/// <summary>
/// Handle an incoming IMAP connection, from connection to completion.
/// </summary>
/// <param name="parameters">ImapProxyConnectionArguments object containing all parameters for this connection.</param>
private void ProcessConnection(object parameters)
{
// Cast the passed-in parameters back to their original objects.
ImapProxyConnectionArguments arguments = (ImapProxyConnectionArguments)parameters;
try
{
TcpClient client = arguments.TcpClient;
Stream clientStream = client.GetStream();
// Capture the client's IP information.
PropertyInfo pi = clientStream.GetType().GetProperty("Socket", BindingFlags.NonPublic | BindingFlags.Instance);
string ip = ((Socket)pi.GetValue(clientStream, null)).RemoteEndPoint.ToString();
if (ip.IndexOf(":") > -1)
{
ip = ip.Substring(0, ip.IndexOf(":"));
}
// If the IP address range filter contains the localhost entry 0.0.0.0, check if the client IP is a local address and update it to 0.0.0.0 if so.
if (arguments.AcceptedIPs.IndexOf("0.0.0.0") > -1)
{
if (ip == "127.0.0.1")
{
ip = "0.0.0.0";
}
else
{
IPHostEntry hostEntry = Dns.GetHostEntry(Dns.GetHostName());
foreach (IPAddress hostIP in hostEntry.AddressList)
{
if (hostIP.ToString() == ip)
{
ip = "0.0.0.0";
break;
}
}
}
}
// Validate that the IP address is within an accepted range.
if (!ProxyFunctions.ValidateIP(arguments.AcceptedIPs, ip))
{
ProxyFunctions.Log(LogWriter, SessionId, arguments.ConnectionId, "Connection rejected from {" + ip + "} due to its IP address.", Proxy.LogLevel.Warning, LogLevel);
Functions.SendStreamString(clientStream, new byte[Constants.SMALLBUFFERSIZE], "500 IP address [" + ip + "] rejected.\r\n");
if (clientStream != null)
{
clientStream.Dispose();
}
if (client != null)
{
client.Close();
}
return;
}
ProxyFunctions.Log(LogWriter, SessionId, arguments.ConnectionId, "New connection established from {" + ip + "}.", Proxy.LogLevel.Information, LogLevel);
// If supported, upgrade the session's security through a TLS handshake.
if (arguments.LocalEnableSsl)
{
ProxyFunctions.Log(LogWriter, SessionId, arguments.ConnectionId, "Starting local TLS/SSL protection for {" + ip + "}.", Proxy.LogLevel.Information, LogLevel);
clientStream = new SslStream(clientStream);
((SslStream)clientStream).AuthenticateAsServer(arguments.Certificate);
}
// Connect to the remote server.
TcpClient remoteServerClient = new TcpClient(arguments.RemoteServerHostName, arguments.RemoteServerPort);
Stream remoteServerStream = remoteServerClient.GetStream();
// If supported, upgrade the session's security through a TLS handshake.
if (arguments.RemoteServerEnableSsl)
{
ProxyFunctions.Log(LogWriter, SessionId, arguments.ConnectionId, "Starting remote TLS/SSL protection with {" + arguments.RemoteServerHostName + "}.", Proxy.LogLevel.Information, LogLevel);
remoteServerStream = new SslStream(remoteServerStream);
((SslStream)remoteServerStream).AuthenticateAsClient(arguments.RemoteServerHostName);
}
// Relay server data to the client.
TransmitArguments remoteServerToClientArguments = new TransmitArguments();
remoteServerToClientArguments.ClientStream = remoteServerStream;
remoteServerToClientArguments.RemoteServerStream = clientStream;
remoteServerToClientArguments.IsClient = false;
remoteServerToClientArguments.ConnectionId = ConnectionId.ToString();
remoteServerToClientArguments.InstanceId = arguments.InstanceId;
remoteServerToClientArguments.DebugMode = arguments.DebugMode;
remoteServerToClientArguments.IPAddress = ip;
remoteServerToClientArguments.ExportDirectory = arguments.ExportDirectory;
Task.Run(() => RelayData(remoteServerToClientArguments));
// Relay client data to the remote server.
TransmitArguments clientToRemoteServerArguments = new TransmitArguments();
clientToRemoteServerArguments.ClientStream = clientStream;
clientToRemoteServerArguments.RemoteServerStream = remoteServerStream;
clientToRemoteServerArguments.IsClient = true;
clientToRemoteServerArguments.ConnectionId = ConnectionId.ToString();
clientToRemoteServerArguments.InstanceId = arguments.InstanceId;
clientToRemoteServerArguments.DebugMode = arguments.DebugMode;
clientToRemoteServerArguments.IPAddress = ip;
clientToRemoteServerArguments.Credential = arguments.RemoteServerCredential;
Task.Run(() => RelayData(clientToRemoteServerArguments));
}
catch (SocketException ex)
{
if (arguments.DebugMode || System.Diagnostics.Debugger.IsAttached)
{
ProxyFunctions.Log(LogWriter, SessionId, "Exception communicating with {" + arguments.RemoteServerHostName + "} on port {" + arguments.RemoteServerPort + "}: " + ex.ToString(), Proxy.LogLevel.Error, LogLevel);
}
else
{
ProxyFunctions.Log(LogWriter, SessionId, "Exception communicating with {" + arguments.RemoteServerHostName + "} on port {" + arguments.RemoteServerPort + "}: " + ex.Message, Proxy.LogLevel.Error, LogLevel);
}
}
catch (Exception ex)
{
if (arguments.DebugMode || System.Diagnostics.Debugger.IsAttached)
{
ProxyFunctions.Log(LogWriter, SessionId, "Exception: " + ex.ToString(), Proxy.LogLevel.Error, LogLevel);
}
else
{
ProxyFunctions.Log(LogWriter, SessionId, "Exception: " + ex.Message, Proxy.LogLevel.Error, LogLevel);
}
}
}
/// <summary>
/// Start a IMAP proxy instance.
/// </summary>
/// <param name="acceptedIPs">IP addresses to accept connections from.</param>
/// <param name="localIPAddress">Local IP address to bind to.</param>
/// <param name="localPort">Local port to listen on.</param>
/// <param name="localEnableSsl">Whether the local server supports TLS/SSL.</param>
/// <param name="remoteServerHostName">Remote server hostname to forward all IMAP messages to.</param>
/// <param name="remoteServerPort">Remote server port to connect to.</param>
/// <param name="remoteServerEnableSsl">Whether the remote IMAP server requires TLS/SSL.</param>
/// <param name="remoteServerCredential">(Optional) Credentials to be used for all connections to the remote IMAP server. When set, this overrides any credentials passed locally.</param>
/// <param name="exportDirectory">(Optional) Location where all incoming messages are saved as EML files.</param>
/// <param name="logFile">File where event logs and exception information will be written.</param>
/// <param name="logLevel">Proxy logging level, determining how much information is logged.</param>
/// <param name="instanceId">The instance number of the proxy.</param>
/// <param name="debugMode">Whether the proxy instance is running in DEBUG mode and should output full exception messages.</param>
public void Start(string acceptedIPs, IPAddress localIPAddress, int localPort, bool localEnableSsl, string remoteServerHostName, int remoteServerPort, bool remoteServerEnableSsl, NetworkCredential remoteServerCredential, string exportDirectory, string logFile, LogLevel logLevel, int instanceId, bool debugMode)
{
// Create the log writer.
string logFileName = "";
if (!string.IsNullOrEmpty(logFile))
{
logFileName = ProxyFunctions.GetLogFileName(logFile, instanceId, localIPAddress.ToString(), remoteServerHostName, localPort, remoteServerPort);
LogWriter = new StreamWriter(logFileName, true, Encoding.UTF8, Constants.SMALLBUFFERSIZE);
LogWriter.AutoFlush = true;
LogLevel = logLevel;
}
// Make sure the remote server isn't an infinite loop back to this server.
string fqdn = Functions.GetLocalFQDN();
if (remoteServerHostName.ToUpper() == fqdn.ToUpper() && remoteServerPort == localPort)
{
ProxyFunctions.Log(LogWriter, SessionId, "Cannot start service because the remote server host name {" + remoteServerHostName + "} and port {" + remoteServerPort.ToString() + "} is the same as this proxy, which would cause an infinite loop.", Proxy.LogLevel.Critical, LogLevel);
return;
}
IPHostEntry hostEntry = Dns.GetHostEntry(Dns.GetHostName());
foreach (IPAddress hostIP in hostEntry.AddressList)
{
if (remoteServerHostName == hostIP.ToString() && remoteServerPort == localPort)
{
ProxyFunctions.Log(LogWriter, SessionId, "Cannot start service because the remote server hostname {" + remoteServerHostName + "} and port {" + remoteServerPort.ToString() + "} is the same as this proxy, which would cause an infinite loop.", Proxy.LogLevel.Critical, LogLevel);
return;
}
}
ProxyFunctions.Log(LogWriter, SessionId, "Starting service.", Proxy.LogLevel.Information, LogLevel);
// Attempt to start up to 3 times in case another service using the port is shutting down.
