From fb6539a8bc26cdcaaba69d199f4aee0be3e672ae Mon Sep 17 00:00:00 2001
From: Shengxu Quan <quans2@outlook.com>
Date: Fri, 5 Jun 2020 15:27:13 -0400
Subject: [PATCH 1/4] add tls support for smarthost

---
 entrypoint.sh | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/entrypoint.sh b/entrypoint.sh
index 423d9f9..a3863e8 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -63,6 +63,24 @@ elif [ "$SMARTHOST_ADDRESS" ] ; then
 			echo "${alias}:$SMARTHOST_USER:$SMARTHOST_PASSWORD" >> /etc/exim4/passwd.client
 		done
 	fi
+	if [ "$KEY_PATH" -a "$CERTIFICATE_PATH" ]; then
+		echo "MAIN_TLS_ENABLE == 1" >>  /etc/exim4/exim4.conf.localmacros
+		echo "REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = *" >>  /etc/exim4/exim4.conf.localmacros
+		echo "TLS_ON_CONNECT_PORTS = $SMARTHOST_PORT" >>  /etc/exim4/exim4.conf.localmacros
+		echo "REQUIRE_PROTOCOL = smtps" >>  /etc/exim4/exim4.conf.localmacros
+
+		(
+			echo .ifdef REQUIRE_PROTOCOL
+			echo protocol = REQUIRE_PROTOCOL
+			echo .endif
+		) > /etc/exim4/exim4.conf.template
+
+		(
+			echo .ifdef TLS_ON_CONNECT_PORTS
+			echo tls_on_connect_ports = TLS_ON_CONNECT_PORTS
+			echo .endif
+		) > /etc/exim4/exim4.conf.template
+	fi
 elif [ "$RELAY_DOMAINS" ]; then
 	opts+=(
 		dc_relay_domains "${RELAY_DOMAINS}"

From f9a3efcba1c2972cdd729b76c60d08140042a8e4 Mon Sep 17 00:00:00 2001
From: Shengxu Quan <quans2@outlook.com>
Date: Fri, 12 Jun 2020 15:40:40 -0400
Subject: [PATCH 2/4] a working prototype: send email with certs. igonre email
 without certs, when smarthost tls is enabled

---
 entrypoint.sh                     | 15 +++--------
 example/sendemail_with_certs.js   | 41 +++++++++++++++++++++++++++++++
 example/sendemail_without_cert.js | 37 ++++++++++++++++++++++++++++
 3 files changed, 81 insertions(+), 12 deletions(-)
 create mode 100644 example/sendemail_with_certs.js
 create mode 100644 example/sendemail_without_cert.js

diff --git a/entrypoint.sh b/entrypoint.sh
index a3863e8..e686159 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -66,20 +66,11 @@ elif [ "$SMARTHOST_ADDRESS" ] ; then
 	if [ "$KEY_PATH" -a "$CERTIFICATE_PATH" ]; then
 		echo "MAIN_TLS_ENABLE == 1" >>  /etc/exim4/exim4.conf.localmacros
 		echo "REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = *" >>  /etc/exim4/exim4.conf.localmacros
-		echo "TLS_ON_CONNECT_PORTS = $SMARTHOST_PORT" >>  /etc/exim4/exim4.conf.localmacros
+		echo "TLS_ON_CONNECT_PORTS = 25" >>  /etc/exim4/exim4.conf.localmacros
 		echo "REQUIRE_PROTOCOL = smtps" >>  /etc/exim4/exim4.conf.localmacros
 
