pluggable auth

[nbryant42]

Is your feature request related to a problem? Please describe. Some clients can't be configured without AUTH. So auth is needed, even if it's only a noop.

Describe the solution you'd like I started looking at your AUTH filter mechanism with an eye to plugging in a dummy/noop filter, but I realized it was just a work in progress because the framework doesn't return the data structures required by smtp-server

Describe alternatives you've considered Locally I'm running a barebones patch that at least returns the minimally required data structures. I know this isn't the proper long-term solution.

diff --git a/src/server.ts b/src/server.ts
index 13cf81a..9265431 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -250,12 +250,7 @@ export class SmtpServer {
    * @param callback
    */
   async onAuth(auth: SMTPServerAuthentication, session: SmtpSession, callback: SmtpCallback) {
-    try {
-      await this.filter("Auth", session, [auth, session]);
-      this.manageCallback(session, callback);
-    } catch (err) {
-      callback(err);
-    }
+    return callback(null, {user: auth.username});
   }

   /**

[akkoehl]

This did solve the issue I was having about username not being defined: 535 Cannot read properties of undefined (reading 'user') - and now it does "allow auth" but it allows any username or password to be passed in to work. Where am I supposed to be setting my username and password required? I tried setting it in the options section of aws-smtp-relay.json

  "options": {
    "disableReverseLookup": false,
    "authOptional": false,
    "user": "username",
    "password": "password",
    "logger": true,
    "disabledCommands": "STARTTLS"
   }
}

But that did NOT seem to set it or require it to be correct. I tried setting in the env variables when starting the server but that didn't seem to work either. I can pass any user and password in and it still says it is authing successfully.

[akkoehl]

Also I saw in the comments that secure: true needs to be set for Auth to work, I tried setting secure: true in my options here but my server fails to start up with just enabling that option

Authentication is only allowed in secure mode (either the server is started with secure:true option or STARTTLS command is used)

Error 140506023090112:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:

[loopingz]

@nbryant42 sorry about my lack of answer on this issue: you are right that this one not yet part of my use case. I will have a look to answer both of you.

[loopingz]

@akkoehl you can use this option: options.allowInsecureAuth optional boolean, if set to true allows authentication even if connection is not secured first.

The software relies on the excellent library smtp-server where you can find the extended doc: https://nodemailer.com/extras/smtp-server/

@nbryant42 I just added a static-auth filter and update the onAuth to take into account a good result. I added support for different hashes method including a plain text one, and hmac if salt is defined

[akkoehl]

@loopingz - I am using the most updated code and trying to enable AUTH but can't quite seem to get it to work. I tried using allowInsecureAuth but that doesn't do it with static-auth and tried to add user and pass there as well.

      {
          "type": "static-auth",
          "user": "test",
          "password": "test"

        }

and/or

    "disableReverseLookup": false,
    // Do not require auth
    "allowInsecureAuth": false,
    "logger": true

Can you point me in the right direction here?

When starting server I am getting the error: throw new Error("static-auth filter requires to have authentication defined");

[loopingz]

@akkoehl have you checked the different configuration examples? https://github.com/loopingz/smtp-relay/blob/main/tests/auth.json https://github.com/loopingz/smtp-relay/blob/main/configs/fake-smtp-with-auth.jsonc

The user is defined with a username and password and requires the hash or plain, or if not specified environment variables are used with SMTP_USERNAME and SMTP_PASSWORD

[akkoehl]

ah yes, thank you. I was missing the plan: in the password config

[akkoehl]

I did try setting a docker ENV for SMTP_USERNAME but it didn't like that and when launching the node app, I tried to export SMTP_PASSWORD in the same command but it didn't like that either. I think this will give me a path forward. Appreciate the quick response.