diff --git a/api/smtp/backend.go b/api/smtp/backend.go index 842b324..de7d6fa 100644 --- a/api/smtp/backend.go +++ b/api/smtp/backend.go @@ -20,12 +20,6 @@ func NewBackend(svcWriter writer.Service, rcpts map[string]bool, dataLimit int64 } func (b backend) NewSession(c *smtp.Conn) (s smtp.Session, err error) { - connState, tlsOk := c.TLSConnectionState() - switch { - case tlsOk && connState.Version != 0: - s = newSession(b.svcWriter, b.rcpts, b.dataLimit) - default: - err = smtp.ErrAuthRequired - } + s = newSession(b.svcWriter, b.rcpts, b.dataLimit) return } diff --git a/helm/int-email/values-awakari-com.yaml b/helm/int-email/values-awakari-com.yaml index faf50ee..10cdc6b 100644 --- a/helm/int-email/values-awakari-com.yaml +++ b/helm/int-email/values-awakari-com.yaml @@ -20,7 +20,7 @@ ingress: - path: / pathType: ImplementationSpecific tls: - - secretName: int-email-tls-server + - secretName: int-email-tls-secret hosts: - email.awakari.com diff --git a/helm/int-email/values.yaml b/helm/int-email/values.yaml index e87b6db..2480781 100644 --- a/helm/int-email/values.yaml +++ b/helm/int-email/values.yaml @@ -37,7 +37,7 @@ securityContext: {} service: type: LoadBalancer - port: 587 + port: 465 ingress: enabled: false @@ -47,7 +47,7 @@ ingress: - path: / pathType: ImplementationSpecific tls: - - secretName: int-email-tls-server + - secretName: int-email-tls-secret hosts: - int-email.local diff --git a/main.go b/main.go index 6193810..e784a61 100644 --- a/main.go +++ b/main.go @@ -70,12 +70,16 @@ func main() { cert, }, Renegotiation: tls.RenegotiateNever, - ClientAuth: tls.NoClientCert, + ClientAuth: tls.RequireAndVerifyClientCert, MinVersion: tls.VersionTLS12, } - srv.TLSConfig = tlsConfig + l, err := tls.Listen("tcp", srv.Addr, tlsConfig) + if err != nil { + panic(err) + } + log.Info("starting to listen for emails...") - if err = srv.ListenAndServe(); err != nil { + if err = srv.Serve(l); err != nil { panic(err) } }