rust/lettre
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: rust:v0.11.11
Branches Tags
rust:master rust:semver-compatible-deps rust:prepare-v0.11.18 rust:chumsky-to-nom rust:release-0.11.17 rust:better-tls-parameters-builder rust:docs-credentials-xoauth2 rust:paolobarbolini/alloc-playground rust:smtp-error-handling rust:refactor rust:v0.10.x rust:v0.9.x rust:v0.7.x rust:v0.8.x rust:v0.6.x rust:v0.5.x rust:v0.4.x rust:v0.3.x rust:v0.2.x rust:v0.1.x
rust:v0.11.19 rust:v0.11.18 rust:v0.11.17 rust:v0.11.16 rust:v0.11.15 rust:v0.11.14 rust:v0.11.13 rust:v0.11.12 rust:v0.11.11 rust:v0.11.10 rust:v0.11.9 rust:v0.11.8 rust:v0.11.7 rust:v0.11.6 rust:v0.11.5 rust:v0.11.4 rust:v0.11.3 rust:v0.11.2 rust:v0.11.1 rust:v0.11.0 rust:v0.10.4 rust:v0.10.3 rust:v0.10.2 rust:v0.10.1 rust:v0.10.0 rust:v0.10.0-rc.7 rust:v0.10.0-rc.6 rust:v0.10.0-rc.5 rust:v0.10.0-rc.4 rust:v0.10.0-rc.3 rust:v0.9.6 rust:v0.10.0-rc.2 rust:v0.10.0-rc.1 rust:v0.10.0-beta.4 rust:v0.10.0-beta.3 rust:v0.10.0-beta.2 rust:v0.10.0-beta.1 rust:v0.10.0-alpha.5 rust:v0.7.1 rust:v0.8.4 rust:v0.9.5 rust:v0.10.0-alpha.4 rust:v0.10.0-alpha.3 rust:v0.6.3 rust:v0.10.0-alpha.2 rust:v0.10.0-alpha.1 rust:v0.9.4 rust:v0.9.3 rust:v0.9.2 rust:v0.9.1 rust:v0.9.0 rust:v0.8.3 rust:v0.8.2 rust:v0.8.1 rust:v0.8.0 rust:v0.7.0 rust:v0.6.2 rust:v0.5.0 rust:v0.4.0 rust:v0.6.1 rust:v0.6.0 rust:v0.5.1 rust:v0.3.0 rust:v0.2.0 rust:v0.1.2 rust:v0.1.1 rust:v0.1.0 rust:v0.0.13 rust:v0.0.11 rust:v0.0.9
..
compare: rust:v0.11.14
Branches Tags
rust:master rust:semver-compatible-deps rust:prepare-v0.11.18 rust:chumsky-to-nom rust:release-0.11.17 rust:better-tls-parameters-builder rust:docs-credentials-xoauth2 rust:paolobarbolini/alloc-playground rust:smtp-error-handling rust:refactor rust:v0.10.x rust:v0.9.x rust:v0.7.x rust:v0.8.x rust:v0.6.x rust:v0.5.x rust:v0.4.x rust:v0.3.x rust:v0.2.x rust:v0.1.x
rust:v0.11.19 rust:v0.11.18 rust:v0.11.17 rust:v0.11.16 rust:v0.11.15 rust:v0.11.14 rust:v0.11.13 rust:v0.11.12 rust:v0.11.11 rust:v0.11.10 rust:v0.11.9 rust:v0.11.8 rust:v0.11.7 rust:v0.11.6 rust:v0.11.5 rust:v0.11.4 rust:v0.11.3 rust:v0.11.2 rust:v0.11.1 rust:v0.11.0 rust:v0.10.4 rust:v0.10.3 rust:v0.10.2 rust:v0.10.1 rust:v0.10.0 rust:v0.10.0-rc.7 rust:v0.10.0-rc.6 rust:v0.10.0-rc.5 rust:v0.10.0-rc.4 rust:v0.10.0-rc.3 rust:v0.9.6 rust:v0.10.0-rc.2 rust:v0.10.0-rc.1 rust:v0.10.0-beta.4 rust:v0.10.0-beta.3 rust:v0.10.0-beta.2 rust:v0.10.0-beta.1 rust:v0.10.0-alpha.5 rust:v0.7.1 rust:v0.8.4 rust:v0.9.5 rust:v0.10.0-alpha.4 rust:v0.10.0-alpha.3 rust:v0.6.3 rust:v0.10.0-alpha.2 rust:v0.10.0-alpha.1 rust:v0.9.4 rust:v0.9.3 rust:v0.9.2 rust:v0.9.1 rust:v0.9.0 rust:v0.8.3 rust:v0.8.2 rust:v0.8.1 rust:v0.8.0 rust:v0.7.0 rust:v0.6.2 rust:v0.5.0 rust:v0.4.0 rust:v0.6.1 rust:v0.6.0 rust:v0.5.1 rust:v0.3.0 rust:v0.2.0 rust:v0.1.2 rust:v0.1.1 rust:v0.1.0 rust:v0.0.13 rust:v0.0.11 rust:v0.0.9

31 Commits
v0.11.11 ... v0.11.14

Author SHA1 Message Date
Paolo Barbolini
1e22bcd527 Prepare v0.11.14 (#1056) 2025-02-23 10:06:28 +01:00
Paolo Barbolini
75716ca269 feat: make crypto and TLS certificate verify backends opt-in (#1054) 2025-02-23 09:32:47 +01:00
Paolo Barbolini
8a6f1dab0e deprecate: having made AsyncNetworkStream public (#1059) 2025-02-22 21:22:30 +01:00
Paolo Barbolini
621853e2e3 chore(license): bump my copyright year (#1057) 2025-02-22 20:27:07 +01:00
Paolo Barbolini
5e4cb2d1b5 fix: use the same rustls crypto provider everywhere (#1055) 2025-02-22 19:14:28 +01:00
Paolo Barbolini
b4abd40698 style: fix rustls-native-tls warnings when tracing is disabled (#1053) 2025-02-22 17:39:39 +00:00
Paolo Barbolini
2d1ccda2ef style(clippy): ban direct use of std::time::SystemTime::now (#1043) 2025-02-22 08:32:38 +00:00
Paolo Barbolini
54934e1492 build(deps): drop direct dependency on rustls-pki-types (#1051) 2025-02-22 08:07:23 +00:00
Paolo Barbolini
cfa29743a8 refactor: replace rustls-pemfile with rustls-pki-types (#1050) 2025-02-22 08:59:14 +01:00
Paolo Barbolini
4a4a96d805 refactor: remove artifact from web-time refactor (#1049) 2025-02-22 07:44:56 +00:00
Paolo Barbolini
f0b8052a52 build(deps): upgrade nom to v8 (#1048) 2025-02-22 08:36:56 +01:00
Paolo Barbolini
655cd8a140 style: cleanup Cargo.toml (#1047) 2025-02-22 08:30:01 +01:00
Paolo Barbolini
dabc88a053 Prepare v0.11.13 (#1044) 2025-02-17 11:48:42 +01:00
Paolo Barbolini
9cdefcea09 refactor: simplify handling of WASM web-time (#1042) 2025-02-17 09:05:22 +00:00
Abid Omar
5748af4c98 feat: add WASM support via web-time (#1037) 
Support WASM environments by using web-time.
This was tested on a Cloudflare worker environment.
 2025-02-17 09:53:19 +01:00
André Cruz
3e9b1876d9 feat: add method to obtain TLS result (#1039) 
Some TLS toolkits export a result that can be checked afterwards even if
the TLS negotation returned successfully. This can be used for example
if you disabled certificate checks by default, but then want to check
the outcome.

Currently this is only supported on boring TLS.
 2025-02-17 09:51:45 +01:00
Popax21
795bedae76 fix: synchronous pool shutdowns being arbitrarily delayed (#1041) 
Previously, the connection pool thread did not drop its upgraded `Arc` pool reference while sleeping until the next idle duration check. This causes a drop of the `SmtpTransport` to not shut down any connections until said thread wakes up again (since it still holds a reference to the pool), which can take up to 60s with default settings. In practice, this means that connections will most likely not be properly closed before the program exists, (since the `SmtpTransport` is most likely dropped when the program shuts down) which violates the SMTP specification which states that:
> The sender MUST NOT intentionally close the channel until it sends a QUIT command, and it SHOULD wait until it receives the reply (even if there was an error response to a command).
 2025-02-07 08:29:06 +01:00
dependabot[bot]
891dd521ab build(deps): bump openssl from 0.10.68 to 0.10.70 (#1038) 
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.68 to 0.10.70.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.68...openssl-v0.10.70)

---
updated-dependencies:
- dependency-name: openssl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-03 20:51:45 +01:00
Paolo Barbolini
0fb89e23ad Prepare v0.11.12 (#1034) 2025-02-02 14:05:41 +01:00
Paolo Barbolini
097f7d5aaa docs: fix broken doc link (#1036) 2025-02-02 13:49:52 +01:00
Paolo Barbolini
32e066464a docs: improve SMTP transport from_url (#1032) 2025-02-02 13:38:03 +01:00
Paolo Barbolini
55c7f57f25 docs: improve transport::smtp (#1031) 2025-02-02 13:37:25 +01:00
Paolo Barbolini
3f7a57a417 docs: replace assert! with ? operator for send examples (#1033) 2025-02-02 13:33:34 +01:00
Paolo Barbolini
bb64baec67 style: warn on more pedantic clippy lints and fix them (#1035) 2025-02-02 12:50:15 +01:00
Paolo Barbolini
5f13636b49 docs: document OpenSSL system dependencies (#1030) 2025-02-01 22:14:14 +01:00
Paolo Barbolini
4513e602d6 docs: fix credentials copy-paste error (#1019) 2024-12-25 09:05:34 +01:00
Paolo Barbolini
382e15013a docs: document (Async)SmtpTransport (#1018) 2024-12-25 09:05:24 +01:00
Paolo Barbolini
3ce31c5a6a docs: add missing ContentType to email building (#1017) 2024-12-23 22:08:08 +01:00
Paolo Barbolini
a48cf92a5b docs: fix rustdoc warnings (#1016) 2024-12-23 17:19:24 +01:00
Paolo Barbolini
43f6f139d2 docs: improve docs for Tls enum (#1015) 2024-12-23 17:01:24 +01:00
Paolo Barbolini
fd1425666d docs: warn against manually configuring port and tls configs (#1014) 2024-12-23 16:43:39 +01:00
41 changed files with 1201 additions and 523 deletions
Expand all files Collapse all files

12
.github/workflows/test.yml vendored
View File

@@ -57,12 +57,12 @@ jobs:
- name: Setup cache
uses: Swatinem/rust-cache@v2
- name: Install cargo hack
run: cargo install cargo-hack --debug
- name: Check with cargo hack
run: cargo hack check --feature-powerset --depth 3
run: cargo hack check --feature-powerset --depth 3 --at-least-one-of aws-lc-rs,ring --at-least-one-of rustls-native-certs,webpki-roots
test:
name: test / ${{ matrix.name }}
@@ -90,7 +90,7 @@ jobs:
- name: Setup cache
uses: Swatinem/rust-cache@v2
- name: Install postfix
- name: Install postfix
run: |
DEBIAN_FRONTEND=noninteractive sudo apt-get update
DEBIAN_FRONTEND=noninteractive sudo apt-get -y install postfix
@@ -119,10 +119,10 @@ jobs:
run: cargo test
- name: Test with all features (-native-tls)
run: cargo test --no-default-features --features async-std1,async-std1-rustls-tls,boring-tls,builder,dkim,file-transport,file-transport-envelope,hostname,mime03,pool,rustls-native-certs,rustls-tls,sendmail-transport,smtp-transport,tokio1,tokio1-boring-tls,tokio1-rustls-tls,tracing
run: cargo test --no-default-features --features async-std1,async-std1-rustls,aws-lc-rs,rustls-native-certs,boring-tls,builder,dkim,file-transport,file-transport-envelope,hostname,mime03,pool,rustls-native-certs,rustls,sendmail-transport,smtp-transport,tokio1,tokio1-boring-tls,tokio1-rustls,tracing
- name: Test with all features (-boring-tls)
run: cargo test --no-default-features --features async-std1,async-std1-rustls-tls,builder,dkim,file-transport,file-transport-envelope,hostname,mime03,native-tls,pool,rustls-native-certs,rustls-tls,sendmail-transport,smtp-transport,tokio1,tokio1-native-tls,tokio1-rustls-tls,tracing
run: cargo test --no-default-features --features async-std1,async-std1-rustls,aws-lc-rs,rustls-native-certs,builder,dkim,file-transport,file-transport-envelope,hostname,mime03,native-tls,pool,rustls-native-certs,rustls,sendmail-transport,smtp-transport,tokio1,tokio1-native-tls,tokio1-rustls,tracing
# coverage:
# name: Coverage

98
CHANGELOG.md
View File

@@ -1,3 +1,99 @@
<a name="v0.11.14"></a>
### v0.11.14 (2025-02-23)
This release deprecates the `rustls-tls`, `tokio1-rustls-tls` and `async-std1-rustls-tls`
features, which will be removed in lettre v0.12.
rustls users should start migrating to the `rustls`, `tokio1-rustls` and
`async-std1-rustls` features. Unlike the deprecated _*rustls-tls_ features,
which automatically enabled the `ring` and `webpki-roots` backends, the new
features do not. To complete the migration, users must either enable the
`aws-lc-rs` or the `ring` feature. Additionally, those who rely on `webpki-roots`
for TLS certificate verification must now explicitly enable its feature.
Users of `rustls-native-certs` do not need to enable `webpki-roots`.
Find out more about the new features via the [lettre rustls docs].
#### Features
* Make it possible to use different `rustls` crypto providers and TLS verifiers ([#1054])
#### Bug fixes
* Use the same `rustls` crypto provider everywhere ([#1055])
#### Misc
* Deprecate `AsyncNetworkStream` being public ([#1059])
* Upgrade `nom` to v8 ([#1048])
* Drop `rustls-pemfile` in favor of `rustls-pki-types` APIs ([#1050])
* Ban direct use of `std::time::SystemTime::now` via clippy ([#1043])
* Drop direct dependency on `rustls-pki-types` ([#1051])
* Remove artifact from `web-time` refactor ([#1049])
* Fix warnings with `rustls-native-certs` when `tracing` is disabled ([#1053])
* Bump license year ([#1057])
* Cleanup `Cargo.toml` style ([#1047])
[lettre rustls docs]: https://docs.rs/lettre/0.11.14/lettre/index.html#smtp-over-tls-via-the-rustls-crate
[#1043]: https://github.com/lettre/lettre/pull/1043
[#1047]: https://github.com/lettre/lettre/pull/1047
[#1048]: https://github.com/lettre/lettre/pull/1048
[#1049]: https://github.com/lettre/lettre/pull/1049
[#1050]: https://github.com/lettre/lettre/pull/1050
[#1051]: https://github.com/lettre/lettre/pull/1051
[#1053]: https://github.com/lettre/lettre/pull/1053
[#1054]: https://github.com/lettre/lettre/pull/1054
[#1055]: https://github.com/lettre/lettre/pull/1055
[#1057]: https://github.com/lettre/lettre/pull/1057
[#1059]: https://github.com/lettre/lettre/pull/1059
<a name="v0.11.13"></a>
### v0.11.13 (2025-02-17)
#### Features
* Add WASM support ([#1037], [#1042])
* Add method to get the TLS verify result with BoringSSL ([#1039])
#### Bug fixes
* Synchronous pool shutdowns being arbitrarily delayed ([#1041])
[#1037]: https://github.com/lettre/lettre/pull/1037
[#1039]: https://github.com/lettre/lettre/pull/1039
[#1041]: https://github.com/lettre/lettre/pull/1041
[#1042]: https://github.com/lettre/lettre/pull/1042
<a name="v0.11.12"></a>
### v0.11.12 (2025-02-02)
#### Misc
* Warn against manually configuring `port` and `tls` on SMTP transport builder ([#1014])
* Document variants of `Tls` enum ([#1015])
* Fix rustdoc warnings ([#1016])
* Add `ContentType::TEXT_PLAIN` to `Message` builder examples ([#1017])
* Document `SmtpTransport` and `AsyncSmtpTransport` ([#1018])
* Fix typo in transport builder `credentials` method ([#1019])
* Document required system dependencies for OpenSSL ([#1030])
* Improve docs for the `transport::smtp` module ([#1031])
* Improve docs for smtp transport builder `from_url` ([#1032])
* Replace `assert!` with `?` on `send` examples ([#1033])
* Warn on more pedantic clippy lints and fix them ([#1035], [#1036])
[#1014]: https://github.com/lettre/lettre/pull/1014
[#1015]: https://github.com/lettre/lettre/pull/1015
[#1016]: https://github.com/lettre/lettre/pull/1016
[#1017]: https://github.com/lettre/lettre/pull/1017
[#1018]: https://github.com/lettre/lettre/pull/1018
[#1019]: https://github.com/lettre/lettre/pull/1019
[#1030]: https://github.com/lettre/lettre/pull/1030
[#1031]: https://github.com/lettre/lettre/pull/1031
[#1032]: https://github.com/lettre/lettre/pull/1032
[#1033]: https://github.com/lettre/lettre/pull/1033
[#1035]: https://github.com/lettre/lettre/pull/1035
[#1036]: https://github.com/lettre/lettre/pull/1036
<a name="v0.11.11"></a>
### v0.11.11 (2024-12-05)
@@ -540,6 +636,6 @@ Several breaking changes were made between 0.9 and 0.10, but changes should be s
* multipart support
* add non-consuming methods for Email builders
* `add_header` does not return the builder anymore,
* `add_header` does not return the builder anymore,
for consistency with other methods. Use the `header`
method instead

173
Cargo.lock generated
View File

@@ -241,6 +241,47 @@ version = "1.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
[[package]]
name = "aws-lc-fips-sys"
version = "0.13.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "29003a681b2b9465c1139bfb726da452a841a8b025f35953f3bce71139f10b21"
dependencies = [
"bindgen 0.69.5",
"cc",
"cmake",
"dunce",
"fs_extra",
"paste",
"regex",
]
[[package]]
name = "aws-lc-rs"
version = "1.12.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4cd755adf9707cf671e31d944a189be3deaaeee11c8bc1d669bb8022ac90fbd0"
dependencies = [
"aws-lc-fips-sys",
"aws-lc-sys",
"paste",
"zeroize",
]
[[package]]
name = "aws-lc-sys"
version = "0.26.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0f9dd2e03ee80ca2822dd6ea431163d2ef259f2066a4d6ccaca6d9dcb386aa43"
dependencies = [
"bindgen 0.69.5",
"cc",
"cmake",
"dunce",
"fs_extra",
"paste",
]
[[package]]
name = "backtrace"
version = "0.3.74"
@@ -268,6 +309,29 @@ version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
[[package]]
name = "bindgen"
version = "0.69.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088"
dependencies = [
"bitflags",
"cexpr",
"clang-sys",
"itertools 0.10.5",
"lazy_static",
"lazycell",
"log",
"prettyplease",
"proc-macro2",
"quote",
"regex",
"rustc-hash",
"shlex",
"syn 2.0.89",
"which",
]
[[package]]
name = "bindgen"
version = "0.70.1"
@@ -335,7 +399,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "777cf31ea10f7eb87d46b30848f8d7acbd65cb4a25cd51bee1808ef601de0416"
dependencies = [
"autocfg",
"bindgen",
"bindgen 0.70.1",
"cmake",
"fs_extra",
"fslock",
@@ -371,6 +435,8 @@ version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fd9de9f2205d5ef3fd67e685b0df337994ddd4495e2a28d185500d0e1edfea47"
dependencies = [
"jobserver",
"libc",
"shlex",
]
@@ -380,7 +446,7 @@ version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
dependencies = [
"nom",
"nom 7.1.3",
]
[[package]]
@@ -664,6 +730,12 @@ dependencies = [
"syn 2.0.89",
]
[[package]]
name = "dunce"
version = "1.0.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
[[package]]
name = "ed25519"
version = "2.2.3"
@@ -969,6 +1041,15 @@ version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc"
[[package]]
name = "home"
version = "0.5.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5"
dependencies = [
"windows-sys 0.52.0",
]
[[package]]
name = "hostname"
version = "0.4.0"
@@ -1160,6 +1241,15 @@ version = "1.0.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674"
[[package]]
name = "jobserver"
version = "0.1.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0"
dependencies = [
"libc",
]
[[package]]
name = "js-sys"
version = "0.3.72"
@@ -1187,9 +1277,15 @@ dependencies = [
"spin",
]
[[package]]
name = "lazycell"
version = "1.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
[[package]]
name = "lettre"
version = "0.11.11"
version = "0.11.14"
dependencies = [
"async-std",
"async-trait",
@@ -1211,15 +1307,13 @@ dependencies = [
"maud",
"mime",
"native-tls",
"nom",
"nom 8.0.0",
"percent-encoding",
"pretty_assertions",
"quoted_printable",
"rsa",
"rustls",
"rustls-native-certs",
"rustls-pemfile",
"rustls-pki-types",
"serde",
"serde_json",
"sha2",
@@ -1233,6 +1327,7 @@ dependencies = [
"url",
"uuid",
"walkdir",
"web-time",
"webpki-roots",
]
@@ -1367,6 +1462,15 @@ dependencies = [
"minimal-lexical",
]
[[package]]
name = "nom"
version = "8.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "df9761775871bdef83bee530e60050f7e54b1105350d6884eb0fb4f46c2f9405"
dependencies = [
"memchr",
]
[[package]]
name = "nu-ansi-term"
version = "0.46.0"
@@ -1447,9 +1551,9 @@ checksum = "b410bbe7e14ab526a0e86877eb47c6996a2bd7746f027ba551028c925390e4e9"
[[package]]
name = "openssl"
version = "0.10.68"
version = "0.10.70"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6174bc48f102d208783c2c84bf931bb75927a617866870de8a4ea85597f871f5"
checksum = "61cfb4e166a8bb8c9b55c500bc2308550148ece889be90f609377e58140f42c6"
dependencies = [
"bitflags",
"cfg-if",
@@ -1479,9 +1583,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
[[package]]
name = "openssl-sys"
version = "0.9.104"
version = "0.9.105"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741"
checksum = "8b22d5b84be05a8d6947c7cb71f7c849aa0f112acd4bf51c2a7c1c988ac0a9dc"
dependencies = [
"cc",
"libc",
@@ -1501,6 +1605,12 @@ version = "2.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f38d5652c16fde515bb1ecef450ab0f6a219d619a7274976324d5e377f7dceba"
[[package]]
name = "paste"
version = "1.0.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
[[package]]
name = "pem-rfc7468"
version = "0.7.0"
@@ -1628,6 +1738,16 @@ dependencies = [
"yansi",
]
[[package]]
name = "prettyplease"
version = "0.2.25"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033"
dependencies = [
"proc-macro2",
"syn 2.0.89",
]
[[package]]
name = "proc-macro-error"
version = "1.0.4"
@@ -1837,6 +1957,7 @@ version = "0.23.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c9cc1d47e243d655ace55ed38201c19ae02c148ae56412ab8750e8f0166ab7f"
dependencies = [
"aws-lc-rs",
"log",
"once_cell",
"ring",
@@ -1858,15 +1979,6 @@ dependencies = [
"security-framework 3.0.1",
]
[[package]]
name = "rustls-pemfile"
version = "2.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50"
dependencies = [
"rustls-pki-types",
]
[[package]]
name = "rustls-pki-types"
version = "1.10.0"
@@ -1879,6 +1991,7 @@ version = "0.102.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9"
dependencies = [
"aws-lc-rs",
"ring",
"rustls-pki-types",
"untrusted",
@@ -2442,6 +2555,16 @@ dependencies = [
"wasm-bindgen",
]
[[package]]
name = "web-time"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb"
dependencies = [
"js-sys",
"wasm-bindgen",
]
[[package]]
name = "webpki-roots"
version = "0.26.7"
@@ -2451,6 +2574,18 @@ dependencies = [
"rustls-pki-types",
]
[[package]]
name = "which"
version = "4.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
dependencies = [
"either",
"home",
"once_cell",
"rustix",
]
[[package]]
name = "winapi"
version = "0.3.9"

44
Cargo.toml
View File

@@ -1,7 +1,7 @@
[package]
name = "lettre"
# remember to update html_root_url and README.md (Cargo.toml example and deps.rs badge)
version = "0.11.11"
version = "0.11.14"
description = "Email client"
readme = "README.md"
homepage = "https://lettre.rs"
@@ -19,9 +19,12 @@ is-it-maintained-open-issues = { repository = "lettre/lettre" }
maintenance = { status = "actively-developed" }
[dependencies]
email_address = { version = "0.2.1", default-features = false }
chumsky = "0.9"
idna = "1"
tracing = { version = "0.1.16", default-features = false, features = ["std"], optional = true } # feature
## tracing support
tracing = { version = "0.1.16", default-features = false, features = ["std"], optional = true }
# builder
httpdate = { version = "1", optional = true }
@@ -33,11 +36,11 @@ email-encoding = { version = "0.3", optional = true }
# file transport
uuid = { version = "1", features = ["v4"], optional = true }
serde = { version = "1", optional = true, features = ["derive"] }
serde = { version = "1", features = ["derive"], optional = true }
serde_json = { version = "1", optional = true }
# smtp-transport
nom = { version = "7", optional = true }
nom = { version = "8", optional = true }
hostname = { version = "0.4", optional = true } # feature
socket2 = { version = "0.5.1", optional = true }
url = { version = "2.4", optional = true }
@@ -45,10 +48,8 @@ percent-encoding = { version = "2.3", optional = true }
## tls
native-tls = { version = "0.2.9", optional = true } # feature
rustls = { version = "0.23.5", default-features = false, features = ["ring", "logging", "std", "tls12"], optional = true }
rustls-pemfile = { version = "2", optional = true }
rustls = { version = "0.23.5", default-features = false, features = ["logging", "std", "tls12"], optional = true }
rustls-native-certs = { version = "0.8", optional = true }
rustls-pki-types = { version = "1.7", optional = true }
webpki-roots = { version = "0.26", optional = true }
boring = { version = "4", optional = true }
@@ -59,21 +60,21 @@ async-trait = { version = "0.1", optional = true }
## async-std
async-std = { version = "1.8", optional = true }
futures-rustls = { version = "0.26", default-features = false, features = ["logging", "tls12", "ring"], optional = true }
futures-rustls = { version = "0.26", default-features = false, features = ["logging", "tls12"], optional = true }
## tokio
tokio1_crate = { package = "tokio", version = "1", optional = true }
tokio1_native_tls_crate = { package = "tokio-native-tls", version = "0.3", optional = true }
tokio1_rustls = { package = "tokio-rustls", version = "0.26", default-features = false, features = ["logging", "tls12", "ring"], optional = true }
tokio1_rustls = { package = "tokio-rustls", version = "0.26", default-features = false, features = ["logging", "tls12"], optional = true }
tokio1_boring = { package = "tokio-boring", version = "4", optional = true }
## dkim
sha2 = { version = "0.10", optional = true, features = ["oid"] }
sha2 = { version = "0.10", features = ["oid"], optional = true }
rsa = { version = "0.9", optional = true }
ed25519-dalek = { version = "2", optional = true }
# email formats
email_address = { version = "0.2.1", default-features = false }
## web-time for wasm support
web-time = { version = "1.1.0", optional = true }
[dev-dependencies]
pretty_assertions = "1"
@@ -108,20 +109,33 @@ smtp-transport = ["dep:base64", "dep:nom", "dep:socket2", "dep:url", "dep:percen
pool = ["dep:futures-util"]
rustls-tls = ["dep:webpki-roots", "dep:rustls", "dep:rustls-pemfile", "dep:rustls-pki-types"]
rustls = ["dep:rustls"]
aws-lc-rs = ["rustls?/aws-lc-rs"]
fips = ["aws-lc-rs", "rustls?/fips"]
ring = ["rustls?/ring"]
webpki-roots = ["dep:webpki-roots"]
# deprecated
rustls-tls = ["webpki-roots", "rustls", "ring"]
boring-tls = ["dep:boring"]
# async
async-std1 = ["dep:async-std", "dep:async-trait", "dep:futures-io", "dep:futures-util"]
async-std1-rustls-tls = ["async-std1", "rustls-tls", "dep:futures-rustls"]
async-std1-rustls = ["async-std1", "rustls", "dep:futures-rustls"]
# deprecated
async-std1-rustls-tls = ["async-std1-rustls", "rustls-tls"]
tokio1 = ["dep:tokio1_crate", "dep:async-trait", "dep:futures-io", "dep:futures-util"]
tokio1-native-tls = ["tokio1", "native-tls", "dep:tokio1_native_tls_crate"]
tokio1-rustls-tls = ["tokio1", "rustls-tls", "dep:tokio1_rustls"]
tokio1-rustls = ["tokio1", "rustls", "dep:tokio1_rustls"]
# deprecated
tokio1-rustls-tls = ["tokio1-rustls", "rustls-tls"]
tokio1-boring-tls = ["tokio1", "boring-tls", "dep:tokio1_boring"]
dkim = ["dep:base64", "dep:sha2", "dep:rsa", "dep:ed25519-dalek"]
# wasm support
web = ["dep:web-time"]
[lints.rust]
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(lettre_ignore_tls_mismatch)'] }

2
LICENSE
View File

@@ -1,5 +1,5 @@
Copyright (c) 2014-2024 Alexis Mousset <contact@amousset.me>
Copyright (c) 2019-2024 Paolo Barbolini <paolo@paolo565.org>
Copyright (c) 2019-2025 Paolo Barbolini <paolo@paolo565.org>
Copyright (c) 2018 K. <kayo@illumium.org>
Permission is hereby granted, free of charge, to any

6
README.md
View File

@@ -28,8 +28,8 @@
</div>
<div align="center">
<a href="https://deps.rs/crate/lettre/0.11.11">
<img src="https://deps.rs/crate/lettre/0.11.11/status.svg"
<a href="https://deps.rs/crate/lettre/0.11.14">
<img src="https://deps.rs/crate/lettre/0.11.14/status.svg"
alt="dependency status" />
</a>
</div>
@@ -107,7 +107,7 @@ cargo run --example autoconfigure SMTP_HOST
## Testing
The `lettre` tests require an open mail server listening locally on port 2525 and the `sendmail` command. If you have python installed
The `lettre` tests require an open mail server listening locally on port 2525 and the `sendmail` command. If you have python installed
such a server can be launched with `python -m smtpd -n -c DebuggingServer 127.0.0.1:2525`
Alternatively only unit tests can be run by doing `cargo test --lib`.

4
benches/transport_smtp.rs
View File

@@ -1,5 +1,5 @@
use criterion::{black_box, criterion_group, criterion_main, Criterion};
use lettre::{Message, SmtpTransport, Transport};
use lettre::{message::header::ContentType, Message, SmtpTransport, Transport};
fn bench_simple_send(c: &mut Criterion) {
let sender = SmtpTransport::builder_dangerous("127.0.0.1")
@@ -13,6 +13,7 @@ fn bench_simple_send(c: &mut Criterion) {
.reply_to("Yuin <yuin@domain.tld>".parse().unwrap())
.to("Hei <hei@domain.tld>".parse().unwrap())
.subject("Happy new year")
.header(ContentType::TEXT_PLAIN)
.body(String::from("Be happy!"))
.unwrap();
let result = black_box(sender.send(&email));
@@ -32,6 +33,7 @@ fn bench_reuse_send(c: &mut Criterion) {
.reply_to("Yuin <yuin@domain.tld>".parse().unwrap())
.to("Hei <hei@domain.tld>".parse().unwrap())
.subject("Happy new year")
.header(ContentType::TEXT_PLAIN)
.body(String::from("Be happy!"))
.unwrap();
let result = black_box(sender.send(&email));

3
clippy.toml Normal file
View File

@@ -0,0 +1,3 @@
disallowed-methods = [
{ "path" = "std::time::SystemTime::now", reason = "does not work on WASM environments", replacement = "crate::time::now" }
]

2
src/address/envelope.rs
View File

@@ -29,7 +29,7 @@ pub struct Envelope {
mod serde_forward_path {
use super::Address;
/// dummy type required for serde
/// see example: https://serde.rs/deserialize-map.html
/// see example: <https://serde.rs/deserialize-map.html>
struct CustomVisitor;
impl<'de> serde::de::Visitor<'de> for CustomVisitor {
type Value = Vec<Address>;

8
src/executor.rs
View File

@@ -133,7 +133,7 @@ impl Executor for Tokio1Executor {
) -> Result<AsyncSmtpConnection, Error> {
#[allow(clippy::match_single_binding)]
let tls_parameters = match tls {
#[cfg(any(feature = "tokio1-native-tls", feature = "tokio1-rustls-tls"))]
#[cfg(any(feature = "tokio1-native-tls", feature = "tokio1-rustls"))]
Tls::Wrapper(tls_parameters) => Some(tls_parameters.clone()),
_ => None,
};
@@ -147,7 +147,7 @@ impl Executor for Tokio1Executor {
)
.await?;
#[cfg(any(feature = "tokio1-native-tls", feature = "tokio1-rustls-tls"))]
#[cfg(any(feature = "tokio1-native-tls", feature = "tokio1-rustls"))]
match tls {
Tls::Opportunistic(tls_parameters) => {
if conn.can_starttls() {
@@ -230,7 +230,7 @@ impl Executor for AsyncStd1Executor {
) -> Result<AsyncSmtpConnection, Error> {
#[allow(clippy::match_single_binding)]
let tls_parameters = match tls {
#[cfg(feature = "async-std1-rustls-tls")]
#[cfg(feature = "async-std1-rustls")]
Tls::Wrapper(tls_parameters) => Some(tls_parameters.clone()),
_ => None,
};
@@ -243,7 +243,7 @@ impl Executor for AsyncStd1Executor {
)
.await?;
#[cfg(feature = "async-std1-rustls-tls")]
#[cfg(feature = "async-std1-rustls")]
match tls {
Tls::Opportunistic(tls_parameters) => {
if conn.can_starttls() {

121
src/lib.rs
View File

@@ -34,13 +34,25 @@
//!
//! _Secure SMTP connections using TLS from the `native-tls` crate_
//!
//! Uses schannel on Windows, Security-Framework on macOS, and OpenSSL on Linux.
//! Uses schannel on Windows, Security-Framework on macOS, and OpenSSL
//! on all other platforms.
//!
//! * **native-tls** 📫: TLS support for the synchronous version of the API
//! * **tokio1-native-tls**: TLS support for the `tokio1` async version of the API
//!
//! NOTE: native-tls isn't supported with `async-std`
//!
//! ##### Building lettre with OpenSSL
//!
//! When building lettre with native-tls on a system that makes
//! use of OpenSSL, the following packages will need to be installed
//! in order for the build and the compiled program to run properly.
//!
//! | Distro | Build-time packages | Runtime packages |
//! | ------------ | -------------------------- | ---------------------------- |
//! | Debian | `pkg-config`, `libssl-dev` | `libssl3`, `ca-certificates` |
//! | Alpine Linux | `pkgconf`, `openssl-dev` | `libssl3`, `ca-certificates` |
//!
//! #### SMTP over TLS via the boring crate (Boring TLS)
//!
//! _Secure SMTP connections using TLS from the `boring-tls` crate_
@@ -52,13 +64,46 @@
//!
//! #### SMTP over TLS via the rustls crate
//!
//! _Secure SMTP connections using TLS from the `rustls-tls` crate_
//! _Secure SMTP connections using TLS from the `rustls` crate_
//!
//! Rustls uses [ring] as the cryptography implementation. As a result, [not all Rust's targets are supported][ring-support].
//! * **rustls**: TLS support for the synchronous version of the API
//! * **tokio1-rustls**: TLS support for the `tokio1` async version of the API
//! * **async-std1-rustls**: TLS support for the `async-std1` async version of the API
//!
//! * **rustls-tls**: TLS support for the synchronous version of the API
//! * **tokio1-rustls-tls**: TLS support for the `tokio1` async version of the API
//! * **async-std1-rustls-tls**: TLS support for the `async-std1` async version of the API
//! ##### rustls crypto backends
//!
//! _The crypto implementation to use with rustls_
//!
//! When the `rustls` feature is enabled, one of the following crypto backends MUST also
//! be enabled.
//!
//! * **aws-lc-rs**: use [AWS-LC] (via [`aws-lc-rs`]) as the `rustls` crypto backend
//! * **ring**: use [`ring`] as the `rustls` crypto backend
//!
//! When enabling `aws-lc-rs`, the `fips` feature can also be enabled to have
//! rustls use the FIPS certified module of AWS-LC.
//!
//! `aws-lc-rs` may require cmake on some platforms to compile.
//! `fips` always requires cmake and the Go compiler to compile.
//!
//! ##### rustls certificate verification backend
//!
//! _The TLS certificate verification backend to use with rustls_
//!
//! When the `rustls` feature is enabled, one of the following verification backends
//! MUST also be enabled.
//!
//! * **rustls-native-certs**: verify TLS certificates using the platform's native certificate store (see [`rustls-native-certs`])
//! * **webpki-roots**: verify TLS certificates against Mozilla's root certificates (see [`webpki-roots`])
//!
//! For the `rustls-native-certs` backend to work correctly, the following packages
//! will need to be installed in order for the build stage and the compiled program
//! to run properly.
//!
//! | Distro | Build-time packages | Runtime packages |
//! | ------------ | -------------------------- | ---------------------------- |
//! | Debian | none | `ca-certificates` |
//! | Alpine Linux | none | `ca-certificates` |
//!
//! ### Sendmail transport
//!
@@ -95,6 +140,7 @@
//! * **tracing**: Logging using the `tracing` crate
//! * **mime03**: Allow creating a [`ContentType`] from an existing [mime 0.3] `Mime` struct
//! * **dkim**: Add support for signing email with DKIM
//! * **web**: WebAssembly support using the `web-time` crate for time operations
//!
//! [`SMTP`]: crate::transport::smtp
//! [`sendmail`]: crate::transport::sendmail
@@ -102,14 +148,17 @@
//! [`ContentType`]: crate::message::header::ContentType
//! [tokio]: https://docs.rs/tokio/1
//! [async-std]: https://docs.rs/async-std/1
//! [ring]: https://github.com/briansmith/ring#ring
//! [ring-support]: https://github.com/briansmith/ring#online-automated-testing
//! [AWS-LC]: https://github.com/aws/aws-lc
//! [`aws-lc-rs`]: https://crates.io/crates/aws-lc-rs
//! [`ring`]: https://crates.io/crates/ring
//! [`rustls-native-certs`]: https://crates.io/crates/rustls-native-certs
//! [`webpki-roots`]: https://crates.io/crates/webpki-roots
//! [Tokio 1.x]: https://docs.rs/tokio/1
//! [async-std 1.x]: https://docs.rs/async-std/1
//! [mime 0.3]: https://docs.rs/mime/0.3
//! [DKIM]: https://datatracker.ietf.org/doc/html/rfc6376
#![doc(html_root_url = "https://docs.rs/crate/lettre/0.11.11")]
#![doc(html_root_url = "https://docs.rs/crate/lettre/0.11.14")]
#![doc(html_favicon_url = "https://lettre.rs/favicon.ico")]
#![doc(html_logo_url = "https://avatars0.githubusercontent.com/u/15113230?v=4")]
#![forbid(unsafe_code)]
@@ -137,12 +186,35 @@
clippy::wildcard_imports,
clippy::str_to_string,
clippy::empty_structs_with_brackets,
clippy::zero_sized_map_values
clippy::zero_sized_map_values,
clippy::manual_let_else,
clippy::semicolon_if_nothing_returned,
clippy::unnecessary_wraps,
clippy::doc_markdown,
clippy::explicit_iter_loop,
clippy::redundant_closure_for_method_calls,
// Rust 1.86: clippy::unnecessary_semicolon,
)]
#![cfg_attr(docsrs, feature(doc_cfg))]
#[cfg(not(lettre_ignore_tls_mismatch))]
mod compiletime_checks {
#[cfg(all(feature = "rustls", not(feature = "aws-lc-rs"), not(feature = "ring")))]
compile_error!(
"feature `rustls` also requires either the `aws-lc-rs` or the `ring` feature to
be enabled"
);
#[cfg(all(
feature = "rustls",
not(feature = "rustls-native-certs"),
not(feature = "webpki-roots")
))]
compile_error!(
"feature `rustls` also requires either the `rustls-native-certs` or the `webpki-roots` feature to
be enabled"
);
#[cfg(all(feature = "native-tls", feature = "boring-tls"))]
compile_error!("feature \"native-tls\" and feature \"boring-tls\" cannot be enabled at the same time, otherwise
the executable will fail to link.");
@@ -153,16 +225,12 @@ mod compiletime_checks {
not(feature = "tokio1-native-tls")
))]
compile_error!("Lettre is being built with the `tokio1` and the `native-tls` features, but the `tokio1-native-tls` feature hasn't been turned on.
If you were trying to opt into `rustls-tls` and did not activate `native-tls`, disable the default-features of lettre in `Cargo.toml` and manually add the required features.
If you were trying to opt into `rustls` and did not activate `native-tls`, disable the default-features of lettre in `Cargo.toml` and manually add the required features.
Make sure to apply the same to any of your crate dependencies that use the `lettre` crate.");
#[cfg(all(
feature = "tokio1",
feature = "rustls-tls",
not(feature = "tokio1-rustls-tls")
))]
compile_error!("Lettre is being built with the `tokio1` and the `rustls-tls` features, but the `tokio1-rustls-tls` feature hasn't been turned on.
If you'd like to use `native-tls` make sure that the `rustls-tls` feature hasn't been enabled by mistake.
#[cfg(all(feature = "tokio1", feature = "rustls", not(feature = "tokio1-rustls")))]
compile_error!("Lettre is being built with the `tokio1` and the `rustls` features, but the `tokio1-rustls` feature hasn't been turned on.
If you'd like to use `native-tls` make sure that the `rustls` feature hasn't been enabled by mistake.
Make sure to apply the same to any of your crate dependencies that use the `lettre` crate.");
#[cfg(all(
@@ -171,22 +239,22 @@ mod compiletime_checks {
not(feature = "tokio1-boring-tls")
))]
compile_error!("Lettre is being built with the `tokio1` and the `boring-tls` features, but the `tokio1-boring-tls` feature hasn't been turned on.
If you'd like to use `boring-tls` make sure that the `rustls-tls` feature hasn't been enabled by mistake.
If you'd like to use `boring-tls` make sure that the `rustls` feature hasn't been enabled by mistake.
Make sure to apply the same to any of your crate dependencies that use the `lettre` crate.");
#[cfg(all(feature = "async-std1", feature = "native-tls",))]
#[cfg(all(feature = "async-std1", feature = "native-tls"))]
compile_error!("Lettre is being built with the `async-std1` and the `native-tls` features, but the async-std integration doesn't support native-tls yet.
If you'd like to work on the issue please take a look at https://github.com/lettre/lettre/issues/576.
If you were trying to opt into `rustls-tls` and did not activate `native-tls`, disable the default-features of lettre in `Cargo.toml` and manually add the required features.
If you were trying to opt into `rustls` and did not activate `native-tls`, disable the default-features of lettre in `Cargo.toml` and manually add the required features.
Make sure to apply the same to any of your crate dependencies that use the `lettre` crate.");
#[cfg(all(
feature = "async-std1",
feature = "rustls-tls",
not(feature = "async-std1-rustls-tls")
feature = "rustls",
not(feature = "async-std1-rustls")
))]
compile_error!("Lettre is being built with the `async-std1` and the `rustls-tls` features, but the `async-std1-rustls-tls` feature hasn't been turned on.
If you'd like to use `native-tls` make sure that the `rustls-tls` hasn't been enabled by mistake.
compile_error!("Lettre is being built with the `async-std1` and the `rustls` features, but the `async-std1-rustls` feature hasn't been turned on.
If you'd like to use `native-tls` make sure that the `rustls` hasn't been enabled by mistake.
Make sure to apply the same to any of your crate dependencies that use the `lettre` crate.");
}
@@ -199,6 +267,9 @@ mod executor;
#[cfg(feature = "builder")]
#[cfg_attr(docsrs, doc(cfg(feature = "builder")))]
pub mod message;
#[cfg(feature = "rustls")]
mod rustls_crypto;
mod time;
pub mod transport;
use std::error::Error as StdError;

24
src/message/dkim.rs
View File

@@ -69,7 +69,7 @@ impl Display for DkimSigningAlgorithm {
}
}
/// Describe DkimSigning key error
/// Describe [`DkimSigningKey`] key error
#[derive(Debug)]
pub struct DkimSigningKeyError(InnerDkimSigningKeyError);
@@ -100,7 +100,7 @@ impl StdError for DkimSigningKeyError {
}
}
/// Describe a signing key to be carried by DkimConfig struct
/// Describe a signing key to be carried by [`DkimConfig`] struct
#[derive(Debug)]
pub struct DkimSigningKey(InnerDkimSigningKey);
@@ -183,7 +183,7 @@ impl DkimConfig {
}
}
/// Create a DkimConfig
/// Create a [`DkimConfig`]
pub fn new(
selector: String,
domain: String,
@@ -283,19 +283,19 @@ fn dkim_canonicalize_headers_relaxed(headers: &str) -> String {
// End of header.
[b'\r', b'\n', ..] => {
*out += "\r\n";
name(&h[2..], out)
name(&h[2..], out);
}
// Sequential whitespace.
[b' ' | b'\t', b' ' | b'\t' | b'\r', ..] => value(&h[1..], out),
// All whitespace becomes spaces.
[b'\t', ..] => {
out.push(' ');
value(&h[1..], out)
value(&h[1..], out);
}
[_, ..] => {
let mut chars = h.chars();
out.push(chars.next().unwrap());
value(chars.as_str(), out)
value(chars.as_str(), out);
}
[] => {}
}
@@ -317,7 +317,7 @@ fn dkim_canonicalize_header_tag(
}
}
/// Canonicalize signed headers passed as headers_list among mail_headers using canonicalization
/// Canonicalize signed headers passed as `headers_list` among `mail_headers` using canonicalization
fn dkim_canonicalize_headers<'a>(
headers_list: impl IntoIterator<Item = &'a str>,
mail_headers: &Headers,
@@ -344,9 +344,9 @@ fn dkim_canonicalize_headers<'a>(
}
/// Sign with Dkim a message by adding Dkim-Signature header created with configuration expressed by
/// dkim_config
/// `dkim_config`
pub fn dkim_sign(message: &mut Message, dkim_config: &DkimConfig) {
dkim_sign_fixed_time(message, dkim_config, SystemTime::now())
dkim_sign_fixed_time(message, dkim_config, crate::time::now());
}
fn dkim_sign_fixed_time(message: &mut Message, dkim_config: &DkimConfig, timestamp: SystemTime) {
@@ -377,7 +377,7 @@ fn dkim_sign_fixed_time(message: &mut Message, dkim_config: &DkimConfig, timesta
}
let dkim_header = dkim_header_format(dkim_config, timestamp, &signed_headers_list, &bh, "");
let signed_headers = dkim_canonicalize_headers(
dkim_config.headers.iter().map(|h| h.as_ref()),
dkim_config.headers.iter().map(AsRef::as_ref),
headers,
dkim_config.canonicalization.header,
);
@@ -487,14 +487,14 @@ cJ5Ku0OTwRtSMaseRPX+T4EfG1Caa/eunPPN4rh+CSup2BVVarOT
fn test_headers_simple_canonicalize() {
let message = test_message();
dbg!(message.headers.to_string());
assert_eq!(dkim_canonicalize_headers(["From", "Test"], &message.headers, DkimCanonicalizationType::Simple), "From: =?utf-8?b?VGVzdCBPJ0xlYXJ5?= <test+ezrz@example.net>\r\nTest: test test very very long with spaces and extra spaces \twill be\r\n folded to several lines \r\n")
assert_eq!(dkim_canonicalize_headers(["From", "Test"], &message.headers, DkimCanonicalizationType::Simple), "From: =?utf-8?b?VGVzdCBPJ0xlYXJ5?= <test+ezrz@example.net>\r\nTest: test test very very long with spaces and extra spaces \twill be\r\n folded to several lines \r\n");
}
#[test]
fn test_headers_relaxed_canonicalize() {
let message = test_message();
dbg!(message.headers.to_string());
assert_eq!(dkim_canonicalize_headers(["From", "Test"], &message.headers, DkimCanonicalizationType::Relaxed),"from:=?utf-8?b?VGVzdCBPJ0xlYXJ5?= <test+ezrz@example.net>\r\ntest:test test very very long with spaces and extra spaces will be folded to several lines\r\n")
assert_eq!(dkim_canonicalize_headers(["From", "Test"], &message.headers, DkimCanonicalizationType::Relaxed),"from:=?utf-8?b?VGVzdCBPJ0xlYXJ5?= <test+ezrz@example.net>\r\ntest:test test very very long with spaces and extra spaces will be folded to several lines\r\n");
}
#[test]

2
src/message/header/date.rs
View File

@@ -21,7 +21,7 @@ impl Date {
///
/// Shortcut for `Date::new(SystemTime::now())`
pub fn now() -> Self {
Self::new(SystemTime::now())
Self::new(crate::time::now())
}
}

12
src/message/header/mailbox.rs
View File

@@ -110,7 +110,7 @@ mailbox_header! {
`Sender` header
This header contains [`Mailbox`][self::Mailbox] associated with sender.
This header contains [`Mailbox`] associated with sender.
```no_test
header::Sender("Mr. Sender <sender@example.com>".parse().unwrap())
@@ -124,7 +124,7 @@ mailboxes_header! {
`From` header
This header contains [`Mailboxes`][self::Mailboxes].
This header contains [`Mailboxes`].
*/
(From, "From")
@@ -135,7 +135,7 @@ mailboxes_header! {
`Reply-To` header
This header contains [`Mailboxes`][self::Mailboxes].
This header contains [`Mailboxes`].
*/
(ReplyTo, "Reply-To")
@@ -146,7 +146,7 @@ mailboxes_header! {
`To` header
This header contains [`Mailboxes`][self::Mailboxes].
This header contains [`Mailboxes`].
*/
(To, "To")
@@ -157,7 +157,7 @@ mailboxes_header! {
`Cc` header
This header contains [`Mailboxes`][self::Mailboxes].
This header contains [`Mailboxes`].
*/
(Cc, "Cc")
@@ -168,7 +168,7 @@ mailboxes_header! {
`Bcc` header
This header contains [`Mailboxes`][self::Mailboxes].
This header contains [`Mailboxes`].
*/
(Bcc, "Bcc")

2
src/message/header/mod.rs
View File

@@ -415,7 +415,7 @@ mod tests {
#[test]
fn empty_headername() {
assert!(HeaderName::new_from_ascii(String::from("")).is_err());
assert!(HeaderName::new_from_ascii("".to_owned()).is_err());
}
#[test]

4
src/message/mailbox/types.rs
View File

@@ -351,7 +351,7 @@ impl FromStr for Mailboxes {
})?;
for (name, (user, domain)) in parsed_mailboxes {
mailboxes.push(Mailbox::new(name, Address::new(user, domain)?))
mailboxes.push(Mailbox::new(name, Address::new(user, domain)?));
}
Ok(Mailboxes(mailboxes))
@@ -531,7 +531,7 @@ mod test {
assert_eq!(
format!(
"{}",
Mailbox::new(Some("".into()), "kayo@example.com".parse().unwrap())
Mailbox::new(Some("".to_owned()), "kayo@example.com".parse().unwrap())
),
"kayo@example.com"
);

18
src/message/mod.rs
View File

@@ -277,7 +277,7 @@ impl MessageBuilder {
/// Shortcut for `self.date(SystemTime::now())`, it is automatically inserted
/// if no date has been provided.
pub fn date_now(self) -> Self {
self.date(SystemTime::now())
self.date(crate::time::now())
}
/// Set or add mailbox to `ReplyTo` header
@@ -457,12 +457,12 @@ impl MessageBuilder {
self.build(MessageBody::Raw(body.into_vec()))
}
/// Create message using mime body ([`MultiPart`][self::MultiPart])
/// Create message using mime body ([`MultiPart`])
pub fn multipart(self, part: MultiPart) -> Result<Message, EmailError> {
self.mime_1_0().build(MessageBody::Mime(Part::Multi(part)))
}
/// Create message using mime body ([`SinglePart`][self::SinglePart])
/// Create message using mime body ([`SinglePart`])
pub fn singlepart(self, part: SinglePart) -> Result<Message, EmailError> {
self.mime_1_0().build(MessageBody::Mime(Part::Single(part)))
}
@@ -527,7 +527,7 @@ impl Message {
match &self.body {
MessageBody::Mime(p) => p.format_body(&mut out),
MessageBody::Raw(r) => out.extend_from_slice(r),
};
}
out.extend_from_slice(b"\r\n");
out
}
@@ -537,7 +537,10 @@ impl Message {
/// Example:
/// ```rust
/// use lettre::{
/// message::dkim::{DkimConfig, DkimSigningAlgorithm, DkimSigningKey},
/// message::{
/// dkim::{DkimConfig, DkimSigningAlgorithm, DkimSigningKey},
/// header::ContentType,
/// },
/// Message,
/// };
///
@@ -546,6 +549,7 @@ impl Message {
/// .reply_to("Bob <bob@example.org>".parse().unwrap())
/// .to("Carla <carla@example.net>".parse().unwrap())
/// .subject("Hello")
/// .header(ContentType::TEXT_PLAIN)
/// .body("Hi there, it's a test email, with utf-8 chars ë!\n\n\n".to_owned())
/// .unwrap();
/// let key = "-----BEGIN RSA PRIVATE KEY-----
@@ -601,7 +605,7 @@ impl EmailFormat for Message {
MessageBody::Mime(p) => p.format(out),
MessageBody::Raw(r) => {
out.extend_from_slice(b"\r\n");
out.extend_from_slice(r)
out.extend_from_slice(r);
}
}
}
@@ -765,7 +769,7 @@ mod test {
continue;
}
assert_eq!(line.0, line.1)
assert_eq!(line.0, line.1);
}
}

14
src/rustls_crypto.rs Normal file
View File

@@ -0,0 +1,14 @@
use std::sync::Arc;
use rustls::crypto::CryptoProvider;
pub(crate) fn crypto_provider() -> Arc<CryptoProvider> {
CryptoProvider::get_default().cloned().unwrap_or_else(|| {
#[cfg(feature = "aws-lc-rs")]
let provider = rustls::crypto::aws_lc_rs::default_provider();
#[cfg(not(feature = "aws-lc-rs"))]
let provider = rustls::crypto::ring::default_provider();
Arc::new(provider)
})
}

26
src/time.rs Normal file
View File

@@ -0,0 +1,26 @@
use std::time::SystemTime;
#[cfg(feature = "web")]
pub(crate) fn now() -> SystemTime {
fn to_std_systemtime(time: web_time::SystemTime) -> std::time::SystemTime {
let duration = time
.duration_since(web_time::SystemTime::UNIX_EPOCH)
.unwrap();
SystemTime::UNIX_EPOCH + duration
}
// FIXME: change to:
// #[allow(
// clippy::disallowed_methods,
// reason = "`web-time` aliases `std::time::SystemTime::now` on non-WASM platforms"
// )]
#[allow(clippy::disallowed_methods)]
to_std_systemtime(web_time::SystemTime::now())
}
#[cfg(not(feature = "web"))]
pub(crate) fn now() -> SystemTime {
// FIXME: change to #[expect(clippy::disallowed_methods, reason = "the `web` feature is disabled")]
#[allow(clippy::disallowed_methods)]
SystemTime::now()
}

2
src/transport/file/error.rs
View File

@@ -68,7 +68,7 @@ impl fmt::Display for Error {
Kind::Io => f.write_str("response error")?,
#[cfg(feature = "file-transport-envelope")]
Kind::Envelope => f.write_str("internal client error")?,
};
}
if let Some(e) = &self.inner.source {
write!(f, ": {e}")?;

30
src/transport/file/mod.rs
View File

@@ -11,7 +11,7 @@
//! # fn main() -> Result<(), Box<dyn Error>> {
//! use std::env::temp_dir;
//!
//! use lettre::{FileTransport, Message, Transport};
//! use lettre::{message::header::ContentType, FileTransport, Message, Transport};
//!
//! // Write to the local temp directory
//! let sender = FileTransport::new(temp_dir());
@@ -20,10 +20,10 @@
//! .reply_to("Yuin <yuin@domain.tld>".parse()?)
//! .to("Hei <hei@domain.tld>".parse()?)
//! .subject("Happy new year")
//! .header(ContentType::TEXT_PLAIN)
//! .body(String::from("Be happy!"))?;
//!
//! let result = sender.send(&email);
//! assert!(result.is_ok());
//! sender.send(&email)?;
//! # Ok(())
//! # }
//!
@@ -44,7 +44,7 @@
//! # fn main() -> Result<(), Box<dyn Error>> {
//! use std::env::temp_dir;
//!
//! use lettre::{FileTransport, Message, Transport};
//! use lettre::{message::header::ContentType, FileTransport, Message, Transport};
//!
//! // Write to the local temp directory
//! let sender = FileTransport::with_envelope(temp_dir());
@@ -53,10 +53,10 @@
//! .reply_to("Yuin <yuin@domain.tld>".parse()?)
//! .to("Hei <hei@domain.tld>".parse()?)
//! .subject("Happy new year")
//! .header(ContentType::TEXT_PLAIN)
//! .body(String::from("Be happy!"))?;
//!
//! let result = sender.send(&email);
//! assert!(result.is_ok());
//! sender.send(&email)?;
//! # Ok(())
//! # }
//!
@@ -73,7 +73,9 @@
//! # async fn run() -> Result<(), Box<dyn Error>> {
//! use std::env::temp_dir;
//!
//! use lettre::{AsyncFileTransport, AsyncTransport, Message, Tokio1Executor};
//! use lettre::{
//! message::header::ContentType, AsyncFileTransport, AsyncTransport, Message, Tokio1Executor,
//! };
//!
//! // Write to the local temp directory
//! let sender = AsyncFileTransport::<Tokio1Executor>::new(temp_dir());
@@ -82,10 +84,10 @@
//! .reply_to("Yuin <yuin@domain.tld>".parse()?)
//! .to("Hei <hei@domain.tld>".parse()?)
//! .subject("Happy new year")
//! .header(ContentType::TEXT_PLAIN)
//! .body(String::from("Be happy!"))?;
//!
//! let result = sender.send(email).await;
//! assert!(result.is_ok());
//! sender.send(email).await?;
//! # Ok(())
//! # }
//! ```
@@ -99,7 +101,10 @@
//! # async fn run() -> Result<(), Box<dyn Error>> {
//! use std::env::temp_dir;
//!
//! use lettre::{AsyncFileTransport, AsyncStd1Executor, AsyncTransport, Message};
//! use lettre::{
//! message::header::ContentType, AsyncFileTransport, AsyncStd1Executor, AsyncTransport,
//! Message,
//! };
//!
//! // Write to the local temp directory
//! let sender = AsyncFileTransport::<AsyncStd1Executor>::new(temp_dir());
@@ -108,10 +113,10 @@
//! .reply_to("Yuin <yuin@domain.tld>".parse()?)
//! .to("Hei <hei@domain.tld>".parse()?)
//! .subject("Happy new year")
//! .header(ContentType::TEXT_PLAIN)
//! .body(String::from("Be happy!"))?;
//!
//! let result = sender.send(email).await;
//! assert!(result.is_ok());
//! sender.send(email).await?;
//! # Ok(())
//! # }
//! ```
@@ -125,6 +130,7 @@
//! Reply-To: Yuin <yuin@domain.tld>
//! To: Hei <hei@domain.tld>
//! Subject: Happy new year
//! Content-Type: text/plain; charset=utf-8
//! Date: Tue, 18 Aug 2020 22:50:17 GMT
//!
//! Be happy!

6
src/transport/mod.rs
View File

@@ -56,13 +56,17 @@
//! #
//! # #[cfg(all(feature = "builder", feature = "smtp-transport"))]
//! # fn main() -> Result<(), Box<dyn Error>> {
//! use lettre::{transport::smtp::authentication::Credentials, Message, SmtpTransport, Transport};
//! use lettre::{
//! message::header::ContentType, transport::smtp::authentication::Credentials, Message,
//! SmtpTransport, Transport,
//! };
//!
//! let email = Message::builder()
//! .from("NoBody <nobody@domain.tld>".parse()?)
//! .reply_to("Yuin <yuin@domain.tld>".parse()?)
//! .to("Hei <hei@domain.tld>".parse()?)
//! .subject("Happy new year")
//! .header(ContentType::TEXT_PLAIN)
//! .body(String::from("Be happy!"))?;
//!
//! let creds = Credentials::new("smtp_username".to_owned(), "smtp_password".to_owned());

2
src/transport/sendmail/error.rs
View File

@@ -65,7 +65,7 @@ impl fmt::Display for Error {
match self.inner.kind {
Kind::Response => f.write_str("response error")?,
Kind::Client => f.write_str("internal client error")?,
};
}
if let Some(e) = &self.inner.source {
write!(f, ": {e}")?;

24
src/transport/sendmail/mod.rs
View File

@@ -7,18 +7,18 @@
//! #
//! # #[cfg(all(feature = "sendmail-transport", feature = "builder"))]
//! # fn main() -> Result<(), Box<dyn Error>> {
//! use lettre::{Message, SendmailTransport, Transport};
//! use lettre::{message::header::ContentType, Message, SendmailTransport, Transport};
//!
//! let email = Message::builder()
//! .from("NoBody <nobody@domain.tld>".parse()?)
//! .reply_to("Yuin <yuin@domain.tld>".parse()?)
//! .to("Hei <hei@domain.tld>".parse()?)
//! .subject("Happy new year")
//! .header(ContentType::TEXT_PLAIN)
//! .body(String::from("Be happy!"))?;
//!
//! let sender = SendmailTransport::new();
//! let result = sender.send(&email);
//! assert!(result.is_ok());
//! sender.send(&email)?;
//! # Ok(())
//! # }
//!
@@ -34,7 +34,8 @@
//! # #[cfg(all(feature = "tokio1", feature = "sendmail-transport", feature = "builder"))]
//! # async fn run() -> Result<(), Box<dyn Error>> {
//! use lettre::{
//! AsyncSendmailTransport, AsyncTransport, Message, SendmailTransport, Tokio1Executor,
//! message::header::ContentType, AsyncSendmailTransport, AsyncTransport, Message,
//! SendmailTransport, Tokio1Executor,
//! };
//!
//! let email = Message::builder()
@@ -42,11 +43,11 @@
//! .reply_to("Yuin <yuin@domain.tld>".parse()?)
//! .to("Hei <hei@domain.tld>".parse()?)
//! .subject("Happy new year")
//! .header(ContentType::TEXT_PLAIN)
//! .body(String::from("Be happy!"))?;
//!
//! let sender = AsyncSendmailTransport::<Tokio1Executor>::new();
//! let result = sender.send(email).await;
//! assert!(result.is_ok());
//! sender.send(email).await?;
//! # Ok(())
//! # }
//! ```
@@ -58,18 +59,17 @@
//! #
//! # #[cfg(all(feature = "async-std1", feature = "sendmail-transport", feature = "builder"))]
//! # async fn run() -> Result<(), Box<dyn Error>> {
//! use lettre::{Message, AsyncTransport, AsyncStd1Executor, AsyncSendmailTransport};
//! use lettre::{Message, AsyncTransport, AsyncStd1Executor,message::header::ContentType, AsyncSendmailTransport};
//!
//! let email = Message::builder()
//! .from("NoBody <nobody@domain.tld>".parse()?)
//! .reply_to("Yuin <yuin@domain.tld>".parse()?)
//! .to("Hei <hei@domain.tld>".parse()?)
//! .subject("Happy new year")
//! .subject("Happy new year").header(ContentType::TEXT_PLAIN)
//! .body(String::from("Be happy!"))?;
//!
//! let sender = AsyncSendmailTransport::<AsyncStd1Executor>::new();
//! let result = sender.send(email).await;
//! assert!(result.is_ok());
//! sender.send(email).await?;
//! # Ok(())
//! # }
//! ```
@@ -120,7 +120,7 @@ impl SendmailTransport {
/// Creates a new transport with the `sendmail` command
///
/// Note: This uses the `sendmail` command in the current `PATH`. To use another command,
/// use [SendmailTransport::new_with_command].
/// use [`SendmailTransport::new_with_command`].
pub fn new() -> SendmailTransport {
SendmailTransport {
command: DEFAULT_SENDMAIL.into(),
@@ -157,7 +157,7 @@ where
/// Creates a new transport with the `sendmail` command
///
/// Note: This uses the `sendmail` command in the current `PATH`. To use another command,
/// use [AsyncSendmailTransport::new_with_command].
/// use [`AsyncSendmailTransport::new_with_command`].
pub fn new() -> Self {
Self {
inner: SendmailTransport::new(),

204
src/transport/smtp/async_transport.rs
View File

@@ -12,6 +12,12 @@ use async_trait::async_trait;
use super::pool::async_impl::Pool;
#[cfg(feature = "pool")]
use super::PoolConfig;
#[cfg(any(
feature = "tokio1-native-tls",
feature = "tokio1-rustls",
feature = "async-std1-rustls"
))]
use super::Tls;
use super::{
client::AsyncSmtpConnection, ClientId, Credentials, Error, Mechanism, Response, SmtpInfo,
};
@@ -24,6 +30,30 @@ use crate::Tokio1Executor;
use crate::{Envelope, Executor};
/// Asynchronously sends emails using the SMTP protocol
///
/// `AsyncSmtpTransport` is the primary way for communicating
/// with SMTP relay servers to send email messages. It holds the
/// client connect configuration and creates new connections
/// as necessary.
///
/// # Connection pool
///
/// When the `pool` feature is enabled (default), `AsyncSmtpTransport` maintains a
/// connection pool to manage SMTP connections. The pool:
///
/// - Establishes a new connection when sending a message.
/// - Recycles connections internally after a message is sent.
/// - Reuses connections for subsequent messages, reducing connection setup overhead.
///
/// The connection pool can grow to hold multiple SMTP connections if multiple
/// emails are sent concurrently, as SMTP does not support multiplexing within a
/// single connection.
///
/// However, **connection reuse is not possible** if the `SyncSmtpTransport` instance
/// is dropped after every email send operation. You must reuse the instance
/// of this struct for the connection pool to be of any use.
///
/// To customize connection pool settings, use [`AsyncSmtpTransportBuilder::pool_config`].
#[cfg_attr(docsrs, doc(cfg(any(feature = "tokio1", feature = "async-std1"))))]
pub struct AsyncSmtpTransport<E: Executor> {
#[cfg(feature = "pool")]
@@ -81,15 +111,15 @@ where
/// to validate TLS certificates.
#[cfg(any(
feature = "tokio1-native-tls",
feature = "tokio1-rustls-tls",
feature = "async-std1-rustls-tls"
feature = "tokio1-rustls",
feature = "async-std1-rustls"
))]
#[cfg_attr(
docsrs,
doc(cfg(any(
feature = "tokio1-native-tls",
feature = "tokio1-rustls-tls",
feature = "async-std1-rustls-tls"
feature = "tokio1-rustls",
feature = "async-std1-rustls"
)))
)]
pub fn relay(relay: &str) -> Result<AsyncSmtpTransportBuilder, Error> {
@@ -115,15 +145,15 @@ where
/// or emails will be sent to the server, protecting from downgrade attacks.
#[cfg(any(
feature = "tokio1-native-tls",
feature = "tokio1-rustls-tls",
feature = "async-std1-rustls-tls"
feature = "tokio1-rustls",
feature = "async-std1-rustls"
))]
#[cfg_attr(
docsrs,
doc(cfg(any(
feature = "tokio1-native-tls",
feature = "tokio1-rustls-tls",
feature = "async-std1-rustls-tls"
feature = "tokio1-rustls",
feature = "async-std1-rustls"
)))
)]
pub fn starttls_relay(relay: &str) -> Result<AsyncSmtpTransportBuilder, Error> {
@@ -161,54 +191,72 @@ where
/// Creates a `AsyncSmtpTransportBuilder` from a connection URL
///
/// The protocol, credentials, host and port can be provided in a single URL.
/// Use the scheme `smtp` for an unencrypted relay (optionally in combination with the
/// `tls` parameter to allow/require STARTTLS) or `smtps` for SMTP over TLS.
/// The path section of the url can be used to set an alternative name for
/// the HELO / EHLO command.
/// For example `smtps://username:password@smtp.example.com/client.example.com:465`
/// will set the HELO / EHLO name `client.example.com`.
/// The protocol, credentials, host, port and EHLO name can be provided
/// in a single URL. This may be simpler than having to configure SMTP
/// through multiple configuration parameters and then having to pass
/// those options to lettre.
///
/// <table>
/// <thead>
/// <tr>
/// <th>scheme</th>
/// <th>tls parameter</th>
/// <th>example</th>
/// <th>remarks</th>
/// </tr>
/// </thead>
/// <tbody>
/// <tr>
/// <td>smtps</td>
/// <td>-</td>
/// <td>smtps://smtp.example.com</td>
/// <td>SMTP over TLS, recommended method</td>
/// </tr>
/// <tr>
/// <td>smtp</td>
/// <td>required</td>
/// <td>smtp://smtp.example.com?tls=required</td>
/// <td>SMTP with STARTTLS required, when SMTP over TLS is not available</td>
/// </tr>
/// <tr>
/// <td>smtp</td>
/// <td>opportunistic</td>
/// <td>smtp://smtp.example.com?tls=opportunistic</td>
/// <td>
/// SMTP with optionally STARTTLS when supported by the server.
/// Caution: this method is vulnerable to a man-in-the-middle attack.
/// Not recommended for production use.
/// </td>
/// </tr>
/// <tr>
/// <td>smtp</td>
/// <td>-</td>
/// <td>smtp://smtp.example.com</td>
/// <td>Unencrypted SMTP, not recommended for production use.</td>
/// </tr>
/// </tbody>
/// </table>
/// The URL is created in the following way:
/// `scheme://user:pass@hostname:port/ehlo-name?tls=TLS`.
///
/// `user` (Username) and `pass` (Password) are optional in case the
/// SMTP relay doesn't require authentication. When `port` is not
/// configured it is automatically determined based on the `scheme`.
/// `ehlo-name` optionally overwrites the hostname sent for the EHLO
/// command. `TLS` controls whether STARTTLS is simply enabled
/// (`opportunistic` - not enough to prevent man-in-the-middle attacks)
/// or `required` (require the server to upgrade the connection to