int startAttempts = 0;
while (startAttempts < 3)
{
startAttempts++;
// If we've failed to start once, wait an extra 10 seconds.
if (startAttempts > 1)
{
ProxyFunctions.Log(LogWriter, SessionId, "Attempting to start for the " + (startAttempts == 2 ? "2nd" : "3rd") + " time.", Proxy.LogLevel.Information, LogLevel);
Thread.Sleep(10000 * startAttempts);
}
try
{
X509Certificate serverCertificate = null;
// Generate a unique session ID for logging.
SessionId = Guid.NewGuid().ToString();
ConnectionId = 0;
// If local SSL is supported via STARTTLS, ensure we have a valid server certificate.
if (localEnableSsl)
{
// Load the SSL certificate for the listening server name.
serverCertificate = CertHelper.GetCertificateBySubjectName(StoreLocation.LocalMachine, fqdn);
// In case the service as running as the current user, check the Current User certificate store as well.
if (serverCertificate == null)
{
serverCertificate = CertHelper.GetCertificateBySubjectName(StoreLocation.CurrentUser, fqdn);
}
// If no certificate was found, generate a self-signed certificate.
if (serverCertificate == null)
{
ProxyFunctions.Log(LogWriter, SessionId, "No signing certificate found, so generating new certificate.", Proxy.LogLevel.Warning, LogLevel);
List <DerObjectIdentifier> oids = new List <DerObjectIdentifier>();
oids.Add(new DerObjectIdentifier("1.3.6.1.5.5.7.3.1")); // Server Authentication.
// Generate the certificate with a duration of 10 years, 4096-bits, and a key usage of server authentication.
serverCertificate = CertHelper.CreateSelfSignedCertificate(fqdn, fqdn, StoreLocation.LocalMachine, true, 4096, 10, oids);
ProxyFunctions.Log(LogWriter, SessionId, "Certificate generated with Serial Number {" + serverCertificate.GetSerialNumberString() + "}.", Proxy.LogLevel.Information, LogLevel);
}
}
Listener = new TcpListener(localIPAddress, localPort);
Listener.Start();
ProxyFunctions.Log(LogWriter, SessionId, "Service started.", Proxy.LogLevel.Information, LogLevel);
ProxyFunctions.Log(LogWriter, SessionId, "Listening on address {" + localIPAddress.ToString() + "}, port {" + localPort + "}.", Proxy.LogLevel.Information, LogLevel);
Started = true;
// Accept client requests, forking each into its own thread.
while (Started)
{
TcpClient client = Listener.AcceptTcpClient();
string newLogFileName = ProxyFunctions.GetLogFileName(logFile, instanceId, localIPAddress.ToString(), remoteServerHostName, localPort, remoteServerPort);
if (newLogFileName != logFileName)
{
if (LogWriter != null)
{
LogWriter.Close();
}
LogWriter = new StreamWriter(newLogFileName, true, Encoding.UTF8, Constants.SMALLBUFFERSIZE);
LogWriter.AutoFlush = true;
}
try
{
// Prepare the arguments for our new thread.
ImapProxyConnectionArguments arguments = new ImapProxyConnectionArguments();
arguments.AcceptedIPs = acceptedIPs;
arguments.TcpClient = client;
arguments.Certificate = serverCertificate;
arguments.ExportDirectory = exportDirectory;
arguments.LocalIpAddress = localIPAddress;
arguments.LocalPort = localPort;
arguments.LocalEnableSsl = localEnableSsl;
arguments.RemoteServerHostName = remoteServerHostName;
arguments.RemoteServerPort = remoteServerPort;
arguments.RemoteServerEnableSsl = remoteServerEnableSsl;
arguments.RemoteServerCredential = remoteServerCredential;
// Increment the connection counter;
arguments.ConnectionId = (unchecked (++ConnectionId)).ToString();
arguments.InstanceId = instanceId;
arguments.DebugMode = debugMode;
// Fork the thread and continue listening for new connections.
Task.Run(() => ProcessConnection(arguments));
}
catch (Exception ex)
{
ProxyFunctions.Log(LogWriter, SessionId, "Error while processing connection: " + ex.ToString(), Proxy.LogLevel.Error, LogLevel);
}
}
return;
}
catch (Exception ex)
{
if (debugMode || System.Diagnostics.Debugger.IsAttached)
{
ProxyFunctions.Log(LogWriter, SessionId, "Exception when starting proxy: " + ex.ToString(), Proxy.LogLevel.Critical, LogLevel);
}
else
{
ProxyFunctions.Log(LogWriter, SessionId, "Exception when starting proxy: " + ex.Message, Proxy.LogLevel.Critical, LogLevel);
}
}
}
}
/// <summary>
/// Start a IMAP proxy instance.
/// </summary>
/// <param name="acceptedIPs">IP addresses to accept connections from.</param>
/// <param name="localIPAddress">Local IP address to bind to.</param>
/// <param name="localPort">Local port to listen on.</param>
/// <param name="localEnableSsl">Whether the local server supports TLS/SSL.</param>
/// <param name="remoteServerHostName">Remote server hostname to forward all IMAP messages to.</param>
/// <param name="remoteServerPort">Remote server port to connect to.</param>
/// <param name="remoteServerEnableSsl">Whether the remote IMAP server requires TLS/SSL.</param>
/// <param name="remoteServerCredential">(Optional) Credentials to be used for all connections to the remote IMAP server. When set, this overrides any credentials passed locally.</param>
/// <param name="exportDirectory">(Optional) Location where all incoming messages are saved as EML files.</param>
/// <param name="logFile">File where event logs and exception information will be written.</param>
/// <param name="logLevel">Proxy logging level, determining how much information is logged.</param>
/// <param name="instanceId">The instance number of the proxy.</param>
/// <param name="debugMode">Whether the proxy instance is running in DEBUG mode and should output full exception messages.</param>
public void Start(string acceptedIPs, IPAddress localIPAddress, int localPort, bool localEnableSsl, string remoteServerHostName, int remoteServerPort, bool remoteServerEnableSsl, NetworkCredential remoteServerCredential, string exportDirectory, string logFile, LogLevel logLevel, int instanceId, bool debugMode)
{
// Create the log writer.
string logFileName = "";
if (!string.IsNullOrEmpty(logFile))
{
logFileName = ProxyFunctions.GetLogFileName(logFile, instanceId, localIPAddress.ToString(), remoteServerHostName, localPort, remoteServerPort);
LogWriter = new StreamWriter(logFileName, true, Encoding.UTF8, Constants.SMALLBUFFERSIZE);
LogWriter.AutoFlush = true;
LogLevel = logLevel;
}
// Make sure the remote server isn't an infinite loop back to this server.
string fqdn = Functions.GetLocalFQDN();
if (remoteServerHostName.ToUpper() == fqdn.ToUpper() && remoteServerPort == localPort)
{
ProxyFunctions.Log(LogWriter, SessionId, "Cannot start service because the remote server host name {" + remoteServerHostName + "} and port {" + remoteServerPort.ToString() + "} is the same as this proxy, which would cause an infinite loop.", Proxy.LogLevel.Critical, LogLevel);
return;
}
IPHostEntry hostEntry = Dns.GetHostEntry(Dns.GetHostName());
foreach (IPAddress hostIP in hostEntry.AddressList)
{
if (remoteServerHostName == hostIP.ToString() && remoteServerPort == localPort)
{
ProxyFunctions.Log(LogWriter, SessionId, "Cannot start service because the remote server hostname {" + remoteServerHostName + "} and port {" + remoteServerPort.ToString() + "} is the same as this proxy, which would cause an infinite loop.", Proxy.LogLevel.Critical, LogLevel);
return;
}
}
ProxyFunctions.Log(LogWriter, SessionId, "Starting service.", Proxy.LogLevel.Information, LogLevel);
// Attempt to start up to 3 times in case another service using the port is shutting down.
int startAttempts = 0;
while (startAttempts < 3)
{
startAttempts++;
// If we've failed to start once, wait an extra 10 seconds.
if (startAttempts > 1)
{
ProxyFunctions.Log(LogWriter, SessionId, "Attempting to start for the " + (startAttempts == 2 ? "2nd" : "3rd") + " time.", Proxy.LogLevel.Information, LogLevel);
Thread.Sleep(10000 * startAttempts);
}
try
{
X509Certificate serverCertificate = null;
// Generate a unique session ID for logging.