-		(
-			echo .ifdef REQUIRE_PROTOCOL
-			echo protocol = REQUIRE_PROTOCOL
-			echo .endif
-		) > /etc/exim4/exim4.conf.template
-
-		(
-			echo .ifdef TLS_ON_CONNECT_PORTS
-			echo tls_on_connect_ports = TLS_ON_CONNECT_PORTS
-			echo .endif
-		) > /etc/exim4/exim4.conf.template
+		sed -i "/.ifdef[[:space:]]MAIN_TLS_ENABLE/a \  .ifdef TLS_ON_CONNECT_PORTS\n      tls_on_connect_ports = TLS_ON_CONNECT_PORTS\n  .endif" /etc/exim4/exim4.conf.template
+		sed -i "1737i .ifdef REQUIRE_PROTOCOL\n    protocol = REQUIRE_PROTOCOL\n.endif" /etc/exim4/exim4.conf.template
 	fi
 elif [ "$RELAY_DOMAINS" ]; then
 	opts+=(
diff --git a/example/sendemail_with_certs.js b/example/sendemail_with_certs.js
new file mode 100644
index 0000000..18a3ce2
--- /dev/null
+++ b/example/sendemail_with_certs.js
@@ -0,0 +1,41 @@
+// your smtp server is running in localhost port 25
+const nodemailer = require("nodemailer");
+const tls = require("tls");
+const fs = require("fs");
+
+const cert = fs.readFileSync("path to certs(pem)");
+const key = fs.readFileSync("path to key(pem)");
+
+const secured = {
+  host: "127.0.0.1",
+  port: 25,
+  secure: true,
+  tls: {
+    rejectUnauthorized: false,
+    secureContext: tls.createSecureContext({
+      cert,
+      key,
+    }),
+  },
+};
+
+function sendEmailWithTLS() {
+  const transporter = nodemailer.createTransport(secured);
+
+  const mailOptions = {
+    from: "your@example.com",
+    to: "to@example.com",
+    subject: "Sending Email with CERTS",
+    text: "Send email with certs",
+  };
+
+  transporter.sendMail(mailOptions, function (error, info) {
+    if (error) {
+      console.log(error);
+    } else {
+      console.log("Email sent: " + info.response);
+    }
+  });
+}
+
+sendEmailWithTLS();
diff --git a/example/sendemail_without_cert.js b/example/sendemail_without_cert.js
new file mode 100644
index 0000000..19366a1
--- /dev/null
+++ b/example/sendemail_without_cert.js
@@ -0,0 +1,37 @@
+// your smtp server is running in localhost port 25
+const nodemailer = require("nodemailer");
+const tls = require("tls");
+const fs = require("fs");
+
+const cert = fs.readFileSync("path to certs(pem)");
+const key = fs.readFileSync("path to key(pem)");
+
+const unsecured = {
+  host: "127.0.0.1",
+  port: 25,
+  secure: false,
+  tls: {
+    rejectUnauthorized: false,
+  },
+};
+
+function sendEmailWithoutTLS() {
+  const transporter = nodemailer.createTransport(unsecured);
+
+  const mailOptions = {
+    from: "your@example.com",
+    to: "to@example.com",
+    subject: "Sending Email with CERTS",
+    text: "Send email with certs",
+  };
+
+  transporter.sendMail(mailOptions, function (error, info) {
+    if (error) {
+      console.log(error);
+    } else {
+      console.log("Email sent: " + info.response);
+    }
+  });
+}
+
+sendEmailWithoutTLS();

From a2b80d2f129c5280193562ff7219d85c1709460f Mon Sep 17 00:00:00 2001
From: Shengxu Quan <quans2@outlook.com>
Date: Mon, 22 Jun 2020 09:13:37 -0400
Subject: [PATCH 3/4] improved inserting method with sed

---
 entrypoint.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index e686159..6361f1b 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -70,7 +70,8 @@ elif [ "$SMARTHOST_ADDRESS" ] ; then
 		echo "REQUIRE_PROTOCOL = smtps" >>  /etc/exim4/exim4.conf.localmacros
 
 		sed -i "/.ifdef[[:space:]]MAIN_TLS_ENABLE/a \  .ifdef TLS_ON_CONNECT_PORTS\n      tls_on_connect_ports = TLS_ON_CONNECT_PORTS\n  .endif" /etc/exim4/exim4.conf.template
-		sed -i "1737i .ifdef REQUIRE_PROTOCOL\n    protocol = REQUIRE_PROTOCOL\n.endif" /etc/exim4/exim4.conf.template
+		sed -i '/.ifdef[[:space:]]REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS/{n;n;n;i\.ifdef REQUIRE_PROTOCOL\n    protocol = REQUIRE_PROTOCOL\n.endif
+		}' /etc/exim4/exim4.conf.template
 	fi
 elif [ "$RELAY_DOMAINS" ]; then
 	opts+=(

From ed421056ffce5b0e71faa7ce4f7a053942194dba Mon Sep 17 00:00:00 2001
From: Shengxu Quan <quans2@outlook.com>
Date: Mon, 22 Jun 2020 10:26:39 -0400
Subject: [PATCH 4/4] use perl instead of sed

---
 entrypoint.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 6361f1b..bbb326b 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -70,8 +70,7 @@ elif [ "$SMARTHOST_ADDRESS" ] ; then
 		echo "REQUIRE_PROTOCOL = smtps" >>  /etc/exim4/exim4.conf.localmacros
 
 		sed -i "/.ifdef[[:space:]]MAIN_TLS_ENABLE/a \  .ifdef TLS_ON_CONNECT_PORTS\n      tls_on_connect_ports = TLS_ON_CONNECT_PORTS\n  .endif" /etc/exim4/exim4.conf.template
-		sed -i '/.ifdef[[:space:]]REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS/{n;n;n;i\.ifdef REQUIRE_PROTOCOL\n    protocol = REQUIRE_PROTOCOL\n.endif
-		}' /etc/exim4/exim4.conf.template
+		perl -0777 -i -pe 's/(.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS[\S\s]+?.endif)/$1\n.ifdef REQUIRE_PROTOCOL\n    protocol = REQUIRE_PROTOCOL\n.endif/' /etc/exim4/exim4.conf.template
 	fi
 elif [ "$RELAY_DOMAINS" ]; then
 	opts+=(