/// STARTTLS, otherwise fail on suspicion of main-in-the-middle attempt).
///
/// Use the following table to construct your SMTP url:
///
/// | scheme | `tls` query parameter | example | default port | remarks |
/// | ------- | --------------------- | -------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------- |
/// | `smtps` | unset | `smtps://user:pass@hostname:port` | 465 | SMTP over TLS, recommended method |
/// | `smtp` | `required` | `smtp://user:pass@hostname:port?tls=required` | 587 | SMTP with STARTTLS required, when SMTP over TLS is not available |
/// | `smtp` | `opportunistic` | `smtp://user:pass@hostname:port?tls=opportunistic` | 587 | SMTP with optionally STARTTLS when supported by the server. Not suitable for production use: vulnerable to a man-in-the-middle attack |
/// | `smtp` | unset | `smtp://user:pass@hostname:port` | 587 | Always unencrypted SMTP. Not suitable for production use: sends all data unencrypted |
///
/// IMPORTANT: some parameters like `user` and `pass` cannot simply
/// be concatenated to construct the final URL because special characters
/// contained within the parameter may confuse the URL decoder.
/// Manually URL encode the parameters before concatenating them or use
/// a proper URL encoder, like the following cargo script:
///
/// ```rust
/// # let _ = r#"
/// #!/usr/bin/env cargo
///
/// //! ```cargo
/// //! [dependencies]
/// //! url = "2"
/// //! ```
/// # "#;
///
/// use url::Url;
///
/// fn main() {
/// // don't touch this line
/// let mut url = Url::parse("foo://bar").unwrap();
///
/// // configure the scheme (`smtp` or `smtps`) here.
/// url.set_scheme("smtps").unwrap();
/// // configure the username and password.
/// // remove the following two lines if unauthenticated.
/// url.set_username("username").unwrap();
/// url.set_password(Some("password")).unwrap();
/// // configure the hostname
/// url.set_host(Some("smtp.example.com")).unwrap();
/// // configure the port - only necessary if using a non-default port
/// url.set_port(Some(465)).unwrap();
/// // configure the EHLO name
/// url.set_path("ehlo-name");
///
/// println!("{url}");
/// }
/// ```
///
/// The connection URL can then be used in the following way:
///
/// ```rust,no_run
/// use lettre::{
@@ -232,22 +280,18 @@ where
/// let mailer: AsyncSmtpTransport<Tokio1Executor> =
/// AsyncSmtpTransport::<Tokio1Executor>::from_url(
/// "smtps://username:password@smtp.example.com:465",
/// )
/// .unwrap()
/// )?
/// .build();
///
/// // Send the email
/// match mailer.send(email).await {
/// Ok(_) => println!("Email sent successfully!"),
/// Err(e) => panic!("Could not send email: {e:?}"),
/// }
/// mailer.send(email).await?;
/// # Ok(())
/// # }
/// ```
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
#[cfg_attr(
docsrs,
doc(cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls")))
doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
)]
pub fn from_url(connection_url: &str) -> Result<AsyncSmtpTransportBuilder, Error> {
super::connection_url::from_connection_url(connection_url)
@@ -323,7 +367,7 @@ impl AsyncSmtpTransportBuilder {
self
}
/// Set the authentication mechanism to use
/// Set the authentication credentials to use
pub fn credentials(mut self, credentials: Credentials) -> Self {
self.info.credentials = Some(credentials);
self
@@ -336,6 +380,17 @@ impl AsyncSmtpTransportBuilder {
}
/// Set the port to use
///
/// # ⚠️⚠️⚠️ You probably don't need to call this method ⚠️⚠️⚠️
///
/// lettre usually picks the correct `port` when building
/// [`AsyncSmtpTransport`] using [`AsyncSmtpTransport::relay`] or
/// [`AsyncSmtpTransport::starttls_relay`].
///
/// # Errors
///
/// Using the incorrect `port` and [`Self::tls`] combination may
/// lead to hard to debug IO errors coming from the TLS library.
pub fn port(mut self, port: u16) -> Self {
self.info.port = port;
self
@@ -348,20 +403,31 @@ impl AsyncSmtpTransportBuilder {
}
/// Set the TLS settings to use
///
/// # ⚠️⚠️⚠️ You probably don't need to call this method ⚠️⚠️⚠️
///
/// By default lettre chooses the correct `tls` configuration when
/// building [`AsyncSmtpTransport`] using [`AsyncSmtpTransport::relay`] or
/// [`AsyncSmtpTransport::starttls_relay`].
///
/// # Errors
///
/// Using the incorrect [`Tls`] and [`Self::port`] combination may
/// lead to hard to debug IO errors coming from the TLS library.
#[cfg(any(
feature = "tokio1-native-tls",
feature = "tokio1-rustls-tls",
feature = "async-std1-rustls-tls"
feature = "tokio1-rustls",
feature = "async-std1-rustls"
))]
#[cfg_attr(
docsrs,
doc(cfg(any(
feature = "tokio1-native-tls",
feature = "tokio1-rustls-tls",
feature = "async-std1-rustls-tls"
feature = "tokio1-rustls",
feature = "async-std1-rustls"
)))
)]
pub fn tls(mut self, tls: super::Tls) -> Self {
pub fn tls(mut self, tls: Tls) -> Self {
self.info.tls = tls;
self
}

32
src/transport/smtp/client/async_connection.rs
View File

@@ -6,7 +6,8 @@ use futures_util::io::{AsyncBufReadExt, AsyncWriteExt, BufReader};
use super::async_net::AsyncTokioStream;
#[cfg(feature = "tracing")]
use super::escape_crlf;
use super::{AsyncNetworkStream, ClientCodec, TlsParameters};
#[allow(deprecated)]
use super::{async_net::AsyncNetworkStream, ClientCodec, TlsParameters};
use crate::{
transport::smtp::{
authentication::{Credentials, Mechanism},
@@ -35,6 +36,7 @@ macro_rules! try_smtp (
pub struct AsyncSmtpConnection {
/// TCP stream between client and server
/// Value is None before connection
#[allow(deprecated)]
stream: BufReader<AsyncNetworkStream>,
/// Panic state
panic: bool,
@@ -56,6 +58,7 @@ impl AsyncSmtpConnection {
stream: Box<dyn AsyncTokioStream>,
hello_name: &ClientId,
) -> Result<AsyncSmtpConnection, Error> {
#[allow(deprecated)]
let stream = AsyncNetworkStream::use_existing_tokio1(stream);
Self::connect_impl(stream, hello_name).await
}
@@ -86,8 +89,7 @@ impl AsyncSmtpConnection {
/// Some(TlsParameters::new("example.com".to_owned())?),
/// None,
/// )
/// .await
/// .unwrap();
/// .await?;
/// # Ok(())
/// # }
/// ```
@@ -99,6 +101,7 @@ impl AsyncSmtpConnection {
tls_parameters: Option<TlsParameters>,
local_address: Option<IpAddr>,
) -> Result<AsyncSmtpConnection, Error> {
#[allow(deprecated)]
let stream =
AsyncNetworkStream::connect_tokio1(server, timeout, tls_parameters, local_address)
.await?;
@@ -115,10 +118,12 @@ impl AsyncSmtpConnection {
hello_name: &ClientId,
tls_parameters: Option<TlsParameters>,
) -> Result<AsyncSmtpConnection, Error> {
#[allow(deprecated)]
let stream = AsyncNetworkStream::connect_asyncstd1(server, timeout, tls_parameters).await?;
Self::connect_impl(stream, hello_name).await
}
#[allow(deprecated)]
async fn connect_impl(
stream: AsyncNetworkStream,
hello_name: &ClientId,
@@ -246,6 +251,7 @@ impl AsyncSmtpConnection {
}
/// Sets the underlying stream
#[allow(deprecated)]
pub fn set_stream(&mut self, stream: AsyncNetworkStream) {
self.stream = BufReader::new(stream);
}
@@ -369,13 +375,29 @@ impl AsyncSmtpConnection {
}
/// The X509 certificate of the server (DER encoded)
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
pub fn peer_certificate(&self) -> Result<Vec<u8>, Error> {
self.stream.get_ref().peer_certificate()
}
/// Currently this is only avaialable when using Boring TLS and
/// returns the result of the verification of the TLS certificate
/// presented by the peer, if any. Only the last error encountered
/// during verification is presented.
/// It can be useful when you don't want to fail outright the TLS
/// negotiation, for example when a self-signed certificate is
/// encountered, but still want to record metrics or log the fact.
/// When using DANE verification, the PKI root of trust moves from
/// the CAs to DNS, so self-signed certificates are permitted as long
/// as the TLSA records match the leaf or issuer certificates.
/// It cannot be called on non Boring TLS streams.
#[cfg(feature = "boring-tls")]
pub fn tls_verify_result(&self) -> Result<(), Error> {
self.stream.get_ref().tls_verify_result()
}
/// All the X509 certificates of the chain (DER encoded)
#[cfg(any(feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "rustls", feature = "boring-tls"))]
pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
self.stream.get_ref().certificate_chain()
}

123
src/transport/smtp/client/async_net.rs
View File

@@ -12,9 +12,9 @@ use futures_io::{
AsyncRead as FuturesAsyncRead, AsyncWrite as FuturesAsyncWrite, Error as IoError, ErrorKind,
Result as IoResult,
};
#[cfg(feature = "async-std1-rustls-tls")]
#[cfg(feature = "async-std1-rustls")]
use futures_rustls::client::TlsStream as AsyncStd1RustlsTlsStream;
#[cfg(any(feature = "tokio1-rustls-tls", feature = "async-std1-rustls-tls"))]
#[cfg(any(feature = "tokio1-rustls", feature = "async-std1-rustls"))]
use rustls::pki_types::ServerName;
#[cfg(feature = "tokio1-boring-tls")]
use tokio1_boring::SslStream as Tokio1SslStream;
@@ -27,14 +27,14 @@ use tokio1_crate::net::{
};
#[cfg(feature = "tokio1-native-tls")]
use tokio1_native_tls_crate::TlsStream as Tokio1TlsStream;
#[cfg(feature = "tokio1-rustls-tls")]
#[cfg(feature = "tokio1-rustls")]
use tokio1_rustls::client::TlsStream as Tokio1RustlsTlsStream;
#[cfg(any(
feature = "tokio1-native-tls",
feature = "tokio1-rustls-tls",
feature = "tokio1-rustls",
feature = "tokio1-boring-tls",
feature = "async-std1-rustls-tls"
feature = "async-std1-rustls"
))]
use super::InnerTlsParameters;
use super::TlsParameters;
@@ -44,6 +44,10 @@ use crate::transport::smtp::{error, Error};
/// A network stream
#[derive(Debug)]
#[deprecated(
since = "0.11.14",
note = "This struct was not meant to be made public"
)]
pub struct AsyncNetworkStream {
inner: InnerAsyncNetworkStream,
}
@@ -74,7 +78,7 @@ enum InnerAsyncNetworkStream {
#[cfg(feature = "tokio1-native-tls")]
Tokio1NativeTls(Tokio1TlsStream<Box<dyn AsyncTokioStream>>),
/// Encrypted Tokio 1.x TCP stream
#[cfg(feature = "tokio1-rustls-tls")]
#[cfg(feature = "tokio1-rustls")]
Tokio1RustlsTls(Tokio1RustlsTlsStream<Box<dyn AsyncTokioStream>>),
/// Encrypted Tokio 1.x TCP stream
#[cfg(feature = "tokio1-boring-tls")]
@@ -83,12 +87,13 @@ enum InnerAsyncNetworkStream {
#[cfg(feature = "async-std1")]
AsyncStd1Tcp(AsyncStd1TcpStream),
/// Encrypted Tokio 1.x TCP stream
#[cfg(feature = "async-std1-rustls-tls")]
#[cfg(feature = "async-std1-rustls")]
AsyncStd1RustlsTls(AsyncStd1RustlsTlsStream<AsyncStd1TcpStream>),
/// Can't be built
None,
}
#[allow(deprecated)]
impl AsyncNetworkStream {
fn new(inner: InnerAsyncNetworkStream) -> Self {
if let InnerAsyncNetworkStream::None = inner {
@@ -107,13 +112,13 @@ impl AsyncNetworkStream {
InnerAsyncNetworkStream::Tokio1NativeTls(s) => {
s.get_ref().get_ref().get_ref().peer_addr()
}
#[cfg(feature = "tokio1-rustls-tls")]
#[cfg(feature = "tokio1-rustls")]
InnerAsyncNetworkStream::Tokio1RustlsTls(s) => s.get_ref().0.peer_addr(),
#[cfg(feature = "tokio1-boring-tls")]
InnerAsyncNetworkStream::Tokio1BoringTls(s) => s.get_ref().peer_addr(),
#[cfg(feature = "async-std1")]
InnerAsyncNetworkStream::AsyncStd1Tcp(s) => s.peer_addr(),
#[cfg(feature = "async-std1-rustls-tls")]
#[cfg(feature = "async-std1-rustls")]
InnerAsyncNetworkStream::AsyncStd1RustlsTls(s) => s.get_ref().0.peer_addr(),
InnerAsyncNetworkStream::None => {
debug_assert!(false, "InnerAsyncNetworkStream::None must never be built");
@@ -170,7 +175,7 @@ impl AsyncNetworkStream {
last_err = Some(io::Error::new(
io::ErrorKind::TimedOut,
"connection timed out",
))
));
}
}
} else {
@@ -222,7 +227,7 @@ impl AsyncNetworkStream {
last_err = Some(io::Error::new(
io::ErrorKind::TimedOut,
"connection timed out",
))
));
}
}
}
@@ -253,26 +258,25 @@ impl AsyncNetworkStream {
feature = "tokio1",
not(any(
feature = "tokio1-native-tls",
feature = "tokio1-rustls-tls",
feature = "tokio1-rustls",
feature = "tokio1-boring-tls"
))
))]
InnerAsyncNetworkStream::Tokio1Tcp(_) => {
let _ = tls_parameters;
panic!("Trying to upgrade an AsyncNetworkStream without having enabled either the tokio1-native-tls or the tokio1-rustls-tls feature");
panic!("Trying to upgrade an AsyncNetworkStream without having enabled either the tokio1-native-tls or the tokio1-rustls feature");
}
#[cfg(any(
feature = "tokio1-native-tls",
feature = "tokio1-rustls-tls",
feature = "tokio1-rustls",
feature = "tokio1-boring-tls"
))]
InnerAsyncNetworkStream::Tokio1Tcp(_) => {
// get owned TcpStream
let tcp_stream = mem::replace(&mut self.inner, InnerAsyncNetworkStream::None);
let tcp_stream = match tcp_stream {
InnerAsyncNetworkStream::Tokio1Tcp(tcp_stream) => tcp_stream,
_ => unreachable!(),
let InnerAsyncNetworkStream::Tokio1Tcp(tcp_stream) = tcp_stream else {
unreachable!()
};
self.inner = Self::upgrade_tokio1_tls(tcp_stream, tls_parameters)
@@ -280,19 +284,18 @@ impl AsyncNetworkStream {
.map_err(error::connection)?;
Ok(())
}
#[cfg(all(feature = "async-std1", not(feature = "async-std1-rustls-tls")))]
#[cfg(all(feature = "async-std1", not(feature = "async-std1-rustls")))]
InnerAsyncNetworkStream::AsyncStd1Tcp(_) => {
let _ = tls_parameters;
panic!("Trying to upgrade an AsyncNetworkStream without having enabled the async-std1-rustls-tls feature");
panic!("Trying to upgrade an AsyncNetworkStream without having enabled the async-std1-rustls feature");
}
#[cfg(feature = "async-std1-rustls-tls")]
#[cfg(feature = "async-std1-rustls")]
InnerAsyncNetworkStream::AsyncStd1Tcp(_) => {
// get owned TcpStream
let tcp_stream = mem::replace(&mut self.inner, InnerAsyncNetworkStream::None);
let tcp_stream = match tcp_stream {
InnerAsyncNetworkStream::AsyncStd1Tcp(tcp_stream) => tcp_stream,
_ => unreachable!(),
let InnerAsyncNetworkStream::AsyncStd1Tcp(tcp_stream) = tcp_stream else {
unreachable!()
};
self.inner = Self::upgrade_asyncstd1_tls(tcp_stream, tls_parameters)
@@ -307,7 +310,7 @@ impl AsyncNetworkStream {
#[allow(unused_variables)]
#[cfg(any(
feature = "tokio1-native-tls",
feature = "tokio1-rustls-tls",
feature = "tokio1-rustls",
feature = "tokio1-boring-tls"
))]
async fn upgrade_tokio1_tls(
@@ -334,12 +337,12 @@ impl AsyncNetworkStream {
Ok(InnerAsyncNetworkStream::Tokio1NativeTls(stream))
};
}
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
InnerTlsParameters::RustlsTls(config) => {
#[cfg(not(feature = "tokio1-rustls-tls"))]
panic!("built without the tokio1-rustls-tls feature");
#[cfg(not(feature = "tokio1-rustls"))]
panic!("built without the tokio1-rustls feature");
#[cfg(feature = "tokio1-rustls-tls")]
#[cfg(feature = "tokio1-rustls")]
return {
use tokio1_rustls::TlsConnector;
@@ -374,7 +377,7 @@ impl AsyncNetworkStream {
}
#[allow(unused_variables)]
#[cfg(feature = "async-std1-rustls-tls")]
#[cfg(feature = "async-std1-rustls")]
async fn upgrade_asyncstd1_tls(
tcp_stream: AsyncStd1TcpStream,
mut tls_parameters: TlsParameters,
@@ -386,12 +389,12 @@ impl AsyncNetworkStream {
InnerTlsParameters::NativeTls(connector) => {
panic!("native-tls isn't supported with async-std yet. See https://github.com/lettre/lettre/pull/531#issuecomment-757893531");
}
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
InnerTlsParameters::RustlsTls(config) => {
#[cfg(not(feature = "async-std1-rustls-tls"))]
panic!("built without the async-std1-rustls-tls feature");
#[cfg(not(feature = "async-std1-rustls"))]
panic!("built without the async-std1-rustls feature");
#[cfg(feature = "async-std1-rustls-tls")]
#[cfg(feature = "async-std1-rustls")]
return {
use futures_rustls::TlsConnector;
@@ -419,18 +422,42 @@ impl AsyncNetworkStream {
InnerAsyncNetworkStream::Tokio1Tcp(_) => false,
#[cfg(feature = "tokio1-native-tls")]
InnerAsyncNetworkStream::Tokio1NativeTls(_) => true,
#[cfg(feature = "tokio1-rustls-tls")]
#[cfg(feature = "tokio1-rustls")]
InnerAsyncNetworkStream::Tokio1RustlsTls(_) => true,
#[cfg(feature = "tokio1-boring-tls")]
InnerAsyncNetworkStream::Tokio1BoringTls(_) => true,
#[cfg(feature = "async-std1")]
InnerAsyncNetworkStream::AsyncStd1Tcp(_) => false,
#[cfg(feature = "async-std1-rustls-tls")]
#[cfg(feature = "async-std1-rustls")]
InnerAsyncNetworkStream::AsyncStd1RustlsTls(_) => true,
InnerAsyncNetworkStream::None => false,
}
}
#[cfg(feature = "boring-tls")]
pub fn tls_verify_result(&self) -> Result<(), Error> {
match &self.inner {
#[cfg(feature = "tokio1")]
InnerAsyncNetworkStream::Tokio1Tcp(_) => {
Err(error::client("Connection is not encrypted"))
}
#[cfg(feature = "tokio1-native-tls")]
InnerAsyncNetworkStream::Tokio1NativeTls(_) => panic!("Unsupported"),
#[cfg(feature = "tokio1-rustls")]
InnerAsyncNetworkStream::Tokio1RustlsTls(_) => panic!("Unsupported"),
#[cfg(feature = "tokio1-boring-tls")]
InnerAsyncNetworkStream::Tokio1BoringTls(stream) => {
stream.ssl().verify_result().map_err(error::tls)
}
#[cfg(feature = "async-std1")]
InnerAsyncNetworkStream::AsyncStd1Tcp(_) => {
Err(error::client("Connection is not encrypted"))
}
#[cfg(feature = "async-std1-rustls")]
InnerAsyncNetworkStream::AsyncStd1RustlsTls(_) => panic!("Unsupported"),
InnerAsyncNetworkStream::None => panic!("InnerNetworkStream::None must never be built"),
}
}
pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
match &self.inner {
#[cfg(feature = "tokio1")]
@@ -439,7 +466,7 @@ impl AsyncNetworkStream {
}
#[cfg(feature = "tokio1-native-tls")]
InnerAsyncNetworkStream::Tokio1NativeTls(_) => panic!("Unsupported"),
#[cfg(feature = "tokio1-rustls-tls")]
#[cfg(feature = "tokio1-rustls")]
InnerAsyncNetworkStream::Tokio1RustlsTls(stream) => Ok(stream
.get_ref()
.1
@@ -460,7 +487,7 @@ impl AsyncNetworkStream {
InnerAsyncNetworkStream::AsyncStd1Tcp(_) => {
Err(error::client("Connection is not encrypted"))
}
#[cfg(feature = "async-std1-rustls-tls")]
#[cfg(feature = "async-std1-rustls")]
InnerAsyncNetworkStream::AsyncStd1RustlsTls(stream) => Ok(stream
.get_ref()
.1
@@ -487,7 +514,7 @@ impl AsyncNetworkStream {
.unwrap()
.to_der()
.map_err(error::tls)?),
#[cfg(feature = "tokio1-rustls-tls")]
#[cfg(feature = "tokio1-rustls")]
InnerAsyncNetworkStream::Tokio1RustlsTls(stream) => Ok(stream
.get_ref()
.1
@@ -507,7 +534,7 @@ impl AsyncNetworkStream {
InnerAsyncNetworkStream::AsyncStd1Tcp(_) => {
Err(error::client("Connection is not encrypted"))
}
#[cfg(feature = "async-std1-rustls-tls")]
#[cfg(feature = "async-std1-rustls")]
InnerAsyncNetworkStream::AsyncStd1RustlsTls(stream) => Ok(stream
.get_ref()
.1
@@ -521,6 +548,7 @@ impl AsyncNetworkStream {
}
}
