search

slimta / python-slimta

Python libraries to send, receive, and queue email.
https://slimta.org/
MIT License
171 stars 43 forks source link

RFC: passing the Server object into self._call_custom_handler('TLSHANDSHAKE_COMPLETE) for hostname validation #161

Closed splbio closed 3 years ago

splbio commented 4 years ago

I am thinking of submitting a patch to slimta in order to add another hook TLSHANDSHAKE_COMPLETE that would be identical to the self._call_custom_handler('TLSHANDSHAKE'), except that we would likely pass in the Server object itself, or at least the Server.io object.

Why do we want this?

We want to be able to do a few basic SSL certificate checks in our code. Unfortunately due to slimta design (which is quite nice) the SSL socket is abstracted away such that it does not appear we can access it during hooks as part of authentication. (we want to do a basic client cert validity check based on IP/name)

As such wondering if you would be open to a patch to add an auxiliary hook to pass this down.

I believe it might be useful to pass the socket to other callbacks as well so other checks can be done at the OS level.

What do you think?

splbio commented 4 years ago 
diff --git a/slimta/smtp/server.py b/slimta/smtp/server.py
index b70add4..f7ee0f4 100644
--- a/slimta/smtp/server.py
+++ b/slimta/smtp/server.py
@@ -161,6 +161,7 @@ class Server(object):
         if not self.io.encrypt_socket_server(self.context):
             return False
         self._call_custom_handler('TLSHANDSHAKE')
+        self._call_custom_handler('TLSHANDSHAKE_COMPLETE', self)
         return True

     def _check_close_code(self, reply):