SessionId = Guid.NewGuid().ToString();
ConnectionId = 0;
// If local SSL is supported via STARTTLS, ensure we have a valid server certificate.
if (localEnableSsl)
{
serverCertificate = CertHelper.GetCertificateBySubjectName(StoreLocation.LocalMachine, fqdn);
// In case the service as running as the current user, check the Current User certificate store as well.
if (serverCertificate == null)
serverCertificate = CertHelper.GetCertificateBySubjectName(StoreLocation.CurrentUser, fqdn);
// If no certificate was found, generate a self-signed certificate.
if (serverCertificate == null)
{
ProxyFunctions.Log(LogWriter, SessionId, "No signing certificate found, so generating new certificate.", Proxy.LogLevel.Warning, LogLevel);
List<string> oids = new List<string>();
oids.Add("1.3.6.1.5.5.7.3.1"); // Server Authentication.
// Generate the certificate with a duration of 10 years, 4096-bits, and a key usage of server authentication.
serverCertificate = CertHelper.CreateSelfSignedCertificate(fqdn, fqdn, StoreLocation.LocalMachine, true, 4096, 10, oids);
ProxyFunctions.Log(LogWriter, SessionId, "Certificate generated with Serial Number {" + serverCertificate.GetSerialNumberString() + "}.", Proxy.LogLevel.Information, LogLevel);
}
}
Listener = new TcpListener(localIPAddress, localPort);
Listener.Start();
ProxyFunctions.Log(LogWriter, SessionId, "Service started.", Proxy.LogLevel.Information, LogLevel);
ProxyFunctions.Log(LogWriter, SessionId, "Listening on address {" + localIPAddress.ToString() + "}, port {" + localPort + "}.", Proxy.LogLevel.Information, LogLevel);
Started = true;
// Accept client requests, forking each into its own thread.
while (Started)
{
TcpClient client = Listener.AcceptTcpClient();
string newLogFileName = ProxyFunctions.GetLogFileName(logFile, instanceId, localIPAddress.ToString(), remoteServerHostName, localPort, remoteServerPort);
if (newLogFileName != logFileName)
{
LogWriter.Close();
LogWriter = new StreamWriter(newLogFileName, true, Encoding.UTF8, Constants.SMALLBUFFERSIZE);
LogWriter.AutoFlush = true;
}
// Prepare the arguments for our new thread.
ImapProxyConnectionArguments arguments = new ImapProxyConnectionArguments();
arguments.AcceptedIPs = acceptedIPs;
arguments.TcpClient = client;
arguments.Certificate = serverCertificate;
arguments.ExportDirectory = exportDirectory;
arguments.LocalIpAddress = localIPAddress;
arguments.LocalPort = localPort;
arguments.LocalEnableSsl = localEnableSsl;
arguments.RemoteServerHostName = remoteServerHostName;
arguments.RemoteServerPort = remoteServerPort;
arguments.RemoteServerEnableSsl = remoteServerEnableSsl;
arguments.RemoteServerCredential = remoteServerCredential;
// Increment the connection counter;
arguments.ConnectionId = (unchecked(++ConnectionId)).ToString();
arguments.InstanceId = instanceId;
arguments.DebugMode = debugMode;
// Fork the thread and continue listening for new connections.
Thread processThread = new Thread(new ParameterizedThreadStart(ProcessConnection));
processThread.Name = "OpaqueMail IMAP Proxy Connection";
processThread.Start(arguments);
}
return;
}
catch (Exception ex)
{
if (debugMode || System.Diagnostics.Debugger.IsAttached)
ProxyFunctions.Log(LogWriter, SessionId, "Exception when starting proxy: " + ex.ToString(), Proxy.LogLevel.Critical, LogLevel);
else
ProxyFunctions.Log(LogWriter, SessionId, "Exception when starting proxy: " + ex.Message, Proxy.LogLevel.Critical, LogLevel);
}
}
}