#[allow(deprecated)]
impl FuturesAsyncRead for AsyncNetworkStream {
fn poll_read(
mut self: Pin<&mut Self>,
@@ -546,7 +574,7 @@ impl FuturesAsyncRead for AsyncNetworkStream {
Poll::Pending => Poll::Pending,
}
}
#[cfg(feature = "tokio1-rustls-tls")]
#[cfg(feature = "tokio1-rustls")]
InnerAsyncNetworkStream::Tokio1RustlsTls(s) => {
let mut b = Tokio1ReadBuf::new(buf);
match Pin::new(s).poll_read(cx, &mut b) {
@@ -566,7 +594,7 @@ impl FuturesAsyncRead for AsyncNetworkStream {
}
#[cfg(feature = "async-std1")]
InnerAsyncNetworkStream::AsyncStd1Tcp(s) => Pin::new(s).poll_read(cx, buf),
#[cfg(feature = "async-std1-rustls-tls")]
#[cfg(feature = "async-std1-rustls")]
InnerAsyncNetworkStream::AsyncStd1RustlsTls(s) => Pin::new(s).poll_read(cx, buf),
InnerAsyncNetworkStream::None => {
debug_assert!(false, "InnerAsyncNetworkStream::None must never be built");
@@ -576,6 +604,7 @@ impl FuturesAsyncRead for AsyncNetworkStream {
}
}
#[allow(deprecated)]
impl FuturesAsyncWrite for AsyncNetworkStream {
fn poll_write(
mut self: Pin<&mut Self>,
@@ -587,13 +616,13 @@ impl FuturesAsyncWrite for AsyncNetworkStream {
InnerAsyncNetworkStream::Tokio1Tcp(s) => Pin::new(s).poll_write(cx, buf),
#[cfg(feature = "tokio1-native-tls")]
InnerAsyncNetworkStream::Tokio1NativeTls(s) => Pin::new(s).poll_write(cx, buf),
#[cfg(feature = "tokio1-rustls-tls")]
#[cfg(feature = "tokio1-rustls")]
InnerAsyncNetworkStream::Tokio1RustlsTls(s) => Pin::new(s).poll_write(cx, buf),
#[cfg(feature = "tokio1-boring-tls")]
InnerAsyncNetworkStream::Tokio1BoringTls(s) => Pin::new(s).poll_write(cx, buf),
#[cfg(feature = "async-std1")]
InnerAsyncNetworkStream::AsyncStd1Tcp(s) => Pin::new(s).poll_write(cx, buf),
#[cfg(feature = "async-std1-rustls-tls")]
#[cfg(feature = "async-std1-rustls")]
InnerAsyncNetworkStream::AsyncStd1RustlsTls(s) => Pin::new(s).poll_write(cx, buf),
InnerAsyncNetworkStream::None => {
debug_assert!(false, "InnerAsyncNetworkStream::None must never be built");
@@ -608,13 +637,13 @@ impl FuturesAsyncWrite for AsyncNetworkStream {
InnerAsyncNetworkStream::Tokio1Tcp(s) => Pin::new(s).poll_flush(cx),
#[cfg(feature = "tokio1-native-tls")]
InnerAsyncNetworkStream::Tokio1NativeTls(s) => Pin::new(s).poll_flush(cx),
#[cfg(feature = "tokio1-rustls-tls")]
#[cfg(feature = "tokio1-rustls")]
InnerAsyncNetworkStream::Tokio1RustlsTls(s) => Pin::new(s).poll_flush(cx),
#[cfg(feature = "tokio1-boring-tls")]
InnerAsyncNetworkStream::Tokio1BoringTls(s) => Pin::new(s).poll_flush(cx),
#[cfg(feature = "async-std1")]
InnerAsyncNetworkStream::AsyncStd1Tcp(s) => Pin::new(s).poll_flush(cx),
#[cfg(feature = "async-std1-rustls-tls")]
#[cfg(feature = "async-std1-rustls")]
InnerAsyncNetworkStream::AsyncStd1RustlsTls(s) => Pin::new(s).poll_flush(cx),
InnerAsyncNetworkStream::None => {
debug_assert!(false, "InnerAsyncNetworkStream::None must never be built");
@@ -629,13 +658,13 @@ impl FuturesAsyncWrite for AsyncNetworkStream {
InnerAsyncNetworkStream::Tokio1Tcp(s) => Pin::new(s).poll_shutdown(cx),
#[cfg(feature = "tokio1-native-tls")]
InnerAsyncNetworkStream::Tokio1NativeTls(s) => Pin::new(s).poll_shutdown(cx),
#[cfg(feature = "tokio1-rustls-tls")]
#[cfg(feature = "tokio1-rustls")]
InnerAsyncNetworkStream::Tokio1RustlsTls(s) => Pin::new(s).poll_shutdown(cx),
#[cfg(feature = "tokio1-boring-tls")]
InnerAsyncNetworkStream::Tokio1BoringTls(s) => Pin::new(s).poll_shutdown(cx),
#[cfg(feature = "async-std1")]
InnerAsyncNetworkStream::AsyncStd1Tcp(s) => Pin::new(s).poll_close(cx),
#[cfg(feature = "async-std1-rustls-tls")]
#[cfg(feature = "async-std1-rustls")]
InnerAsyncNetworkStream::AsyncStd1RustlsTls(s) => Pin::new(s).poll_close(cx),
InnerAsyncNetworkStream::None => {
debug_assert!(false, "InnerAsyncNetworkStream::None must never be built");

28
src/transport/smtp/client/connection.rs
View File

@@ -143,7 +143,7 @@ impl SmtpConnection {
hello_name: &ClientId,
) -> Result<(), Error> {
if self.server_info.supports_feature(Extension::StartTls) {
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
{
try_smtp!(self.command(Starttls), self);
self.stream.get_mut().upgrade_tls(tls_parameters)?;
@@ -153,11 +153,7 @@ impl SmtpConnection {
try_smtp!(self.ehlo(hello_name), self);
Ok(())
}
#[cfg(not(any(
feature = "native-tls",
feature = "rustls-tls",
feature = "boring-tls"
)))]
#[cfg(not(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))]
// This should never happen as `Tls` can only be created
// when a TLS library is enabled
unreachable!("TLS support required but not supported");
@@ -303,13 +299,29 @@ impl SmtpConnection {
}
/// The X509 certificate of the server (DER encoded)
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
pub fn peer_certificate(&self) -> Result<Vec<u8>, Error> {
self.stream.get_ref().peer_certificate()
}
/// Currently this is only avaialable when using Boring TLS and
/// returns the result of the verification of the TLS certificate
/// presented by the peer, if any. Only the last error encountered
/// during verification is presented.
/// It can be useful when you don't want to fail outright the TLS
/// negotiation, for example when a self-signed certificate is
/// encountered, but still want to record metrics or log the fact.
/// When using DANE verification, the PKI root of trust moves from
/// the CAs to DNS, so self-signed certificates are permitted as long
/// as the TLSA records match the leaf or issuer certificates.
/// It cannot be called on non Boring TLS streams.
#[cfg(feature = "boring-tls")]
pub fn tls_verify_result(&self) -> Result<(), Error> {
self.stream.get_ref().tls_verify_result()
}
/// All the X509 certificates of the chain (DER encoded)
#[cfg(any(feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "rustls", feature = "boring-tls"))]
pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
self.stream.get_ref().certificate_chain()
}

5
src/transport/smtp/client/mod.rs
View File

@@ -28,13 +28,14 @@ use std::fmt::Debug;
#[cfg(any(feature = "tokio1", feature = "async-std1"))]
pub use self::async_connection::AsyncSmtpConnection;
#[cfg(any(feature = "tokio1", feature = "async-std1"))]
#[allow(deprecated)]
pub use self::async_net::AsyncNetworkStream;
#[cfg(feature = "tokio1")]
pub use self::async_net::AsyncTokioStream;
use self::net::NetworkStream;
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
pub(super) use self::tls::InnerTlsParameters;
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
pub use self::tls::TlsVersion;
pub use self::{
connection::SmtpConnection,

67
src/transport/smtp/client/net.rs
View File

@@ -1,4 +1,4 @@
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
use std::sync::Arc;
use std::{
io::{self, Read, Write},
@@ -11,11 +11,11 @@ use std::{
use boring::ssl::SslStream;
#[cfg(feature = "native-tls")]
use native_tls::TlsStream;
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
use rustls::{pki_types::ServerName, ClientConnection, StreamOwned};
use socket2::{Domain, Protocol, Type};
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
use super::InnerTlsParameters;
use super::TlsParameters;
use crate::transport::smtp::{error, Error};
@@ -36,7 +36,7 @@ enum InnerNetworkStream {
#[cfg(feature = "native-tls")]
NativeTls(TlsStream<TcpStream>),
/// Encrypted TCP stream
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
RustlsTls(StreamOwned<ClientConnection, TcpStream>),
#[cfg(feature = "boring-tls")]
BoringTls(SslStream<TcpStream>),
@@ -59,7 +59,7 @@ impl NetworkStream {
InnerNetworkStream::Tcp(s) => s.peer_addr(),
#[cfg(feature = "native-tls")]
InnerNetworkStream::NativeTls(s) => s.get_ref().peer_addr(),
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
InnerNetworkStream::RustlsTls(s) => s.get_ref().peer_addr(),
#[cfg(feature = "boring-tls")]
InnerNetworkStream::BoringTls(s) => s.get_ref().peer_addr(),
@@ -79,7 +79,7 @@ impl NetworkStream {
InnerNetworkStream::Tcp(s) => s.shutdown(how),
#[cfg(feature = "native-tls")]
InnerNetworkStream::NativeTls(s) => s.get_ref().shutdown(how),
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
InnerNetworkStream::RustlsTls(s) => s.get_ref().shutdown(how),
#[cfg(feature = "boring-tls")]
InnerNetworkStream::BoringTls(s) => s.get_ref().shutdown(how),
@@ -146,23 +146,18 @@ impl NetworkStream {
pub fn upgrade_tls(&mut self, tls_parameters: &TlsParameters) -> Result<(), Error> {
match &self.inner {
#[cfg(not(any(
feature = "native-tls",
feature = "rustls-tls",
feature = "boring-tls"
)))]
#[cfg(not(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))]
InnerNetworkStream::Tcp(_) => {
let _ = tls_parameters;
panic!("Trying to upgrade an NetworkStream without having enabled either the native-tls or the rustls-tls feature");
panic!("Trying to upgrade an NetworkStream without having enabled either the `native-tls` or the `rustls` feature");
}
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
InnerNetworkStream::Tcp(_) => {
// get owned TcpStream
let tcp_stream = mem::replace(&mut self.inner, InnerNetworkStream::None);
let tcp_stream = match tcp_stream {
InnerNetworkStream::Tcp(tcp_stream) => tcp_stream,
_ => unreachable!(),
let InnerNetworkStream::Tcp(tcp_stream) = tcp_stream else {
unreachable!()
};
self.inner = Self::upgrade_tls_impl(tcp_stream, tls_parameters)?;
@@ -172,7 +167,7 @@ impl NetworkStream {
}
}
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
fn upgrade_tls_impl(
tcp_stream: TcpStream,
tls_parameters: &TlsParameters,
@@ -185,7 +180,7 @@ impl NetworkStream {
.map_err(error::connection)?;
InnerNetworkStream::NativeTls(stream)
}
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
InnerTlsParameters::RustlsTls(connector) => {
let domain = ServerName::try_from(tls_parameters.domain())
.map_err(|_| error::connection("domain isn't a valid DNS name"))?;
@@ -212,7 +207,7 @@ impl NetworkStream {
InnerNetworkStream::Tcp(_) => false,
#[cfg(feature = "native-tls")]
InnerNetworkStream::NativeTls(_) => true,
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
InnerNetworkStream::RustlsTls(_) => true,
#[cfg(feature = "boring-tls")]
InnerNetworkStream::BoringTls(_) => true,
@@ -223,13 +218,29 @@ impl NetworkStream {
}
}
#[cfg(any(feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(feature = "boring-tls")]
pub fn tls_verify_result(&self) -> Result<(), Error> {
match &self.inner {
InnerNetworkStream::Tcp(_) => Err(error::client("Connection is not encrypted")),
#[cfg(feature = "native-tls")]
InnerNetworkStream::NativeTls(_) => panic!("Unsupported"),
#[cfg(feature = "rustls")]
InnerNetworkStream::RustlsTls(_) => panic!("Unsupported"),
#[cfg(feature = "boring-tls")]
InnerNetworkStream::BoringTls(stream) => {
stream.ssl().verify_result().map_err(error::tls)
}
InnerNetworkStream::None => panic!("InnerNetworkStream::None must never be built"),
}
}
#[cfg(any(feature = "rustls", feature = "boring-tls"))]
pub fn certificate_chain(&self) -> Result<Vec<Vec<u8>>, Error> {
match &self.inner {
InnerNetworkStream::Tcp(_) => Err(error::client("Connection is not encrypted")),
#[cfg(feature = "native-tls")]
InnerNetworkStream::NativeTls(_) => panic!("Unsupported"),
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
InnerNetworkStream::RustlsTls(stream) => Ok(stream
.conn
.peer_certificates()
@@ -249,7 +260,7 @@ impl NetworkStream {
}
}
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
pub fn peer_certificate(&self) -> Result<Vec<u8>, Error> {
match &self.inner {
InnerNetworkStream::Tcp(_) => Err(error::client("Connection is not encrypted")),
@@ -260,7 +271,7 @@ impl NetworkStream {
.unwrap()
.to_der()
.map_err(error::tls)?),
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
InnerNetworkStream::RustlsTls(stream) => Ok(stream
.conn
.peer_certificates()
@@ -284,7 +295,7 @@ impl NetworkStream {
InnerNetworkStream::Tcp(stream) => stream.set_read_timeout(duration),
#[cfg(feature = "native-tls")]
InnerNetworkStream::NativeTls(stream) => stream.get_ref().set_read_timeout(duration),
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
InnerNetworkStream::RustlsTls(stream) => stream.get_ref().set_read_timeout(duration),
#[cfg(feature = "boring-tls")]
InnerNetworkStream::BoringTls(stream) => stream.get_ref().set_read_timeout(duration),
@@ -302,7 +313,7 @@ impl NetworkStream {
#[cfg(feature = "native-tls")]
InnerNetworkStream::NativeTls(stream) => stream.get_ref().set_write_timeout(duration),
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
InnerNetworkStream::RustlsTls(stream) => stream.get_ref().set_write_timeout(duration),
#[cfg(feature = "boring-tls")]
InnerNetworkStream::BoringTls(stream) => stream.get_ref().set_write_timeout(duration),
@@ -320,7 +331,7 @@ impl Read for NetworkStream {
InnerNetworkStream::Tcp(s) => s.read(buf),
#[cfg(feature = "native-tls")]
InnerNetworkStream::NativeTls(s) => s.read(buf),
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
InnerNetworkStream::RustlsTls(s) => s.read(buf),
#[cfg(feature = "boring-tls")]
InnerNetworkStream::BoringTls(s) => s.read(buf),
@@ -338,7 +349,7 @@ impl Write for NetworkStream {
InnerNetworkStream::Tcp(s) => s.write(buf),
#[cfg(feature = "native-tls")]
InnerNetworkStream::NativeTls(s) => s.write(buf),
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
InnerNetworkStream::RustlsTls(s) => s.write(buf),
#[cfg(feature = "boring-tls")]
InnerNetworkStream::BoringTls(s) => s.write(buf),
@@ -354,7 +365,7 @@ impl Write for NetworkStream {
InnerNetworkStream::Tcp(s) => s.flush(),
#[cfg(feature = "native-tls")]
InnerNetworkStream::NativeTls(s) => s.flush(),
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
InnerNetworkStream::RustlsTls(s) => s.flush(),
#[cfg(feature = "boring-tls")]
InnerNetworkStream::BoringTls(s) => s.flush(),

189
src/transport/smtp/client/tls.rs
View File

@@ -1,6 +1,6 @@
use std::fmt::{self, Debug};
#[cfg(feature = "rustls-tls")]
use std::{io, sync::Arc};
#[cfg(feature = "rustls")]
use std::sync::Arc;
#[cfg(feature = "boring-tls")]
use boring::{
@@ -10,23 +10,22 @@ use boring::{
};
#[cfg(feature = "native-tls")]
use native_tls::{Protocol, TlsConnector};
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
use rustls::{
client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
crypto::WebPkiSupportedAlgorithms,
crypto::{verify_tls12_signature, verify_tls13_signature},
pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime},
crypto::{verify_tls12_signature, verify_tls13_signature, CryptoProvider},
pki_types::{self, pem::PemObject, CertificateDer, PrivateKeyDer, ServerName, UnixTime},
server::ParsedCertificate,
ClientConfig, DigitallySignedStruct, Error as TlsError, RootCertStore, SignatureScheme,
};
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
use crate::transport::smtp::{error, Error};
/// TLS protocol versions.
#[derive(Debug, Copy, Clone)]
#[non_exhaustive]
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
pub enum TlsVersion {
/// TLS 1.0
///
@@ -59,31 +58,65 @@ pub enum TlsVersion {
Tlsv13,
}
/// How to apply TLS to a client connection
/// Specifies how to establish a TLS connection
///
/// TLDR: Use [`Tls::Wrapper`] or [`Tls::Required`] when
/// connecting to a remote server, [`Tls::None`] when
/// connecting to a local server.
#[derive(Clone)]
#[allow(missing_copy_implementations)]
pub enum Tls {
/// Insecure connection only (for testing purposes)
/// Insecure (plaintext) connection only.
///
/// This option **always** uses a plaintext connection and should only
/// be used for trusted local relays. It is **highly discouraged**
/// for remote servers, as it exposes credentials and emails to potential
/// interception.
///
/// Note: Servers requiring credentials or emails to be sent over TLS
/// may reject connections when this option is used.
None,
/// Start with insecure connection and use `STARTTLS` when available
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
/// Begin with a plaintext connection and attempt to use `STARTTLS` if available.
///
/// lettre will try to upgrade to a TLS-secured connection but will fall back
/// to plaintext if the server does not support TLS. This option is provided for
/// compatibility but is **strongly discouraged**, as it exposes connections to
/// potential MITM (man-in-the-middle) attacks.
///
/// Warning: A malicious intermediary could intercept the `STARTTLS` flag,
/// causing lettre to believe the server only supports plaintext connections.
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
#[cfg_attr(
docsrs,
doc(cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls")))
doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
)]
Opportunistic(TlsParameters),
/// Start with insecure connection and require `STARTTLS`
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
/// Begin with a plaintext connection and require `STARTTLS` for security.
///
/// lettre will upgrade plaintext TCP connections to TLS before transmitting
/// any sensitive data. If the server does not support TLS, the connection
/// attempt will fail, ensuring no credentials or emails are sent in plaintext.
///
/// Unlike [`Tls::Opportunistic`], this option is secure against MITM attacks.
/// For optimal security and performance, consider using [`Tls::Wrapper`] instead,
/// as it requires fewer roundtrips to establish a secure connection.
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
#[cfg_attr(
docsrs,
doc(cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls")))
doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
)]
Required(TlsParameters),
/// Use TLS wrapped connection
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
/// Establish a connection wrapped in TLS from the start.
///
/// lettre connects to the server and immediately performs a TLS handshake.
/// If the handshake fails, the connection attempt is aborted without
/// transmitting any sensitive data.
///
/// This is the fastest and most secure option for establishing a connection.
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
#[cfg_attr(
docsrs,
doc(cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls")))
doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
)]
Wrapper(TlsParameters),
}
@@ -92,11 +125,11 @@ impl Debug for Tls {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
match &self {
Self::None => f.pad("None"),
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
