Socket
Socket
Sign inDemoInstall

smtp-server

Package Overview
Dependencies
2
Maintainers
1
Versions
65
Alerts
File Explorer

Advanced tools

npm Scripts
License

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.9.0-beta.0 to 1.9.0

6

.eslintrc.js

@@ -55,3 +55,7 @@ 'use strict';

extends: 'eslint:recommended',
fix: true
fix: true,
globals: {
Map: false,
Set: false
}
};

4

CHANGELOG.md
# Changelog
## v1.9.0-beta.0 2016-02-05
## v1.9.0 2016-02-20
* Added new connection method `onClose`
* Preserve session object, do not re-create it for every transaction
* Added new server option `allowInsecureAuth`

@@ -7,0 +9,0 @@ ## v1.8.0-beta.0 2016-01-26

50

lib/smtp-connection.js

@@ -37,3 +37,5 @@ 'use strict';

// session data (envelope, user etc.)
this.session = false;
this.session = this.session = {
id: this._id
};

@@ -132,3 +134,3 @@ // how many messages have been processed

this._startSession();
this._resetSession();

@@ -434,21 +436,23 @@ this._server.onConnect(this.session, function (err) {

/**
* Sets up a new session
* Resets or sets up a new session. We reuse existing session object to keep
* application specific data.
*/
SMTPConnection.prototype._startSession = function () {
var user = this.session.user || false;
SMTPConnection.prototype._resetSession = function () {
this.session = {
id: this._id,
remoteAddress: this.remoteAddress,
clientHostname: this.clientHostname,
hostNameAppearsAs: this.hostNameAppearsAs,
envelope: {
mailFrom: false,
rcptTo: []
},
user: user,
transaction: this._transactionCounter + 1,
xClient: this._xClient,
xForward: this._xForward
var session = this.session;
// reset data that might be overwritten
session.remoteAddress = this.remoteAddress;
session.clientHostname = this.clientHostname;
session.hostNameAppearsAs = this.hostNameAppearsAs;
session.xClient = this._xClient;
session.xForward = this._xForward;
// reset transaction properties
session.envelope = {
mailFrom: false,
rcptTo: []
};
session.transaction = this._transactionCounter + 1;
};

@@ -496,3 +500,3 @@

this._startSession(); // EHLO is effectively the same as RSET
this._resetSession(); // EHLO is effectively the same as RSET
this.send(250, ['OK: Nice to meet you ' + this.clientHostname].concat(features || []));

@@ -517,3 +521,3 @@

this._startSession(); // HELO is effectively the same as RSET
this._resetSession(); // HELO is effectively the same as RSET
this.send(250, 'OK: Nice to meet you ' + this.clientHostname);

@@ -545,3 +549,3 @@

SMTPConnection.prototype.handler_RSET = function (command, callback) {
this._startSession();
this._resetSession();

@@ -843,3 +847,3 @@ this.send(250, 'Flushed');

if (!this.secure && this._isSupported('STARTTLS') && !this._server.options.hideSTARTTLS) {
if (!this.secure && this._isSupported('STARTTLS') && !this._server.options.hideSTARTTLS && !this._server.options.allowInsecureAuth) {
this.send(538, 'Error: Must issue a STARTTLS command first');

@@ -964,3 +968,3 @@ return callback();

this._unrecognizedCommands = 0; // reset unrecognized commands counter
this._startSession(); // reset session state
this._resetSession(); // reset session state
this._parser.continue();

@@ -967,0 +971,0 @@ }.bind(this);

8

package.json
{
"name": "smtp-server",
"version": "1.9.0-beta.0",
"version": "1.9.0",
"description": "Create custom SMTP servers on the fly",

@@ -13,3 +13,3 @@ "main": "lib/smtp-server.js",

"ipv6-normalize": "^1.0.1",
"nodemailer-shared": "^1.0.3"
"nodemailer-shared": "^1.0.4"
},

@@ -19,6 +19,6 @@ "devDependencies": {

"grunt": "^0.4.5",
"grunt-eslint": "^17.3.1",
"grunt-eslint": "^18.0.0",
"grunt-mocha-test": "^0.12.7",
"mocha": "^2.4.5",
"smtp-connection": "^2.1.0"
"smtp-connection": "^2.3.0"
},

@@ -25,0 +25,0 @@ "engines": {

1

README.md

@@ -40,2 +40,3 @@ # smtp-server

* **options.hideSTARTTLS** optional boolean, if set to true then allow using STARTTLS but do not advertise or require it. It only makes sense when creating integration test servers for testing the scenario where you want to try STARTTLS even when it is not advertised
* **options.allowInsecureAuth** optional boolean, if set to true allows authentication even if connection is not secured first
* **options.sniOptions** optional [Map](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Map) or an object of TLS options for SNI where servername is the key. Overrided by SNICallback.

@@ -42,0 +43,0 @@ * **options.logger** optional [bunyan](https://github.com/trentm/node-bunyan) compatible logger instance. If set to `true` then logs to console. If value is not set or is `false` then nothing is logged

26

test/smtp-connection-test.js

@@ -580,2 +580,3 @@ /* eslint no-unused-expressions:0 */

authMethods: ['PLAIN', 'LOGIN', 'XOAUTH2', 'CRAM-MD5'],
allowInsecureAuth: true,
onAuth: function (auth, session, callback) {

@@ -680,3 +681,4 @@ if (auth.method === 'XOAUTH2') {

},
authMethod: 'LOGIN'
authMethod: 'LOGIN',
logger: false
});

@@ -697,2 +699,24 @@

it('should authenticate without STARTTLS', function (done) {
var connection = new Client({
port: PORT,
host: '127.0.0.1',
ignoreTLS: true,
authMethod: 'LOGIN',
logger: false
});
connection.on('end', done);
connection.connect(function () {
connection.login({
user: 'testuser',
pass: 'testpass'
}, function (err) {
expect(err).to.not.exist;
connection.quit();
});
});
});
it('should fail', function (done) {

@@ -699,0 +723,0 @@ var connection = new Client({

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc