/// <summary>
/// Start an SMTP proxy instance.
/// </summary>
/// <param name="acceptedIPs">IP addresses to accept connections from.</param>
/// <param name="localIPAddress">Local IP address to bind to.</param>
/// <param name="localPort">Local port to listen on.</param>
/// <param name="localEnableSsl">Whether the local server supports TLS/SSL.</param>
/// <param name="remoteServerHostName">Remote server hostname to forward all SMTP messages to.</param>
/// <param name="remoteServerPort">Remote server port to connect to.</param>
/// <param name="remoteServerEnableSsl">Whether the remote SMTP server requires TLS/SSL.</param>
/// <param name="remoteServerCredential">(Optional) Credentials to be used for all connections to the remote SMTP server. When set, this overrides any credentials passed locally.</param>
/// <param name="from">(Optional) "From" address for all sent messages. When supplied, it will override any values sent from the client.</param>
/// <param name="to">(Optional) "To" address(es) for all sent messages. When supplied, it will override any values sent from the client.</param>
/// <param name="cc">(Optional) "CC" address(es) for all sent messages. When supplied, it will override any values sent from the client.</param>
/// <param name="bcc">(Optional) "BCC" address(es) for all sent messages. When supplied, it will override any values sent from the client.</param>
/// <param name="signature">(Optional) Signature to add to the end of each sent message.</param>
/// <param name="smimeSettingsMode">Whether S/MIME settings for encryption and signing are explicitly required or only preferred.</param>
/// <param name="smimeEncryptedEnvelope">Whether the e-mail's envelope should be encrypted. When SmimeSign is true, encryption is the second S/MIME operation.</param>
/// <param name="smimeSigned">Whether the e-mail should be signed. When true, signing is the first S/MIME operation</param>
/// <param name="smimeTripleWrapped">Whether the e-mail should be triple-wrapped by signing, then encrypting the envelope, then signing the encrypted envelope.</param>
/// <param name="smimeRemovePreviousOperations">Remove envelope encryption and signatures from passed-in messages. If true and SmimeSigned or SmimeEncryptEnvelope is also true, new S/MIME operations will be applied.</param>
/// <param name="sendCertificateReminders">Send e-mail reminders when a signing certificate is due to expire within 30 days.</param>
/// <param name="exportDirectory">(Optional) Location where all outbound messages are saved as EML files.</param>
/// <param name="logFile">File where event logs and exception information will be written.</param>
/// <param name="logLevel">Proxy logging level, determining how much information is logged.</param>
/// <param name="instanceId">The instance number of the proxy.</param>
/// <param name="smimeValidCertificates">Collection of certificates to be used when searching for recipient public keys.</param>
/// <param name="debugMode">Whether the proxy instance is running in DEBUG mode and should output full exception messages.</param>
public void Start(string acceptedIPs, IPAddress localIPAddress, int localPort, bool localEnableSsl, string remoteServerHostName, int remoteServerPort, bool remoteServerEnableSsl, NetworkCredential remoteServerCredential, string from, string to, string cc, string bcc, string signature, SmimeSettingsMode smimeSettingsMode, bool smimeSigned, bool smimeEncryptedEnvelope, bool smimeTripleWrapped, bool smimeRemovePreviousOperations, bool sendCertificateReminders, string exportDirectory, string logFile, LogLevel logLevel, int instanceId, X509Certificate2Collection smimeValidCertificates, bool debugMode)
{
// Create the log writer.
string logFileName = "";
if (!string.IsNullOrEmpty(logFile))
{
logFileName = ProxyFunctions.GetLogFileName(logFile, instanceId, localIPAddress.ToString(), remoteServerHostName, localPort, remoteServerPort);
LogWriter = new StreamWriter(logFileName, true, Encoding.UTF8, Constants.SMALLBUFFERSIZE);
LogWriter.AutoFlush = true;
LogLevel = logLevel;
}
// Make sure the remote server isn't an infinite loop back to this server.
string fqdn = Functions.GetLocalFQDN();
if (remoteServerHostName.ToUpper() == fqdn.ToUpper() && remoteServerPort == localPort)
{
ProxyFunctions.Log(LogWriter, SessionId, "Cannot start service because the remote server host name {" + remoteServerHostName + "} and port {" + remoteServerPort.ToString() + "} is the same as this proxy, which would cause an infinite loop.", Proxy.LogLevel.Critical, LogLevel);
return;
}
IPHostEntry hostEntry = Dns.GetHostEntry(Dns.GetHostName());
foreach (IPAddress hostIP in hostEntry.AddressList)
{
if (remoteServerHostName == hostIP.ToString() && remoteServerPort == localPort)
{
ProxyFunctions.Log(LogWriter, SessionId, "Cannot start service because the remote server hostname {" + remoteServerHostName + "} and port {" + remoteServerPort.ToString() + "} is the same as this proxy, which would cause an infinite loop.", Proxy.LogLevel.Critical, LogLevel);
return;
}
}
ProxyFunctions.Log(LogWriter, SessionId, "Starting service.", Proxy.LogLevel.Information, LogLevel);
// Attempt to start up to 3 times in case another service using the port is shutting down.