Self::Opportunistic(_) => f.pad("Opportunistic"),
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
Self::Required(_) => f.pad("Required"),
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
Self::Wrapper(_) => f.pad("Wrapper"),
}
}
@@ -120,7 +153,7 @@ pub enum CertificateStore {
/// Use a hardcoded set of Mozilla roots via the `webpki-roots` crate.
///
/// This option is only available in the rustls backend.
#[cfg(feature = "rustls-tls")]
#[cfg(all(feature = "rustls", feature = "webpki-roots"))]
WebpkiRoots,
/// Don't use any system certificates.
None,
@@ -145,7 +178,7 @@ pub struct TlsParametersBuilder {
identity: Option<Identity>,
accept_invalid_hostnames: bool,
accept_invalid_certs: bool,
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
min_tls_version: TlsVersion,
}
@@ -159,7 +192,7 @@ impl TlsParametersBuilder {
identity: None,
accept_invalid_hostnames: false,
accept_invalid_certs: false,
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
min_tls_version: TlsVersion::Tlsv12,
}
}
@@ -197,10 +230,10 @@ impl TlsParametersBuilder {
/// including those from other sites, are trusted.
///
/// This method introduces significant vulnerabilities to man-in-the-middle attacks.
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
#[cfg_attr(
docsrs,
doc(cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls")))
doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
)]
pub fn dangerous_accept_invalid_hostnames(mut self, accept_invalid_hostnames: bool) -> Self {
self.accept_invalid_hostnames = accept_invalid_hostnames;
@@ -210,7 +243,7 @@ impl TlsParametersBuilder {
/// Controls which minimum TLS version is allowed
///
/// Defaults to [`Tlsv12`][TlsVersion::Tlsv12].
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
pub fn set_min_tls_version(mut self, min_tls_version: TlsVersion) -> Self {
self.min_tls_version = min_tls_version;
self
@@ -239,17 +272,17 @@ impl TlsParametersBuilder {
/// Creates a new `TlsParameters` using native-tls, boring-tls or rustls
/// depending on which one is available
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
#[cfg_attr(
docsrs,
doc(cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls")))
doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
)]
pub fn build(self) -> Result<TlsParameters, Error> {
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
return self.build_rustls();
#[cfg(all(not(feature = "rustls-tls"), feature = "native-tls"))]
#[cfg(all(not(feature = "rustls"), feature = "native-tls"))]
return self.build_native();
#[cfg(all(not(feature = "rustls-tls"), feature = "boring-tls"))]
#[cfg(all(not(feature = "rustls"), feature = "boring-tls"))]
return self.build_boring();
}
@@ -363,8 +396,8 @@ impl TlsParametersBuilder {
}
/// Creates a new `TlsParameters` using rustls with the provided configuration
#[cfg(feature = "rustls-tls")]
#[cfg_attr(docsrs, doc(cfg(feature = "rustls-tls")))]
#[cfg(feature = "rustls")]
#[cfg_attr(docsrs, doc(cfg(feature = "rustls")))]
pub fn build_rustls(self) -> Result<TlsParameters, Error> {
let just_version3 = &[&rustls::version::TLS13];
let supported_versions = match self.min_tls_version {
@@ -378,18 +411,16 @@ impl TlsParametersBuilder {
TlsVersion::Tlsv13 => just_version3,
};
let tls = ClientConfig::builder_with_protocol_versions(supported_versions);
let provider = rustls::crypto::CryptoProvider::get_default()
.cloned()
.unwrap_or_else(|| Arc::new(rustls::crypto::ring::default_provider()));
let crypto_provider = crate::rustls_crypto::crypto_provider();
let tls = ClientConfig::builder_with_provider(Arc::clone(&crypto_provider))
.with_protocol_versions(supported_versions)
.map_err(error::tls)?;
// Build TLS config
let signature_algorithms = provider.signature_verification_algorithms;
let mut root_cert_store = RootCertStore::empty();
#[cfg(feature = "rustls-native-certs")]
fn load_native_roots(store: &mut RootCertStore) -> Result<(), Error> {
fn load_native_roots(store: &mut RootCertStore) {
let rustls_native_certs::CertificateResult { certs, errors, .. } =
rustls_native_certs::load_native_certs();
let errors_len = errors.len();
@@ -399,10 +430,11 @@ impl TlsParametersBuilder {
tracing::debug!(
"loaded platform certs with {errors_len} failing to load, {added} valid and {ignored} ignored (invalid) certs"
);
Ok(())
#[cfg(not(feature = "tracing"))]
let _ = (errors_len, added, ignored);
}
#[cfg(feature = "rustls-tls")]
#[cfg(all(feature = "rustls", feature = "webpki-roots"))]
fn load_webpki_roots(store: &mut RootCertStore) {
store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
}
@@ -410,11 +442,11 @@ impl TlsParametersBuilder {
match self.cert_store {
CertificateStore::Default => {
#[cfg(feature = "rustls-native-certs")]
load_native_roots(&mut root_cert_store)?;
#[cfg(not(feature = "rustls-native-certs"))]
load_native_roots(&mut root_cert_store);
#[cfg(all(not(feature = "rustls-native-certs"), feature = "webpki-roots"))]
load_webpki_roots(&mut root_cert_store);
}
#[cfg(feature = "rustls-tls")]
#[cfg(all(feature = "rustls", feature = "webpki-roots"))]
CertificateStore::WebpkiRoots => {
load_webpki_roots(&mut root_cert_store);
}
@@ -431,7 +463,7 @@ impl TlsParametersBuilder {
ignore_invalid_hostnames: self.accept_invalid_hostnames,
ignore_invalid_certs: self.accept_invalid_certs,
roots: root_cert_store,
signature_algorithms,
crypto_provider,
};
tls.dangerous()
.with_custom_certificate_verifier(Arc::new(verifier))
@@ -461,7 +493,7 @@ impl TlsParametersBuilder {
pub enum InnerTlsParameters {
#[cfg(feature = "native-tls")]
NativeTls(TlsConnector),
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
RustlsTls(Arc<ClientConfig>),
#[cfg(feature = "boring-tls")]
BoringTls(SslConnector),
@@ -470,10 +502,10 @@ pub enum InnerTlsParameters {
impl TlsParameters {
/// Creates a new `TlsParameters` using native-tls or rustls
/// depending on which one is available
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
#[cfg_attr(
docsrs,
doc(cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls")))
doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
)]
pub fn new(domain: String) -> Result<Self, Error> {
TlsParametersBuilder::new(domain).build()
@@ -492,8 +524,8 @@ impl TlsParameters {
}
/// Creates a new `TlsParameters` using rustls
#[cfg(feature = "rustls-tls")]
#[cfg_attr(docsrs, doc(cfg(feature = "rustls-tls")))]
#[cfg(feature = "rustls")]
#[cfg_attr(docsrs, doc(cfg(feature = "rustls")))]
pub fn new_rustls(domain: String) -> Result<Self, Error> {
TlsParametersBuilder::new(domain).build_rustls()
}
@@ -516,13 +548,13 @@ impl TlsParameters {
pub struct Certificate {
#[cfg(feature = "native-tls")]
native_tls: native_tls::Certificate,
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
rustls: Vec<CertificateDer<'static>>,
#[cfg(feature = "boring-tls")]
boring_tls: boring::x509::X509,
}
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
impl Certificate {
/// Create a `Certificate` from a DER encoded certificate
pub fn from_der(der: Vec<u8>) -> Result<Self, Error> {
@@ -535,7 +567,7 @@ impl Certificate {
Ok(Self {
#[cfg(feature = "native-tls")]
native_tls: native_tls_cert,
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
rustls: vec![der.into()],
#[cfg(feature = "boring-tls")]
boring_tls: boring_tls_cert,
@@ -550,20 +582,17 @@ impl Certificate {
#[cfg(feature = "boring-tls")]
let boring_tls_cert = boring::x509::X509::from_pem(pem).map_err(error::tls)?;
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
let rustls_cert = {
use std::io::Cursor;
let mut pem = Cursor::new(pem);
rustls_pemfile::certs(&mut pem)
.collect::<io::Result<Vec<_>>>()
CertificateDer::pem_slice_iter(pem)
.collect::<Result<Vec<_>, pki_types::pem::Error>>()
.map_err(|_| error::tls("invalid certificates"))?
};
Ok(Self {
#[cfg(feature = "native-tls")]
native_tls: native_tls_cert,
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
rustls: rustls_cert,
#[cfg(feature = "boring-tls")]
boring_tls: boring_tls_cert,
@@ -582,7 +611,7 @@ impl Debug for Certificate {
pub struct Identity {
#[cfg(feature = "native-tls")]
native_tls: native_tls::Identity,
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
rustls_tls: (Vec<CertificateDer<'static>>, PrivateKeyDer<'static>),
#[cfg(feature = "boring-tls")]
boring_tls: (boring::x509::X509, PKey<boring::pkey::Private>),
@@ -599,7 +628,7 @@ impl Clone for Identity {
Identity {
#[cfg(feature = "native-tls")]
native_tls: self.native_tls.clone(),
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
rustls_tls: (self.rustls_tls.0.clone(), self.rustls_tls.1.clone_key()),
#[cfg(feature = "boring-tls")]
boring_tls: (self.boring_tls.0.clone(), self.boring_tls.1.clone()),
@@ -607,13 +636,13 @@ impl Clone for Identity {
}
}
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
impl Identity {
pub fn from_pem(pem: &[u8], key: &[u8]) -> Result<Self, Error> {
Ok(Self {
#[cfg(feature = "native-tls")]
native_tls: Identity::from_pem_native_tls(pem, key)?,
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
rustls_tls: Identity::from_pem_rustls_tls(pem, key)?,
#[cfg(feature = "boring-tls")]
boring_tls: Identity::from_pem_boring_tls(pem, key)?,
@@ -625,13 +654,19 @@ impl Identity {
native_tls::Identity::from_pkcs8(pem, key).map_err(error::tls)
}
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
fn from_pem_rustls_tls(
pem: &[u8],
key: &[u8],
) -> Result<(Vec<CertificateDer<'static>>, PrivateKeyDer<'static>), Error> {
let mut key = key;
let key = rustls_pemfile::private_key(&mut key).unwrap().unwrap();
let key = match PrivateKeyDer::from_pem_slice(key) {
Ok(key) => key,
Err(pki_types::pem::Error::NoItemsFound) => {
return Err(error::tls("no private key found"))
}
Err(err) => return Err(error::tls(err)),
};
Ok((vec![pem.to_owned().into()], key))
}
@@ -646,16 +681,16 @@ impl Identity {
}
}
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
#[derive(Debug)]
struct InvalidCertsVerifier {
ignore_invalid_hostnames: bool,
ignore_invalid_certs: bool,
roots: RootCertStore,
signature_algorithms: WebPkiSupportedAlgorithms,
crypto_provider: Arc<CryptoProvider>,
}
#[cfg(feature = "rustls-tls")]
#[cfg(feature = "rustls")]
impl ServerCertVerifier for InvalidCertsVerifier {
fn verify_server_cert(
&self,
@@ -673,7 +708,7 @@ impl ServerCertVerifier for InvalidCertsVerifier {
&self.roots,
intermediates,
now,
self.signature_algorithms.all,
self.crypto_provider.signature_verification_algorithms.all,
)?;
}
@@ -693,7 +728,7 @@ impl ServerCertVerifier for InvalidCertsVerifier {
message,
cert,
dss,
&rustls::crypto::ring::default_provider().signature_verification_algorithms,
&self.crypto_provider.signature_verification_algorithms,
)
}
@@ -707,12 +742,12 @@ impl ServerCertVerifier for InvalidCertsVerifier {
message,
cert,
dss,
&rustls::crypto::ring::default_provider().signature_verification_algorithms,
&self.crypto_provider.signature_verification_algorithms,
)
}
fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
rustls::crypto::ring::default_provider()
self.crypto_provider
.signature_verification_algorithms
.supported_schemes()
}

20
src/transport/smtp/connection_url.rs
View File

@@ -1,6 +1,8 @@
use std::borrow::Cow;
use url::Url;
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
use super::client::{Tls, TlsParameters};
#[cfg(any(feature = "tokio1", feature = "async-std1"))]
use super::AsyncSmtpTransportBuilder;
@@ -80,30 +82,30 @@ pub(crate) fn from_connection_url<B: TransportBuilder>(connection_url: &str) ->
("smtp", None) => {
builder = builder.port(connection_url.port().unwrap_or(SMTP_PORT));
}
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
("smtp", Some("required")) => {
builder = builder
.port(connection_url.port().unwrap_or(SUBMISSION_PORT))
.tls(Tls::Required(TlsParameters::new(host.into())?))
.tls(Tls::Required(TlsParameters::new(host.into())?));
}
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
("smtp", Some("opportunistic")) => {
builder = builder
.port(connection_url.port().unwrap_or(SUBMISSION_PORT))
.tls(Tls::Opportunistic(TlsParameters::new(host.into())?))
.tls(Tls::Opportunistic(TlsParameters::new(host.into())?));
}
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
("smtps", _) => {
builder = builder
.port(connection_url.port().unwrap_or(SUBMISSIONS_PORT))
.tls(Tls::Wrapper(TlsParameters::new(host.into())?))
.tls(Tls::Wrapper(TlsParameters::new(host.into())?));
}
(scheme, tls) => {
return Err(error::connection(format!(
"Unknown scheme '{scheme}' or tls parameter '{tls:?}', note that a transport with TLS requires one of the TLS features"
)))
}
};
}
// use the path segment of the URL as name in the name in the HELO / EHLO command
if connection_url.path().len() > 1 {
@@ -115,7 +117,7 @@ pub(crate) fn from_connection_url<B: TransportBuilder>(connection_url: &str) ->
let percent_decode = |s: &str| {
percent_encoding::percent_decode_str(s)
.decode_utf8()
.map(|cow| cow.into_owned())
.map(Cow::into_owned)
.map_err(error::connection)
};
let credentials = Credentials::new(

14
src/transport/smtp/error.rs
View File

@@ -68,10 +68,10 @@ impl Error {
}
/// Returns true if the error is from TLS
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
#[cfg_attr(
docsrs,
doc(cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls")))
doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
)]
pub fn is_tls(&self) -> bool {
matches!(self.inner.kind, Kind::Tls)
@@ -107,9 +107,9 @@ pub(crate) enum Kind {
/// TLS error
#[cfg_attr(
docsrs,
doc(cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls")))
doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
)]
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
Tls,
}
@@ -134,7 +134,7 @@ impl fmt::Display for Error {
Kind::Client => f.write_str("internal client error")?,
Kind::Network => f.write_str("network error")?,
Kind::Connection => f.write_str("Connection error")?,
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
Kind::Tls => f.write_str("tls error")?,
Kind::Transient(code) => {
write!(f, "transient error ({code})")?;
@@ -142,7 +142,7 @@ impl fmt::Display for Error {
Kind::Permanent(code) => {
write!(f, "permanent error ({code})")?;
}
};
}
if let Some(e) = &self.inner.source {
write!(f, ": {e}")?;
@@ -185,7 +185,7 @@ pub(crate) fn connection<E: Into<BoxError>>(e: E) -> Error {
Error::new(Kind::Connection, Some(e))
}
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
pub(crate) fn tls<E: Into<BoxError>>(e: E) -> Error {
Error::new(Kind::Tls, Some(e))
}

7
src/transport/smtp/extension.rs
View File

@@ -129,9 +129,8 @@ impl Display for ServerInfo {
impl ServerInfo {
/// Parses a EHLO response to create a `ServerInfo`
pub fn from_response(response: &Response) -> Result<ServerInfo, Error> {
let name = match response.first_word() {
Some(name) => name,
None => return Err(error::response("Could not read server name")),
let Some(name) = response.first_word() else {
return Err(error::response("Could not read server name"));
};
let mut features: HashSet<Extension> = HashSet::new();
@@ -169,7 +168,7 @@ impl ServerInfo {
}
}
_ => (),
};
}
}
Ok(ServerInfo {

161
src/transport/smtp/mod.rs
View File

@@ -26,43 +26,17 @@
//!
//! The relay server can be the local email server, a specific host or a third-party service.
//!
//! #### Simple example
//! #### Simple example with authentication
//!
//! This is the most basic example of usage:
//! A good starting point for sending emails via SMTP relay is to
//! do the following:
//!
//! ```rust,no_run
//! # #[cfg(all(feature = "builder", any(feature = "native-tls", feature = "rustls-tls")))]
//! # fn test() -> Result<(), Box<dyn std::error::Error>> {
//! use lettre::{Message, SmtpTransport, Transport};
//!
//! let email = Message::builder()
//! .from("NoBody <nobody@domain.tld>".parse()?)
//! .reply_to("Yuin <yuin@domain.tld>".parse()?)
//! .to("Hei <hei@domain.tld>".parse()?)
//! .subject("Happy new year")
//! .body(String::from("Be happy!"))?;
//!
//! // Create TLS transport on port 465
//! let sender = SmtpTransport::relay("smtp.example.com")?.build();
//! // Send the email via remote relay
//! let result = sender.send(&email);
//! assert!(result.is_ok());
//! # Ok(())
//! # }
//! ```
//!
//! #### Authentication
//!
//! Example with authentication and connection pool:
//!
//! ```rust,no_run
//! # #[cfg(all(feature = "builder", any(feature = "native-tls", feature = "rustls-tls")))]
//! # #[cfg(all(feature = "builder", any(feature = "native-tls", feature = "rustls")))]
//! # fn test() -> Result<(), Box<dyn std::error::Error>> {
//! use lettre::{
//! transport::smtp::{
//! authentication::{Credentials, Mechanism},
//! PoolConfig,
//! },
//! message::header::ContentType,
//! transport::smtp::authentication::{Credentials, Mechanism},
//! Message, SmtpTransport, Transport,
//! };
//!
@@ -71,35 +45,39 @@
//! .reply_to("Yuin <yuin@domain.tld>".parse()?)
//! .to("Hei <hei@domain.tld>".parse()?)
//! .subject("Happy new year")
//! .header(ContentType::TEXT_PLAIN)
//! .body(String::from("Be happy!"))?;
//!
//! // Create TLS transport on port 587 with STARTTLS
//! let sender = SmtpTransport::starttls_relay("smtp.example.com")?
//! // Create the SMTPS transport
//! let sender = SmtpTransport::relay("smtp.example.com")?
//! // Add credentials for authentication
//! .credentials(Credentials::new(
//! "username".to_owned(),
//! "password".to_owned(),
//! ))
//! // Configure expected authentication mechanism
//! // Optionally configure expected authentication mechanism
//! .authentication(vec![Mechanism::Plain])
//! // Connection pool settings
//! .pool_config(PoolConfig::new().max_size(20))
//! .build();
//!
//! // Send the email via remote relay
//! let result = sender.send(&email);
//! assert!(result.is_ok());
//! sender.send(&email)?;
//! # Ok(())
//! # }
//! ```
//!
//! You can specify custom TLS settings:
//! #### Shortening configuration
//!
//! It can be very repetitive to ask the user for every SMTP connection parameter.
//! In some cases this can be simplified by using a connection URI instead.
//!
//! For more information take a look at [`SmtpTransport::from_url`] or [`AsyncSmtpTransport::from_url`].
//!
//! ```rust,no_run
//! # #[cfg(all(feature = "builder", any(feature = "native-tls", feature = "rustls-tls")))]
//! # #[cfg(all(feature = "builder", any(feature = "native-tls", feature = "rustls")))]
