Skip to content

[Symfony/Mailer] support STMP over an unix stream socket #48154

@emmanuel-deloget

Description

@emmanuel-deloget

Description

While this looks like an odd use case, unix socket are actually quite useful to add access control to a socket interface (something that cannot be done easily with TCP connexions).

Issues with the current implementation

  • in the Dsn class, parse_url() cannot be used to parse unix:// URI (or anything in the form of scheme:///path/to/something unless scheme === "file") which prevent the use of this function to get information about a unix socket URI. It is quite straigntforward to implement a parse_url() like function which is able to understand the URI.

  • the Dsn class requires a host and unix socket does not have one (it has a path). Some generalization might be needed here

  • the SocketStream class require a host and a port - none of them exist when dealing with a unix domain socket.

Example

Consider this socat tunnel :

socat \
  UNIX-LISTEN:/var/run/mail-socket,user=mail,group=mail,mode=700 \
  OPENSSL:mail.example.com:625,method=TLS1.2,verify=1,cert=/root/cert.pem,cafile=/root/ca.pem

When run as root, this tunnel connects a TLS 1.2 server (with server and client verification ; both the cert and the ca are only readable by root:root) to a unix socket which is only accessible to user mail from group mail.

Using such construct allows an administrator to easily identify and control who is sending a specific mail while still maintaining the security of his platform.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions