cypht icon indicating copy to clipboard operation
cypht copied to clipboard

Published 20 hours ago verified publisher icon cypht-org

Use proxy to connect to mail servers

Open tianze0926 opened this issue 2 years ago • 4 comments

🚀 Feature

Is it possible to make cypht connect to IMAP and SMTP servers through proxies such as SOCKS5? There are occasions when the client cannot directly access the mail server. So proxies such as SOCKS5 can be used to proxy TCP payload, like IMAP.

Design, Layout, Architecture

Since I am not familiar with php, a golang implementation reference can be found at https://stackoverflow.com/a/71182894.

The procedure can be roughly described as:

  • Open a TCP connection to the SOCKS5 server
  • send and receive SOCKS5 data
  • send and receive TLS data
  • sned and receive application layer data, such as IMAP and SMTP

tianze0926 avatar Sep 19 '23 12:09 tianze0926

Currently Cypht cannot use SOCKS5. PHP has no built in support for SOCKS5, though it looks like some user written libraries exist. This is possible to implement but would need some dev resources to understand the SOCKS5 protocol and implement the request/response process. We do already support enabling TLS on an open socket since that is how STARTTLS works.

jasonmunro avatar Sep 21 '23 19:09 jasonmunro

@tianze0926 Is this something Cypht should do vs something done via the server? (and transparent to Cypht)

marclaporte avatar Sep 23 '23 00:09 marclaporte

@marclaporte Cypht should support the client side of SOCKS protocol.

Taking IMAP TLS for example, Cypht currently executes the TCP and TLS handshakes with the IMAP server in one function call. However in order to use SOCKS proxy, Cypht should:

  1. make TCP connection with the proxy server
  2. send some SOCKS payload to tell the proxy server which remote address (the IMAP server in this case) to connect to
  3. after the proxy server connects to the IMAP server, Cypht can then treat the proxy server as if it were the IMAP and establish TLS and send IMAP stuff

Here is a example sequence diagram: (replies from the proxy server and the IMAP server are omitted)

sequenceDiagram
  participant C as Cypht
  participant P as SOCKS Proxy
  participant I as IMAP
  C->>P: open a TCP connection
  C->>P: tell the proxy to connect to `imap.gmail.com:993`
  P->>I: open a TCP connection
  C->>P: TLS
  P->>I: TLS
  C->>P: IMAP commands
  P->>I: IMAP commands

As you can see, the TCP and TLS handshakes should be seperated instead of done by single function call. The SOCKS5 protocol is very simple and can be easily implemented even from scratch. It's the TLS part that troubles me since I couldn't find appropriate methods to perform TLS after a plain TCP connection is established.

tianze0926 avatar Sep 23 '23 03:09 tianze0926

The SOCKS5 protocol is very simple and can be easily implemented even from scratch.

Ok, but for the record, here are some options: https://packagist.org/?query=SOCKS

marclaporte avatar Sep 23 '23 04:09 marclaporte