From d2145608089777cd27175763cf9f71ca2a3159f5 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Fri, 6 May 2016 14:44:28 -0700
Subject: Implement SASL and STARTTLS in SMTPDirect.py.

---
 Mailman/Defaults.py.in         | 16 ++++++++++++++++
 Mailman/Handlers/SMTPDirect.py | 30 ++++++++++++++++++++++++++++++
 NEWS                           |  5 +++++
 3 files changed, 51 insertions(+)

diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in
index a71875ac..3569cc07 100755
--- a/Mailman/Defaults.py.in
+++ b/Mailman/Defaults.py.in
@@ -562,6 +562,22 @@ SMTPPORT = 0                                      # default from smtplib
 # when DELIVERY_MODULE is 'Sendmail'.
 SENDMAIL_CMD = '/usr/lib/sendmail'
 
+# SMTP authentication for DELIVERY_MODULE = 'SMTPDirect'.  To enable SASL
+# authentication for SMTPDirect, set SMTP_AUTH = Yes and provide appropriate
+# settings for SMTP_USER and SMTP_PASSWD.
+SMTP_AUTH = No
+SMTP_USER = ''
+SMTP_PASSWD = ''
+
+# If using SASL authentication (SMTP_AUTH = Yes), set the following to Yes
+# to also use TLS. This has no effect if SMTP_AUTH = No.
+SMTP_USE_TLS = No
+
+# When using TLS the following should be set to the hostname that should be
+# used in order to identify Mailman to the SMTP server.  By default, it
+# uses DEFAULT_URL_HOST. Normally, you should not change this.
+SMTP_HELO_HOST = DEFAULT_URL_HOST
+
 # Set these variables if you need to authenticate to your NNTP server for
 # Usenet posting or reading.  If no authentication is necessary, specify None
 # for both variables.
diff --git a/Mailman/Handlers/SMTPDirect.py b/Mailman/Handlers/SMTPDirect.py
index 32b03423..3b489c2f 100644
--- a/Mailman/Handlers/SMTPDirect.py
+++ b/Mailman/Handlers/SMTPDirect.py
@@ -63,6 +63,36 @@ class Connection:
         self.__conn = smtplib.SMTP()
         self.__conn.set_debuglevel(mm_cfg.SMTPLIB_DEBUG_LEVEL)
         self.__conn.connect(mm_cfg.SMTPHOST, mm_cfg.SMTPPORT)
+        if mm_cfg.SMTP_AUTH:
+            if mm_cfg.SMTP_USE_TLS:
+                try:
+                    self.__conn.starttls()
+                except SMTPException, e:
+                    syslog('smtp-failure', 'SMTP TLS error: %s', e)
+                    self.quit()
+                    raise
+                try:
+                    self.__conn.ehlo(mm_cfg.SMTP_HELO_HOST)
+                except SMTPException, e:
+                    syslog('smtp-failure', 'SMTP EHLO error: %s', e)
+                    self.quit()
+                    raise
+            try:
+                self.__conn.login(mm_cfg.SMTP_USER, mm_cfg.SMTP_PASSWD)
+            except smtplib.SMTPHeloError, e:
+                syslog('smtp-failure', 'SMTP HELO error: %s', e)
+                self.quit()
+                raise
+            except smtplib.SMTPAuthenticationError, e:
+                syslog('smtp-failure', 'SMTP AUTH error: %s', e)
+                self.quit()
+                raise
+            except smtplib.SMTPException, e:
+                syslog('smtp-failure',
+                       'SMTP - no suitable authentication method found: %s', e)
+                self.quit()
+                raise
+
         self.__numsessions = mm_cfg.SMTP_MAX_SESSIONS_PER_CONNECTION
 
     def sendmail(self, envsender, recips, msgtext):
diff --git a/NEWS b/NEWS
index e9939cde..c6660b9f 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,11 @@ Here is a history of user visible changes to Mailman.
  
   New Features
 
+    - SMTPDirect.py can now do SASL authentication and STARTTLS security when
+      connecting to the outgoiung MTA. Associated with this are new
+      Defaults.py/mm_cfg.py settings SMTP_AUTH, SMTP_USER, SMTP_PASSWD and
+      SMTP_USE_TLS.  (LP: #558281)
+
     - There is a new Defaults.py/mm_cfg.py setting SMTPLIB_DEBUG_LEVEL which
       can be set to 1 to enable verbose smtplib debugging to Mailman's error
       log to help with debugging 'low level smtp failures'.  (LP: # 1573074)
-- 
cgit v1.2.3