haraka
Add plain TLS support to forwarded backends (465 port)
Is your feature request related to a problem? Please describe.
When mail server is reachable only via 465 port (TLS), Haraka must support it.
Describe the solution you'd like
There should be a way to configure backend to connect using 465 TLS port.
Describe alternatives you've considered
no alternatives
Is anyone working on this? If not, what is a possible time frame to a PR merged if I tackle this?
I'm building a cluster smtp relay container where some of the routing targets are 465 Implicit tls services.
Is anyone working on this?
Nobody that has spoken up.
If not, what is a possible time frame to a PR merged if I tackle this?
Clean PRs that are easy to review, and that include tests that make a reviewer confident the code does what it says on the tin, normally get merged within days.
Ok, I'll have a look and see what can be done. No promises at this stage.
Just as a proof of concept I modified this file:
node_modules/Haraka/tls_socket.js
With this code:
// around line 718
let cryptoSocket
conn_options.rejectUnauthorized=false
const tmpCryptoSocket = net.connect(conn_options);
if (conn_options.port === 465) {
conn_options.socket = tmpCryptoSocket
cryptoSocket = tls.connect(conn_options);
} else {
cryptoSocket = tmpCryptoSocket
}
Which means that opening the socket connection is not he problem. Getting the information about need for tls.socket is the tricky part.
We've had a focus shift which means that we are no longer using Haraka for the project. This means that I cannot dedicate the time for this feature.
What I've found so far is that as per my previous example it's technically quite easy. The hard part is how that information is relayed to socket connection time.
One option would be to extend the "exchange/MX" object to support this. This could also be bound like the auth is bound. I did not yet review what is the least problematic approach.