SMTPRD-NG
SMTP relay-daemon next-generation. Originally from https://www.hackitu.de/smtprd.
Listen locally on a predefined port for SMTP requests and relay them to another SMTP server.
A typical usecase would be to unify all local services which use email notification and let them relay through this script. This way you don't need to specify email, username and password each and everytime for locally running services.
This can also for example use msmtp. This way scripts can use sendmail which connect to smtprd-ng which relays the mail.
Additionally, we can sign and encrypt the emails with S/MIME certificates, which adds a layer of authentification and security for automated information delivery (think security notifications, logs, etc.)
Please note: This will only forward emails to email addresses specified in config.ini, so it is not useful as a general SMTP-relay (like msmtp) but only for a predefined email set. This is by design.
For now, this is a proof-of-concept.
Features
- Relay emails received on a locally listening SMTP server
- Encrypt and sign the relayed mails
Installation/Hacking
There is no real installation routine in place as of now. If you want to give this a try, there is a number of ways to do so:
nix (non-flakes)
Clone this repo and run nix-build .
nix (flakes)
nix run git+https://seed.radicle.garden/z3gWc1qgaeZaoGwL4WTstLNoqjayM.git -- --config config.ini
python wheel
Clone this repo and run python -m build.
Note: build must be installed. You should use a venv for this.
python (as is)
- Clone this repo
- Create a
venv - Install requirements with
pip install -r requirements.txt - Run
python smtprd_ng/smtprd.py
devenv
Clone this repo and run devenv shell
docker
- Clone this repo
cp config.example config.ini- edit
config.inias you need it. I'd suggest using/app/pwas password file and bild-mounting it. docker build -t smtprd-ng:latest .docker run -p 8025:8025 -v ./config.ini:/app/config.ini -v ./pw:/app/pw --rm -it smtprd-ng:latest
Contributing
Contributions are always welcome!
Please read https://radicle.xyz/guides/user to get used to clone this repo with radicle and submit patch or issues.
If you just want to clone the repo without radicle you can clone the repo with git clone https://seed.radicle.garden/z3gWc1qgaeZaoGwL4WTstLNoqjayM.git smtprd-ng
Beware: This is alpha ;-)
License
Usage/Examples
Copy config.example to config.ini and adjust to your usecase.
Run smtprd-ng --config config.ini
The script will listen on the specified port for smtp requests and forward them to the specified upstream SMTP serer.
If you want to give sign and encryption a go, you need to set
smime_cert = /path/to/cert
smime_cert_private = /path/to/cert.key
[emails]
monitoring.foo@example.com = /path/to/recipient_cert
Where
smime_certis the path to the S/MIME certificate of the sender in PEM format.smime_cert_privateis the path to the S/MIME priate key of the sender in PEM formatmonitoring.foo@example.comis the recipient and/path/to/recipient_certis the path to the certificate of the recipient in PEM format
Plese note: Right now, there is no way to set a password, so the private key is unprotected and should only be used for this automation and have appropiate file permissions. I might add the option to set a password through the config file in the future, though.
Systemd
An example systemd file is in the sytemd subfolder. Be sure to replace @smtprd@ with a path to the python executable.
For NixOS you yan use the provided nixosModule like so:
# flake.nix
{
inputs.smtp = {
url = "git+https://seed.radicle.garden/z3gWc1qgaeZaoGwL4WTstLNoqjayM.git";
};
outputs = inputs@{ ... }: {
nixosConfigurations = {
my-config = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
inputs.smtp.nixosModules.smtprd-ng
{
services.smtprd-ng = {
enable = true;
client = {
hostname = "smtp.example.com";
username = "username";
password_file = "/etc/smtp_pw";
sender = "username@example.com";
start_tls = true;
smime_cert = "${./smime.crt}";
smime_cert_private = "/etc/private.key";
};
emails = {
"monitor@example.com" = "${./cert_for_monitor_example_com}";
"second_monitor@example.com" = "";
};
};
}
];
};
};
};
}
Roadmap
-
Add wheel for pypi
-
Cleanup code