email_lib: offer STARTTLS mode for outgoing SMTP

References: DESK-3469

Author: jengelh

doc/delivery.8gx

@@ -36,11 +36,7 @@ should be used.
 Default: \fI0\fP
 .TP
 \fBoutgoing_smtp_url\fP
-The SMTP server to use for outgoing mails. To use the local maildrop queue, set
-the value to \fIsendmail://localhost\fP. smtp:// is unqueued(!), and if the
-SMTP server is offline, submissions cannot be carried out.
-.br
-Default: \fIsendmail://localhost\fP
+See gromox.cfg(5):outgoing_smtp_url.
 .SH Configuration directives (delivery.cfg)
 The following directives are recognized when reading from
 /etc/gromox/delivery.cfg, or when the \fB\-c\fP option is used to specify a

doc/ews.4gx

@@ -8,17 +8,10 @@ The ews(4gx) plugin handles all requests to the \fB/EWS/Exchange.asmx\fP
 URI path.
 .SH Configuration directives (gromox.cfg)
 The following directives are recognized when they appear in
-/etc/gromox/gromox.cfg.
-.TP
-\fBoutgoing_smtp_url\fP
-The SMTP server to use for outgoing mails. To use the local maildrop queue, set
-the value to \fIsendmail://localhost\fP. smtp:// is unqueued(!), and if the
-SMTP server is offline, submissions will be rejected (and mails stick around in
-Outbox or whatever folder they were submitted from).
-.br
-Default: \fIsendmail://localhost\fP
+/etc/gromox/gromox.cfg: outgoing_smtp_url. See the gromox.cfg(5) manpage.
 .SH Configuration directives (ews.cfg)
-The following directives are recognized when they appear in etc/gromox/ews.cfg.
+The following directives are recognized when they appear in
+/etc/gromox/ews.cfg.
 .TP
 \fBews_experimental\fP
 Default: \fI0\fP

doc/exchange_emsmdb.4gx

@@ -31,12 +31,7 @@ somewhere between Unix compress(1) and gzip level 1.
 Default: \fI0\fP
 .TP
 \fBoutgoing_smtp_url\fP
-The SMTP server to use for outgoing mails. To use the local maildrop queue, set
-the value to \fIsendmail://localhost\fP. smtp:// is unqueued(!), and if the
-SMTP server is offline, submissions will be rejected (and mails stick around in
-Outbox or whatever folder they were submitted from).
-.br
-Default: \fIsendmail://localhost\fP
+See gromox.cfg(5):outgoing_smtp_url.
 .SH Configuration directives (exchange_emsmdb.cfg)
 The following directives are recognized when they appear in
 /etc/gromox/exchange_emsmdb.cfg.

doc/gromox.cfg.5

@@ -54,6 +54,16 @@ cannot be lower than 4s. The special value 0 disabled RPC timeout checking.
 .br
 Default: \fI0\fP
 .TP
+\fBoutgoing_smtp_url\fP
+The SMTP server to use for outgoing mails. To use the local maildrop queue, set
+the value to \fIsendmail://localhost\fP. smtp:// is unqueued(!), and if the
+SMTP server is offline, submissions will be rejected (and mails stick around in
+Outbox or whatever folder they were submitted from). For STARTTLS, use
+smtp+tls://, and for ignoring TLS certificate validation,
+smtp+unverifiedtls://.
+.br
+Default: \fIsendmail://localhost\fP
+.TP
 \fBruleproc_debug\fP
 Make the "TWOSTEP" Client-Side Inbox Rule Processor emit information about the
 conditions it is evaluating and the actions it is carrying out. The surrounding

doc/zcore.8gx

@@ -37,12 +37,7 @@ custom file:
 In gromox-zcore, this is treated as an alias for zcore_fd_limit.
 .TP
 \fBoutgoing_smtp_url\fP
-The SMTP server to use for outgoing mails. To use the local maildrop queue, set
-the value to \fIsendmail://localhost\fP. smtp:// is unqueued(!), and if the
-SMTP server is offline, submissions will be rejected (and mails stick around in
-Outbox or whatever folder they were submitted from).
-.br
-Default: \fIsendmail://localhost\fP
+See gromox.cfg(5):outgoing_smtp_url.
 .TP
 \fBzcore_fd_limit\fP
 Request that the file descriptor table be at least this large. The magic value

lib/email/send.cpp

@@ -11,6 +11,7 @@
 #include <vmime/mailboxList.hpp>
 #include <vmime/message.hpp>
 #include <vmime/net/transport.hpp>
+#include <vmime/security/cert/defaultCertificateVerifier.hpp>
 #include <vmime/utility/inputStreamStringAdapter.hpp>
 #include <gromox/mail.hpp>
 #include <gromox/mail_func.hpp>
@@ -70,6 +71,27 @@ ec_error_t cu_rcpt_to_list(const TPROPVAL_ARRAY &props, const char *org_name,
 	return ecServerOOM;
 }
 
+static vmime::shared_ptr<vmime::net::transport> make_transport(const char *url)
+{
+	vmime::utility::url vurl(url);
+	bool uv  = strncmp(url, "smtp+unverifiedtls:", 9) == 0;
+	bool tls = uv || strncmp(url, "smtp+tls:", 9) == 0;
+	if (tls)
+		vurl.setProtocol("smtp");
+	auto xp = vmime::net::session::create()->getTransport(std::move(vurl));
+	if (!tls)
+		return xp;
+	xp->setProperty("connection.tls", true);
+	if (!uv)
+		return xp;
+
+	struct uv_impl : public vmime::security::cert::certificateVerifier {
+		void verify(const vmime::shared_ptr<vmime::security::cert::certificateChain> &chain, const std::string &host) {}
+	};
+	xp->setCertificateVerifier(vmime::make_shared<uv_impl>());
+	return xp;
+}
+
 ec_error_t cu_send_mail(MAIL &mail, const char *smtp_url, const char *sender,
     const std::vector<std::string> &rcpt_list) try
 {
@@ -97,7 +119,7 @@ ec_error_t cu_send_mail(MAIL &mail, const char *smtp_url, const char *sender,
 	content.clear();
 	vmime::shared_ptr<vmime::net::transport> xprt;
 	try {
-		xprt = vmime::net::session::create()->getTransport(vmime::utility::url(smtp_url));
+		xprt = make_transport(smtp_url);
 		/* vmime default timeout is 30s */
 		xprt->connect();
 	} catch (const vmime::exception &e) {
@@ -140,7 +162,7 @@ ec_error_t cu_send_vmail(vmime::shared_ptr<vmime::message> msg,
 		vrcpt_list.appendMailbox(vmime::make_shared<vmime::mailbox>(r));
 	vmime::shared_ptr<vmime::net::transport> xprt;
 	try {
-		xprt = vmime::net::session::create()->getTransport(vmime::utility::url(smtp_url));
+		xprt = make_transport(smtp_url);
 		/* vmime default timeout is 30s */
 		xprt->connect();
 	} catch (const vmime::exception &e) {