162 lines
6.5 KiB
Python
162 lines
6.5 KiB
Python
#!/usr/bin/env python3
|
|
"""
|
|
POP3 server (port 110/995).
|
|
Presents a POP3 banner, captures USER and PASS credentials.
|
|
Implements a basic POP3 state machine (AUTHORIZATION -> TRANSACTION).
|
|
Provides hardcoded bait emails.
|
|
Logs commands as JSON.
|
|
"""
|
|
|
|
import asyncio
|
|
import os
|
|
from decnet_logging import syslog_line, write_syslog_file, forward_syslog
|
|
|
|
NODE_NAME = os.environ.get("NODE_NAME", "mailserver")
|
|
SERVICE_NAME = "pop3"
|
|
LOG_TARGET = os.environ.get("LOG_TARGET", "")
|
|
POP3_BANNER = os.environ.get("IMAP_BANNER", f"+OK [{NODE_NAME}] Dovecot ready.\r\n")
|
|
|
|
IMAP_USERS = os.environ.get("IMAP_USERS", "admin:admin123,root:toor")
|
|
|
|
_BAIT_EMAILS = [
|
|
"Date: Tue, 01 Nov 2023 10:00:00 +0000\r\nFrom: sysadmin@company.com\r\nSubject: AWS Credentials\r\n\r\nHere are the new AWS keys:\r\nAKIAIOSFODNN7EXAMPLE\r\nwJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\r\n",
|
|
"Date: Wed, 02 Nov 2023 11:30:00 +0000\r\nFrom: devops@company.com\r\nSubject: DB Password Reset\r\n\r\nThe production database password has been temporarily set to:\r\nProdDB_temp_2023!!\r\n",
|
|
]
|
|
|
|
def _log(event_type: str, severity: int = 6, **kwargs) -> None:
|
|
line = syslog_line(SERVICE_NAME, NODE_NAME, event_type, severity, **kwargs)
|
|
print(line, flush=True)
|
|
write_syslog_file(line)
|
|
forward_syslog(line, LOG_TARGET)
|
|
|
|
class POP3Protocol(asyncio.Protocol):
|
|
def __init__(self):
|
|
self._transport = None
|
|
self._peer = None
|
|
self._buf = b""
|
|
self._state = "AUTHORIZATION"
|
|
self._valid_users = dict(u.split(":", 1) for u in IMAP_USERS.split(",") if ":" in u)
|
|
self._current_user = None
|
|
|
|
def connection_made(self, transport):
|
|
self._transport = transport
|
|
self._peer = transport.get_extra_info("peername", ("?", 0))
|
|
_log("connect", src=self._peer[0], src_port=self._peer[1])
|
|
if POP3_BANNER:
|
|
if not POP3_BANNER.endswith("\r\n"):
|
|
padded_banner = POP3_BANNER + "\r\n"
|
|
else:
|
|
padded_banner = POP3_BANNER
|
|
if not padded_banner.startswith("+OK"):
|
|
padded_banner = "+OK " + padded_banner.lstrip("* OK ") # replace IMAP prefix with POP3
|
|
transport.write(padded_banner.encode())
|
|
|
|
def data_received(self, data):
|
|
self._buf += data
|
|
while b"\n" in self._buf:
|
|
line, self._buf = self._buf.split(b"\n", 1)
|
|
self._handle_line(line.decode(errors="replace").strip())
|
|
|
|
def _handle_line(self, line: str):
|
|
parts = line.split(None, 1)
|
|
if not parts:
|
|
return
|
|
cmd = parts[0].upper()
|
|
args = parts[1] if len(parts) > 1 else ""
|
|
|
|
_log("command", src=self._peer[0], cmd=line[:128], state=self._state)
|
|
|
|
if cmd == "CAPA":
|
|
self._transport.write(b"+OK Capability list follows\r\nUSER\r\n.\r\n")
|
|
|
|
elif cmd == "USER":
|
|
if self._state != "AUTHORIZATION":
|
|
self._transport.write(b"-ERR Already authenticated.\r\n")
|
|
return
|
|
self._current_user = args
