Fixing smtp server code

2020-10-27 20:31:12 +08:00 · 2020-10-27 20:31:12 +08:00 · a02ce61b6d
commit a02ce61b6d
parent bc798af234
1 changed files with 39 additions and 1 deletions
--- a/smtp2slack4qnap.py
+++ b/smtp2slack4qnap.py
@ -7,7 +7,6 @@
 # generate self-signed cert (better than nothing):
 # openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3650 -nodes -subj '/CN=localhost'

-import os
 import ssl
 import asyncio
 from aiosmtpd.controller import Controller
@ -18,6 +17,45 @@ from base64 import b64encode, b64decode
 import requests
 import email
 import json
+import html2text
+import re
+import os
+
+### CONFIG DATA
+
+# for SMTP AUTH LOGIN (SECRET = sha256(password) avoiding storing plaintext)
+USER = 'qnap-messenger'
+SECRET = '60E9CFC9BEEBE71B0954A29FDABC67EB8AB9622140846A3970220D3E905BD28E'
+
+# SMTP listener (set to localhost if running on QNAP device)
+LHOST, LPORT = '0.0.0.0', 1025
+
+# target slack authenticated webhook url (keep confidential!)
+WEBHOOK_URL = 'http://slack2chat.ipa.champion/AAAAcMVs3C4?key=AIzaSyDdI0hCZtE6vySjMm-WEfRq3CPzqKqqsHI&token=IAoPWEptPtdR1TOS6XtUhqOWZgPwAhabl_sqSvwjtjk%3D'
+
+### END OF CONFIG DATA
+
+# implemented LOGIN authentication (non-RFC compliant, works with QNAP-NAS)
+# overkill for running locally, but mandatory for remote
+class MyServer(Server):
+    authenticated = False
+    @syntax('AUTH LOGIN')
+    async def smtp_AUTH(self, arg):
+        if arg != 'LOGIN':
+            await self.push('501 Syntax: AUTH LOGIN')
+            return
+        await self.push('334 VXNlcm5hbWU=') # b64('Username')
+        username = await self._reader.readline()
+        username = b64decode(username.rstrip(b'\r\n'))
+        await self.push('334 UGFzc3dvcmQ=') # b64('Password')
+        password = await self._reader.readline()
+        password = b64decode(password.rstrip(b'\r\n'))
+        if username.decode() == USER and sha256(password).hexdigest() == SECRET:
+            self.authenticated = True
+            print("[+] Authenticated")
+            await self.push('235 2.7.0 Authentication successful')
+        else:
+            await self.push('535 Invalid credentials')

 # requires STARTTLS
 # again, overkill for running locally, but mandatory for remote