g3proxy: skip greeting stage after smtp STARTTLS

g3proxy/src/inspect/smtp/initiation.rs

@@ -39,23 +39,29 @@ impl InitializedExtensions {
         self.odmr && config.allow_on_demand_mail_relay
     }
 
-    pub(super) fn allow_starttls(&self) -> bool {
-        self.starttls
+    pub(super) fn allow_starttls(&self, from_starttls: bool) -> bool {
+        self.starttls && !from_starttls
     }
 }
 
 pub(super) struct Initiation<'a> {
     config: &'a SmtpInterceptionConfig,
     local_ip: IpAddr,
+    from_starttls: bool,
     client_host: Host,
     server_ext: InitializedExtensions,
 }
 
 impl<'a> Initiation<'a> {
-    pub(super) fn new(config: &'a SmtpInterceptionConfig, local_ip: IpAddr) -> Self {
+    pub(super) fn new(
+        config: &'a SmtpInterceptionConfig,
+        local_ip: IpAddr,
+        from_starttls: bool,
+    ) -> Self {
         Initiation {
             config,
             local_ip,
+            from_starttls,
             client_host: Host::empty(),
             server_ext: InitializedExtensions::default(),
         }
@@ -226,7 +232,7 @@ impl<'a> Initiation<'a> {
                 // STARTTLS, RFC3207, add STARTTLS command
                 "STARTTLS" => {
                     self.server_ext.starttls = true;
-                    true
+                    !self.from_starttls
                 }
                 // No Soliciting, RFC3865, add a MAIL param key
                 "NO-SOLICITING" => true,

g3proxy/src/inspect/smtp/mod.rs

@@ -66,6 +66,7 @@ pub(crate) struct SmtpInterceptObject<SC: ServerConfig> {
     io: Option<SmtpIo>,
     ctx: StreamInspectContext<SC>,
     upstream: UpstreamAddr,
+    from_starttls: bool,
     client_host: Option<Host>,
 }
 
@@ -78,10 +79,15 @@ where
             io: None,
             ctx,
             upstream,
+            from_starttls: false,
             client_host: None,
         }
     }
 
+    pub(crate) fn set_from_starttls(&mut self) {
+        self.from_starttls = true;
+    }
+
     pub(crate) fn set_io(
         &mut self,
         clt_r: BoxAsyncRead,
@@ -170,6 +176,12 @@ where
             ups_w,
         } = self.io.take().unwrap();
 
+        if self.from_starttls {
+            return self
+                .start_initiation(clt_r, clt_w, ups_r.into_inner(), ups_w)
+                .await;
+        }
+
         let interception_config = self.ctx.smtp_interception();
         let local_ip = self.ctx.task_notes.server_addr.ip();
 
@@ -210,16 +222,17 @@ where
         let local_ip = self.ctx.task_notes.server_addr.ip();
         let interception_config = self.ctx.smtp_interception();
 
-        let mut initiation = Initiation::new(interception_config, local_ip);
+        let mut initiation = Initiation::new(interception_config, local_ip, self.from_starttls);
         initiation
             .relay(&mut clt_r, &mut clt_w, &mut ups_r, &mut ups_w)
             .await?;
         let (client_host, server_ext) = initiation.into_parts();
         self.client_host = Some(client_host);
 
         let allow_odmr = server_ext.allow_odmr(interception_config);
+        let allow_starttls = server_ext.allow_starttls(self.from_starttls);
 
-        let mut forward = Forward::new(local_ip, allow_odmr, server_ext.allow_starttls());
+        let mut forward = Forward::new(local_ip, allow_odmr, allow_starttls);
         let next_action = forward
             .relay(&mut clt_r, &mut clt_w, &mut ups_r, &mut ups_w)
             .await?;

g3proxy/src/inspect/start_tls/mod.rs

@@ -14,10 +14,11 @@
  * limitations under the License.
  */
 
+use std::sync::Arc;
+
 use anyhow::anyhow;
 use openssl::ssl::Ssl;
 use slog::slog_info;
-use std::sync::Arc;
 use tokio::io::{AsyncRead, AsyncWrite};
 
 use g3_dpi::Protocol;
@@ -303,6 +304,7 @@ where
             StartTlsProtocol::Smtp => {
                 let mut smtp_obj =
                     crate::inspect::smtp::SmtpInterceptObject::new(ctx, self.upstream.clone());
+                smtp_obj.set_from_starttls();
                 smtp_obj.set_io(
                     Box::new(clt_r),
                     Box::new(clt_w),