|
|
self._transport.write(b"+OK User name accepted, password please\r\n")
|
|
|
|
elif cmd == "PASS":
|
|
if self._state != "AUTHORIZATION":
|
|
self._transport.write(b"-ERR Already authenticated.\r\n")
|
|
return
|
|
if not self._current_user:
|
|
self._transport.write(b"-ERR USER required first.\r\n")
|
|
return
|
|
|
|
password = args
|
|
username = self._current_user
|
|
|
|
if username in self._valid_users and self._valid_users[username] == password:
|
|
self._state = "TRANSACTION"
|
|
_log("auth", src=self._peer[0], username=username, password=password, status="success")
|
|
self._transport.write(b"+OK Logged in.\r\n")
|
|
else:
|
|
_log("auth", src=self._peer[0], username=username, password=password, status="failed")
|
|
self._transport.write(b"-ERR Authentication failed.\r\n")
|
|
self._current_user = None
|
|
|
|
elif cmd == "STAT":
|
|
if self._state != "TRANSACTION":
|
|
self._transport.write(b"-ERR Not authenticated\r\n")
|
|
return
|
|
total_size = sum(len(e) for e in _BAIT_EMAILS)
|
|
self._transport.write(f"+OK {len(_BAIT_EMAILS)} {total_size}\r\n".encode())
|
|
|
|
elif cmd == "LIST":
|
|
if self._state != "TRANSACTION":
|
|
self._transport.write(b"-ERR Not authenticated\r\n")
|
|
return
|
|
|
|
if args:
|
|
try:
|
|
idx = int(args) - 1
|
|
if 0 <= idx < len(_BAIT_EMAILS):
|
|
self._transport.write(f"+OK {idx + 1} {len(_BAIT_EMAILS[idx])}\r\n".encode())
|
|
else:
|
|
self._transport.write(b"-ERR No such message\r\n")
|
|
except ValueError:
|
|
self._transport.write(b"-ERR Invalid argument\r\n")
|
|
else:
|
|
total_size = sum(len(e) for e in _BAIT_EMAILS)
|
|
self._transport.write(f"+OK {len(_BAIT_EMAILS)} messages ({total_size} octets)\r\n".encode())
|
|
for i, email in enumerate(_BAIT_EMAILS):
|
|
self._transport.write(f"{i + 1} {len(email)}\r\n".encode())
|
|
self._transport.write(b".\r\n")
|
|
|
|
elif cmd == "RETR":
|
|
if self._state != "TRANSACTION":
|
|
self._transport.write(b"-ERR Not authenticated\r\n")
|
|
return
|
|
try:
|
|
idx = int(args) - 1
|
|
if 0 <= idx < len(_BAIT_EMAILS):
|
|
email = _BAIT_EMAILS[idx]
|
|
self._transport.write(f"+OK {len(email)} octets\r\n".encode())
|
|
self._transport.write(email.encode())
|
|
self._transport.write(b".\r\n")
|
|
else:
|
|
self._transport.write(b"-ERR No such message\r\n")
|
|
except ValueError:
|
|
self._transport.write(b"-ERR Invalid argument\r\n")
|
|
|
|
elif cmd == "QUIT":
|
|
self._transport.write(b"+OK Logging out.\r\n")
|
|
self._transport.close()
|
|
|
|
else:
|
|
self._transport.write(b"-ERR Command not recognized\r\n")
|
|
|
|
def connection_lost(self, exc):
|
|
_log("disconnect", src=self._peer[0] if self._peer else "?")
|
|
|
|
async def main():
|
|
_log("startup", msg=f"POP3 server starting as {NODE_NAME}")
|
|
loop = asyncio.get_running_loop()
|
|
server = await loop.create_server(POP3Protocol, "0.0.0.0", 110) # nosec B104
|
|
async with server:
|
|
await server.serve_forever()
|
|
|
|
if __name__ == "__main__":
|
|
asyncio.run(main())
|