//! # fn test() -> Result<(), Box<dyn std::error::Error>> {
//! use lettre::{
//! transport::smtp::client::{Tls, TlsParameters},
//! message::header::ContentType,
//! transport::smtp::authentication::{Credentials, Mechanism},
//! Message, SmtpTransport, Transport,
//! };
//!
@@ -108,25 +86,106 @@
//! .reply_to("Yuin <yuin@domain.tld>".parse()?)
//! .to("Hei <hei@domain.tld>".parse()?)
//! .subject("Happy new year")
//! .header(ContentType::TEXT_PLAIN)
//! .body(String::from("Be happy!"))?;
//!
//! // Custom TLS configuration
//! let tls = TlsParameters::builder("smtp.example.com".to_owned())
//! .dangerous_accept_invalid_certs(true)
//! // Create the SMTPS transport
//! let sender = SmtpTransport::from_url("smtps://username:password@smtp.example.com")?.build();
//!
//! // Send the email via remote relay
//! sender.send(&email)?;
//! # Ok(())
//! # }
//! ```
//!
//! #### Advanced configuration with custom TLS settings
//!
//! ```rust,no_run
//! # #[cfg(all(feature = "builder", any(feature = "native-tls", feature = "rustls")))]
//! # fn test() -> Result<(), Box<dyn std::error::Error>> {
//! use std::fs;
//!
//! use lettre::{
//! message::header::ContentType,
//! transport::smtp::client::{Certificate, Tls, TlsParameters},
//! Message, SmtpTransport, Transport,
//! };
//!
//! let email = Message::builder()
//! .from("NoBody <nobody@domain.tld>".parse()?)
//! .reply_to("Yuin <yuin@domain.tld>".parse()?)
//! .to("Hei <hei@domain.tld>".parse()?)
//! .subject("Happy new year")
//! .header(ContentType::TEXT_PLAIN)
//! .body(String::from("Be happy!"))?;
//!
//! // Custom TLS configuration - Use a self signed certificate
//! let cert = fs::read("self-signed.crt")?;
//! let cert = Certificate::from_pem(&cert)?;
//! let tls = TlsParameters::builder(/* TLS SNI value */ "smtp.example.com".to_owned())
//! .add_root_certificate(cert)
//! .build()?;
//!
//! // Create TLS transport on port 465
//! // Create the SMTPS transport
//! let sender = SmtpTransport::relay("smtp.example.com")?
//! // Custom TLS configuration
//! .tls(Tls::Required(tls))
//! .tls(Tls::Wrapper(tls))
//! .build();
//!
//! // Send the email via remote relay
//! let result = sender.send(&email);
//! assert!(result.is_ok());
//! sender.send(&email)?;
//! # Ok(())
//! # }
//! ```
//!
//! #### Connection pooling
//!
//! [`SmtpTransport`] and [`AsyncSmtpTransport`] store connections in
//! a connection pool by default. This avoids connecting and disconnecting
//! from the relay server for every message the application tries to send. For the connection pool
//! to work the instance of the transport **must** be reused.
//! In a webserver context it may go about this:
//!
//! ```rust,no_run
//! # #[cfg(all(feature = "builder", any(feature = "native-tls", feature = "rustls")))]
//! # fn test() {
//! use lettre::{
//! message::header::ContentType,
//! transport::smtp::{authentication::Credentials, PoolConfig},
//! Message, SmtpTransport, Transport,
//! };
//! #
//! # type Result<T> = std::result::Result<T, Box<dyn std::error::Error>>;
//!
//! /// The global application state
//! #[derive(Debug)]
//! struct AppState {
//! smtp: SmtpTransport,
//! // ... other global application parameters
//! }
//!
//! impl AppState {
//! pub fn new(smtp_url: &str) -> Result<Self> {
//! let smtp = SmtpTransport::from_url(smtp_url)?.build();
//! Ok(Self { smtp })
//! }
//! }
//!
//! fn handle_request(app_state: &AppState) -> Result<String> {
//! let email = Message::builder()
//! .from("NoBody <nobody@domain.tld>".parse()?)
//! .reply_to("Yuin <yuin@domain.tld>".parse()?)
//! .to("Hei <hei@domain.tld>".parse()?)
//! .subject("Happy new year")
//! .header(ContentType::TEXT_PLAIN)
//! .body(String::from("Be happy!"))?;
//!
//! // Send the email via remote relay
//! app_state.smtp.send(&email)?;
//!
//! Ok("The email has successfully been sent!".to_owned())
//! }
//! # }
//! ```
use std::time::Duration;
@@ -140,7 +199,7 @@ pub use self::{
error::Error,
transport::{SmtpTransport, SmtpTransportBuilder},
};
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
use crate::transport::smtp::client::TlsParameters;
use crate::transport::smtp::{
authentication::{Credentials, Mechanism, DEFAULT_MECHANISMS},

4
src/transport/smtp/pool/async_impl.rs
View File

@@ -109,7 +109,7 @@ impl<E: Executor> Pool<E> {
#[cfg(feature = "tracing")]
tracing::debug!("dropped {} idle connections", dropped.len());
abort_concurrent(dropped.into_iter().map(|conn| conn.unpark()))
abort_concurrent(dropped.into_iter().map(ParkedConnection::unpark))
.await;
}
}
@@ -229,7 +229,7 @@ impl<E: Executor> Drop for Pool<E> {
handle.shutdown().await;
}
abort_concurrent(connections.into_iter().map(|conn| conn.unpark())).await;
abort_concurrent(connections.into_iter().map(ParkedConnection::unpark)).await;
});
}
}

1
src/transport/smtp/pool/sync_impl.rs
View File

@@ -109,6 +109,7 @@ impl Pool {
}
}
drop(pool);
thread::sleep(idle_timeout);
}
})

22
src/transport/smtp/response.rs
View File

@@ -12,8 +12,8 @@ use nom::{
bytes::streaming::{tag, take_until},
combinator::{complete, map},
multi::many0,
sequence::{preceded, tuple},
IResult,
sequence::preceded,
IResult, Parser,
};
use crate::transport::smtp::{error, Error};
@@ -221,7 +221,8 @@ fn parse_severity(i: &str) -> IResult<&str, Severity> {
map(tag("3"), |_| Severity::PositiveIntermediate),
map(tag("4"), |_| Severity::TransientNegativeCompletion),
map(tag("5"), |_| Severity::PermanentNegativeCompletion),
))(i)
))
.parse(i)
}
fn parse_category(i: &str) -> IResult<&str, Category> {
@@ -232,7 +233,8 @@ fn parse_category(i: &str) -> IResult<&str, Category> {
map(tag("3"), |_| Category::Unspecified3),
map(tag("4"), |_| Category::Unspecified4),
map(tag("5"), |_| Category::MailSystem),
))(i)
))
.parse(i)
}
fn parse_detail(i: &str) -> IResult<&str, Detail> {
@@ -247,18 +249,20 @@ fn parse_detail(i: &str) -> IResult<&str, Detail> {
map(tag("7"), |_| Detail::Seven),
map(tag("8"), |_| Detail::Eight),
map(tag("9"), |_| Detail::Nine),
))(i)
))
.parse(i)
}
pub(crate) fn parse_response(i: &str) -> IResult<&str, Response> {
let (i, lines) = many0(tuple((
let (i, lines) = many0((
parse_code,
preceded(tag("-"), take_until("\r\n")),
tag("\r\n"),
)))(i)?;
))
.parse(i)?;
let (i, (last_code, last_line)) =
tuple((parse_code, preceded(tag(" "), take_until("\r\n"))))(i)?;
let (i, _) = complete(tag("\r\n"))(i)?;
(parse_code, preceded(tag(" "), take_until("\r\n"))).parse(i)?;
let (i, _) = complete(tag("\r\n")).parse(i)?;
// Check that all codes are equal.
if !lines.iter().all(|&(code, _, _)| code == last_code) {

196
src/transport/smtp/transport.rs
View File

@@ -7,11 +7,35 @@ use super::pool::sync_impl::Pool;
#[cfg(feature = "pool")]
use super::PoolConfig;
use super::{ClientId, Credentials, Error, Mechanism, Response, SmtpConnection, SmtpInfo};
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
use super::{Tls, TlsParameters, SUBMISSIONS_PORT, SUBMISSION_PORT};
use crate::{address::Envelope, Transport};
/// Sends emails using the SMTP protocol
/// Synchronously send emails using the SMTP protocol
///
/// `SmtpTransport` is the primary way for communicating
/// with SMTP relay servers to send email messages. It holds the
/// client connect configuration and creates new connections
/// as necessary.
///
/// # Connection pool
///
/// When the `pool` feature is enabled (default), `SmtpTransport` maintains a
/// connection pool to manage SMTP connections. The pool:
///
/// - Establishes a new connection when sending a message.
/// - Recycles connections internally after a message is sent.
/// - Reuses connections for subsequent messages, reducing connection setup overhead.
///
/// The connection pool can grow to hold multiple SMTP connections if multiple
/// emails are sent concurrently, as SMTP does not support multiplexing within a
/// single connection.
///
/// However, **connection reuse is not possible** if the `SmtpTransport` instance
/// is dropped after every email send operation. You must reuse the instance
/// of this struct for the connection pool to be of any use.
///
/// To customize connection pool settings, use [`SmtpTransportBuilder::pool_config`].
#[cfg_attr(docsrs, doc(cfg(feature = "smtp-transport")))]
#[derive(Clone)]
pub struct SmtpTransport {
@@ -53,10 +77,10 @@ impl SmtpTransport {
///
/// Creates an encrypted transport over submissions port, using the provided domain
/// to validate TLS certificates.
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
#[cfg_attr(
docsrs,
doc(cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls")))
doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
)]
pub fn relay(relay: &str) -> Result<SmtpTransportBuilder, Error> {
let tls_parameters = TlsParameters::new(relay.into())?;
@@ -77,10 +101,10 @@ impl SmtpTransport {
///
/// An error is returned if the connection can't be upgraded. No credentials
/// or emails will be sent to the server, protecting from downgrade attacks.
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
#[cfg_attr(
docsrs,
doc(cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls")))
doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
)]
pub fn starttls_relay(relay: &str) -> Result<SmtpTransportBuilder, Error> {
let tls_parameters = TlsParameters::new(relay.into())?;
@@ -115,54 +139,72 @@ impl SmtpTransport {
/// Creates a `SmtpTransportBuilder` from a connection URL
///
/// The protocol, credentials, host and port can be provided in a single URL.
/// Use the scheme `smtp` for an unencrypted relay (optionally in combination with the
/// `tls` parameter to allow/require STARTTLS) or `smtps` for SMTP over TLS.
/// The path section of the url can be used to set an alternative name for
/// the HELO / EHLO command.
/// For example `smtps://username:password@smtp.example.com/client.example.com:465`
/// will set the HELO / EHLO name `client.example.com`.
/// The protocol, credentials, host, port and EHLO name can be provided
/// in a single URL. This may be simpler than having to configure SMTP
/// through multiple configuration parameters and then having to pass
/// those options to lettre.
///
/// <table>
/// <thead>
/// <tr>
/// <th>scheme</th>
/// <th>tls parameter</th>
/// <th>example</th>
/// <th>remarks</th>
/// </tr>
/// </thead>
/// <tbody>
/// <tr>
/// <td>smtps</td>
/// <td>-</td>
/// <td>smtps://smtp.example.com</td>
/// <td>SMTP over TLS, recommended method</td>
/// </tr>
/// <tr>
/// <td>smtp</td>
/// <td>required</td>
/// <td>smtp://smtp.example.com?tls=required</td>
/// <td>SMTP with STARTTLS required, when SMTP over TLS is not available</td>
/// </tr>
/// <tr>
/// <td>smtp</td>
/// <td>opportunistic</td>
/// <td>smtp://smtp.example.com?tls=opportunistic</td>
/// <td>
/// SMTP with optionally STARTTLS when supported by the server.
/// Caution: this method is vulnerable to a man-in-the-middle attack.
/// Not recommended for production use.
/// </td>
/// </tr>
/// <tr>
/// <td>smtp</td>
/// <td>-</td>
/// <td>smtp://smtp.example.com</td>
/// <td>Unencrypted SMTP, not recommended for production use.</td>
/// </tr>
/// </tbody>
/// </table>
/// The URL is created in the following way:
/// `scheme://user:pass@hostname:port/ehlo-name?tls=TLS`.
///
/// `user` (Username) and `pass` (Password) are optional in case the
/// SMTP relay doesn't require authentication. When `port` is not
/// configured it is automatically determined based on the `scheme`.
/// `ehlo-name` optionally overwrites the hostname sent for the EHLO
/// command. `TLS` controls whether STARTTLS is simply enabled
/// (`opportunistic` - not enough to prevent man-in-the-middle attacks)
/// or `required` (require the server to upgrade the connection to
/// STARTTLS, otherwise fail on suspicion of main-in-the-middle attempt).
///
/// Use the following table to construct your SMTP url:
///
/// | scheme | `tls` query parameter | example | default port | remarks |
/// | ------- | --------------------- | -------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------- |
/// | `smtps` | unset | `smtps://user:pass@hostname:port` | 465 | SMTP over TLS, recommended method |
/// | `smtp` | `required` | `smtp://user:pass@hostname:port?tls=required` | 587 | SMTP with STARTTLS required, when SMTP over TLS is not available |
/// | `smtp` | `opportunistic` | `smtp://user:pass@hostname:port?tls=opportunistic` | 587 | SMTP with optionally STARTTLS when supported by the server. Not suitable for production use: vulnerable to a man-in-the-middle attack |
/// | `smtp` | unset | `smtp://user:pass@hostname:port` | 587 | Always unencrypted SMTP. Not suitable for production use: sends all data unencrypted |
///
/// IMPORTANT: some parameters like `user` and `pass` cannot simply
/// be concatenated to construct the final URL because special characters
/// contained within the parameter may confuse the URL decoder.
/// Manually URL encode the parameters before concatenating them or use
/// a proper URL encoder, like the following cargo script:
///
/// ```rust
/// # let _ = r#"
/// #!/usr/bin/env cargo
///
/// //! ```cargo
/// //! [dependencies]
/// //! url = "2"
/// //! ```
/// # "#;
///
/// use url::Url;
///
/// fn main() {
/// // don't touch this line
/// let mut url = Url::parse("foo://bar").unwrap();
///
/// // configure the scheme (`smtp` or `smtps`) here.
/// url.set_scheme("smtps").unwrap();
/// // configure the username and password.
/// // remove the following two lines if unauthenticated.
/// url.set_username("username").unwrap();
/// url.set_password(Some("password")).unwrap();
/// // configure the hostname
/// url.set_host(Some("smtp.example.com")).unwrap();
/// // configure the port - only necessary if using a non-default port
/// url.set_port(Some(465)).unwrap();
/// // configure the EHLO name
/// url.set_path("ehlo-name");
///
/// println!("{url}");
/// }
/// ```
///
/// The connection URL can then be used in the following way:
///
/// ```rust,no_run
/// use lettre::{
@@ -170,6 +212,7 @@ impl SmtpTransport {
/// SmtpTransport, Transport,
/// };
///
/// # fn main() -> Result<(), Box<dyn std::error::Error>> {
/// let email = Message::builder()
/// .from("NoBody <nobody@domain.tld>".parse().unwrap())
/// .reply_to("Yuin <yuin@domain.tld>".parse().unwrap())
@@ -180,20 +223,17 @@ impl SmtpTransport {
/// .unwrap();
///
/// // Open a remote connection to example
/// let mailer = SmtpTransport::from_url("smtps://username:password@smtp.example.com:465")
/// .unwrap()
/// .build();
/// let mailer = SmtpTransport::from_url("smtps://username:password@smtp.example.com")?.build();
///
/// // Send the email
/// match mailer.send(&email) {
/// Ok(_) => println!("Email sent successfully!"),
/// Err(e) => panic!("Could not send email: {e:?}"),
/// }
/// mailer.send(&email)?;
/// # Ok(())
/// # }
/// ```
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
#[cfg_attr(
docsrs,
doc(cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls")))
doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
)]
pub fn from_url(connection_url: &str) -> Result<SmtpTransportBuilder, Error> {
super::connection_url::from_connection_url(connection_url)
@@ -246,7 +286,7 @@ impl SmtpTransportBuilder {
self
}
/// Set the authentication mechanism to use
/// Set the authentication credentials to use
pub fn credentials(mut self, credentials: Credentials) -> Self {
self.info.credentials = Some(credentials);
self
@@ -265,16 +305,38 @@ impl SmtpTransportBuilder {
}
/// Set the port to use
///
/// # ⚠️⚠️⚠️ You probably don't need to call this method ⚠️⚠️⚠️
///
/// lettre usually picks the correct `port` when building
/// [`SmtpTransport`] using [`SmtpTransport::relay`] or
/// [`SmtpTransport::starttls_relay`].
///
/// # Errors
///
/// Using the incorrect `port` and [`Self::tls`] combination may
/// lead to hard to debug IO errors coming from the TLS library.
pub fn port(mut self, port: u16) -> Self {
self.info.port = port;
self
}
/// Set the TLS settings to use
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
///
/// # ⚠️⚠️⚠️ You probably don't need to call this method ⚠️⚠️⚠️
///
/// By default lettre chooses the correct `tls` configuration when
/// building [`SmtpTransport`] using [`SmtpTransport::relay`] or
/// [`SmtpTransport::starttls_relay`].
///
/// # Errors
///
/// Using the wrong [`Tls`] and [`Self::port`] combination may
/// lead to hard to debug IO errors coming from the TLS library.
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
#[cfg_attr(
docsrs,
doc(cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls")))
doc(cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls")))
)]
pub fn tls(mut self, tls: Tls) -> Self {
self.info.tls = tls;
@@ -318,7 +380,7 @@ impl SmtpClient {
pub fn connection(&self) -> Result<SmtpConnection, Error> {
#[allow(clippy::match_single_binding)]
let tls_parameters = match &self.info.tls {
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
Tls::Wrapper(tls_parameters) => Some(tls_parameters),
_ => None,
};
@@ -332,7 +394,7 @@ impl SmtpClient {
None,
)?;
#[cfg(any(feature = "native-tls", feature = "rustls-tls", feature = "boring-tls"))]
#[cfg(any(feature = "native-tls", feature = "rustls", feature = "boring-tls"))]
match &self.info.tls {
Tls::Opportunistic(tls_parameters) => {
if conn.can_starttls() {

4
src/transport/smtp/util.rs
View File

@@ -38,9 +38,7 @@ mod tests {
("bjørn", "bjørn"),
("Ø+= ❤️‰", "Ø+2B+3D+20❤"),
("+", "+2B"),
]
.iter()
{
] {
assert_eq!(format!("{}", XText(input)), (*expect).to_owned());
}
}

8
src/transport/stub/mod.rs
View File

@@ -11,7 +11,9 @@
//! ```rust
//! # #[cfg(feature = "builder")]
//! # {
//! use lettre::{transport::stub::StubTransport, Message, Transport};
//! use lettre::{
//! message::header::ContentType, transport::stub::StubTransport, Message, Transport,
//! };
//!
//! # use std::error::Error;
//! # fn try_main() -> Result<(), Box<dyn Error>> {
@@ -20,11 +22,11 @@
//! .reply_to("Yuin <yuin@domain.tld>".parse()?)
//! .to("Hei <hei@domain.tld>".parse()?)
//! .subject("Happy new year")
//! .header(ContentType::TEXT_PLAIN)
//! .body(String::from("Be happy!"))?;
//!
//! let mut sender = StubTransport::new_ok();
//! let result = sender.send(&email);
//! assert!(result.is_ok());
//! sender.send(&email)?;
//! assert_eq!(
//! sender.messages(),
//! vec![(