further activity. 😞 Please contribute to the issue to keep it open. Thanks!

markusschaber commented 5 years ago

@jijiechen As the ScissorBot woke up, are there any news?

jijiechen commented 5 years ago

Well, I do have a plan to support, but I don’t have enough time in the future 3 months.

Sent from my iPhone

On Feb 7, 2019, at 15:09, Markus Schaber notifications@github.com<mailto:notifications@github.com> wrote:

@jijiechenhttps://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fjijiechen&data=02%7C01%7C%7Cc2cc5f093c31440743d308d68ccb446d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636851201984660164&sdata=giSHQAMEWw3uj7QqU1JK9vjWbM2GaCIdu3pimG583Ks%3D&reserved=0 As the ScissorBot woke up, are there any news?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FChangemakerStudios%2FPapercut%2Fissues%2F102%23issuecomment-461310568&data=02%7C01%7C%7Cc2cc5f093c31440743d308d68ccb446d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636851201984670126&sdata=1jZv0YS%2Fg7wZfvWsW%2FBXJ%2BacsfpwraPyEoYEf94c%2B5c%3D&reserved=0, or mute the threadhttps://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FABIBvD-JcI8K65yB3xOBXeYe6EetAQtvks5vK9FEgaJpZM4S8s5F&data=02%7C01%7C%7Cc2cc5f093c31440743d308d68ccb446d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636851201984690190&sdata=3fOZqvY8zUFYCsXkh93frf8QNUOI4XEv5pAQAT%2B%2B7ok%3D&reserved=0.

markusschaber commented 5 years ago

Hmm. I guess our comments are enough to keep the scissor bot satisifed for the next three months. :-)

Jaben commented 5 years ago

The switch to SmtpServer is done -- but I haven't released it yet. You can check it out in the dev branch.

markusschaber commented 5 years ago

To be honest, we don't use PaperCut in our process any more, right now. But we have some use cases in our backlog which might us make use of PaperCut again, I'll come back then.

molnarm commented 4 years ago

Hi, What's the status of this? I see that the transition to SmtpServer has been completed a couple releases ago, but I still don't see any security-related options in the configuration (e.g. credentials for smtp auth).

kekkers23 commented 4 years ago

Hi, What's the status of this? I see that the transition to SmtpServer has been completed a couple releases ago, but I still don't see any security-related options in the configuration (e.g. credentials for smtp auth).

++

adamtoakley commented 3 years ago

Excited about the 6.0 Release! Any Idea when that will come out!?

Thanks for a really cool app! This helps our workflow tremendously!

Identekit commented 3 years ago

Excited about the 6.0 Release too!

I've been using this tool for years now and love it. I'm working on a project now that will add auth to our app when sending emails. Unfortunately this means I can't use Papercut SMTP to test anymore. Support for security would be such a great addition to this software.

elliotclements-mendix commented 2 years ago

+1 additional security options would be a great addition

0xCaponte commented 2 years ago

Regarding this feature, I see it was removed from the To do. Do you have future plans for it or it is on ice until futrher notice?

And of course, thank you for developing and maintaining such a great tool.

replaysMike commented 1 year ago

+1 I'd love to see this (if I have time maybe I'll submit a PR), considering it probably wouldn't be that difficult to add in. I'm 50/50 on agreeing that TLS really isn't the main use case for PaperCut, however it'd be great for testing TLS implementations.

kokloler commented 1 year ago

What? Was this send to the wrong person

On Thu, 15 Jun 2023, 00:35 Michael Brown, @.***> wrote:

+1 I'd love to see this (if I have time maybe I'll submit a PR), considering it probably wouldn't be that difficult to add in. I'm 50/50 on agreeing that TLS really isn't the main use case for PaperCut, however it'd be great for testing TLS implementations.

— Reply to this email directly, view it on GitHub https://github.com/ChangemakerStudios/Papercut-SMTP/issues/102#issuecomment-1592081712, or unsubscribe https://github.com/notifications/unsubscribe-auth/A3HRFFILGWORWY374UIP23DXLI4C3ANCNFSM4EXSZZCQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>

microalps commented 6 months ago

Regarding TLS encryption - I worked on some POC code some time ago. See https://github.com/microalps/Papercut-SMTP/commit/e3f5e4f8a4ed633ea19d83815594101188df4026 - would there be any interest in a PR?

edbenson commented 2 months ago

Regarding TLS encryption - I worked on some POC code some time ago. See microalps@e3f5e4f - would there be any interest in a PR?

@microalps Thank for your work on this -- I checked out & built your fork as I needed to test a client with TLS encryption.

Your fork worked for me! The hard part for me was to create the certificate.

microalps commented 2 months ago

@edbenson If you don't mind sharing more details about your difficulty (or was it simply just learning curve) and any articles you used to generate the final certificate. I'm sure it would be a good reference for others, and eventually the PR once the maintainers release v7 and are ready to look at the commit.

edbenson commented 2 months ago

@microalps The hard part was learning how TLS certificates work and then how to create & register a self-signed TLS/SSL certificate... For me this webpage was the best at explaining it.