Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for SMTP Auth and TLS #102

Open
markusschaber opened this issue Mar 27, 2018 · 28 comments
Open

Support for SMTP Auth and TLS #102

markusschaber opened this issue Mar 27, 2018 · 28 comments

Comments

@markusschaber
Copy link

markusschaber commented Mar 27, 2018

Hi,

As far as I can see, Papercut supports neither SMTP auth, nor TLS via STARTTLS.

(At least we wanted to test our client with Papercut, and didn't find any docs nor config options in the UI to configure this.)

Thus, I file this ticket as a suggestion to either implement it, or document it if it's already there :-)

Thanks a lot for your great work!

@jijiechen
Copy link
Collaborator

Very good idea. Thanks.
Any thoughts? @Jaben

@Jaben
Copy link
Member

Jaben commented Mar 30, 2018

I never felt that Papercut should be a reference/test SMTP server due to effort required to fully support more advanced features of an SMTP protocol -- that begin said, I would consider removing the existing SMTP server implementation all together and switching to a better open source/nuget implementation instead which would give Papercut more advanced SMTP options.

Not the highest priority, though.

@markusschaber
Copy link
Author

Papercut is advertised as a test SMTP receiver (See "What it does" on https://github.com/ChangemakerStudios/Papercut).
And as far as I can see, most software nowadays needs to use STARTTLS and/or SMTP auth in production, open relays are getting extinct due to spammers.
So if we want to use Papercut as test endpoint, we need to special case the code path to not use those options when we run against Papercut. :-(
That said, I fully understand if this use case is not in your focus, or too much effort.

@jijiechen
Copy link
Collaborator

It seems at least the web UI need to support secure connection ASAP, otherwise the notification functionalities will not be available... :-(

https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-powerful-features-on-insecure-origins

@markusschaber
Copy link
Author

@jjchen-tw I'm not completely sure about that - the site explicitly states: "http://localhost is treated as a secure origin"

@jijiechen
Copy link
Collaborator

@markusschaber You are right, and I am able to verify that.
I'm thinking of the scenario of using Papercut at a central service, and several QAs use a same instance. In fact, that's the original reason why I contributed to the web UI feature.

On a local machine, even the HTML5 notification works great.

@markusschaber
Copy link
Author

markusschaber commented Apr 4, 2018

Ah, I never thought about using Papercut in a non-localhost scenario. :-(
It seems Papercut needs a good security feature enhancement Upgrade then. :-)

@markusschaber
Copy link
Author

markusschaber commented Apr 18, 2018

I just found those while doing some research for our projects:

https://github.com/cosullivan/SmtpServer seems to be a SMTP server in C# with MIT license.

https://github.com/pmengal/MailSystem.NET also contains SMTP, but it's LGPL, which is technically compatible with the Papercut Apache License, but not in spirit. :-)

@jijiechen
Copy link
Collaborator

We are working on switching to the SMTPServer to support SMTP, So we get a chance to review this.
I'll follow up soon.

@markusschaber
Copy link
Author

That's good news, thanks!

@stale
Copy link

stale bot commented Feb 6, 2019

Aloha! I'm ScissorBot ✂️ -- the bot in charge of keeping the issues tidy. It looks like this issue is stale due to lack of activity. Unfortunately, I'll be closing it if there is no further activity. 😞 Please contribute to the issue to keep it open. Thanks!

@stale stale bot added the wontfix label Feb 6, 2019
@markusschaber
Copy link
Author

@jijiechen As the ScissorBot woke up, are there any news?

@stale stale bot removed the wontfix label Feb 7, 2019
@markusschaber
Copy link
Author

markusschaber commented Feb 7, 2019

Hmm. I guess our comments are enough to keep the scissor bot satisifed for the next three months. :-)

@Jaben
Copy link
Member

Jaben commented Feb 18, 2019

The switch to SmtpServer is done -- but I haven't released it yet. You can check it out in the dev branch.

@stale stale bot added the wontfix label Jun 18, 2019
@markusschaber
Copy link
Author

To be honest, we don't use PaperCut in our process any more, right now. But we have some use cases in our backlog which might us make use of PaperCut again, I'll come back then.

@stale stale bot removed the wontfix label Jun 18, 2019
@molnarm
Copy link

molnarm commented May 26, 2020

Hi,
What's the status of this? I see that the transition to SmtpServer has been completed a couple releases ago, but I still don't see any security-related options in the configuration (e.g. credentials for smtp auth).

@kekkers23
Copy link

Hi,
What's the status of this? I see that the transition to SmtpServer has been completed a couple releases ago, but I still don't see any security-related options in the configuration (e.g. credentials for smtp auth).

++

@adamtoakley
Copy link

Excited about the 6.0 Release! Any Idea when that will come out!?

Thanks for a really cool app! This helps our workflow tremendously!

@Identekit
Copy link

Excited about the 6.0 Release too!

I've been using this tool for years now and love it. I'm working on a project now that will add auth to our app when sending emails. Unfortunately this means I can't use Papercut SMTP to test anymore. Support for security would be such a great addition to this software.

@elliotclements-mendix
Copy link

+1 additional security options would be a great addition

@ChangemakerStudios ChangemakerStudios deleted a comment from stale bot Sep 3, 2022
@0xCaponte
Copy link

Regarding this feature, I see it was removed from the To do. Do you have future plans for it or it is on ice until futrher notice?

And of course, thank you for developing and maintaining such a great tool.

@replaysMike
Copy link

+1 I'd love to see this (if I have time maybe I'll submit a PR), considering it probably wouldn't be that difficult to add in. I'm 50/50 on agreeing that TLS really isn't the main use case for PaperCut, however it'd be great for testing TLS implementations.

@kokloler
Copy link

kokloler commented Jun 15, 2023 via email

@microalps
Copy link

Regarding TLS encryption - I worked on some POC code some time ago. See microalps@e3f5e4f - would there be any interest in a PR?

@edbenson
Copy link

Regarding TLS encryption - I worked on some POC code some time ago. See microalps@e3f5e4f - would there be any interest in a PR?

@microalps Thank for your work on this -- I checked out & built your fork as I needed to test a client with TLS encryption.

Your fork worked for me! The hard part for me was to create the certificate.

@microalps
Copy link

microalps commented Aug 19, 2024

@edbenson If you don't mind sharing more details about your difficulty (or was it simply just learning curve) and any articles you used to generate the final certificate. I'm sure it would be a good reference for others, and eventually the PR once the maintainers release v7 and are ready to look at the commit.

@edbenson
Copy link

@microalps The hard part was learning how TLS certificates work and then how to create & register a self-signed TLS/SSL certificate... For me this webpage was the best at explaining it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests