From 2a64efcc3a267e8eb89addeeadac67fe6deaf5e8 Mon Sep 17 00:00:00 2001 From: Zhang Jingqiang Date: Wed, 15 May 2024 19:21:08 +0800 Subject: [PATCH] g3-dpi: add port for On-Demand Mail Relay protocol --- doc/standards.md | 2 ++ g3proxy/src/inspect/smtp/initiation.rs | 1 + lib/g3-dpi/src/protocol/bittorrent.rs | 1 + lib/g3-dpi/src/protocol/ftp.rs | 2 ++ lib/g3-dpi/src/protocol/imap.rs | 1 + lib/g3-dpi/src/protocol/inspect.rs | 3 ++- lib/g3-dpi/src/protocol/mod.rs | 2 ++ lib/g3-dpi/src/protocol/nats.rs | 1 + lib/g3-dpi/src/protocol/nntp.rs | 1 + lib/g3-dpi/src/protocol/pop3.rs | 1 + lib/g3-dpi/src/protocol/portmap.rs | 1 + lib/g3-dpi/src/protocol/ssh.rs | 1 + 12 files changed, 16 insertions(+), 1 deletion(-) diff --git a/doc/standards.md b/doc/standards.md index d7b67dc1..fe00c99d 100644 --- a/doc/standards.md +++ b/doc/standards.md @@ -300,6 +300,8 @@ The code should comply to these, but should be more compliant to existing popula : Simple Mail Transfer Protocol - [rfc6409](https://datatracker.ietf.org/doc/html/rfc6409) : Message Submission for Mail + - [rfc2645](https://datatracker.ietf.org/doc/html/rfc2645) + : ON-DEMAND MAIL RELAY (ODMR) SMTP with Dynamic IP Addresses - [rfc6152](https://datatracker.ietf.org/doc/html/rfc6152) : SMTP Service Extension for 8-bit MIME Transport - [rfc3030](https://datatracker.ietf.org/doc/html/rfc3030) diff --git a/g3proxy/src/inspect/smtp/initiation.rs b/g3proxy/src/inspect/smtp/initiation.rs index f7b7d913..c74c8ee6 100644 --- a/g3proxy/src/inspect/smtp/initiation.rs +++ b/g3proxy/src/inspect/smtp/initiation.rs @@ -197,6 +197,7 @@ impl Initiation { "RRVS" => true, // Require Recipient Valid Since, RFC7293, add a RCPT param key "REQUIRETLS" => true, // Require TLS, RFC8689, add a MAIL param key "LIMITS" => true, // LIMITS, RFC9422 + "ATRN" => true, // On-Demand Mail Relay, RFC2645, change the protocol _ => false, } } diff --git a/lib/g3-dpi/src/protocol/bittorrent.rs b/lib/g3-dpi/src/protocol/bittorrent.rs index 3986eecd..da2db77f 100644 --- a/lib/g3-dpi/src/protocol/bittorrent.rs +++ b/lib/g3-dpi/src/protocol/bittorrent.rs @@ -40,6 +40,7 @@ impl ProtocolInspectState { self.exclude_other(MaybeProtocol::Ftp); self.exclude_other(MaybeProtocol::Ssh); self.exclude_other(MaybeProtocol::Smtp); + self.exclude_other(MaybeProtocol::Odmr); self.exclude_other(MaybeProtocol::Pop3); self.exclude_other(MaybeProtocol::Imap); self.exclude_other(MaybeProtocol::Http); diff --git a/lib/g3-dpi/src/protocol/ftp.rs b/lib/g3-dpi/src/protocol/ftp.rs index 31797c8c..262a41b7 100644 --- a/lib/g3-dpi/src/protocol/ftp.rs +++ b/lib/g3-dpi/src/protocol/ftp.rs @@ -38,6 +38,7 @@ impl ProtocolInspectState { // 0x31 self.ftp_exclude_by_byte0(); self.exclude_other(MaybeProtocol::Smtp); + self.exclude_other(MaybeProtocol::Odmr); self.exclude_other(MaybeProtocol::Nntp); if &data[0..3] == b"120" { @@ -63,6 +64,7 @@ impl ProtocolInspectState { // 0x34 self.ftp_exclude_by_byte0(); self.exclude_other(MaybeProtocol::Smtp); + self.exclude_other(MaybeProtocol::Odmr); self.exclude_other(MaybeProtocol::Nntp); if &data[0..3] == b"421" { diff --git a/lib/g3-dpi/src/protocol/imap.rs b/lib/g3-dpi/src/protocol/imap.rs index 30835d3c..2c15b62a 100644 --- a/lib/g3-dpi/src/protocol/imap.rs +++ b/lib/g3-dpi/src/protocol/imap.rs @@ -43,6 +43,7 @@ impl ProtocolInspectState { self.exclude_other(MaybeProtocol::Ftp); self.exclude_other(MaybeProtocol::Ssh); self.exclude_other(MaybeProtocol::Smtp); + self.exclude_other(MaybeProtocol::Odmr); self.exclude_other(MaybeProtocol::Pop3); self.exclude_other(MaybeProtocol::Nntp); self.exclude_other(MaybeProtocol::Nats); diff --git a/lib/g3-dpi/src/protocol/inspect.rs b/lib/g3-dpi/src/protocol/inspect.rs index a607ed8f..76fffc2c 100644 --- a/lib/g3-dpi/src/protocol/inspect.rs +++ b/lib/g3-dpi/src/protocol/inspect.rs @@ -110,6 +110,7 @@ impl ProtocolInspectState { MaybeProtocol::BitTorrent => self.check_bittorrent_tcp_handshake(data), MaybeProtocol::Ftp | MaybeProtocol::Smtp + | MaybeProtocol::Odmr | MaybeProtocol::Pop3 | MaybeProtocol::Nntp | MaybeProtocol::Nnsp @@ -147,7 +148,7 @@ impl ProtocolInspectState { match proto { MaybeProtocol::Ftp => self.check_ftp_server_greeting(data, size_limit), MaybeProtocol::Ssh => self.check_ssh_server_protocol_version_exchange(data), - MaybeProtocol::Smtp => self.check_smtp_server_greeting(data), + MaybeProtocol::Smtp | MaybeProtocol::Odmr => self.check_smtp_server_greeting(data), MaybeProtocol::Pop3 => self.check_pop3_server_greeting(data), MaybeProtocol::Nntp | MaybeProtocol::Nnsp => self.check_nntp_server_greeting(data), MaybeProtocol::Imap => self.check_imap_server_greeting(data, size_limit), diff --git a/lib/g3-dpi/src/protocol/mod.rs b/lib/g3-dpi/src/protocol/mod.rs index e64a4782..5d2b242c 100644 --- a/lib/g3-dpi/src/protocol/mod.rs +++ b/lib/g3-dpi/src/protocol/mod.rs @@ -31,6 +31,7 @@ pub use portmap::{ProtocolPortMap, ProtocolPortMapValue}; pub enum MaybeProtocol { Http, Smtp, + Odmr, // On-Demand Mail Relay, a restricted profile of SMTP Ssh, Ftp, Dns, @@ -88,6 +89,7 @@ impl FromStr for MaybeProtocol { match s.to_lowercase().as_str() { "http" => Ok(MaybeProtocol::Http), "smtp" => Ok(MaybeProtocol::Smtp), + "odmr" => Ok(MaybeProtocol::Odmr), "ssh" => Ok(MaybeProtocol::Ssh), "ftp" => Ok(MaybeProtocol::Ftp), "pop3" => Ok(MaybeProtocol::Pop3), diff --git a/lib/g3-dpi/src/protocol/nats.rs b/lib/g3-dpi/src/protocol/nats.rs index 7ba1f1ff..96a05812 100644 --- a/lib/g3-dpi/src/protocol/nats.rs +++ b/lib/g3-dpi/src/protocol/nats.rs @@ -42,6 +42,7 @@ impl ProtocolInspectState { self.exclude_other(MaybeProtocol::Ftp); self.exclude_other(MaybeProtocol::Ssh); self.exclude_other(MaybeProtocol::Smtp); + self.exclude_other(MaybeProtocol::Odmr); self.exclude_other(MaybeProtocol::Pop3); self.exclude_other(MaybeProtocol::Nntp); self.exclude_other(MaybeProtocol::Imap); diff --git a/lib/g3-dpi/src/protocol/nntp.rs b/lib/g3-dpi/src/protocol/nntp.rs index 1be26c27..dd59d5f3 100644 --- a/lib/g3-dpi/src/protocol/nntp.rs +++ b/lib/g3-dpi/src/protocol/nntp.rs @@ -57,6 +57,7 @@ impl ProtocolInspectState { // exclude impossible protocols self.exclude_other(MaybeProtocol::Ftp); self.exclude_other(MaybeProtocol::Smtp); + self.exclude_other(MaybeProtocol::Odmr); if !matches!(data[2], b'0' | b'1') { self.exclude_current(); diff --git a/lib/g3-dpi/src/protocol/pop3.rs b/lib/g3-dpi/src/protocol/pop3.rs index 09da8133..b8cd00dc 100644 --- a/lib/g3-dpi/src/protocol/pop3.rs +++ b/lib/g3-dpi/src/protocol/pop3.rs @@ -46,6 +46,7 @@ impl ProtocolInspectState { self.exclude_other(MaybeProtocol::Ftp); self.exclude_other(MaybeProtocol::Ssh); self.exclude_other(MaybeProtocol::Smtp); + self.exclude_other(MaybeProtocol::Odmr); self.exclude_other(MaybeProtocol::Nntp); self.exclude_other(MaybeProtocol::Imap); self.exclude_other(MaybeProtocol::Nats); diff --git a/lib/g3-dpi/src/protocol/portmap.rs b/lib/g3-dpi/src/protocol/portmap.rs index a032aaef..dba767c4 100644 --- a/lib/g3-dpi/src/protocol/portmap.rs +++ b/lib/g3-dpi/src/protocol/portmap.rs @@ -128,6 +128,7 @@ impl ProtocolPortMap { map.insert(119, MaybeProtocol::Nntp); map.insert(143, MaybeProtocol::Imap); map.insert(322, MaybeProtocol::Rtsps); + map.insert(366, MaybeProtocol::Odmr); map.insert(433, MaybeProtocol::Nnsp); map.insert(443, MaybeProtocol::Https); map.insert(465, MaybeProtocol::Submissions); diff --git a/lib/g3-dpi/src/protocol/ssh.rs b/lib/g3-dpi/src/protocol/ssh.rs index 7e436b6a..ed8705a0 100644 --- a/lib/g3-dpi/src/protocol/ssh.rs +++ b/lib/g3-dpi/src/protocol/ssh.rs @@ -118,6 +118,7 @@ impl ProtocolInspectState { // exclude impossible protocols self.exclude_other(MaybeProtocol::Ftp); self.exclude_other(MaybeProtocol::Smtp); + self.exclude_other(MaybeProtocol::Odmr); self.exclude_other(MaybeProtocol::Pop3); self.exclude_other(MaybeProtocol::Nntp); self.exclude_other(MaybeProtocol::Imap);