Refactor SMTP logic

nabla-c0d3 · nabla-c0d3 · commit 2557fa7ca3c6 · 2024-12-26T18:24:49.000+01:00
diff --git a/sslyze/connection_helpers/opportunistic_tls_helpers.py b/sslyze/connection_helpers/opportunistic_tls_helpers.py
@@ -72,31 +72,36 @@ def prepare_socket_for_tls_handshake(self, sock: socket.socket) -> None:
         smtp.sock = sock
 
         try:
-            code, server_reply = smtp.getreply()
-            message = server_reply.decode()
+            code, server_reply_as_bytes = smtp.getreply()
         except SMTPException as exc:
-            code, message = -1, str(exc)
+            raise OpportunisticTlsError(f"Unexpected error while performing the SMTP EHLO handshake: {str(exc)}")
+
         if code != 220:
-            raise OpportunisticTlsError(f"Unable to find 220 service ready response: {message}")
+            server_reply_as_str = server_reply_as_bytes.decode()
+            raise OpportunisticTlsError(
+                f"Server did not send a '220 service ready' SMTP message: {server_reply_as_str}"
+            )
 
         try:
-            code, server_reply = smtp.ehlo()
-            message = server_reply.decode()
+            code, server_reply_as_bytes = smtp.ehlo()
         except SMTPException as exc:
-            code, message = -1, str(exc)
+            raise OpportunisticTlsError(f"Unexpected error while performing the SMTP EHLO handshake: {str(exc)}")
+
         if code != 250:
-            raise OpportunisticTlsError(f"SMTP EHLO was rejected: {message}")
+            server_reply_as_str = server_reply_as_bytes.decode()
+            raise OpportunisticTlsError(f"SMTP EHLO was rejected: {server_reply_as_str}")
 
         if not smtp.has_extn("starttls"):
-            raise OpportunisticTlsError(f"Server does not support STARTTLS: {message}")
+            raise OpportunisticTlsError("Server does not support STARTTLS with SMTP")
 
         try:
-            code, server_reply = smtp.docmd("STARTTLS")
-            message = server_reply.decode()
+            code, server_reply_as_bytes = smtp.docmd("STARTTLS")
         except SMTPException as exc:
-            code, message = -1, str(exc)
+            raise OpportunisticTlsError(f"Unexpected error while performing the SMTP EHLO handshake: {str(exc)}")
+
         if code != 220:
-            raise OpportunisticTlsError(f"SMTP STARTTLS rejected: {message}")
+            server_reply_as_str = server_reply_as_bytes.decode()
+            raise OpportunisticTlsError(f"SMTP STARTTLS rejected: {server_reply_as_str}")
 
 
 class _XmppHelper(_OpportunisticTlsHelper):
@@ -242,15 +247,15 @@ class _PostgresHelper(_GenericOpportunisticTlsHelper):
 
 
 def get_opportunistic_tls_helper(
-    protocol: ProtocolWithOpportunisticTlsEnum, xmpp_to_hostname: Optional[str], smtp_ehlo_hostname: str
+    protocol: ProtocolWithOpportunisticTlsEnum, xmpp_to_hostname: Optional[str], smtp_ehlo_hostname: Optional[str]
 ) -> _OpportunisticTlsHelper:
     helper_cls = _START_TLS_HELPER_CLASSES[protocol]
     if protocol in [ProtocolWithOpportunisticTlsEnum.XMPP, ProtocolWithOpportunisticTlsEnum.XMPP_SERVER]:
         if xmpp_to_hostname is None:
             raise ValueError("Received None for xmpp_to_hostname")
         opportunistic_tls_helper = helper_cls(xmpp_to=xmpp_to_hostname)
     elif protocol == ProtocolWithOpportunisticTlsEnum.SMTP:
-        opportunistic_tls_helper = helper_cls(smtp_ehlo_hostname)
+        opportunistic_tls_helper = helper_cls(smtp_ehlo_hostname=smtp_ehlo_hostname)
     else:
         opportunistic_tls_helper = helper_cls()
 
diff --git a/sslyze/server_setting.py b/sslyze/server_setting.py
@@ -206,7 +206,7 @@ def __post_init__(self) -> None:
         else:
             if self.xmpp_to_hostname:
                 raise InvalidServerNetworkConfigurationError("Can only specify xmpp_to for the XMPP StartTLS protocol.")
-    
+
         if self.tls_opportunistic_encryption in [
             ProtocolWithOpportunisticTlsEnum.SMTP,
         ]:
@@ -217,7 +217,7 @@ def __post_init__(self) -> None:
                 raise InvalidServerNetworkConfigurationError(
                     "Can only specify smtp_ehlo_hostname for the SMTP StartTLS protocol."
                 )
-            
+
         if self.tls_opportunistic_encryption and self.http_user_agent:
             raise InvalidServerNetworkConfigurationError(
                 "Cannot specify both tls_opportunistic_encryption and http_user_agent"