int startAttempts = 0;
while (startAttempts < 3)
{
startAttempts++;
// If we've failed to start once, wait an extra 10 seconds.
if (startAttempts > 1)
{
ProxyFunctions.Log(LogWriter, SessionId, "Attempting to start for the " + (startAttempts == 2 ? "2nd" : "3rd") + " time.", Proxy.LogLevel.Information, LogLevel);
Thread.Sleep(10000 * startAttempts);
}
try
{
X509Certificate serverCertificate = null;
// Generate a unique session ID for logging.
SessionId = Guid.NewGuid().ToString();
ConnectionId = 0;
// If local SSL is supported via STARTTLS, ensure we have a valid server certificate.
if (localEnableSsl)
{
serverCertificate = CertHelper.GetCertificateBySubjectName(StoreLocation.LocalMachine, fqdn);
// In case the service as running as the current user, check the Current User certificate store as well.
if (serverCertificate == null)
serverCertificate = CertHelper.GetCertificateBySubjectName(StoreLocation.CurrentUser, fqdn);
// If no certificate was found, generate a self-signed certificate.
if (serverCertificate == null)
{
ProxyFunctions.Log(LogWriter, SessionId, "No signing certificate found, so generating new certificate.", Proxy.LogLevel.Warning, LogLevel);
List<string> oids = new List<string>();
oids.Add("1.3.6.1.5.5.7.3.1"); // Server Authentication.
// Generate the certificate with a duration of 10 years, 4096-bits, and a key usage of server authentication.
serverCertificate = CertHelper.CreateSelfSignedCertificate(fqdn, fqdn, StoreLocation.LocalMachine, true, 4096, 10, oids);
ProxyFunctions.Log(LogWriter, SessionId, "New certificate generated with Serial Number {" + Encoding.UTF8.GetString(serverCertificate.GetSerialNumber()) + "}.", Proxy.LogLevel.Information, LogLevel);
}
}
// Start listening on the specified port and IP address.
Listener = new TcpListener(localIPAddress, localPort);
Listener.Start();
ProxyFunctions.Log(LogWriter, SessionId, "Service started.", Proxy.LogLevel.Information, LogLevel);
ProxyFunctions.Log(LogWriter, SessionId, "Listening on address {" + localIPAddress.ToString() + "}, port {" + localPort + "}.", Proxy.LogLevel.Information, LogLevel);
Started = true;
// Accept client requests, forking each into its own thread.
while (Started)
{
TcpClient client = Listener.AcceptTcpClient();
string newLogFileName = ProxyFunctions.GetLogFileName(logFile, instanceId, localIPAddress.ToString(), remoteServerHostName, localPort, remoteServerPort);
if (newLogFileName != logFileName)
{
LogWriter.Close();
LogWriter = new StreamWriter(newLogFileName, true, Encoding.UTF8, Constants.SMALLBUFFERSIZE);
LogWriter.AutoFlush = true;
}
// Prepare the arguments for our new thread.
SmtpProxyConnectionArguments arguments = new SmtpProxyConnectionArguments();
arguments.AcceptedIPs = acceptedIPs;
arguments.TcpClient = client;
arguments.Certificate = serverCertificate;
arguments.ExportDirectory = exportDirectory;
arguments.LocalIpAddress = localIPAddress;
arguments.LocalPort = localPort;
arguments.LocalEnableSsl = localEnableSsl;
arguments.RemoteServerHostName = remoteServerHostName;
arguments.RemoteServerPort = remoteServerPort;
arguments.RemoteServerEnableSsl = remoteServerEnableSsl;
arguments.RemoteServerCredential = remoteServerCredential;
arguments.FixedFrom = from;
arguments.FixedTo = to;
arguments.FixedCC = cc;
arguments.FixedBcc = bcc;
arguments.FixedSignature = signature;
arguments.SmimeSettingsMode = smimeSettingsMode;
arguments.SmimeSigned = smimeSigned;
arguments.SmimeEncryptedEnvelope = smimeEncryptedEnvelope;
arguments.SmimeTripleWrapped = smimeTripleWrapped;
arguments.SmimeRemovePreviousOperations = smimeRemovePreviousOperations;
arguments.SendCertificateReminders = sendCertificateReminders;
arguments.SmimeValidCertificates = smimeValidCertificates;
// Increment the connection counter;
arguments.ConnectionId = (unchecked(++ConnectionId)).ToString();
arguments.InstanceId = instanceId;
arguments.DebugMode = debugMode;
// Fork the thread and continue listening for new connections.
Thread processThread = new Thread(new ParameterizedThreadStart(ProcessConnection));
processThread.Name = "OpaqueMail SMTP Proxy Connection";
processThread.Start(arguments);
}
return;
}
catch (Exception ex)
{
if (debugMode || System.Diagnostics.Debugger.IsAttached)
ProxyFunctions.Log(LogWriter, SessionId, "Exception when starting proxy: " + ex.ToString(), Proxy.LogLevel.Critical, LogLevel);
else
ProxyFunctions.Log(LogWriter, SessionId, "Exception when starting proxy: " + ex.Message, Proxy.LogLevel.Critical, LogLevel);
}
}
}
/// <summary>
/// Start an SMTP proxy instance.
/// </summary>
/// <param name="acceptedIPs">IP addresses to accept connections from.</param>
/// <param name="localIPAddress">Local IP address to bind to.</param>
/// <param name="localPort">Local port to listen on.</param>
/// <param name="localEnableSsl">Whether the local server supports TLS/SSL.</param>
/// <param name="remoteServerHostName">Remote server hostname to forward all SMTP messages to.</param>
/// <param name="remoteServerPort">Remote server port to connect to.</param>
/// <param name="remoteServerEnableSsl">Whether the remote SMTP server requires TLS/SSL.</param>
/// <param name="remoteServerCredential">(Optional) Credentials to be used for all connections to the remote SMTP server. When set, this overrides any credentials passed locally.</param>
/// <param name="from">(Optional) "From" address for all sent messages. When supplied, it will override any values sent from the client.</param>
/// <param name="to">(Optional) "To" address(es) for all sent messages. When supplied, it will override any values sent from the client.</param>
/// <param name="cc">(Optional) "CC" address(es) for all sent messages. When supplied, it will override any values sent from the client.</param>
/// <param name="bcc">(Optional) "BCC" address(es) for all sent messages. When supplied, it will override any values sent from the client.</param>
/// <param name="signature">(Optional) Signature to add to the end of each sent message.</param>
/// <param name="smimeSettingsMode">Whether S/MIME settings for encryption and signing are explicitly required or only preferred.</param>
/// <param name="smimeEncryptedEnvelope">Whether the e-mail's envelope should be encrypted. When SmimeSign is true, encryption is the second S/MIME operation.</param>
/// <param name="smimeSigned">Whether the e-mail should be signed. When true, signing is the first S/MIME operation</param>
/// <param name="smimeTripleWrapped">Whether the e-mail should be triple-wrapped by signing, then encrypting the envelope, then signing the encrypted envelope.</param>
/// <param name="smimeRemovePreviousOperations">Remove envelope encryption and signatures from passed-in messages. If true and SmimeSigned or SmimeEncryptEnvelope is also true, new S/MIME operations will be applied.</param>
/// <param name="sendCertificateReminders">Send e-mail reminders when a signing certificate is due to expire within 30 days.</param>
/// <param name="smimeValidCertificates">Collection of certificates to be used when searching for recipient public keys.</param>
public void Start(string acceptedIPs, IPAddress localIPAddress, int localPort, bool localEnableSsl, string remoteServerHostName, int remoteServerPort, bool remoteServerEnableSsl, NetworkCredential remoteServerCredential, string from, string to, string cc, string bcc, string signature, SmimeSettingsMode smimeSettingsMode, bool smimeSigned, bool smimeEncryptedEnvelope, bool smimeTripleWrapped, bool smimeRemovePreviousOperations, bool sendCertificateReminders, X509Certificate2Collection smimeValidCertificates)
{
Start(acceptedIPs, localIPAddress, localPort, localEnableSsl, remoteServerHostName, remoteServerPort, remoteServerEnableSsl, remoteServerCredential, from, to, cc, bcc, signature, smimeSettingsMode, smimeSigned, smimeEncryptedEnvelope, smimeTripleWrapped, smimeRemovePreviousOperations, sendCertificateReminders, "", "", LogLevel.None, 0, smimeValidCertificates, false);
}
