Files
smtp-proxy/README.md
Alex Rennie-Lis 299aacd2a4 Initial commit
2026-05-01 10:09:51 +01:00

2.6 KiB

SMTP Protocol Bridge

A high-performance Node.js SMTP proxy designed to bridge legacy hardware and applications with modern, secure email providers.

The Problem

Many legacy devices (printers, scanners, older PLC controllers) and "end-of-life" software suites only support legacy SMTP standards. They often fail when communicating with modern providers due to:

  • Outdated TLS: Modern servers require TLS 1.2 or 1.3; legacy devices often top out at SSLv3 or TLS 1.0.
  • Certificate Chain Issues: Hardware often lacks the memory or firmware updates to store modern Root Certificate Authorities.
  • Authentication Mismatches: Inability to handle modern SASL mechanisms or specific encryption-first (Implicit SSL) requirements.

The Solution

This bridge acts as a local Protocol Translator:

Inbound: It accepts unauthenticated, plain-text SMTP connections on a local port.

Processing: It captures the envelope metadata and the raw RFC822 data stream.

Outbound: It establishes a modern, encrypted tunnel to a designated upstream provider and authenticates using modern standards.

Configuration

The bridge is configured entirely via environment variables.

RELAY_HOST
required

The address of the upstream SMTP server (e.g., smtp.gmail.com).

RELAY_PORT optional

The username for the upstream provider.

RELAY_PASS optional

The password or API key for the upstream provider.

SMTP_PORT optional

The port this proxy listens on locally. Defaults to 2525.

Execution

Local

export RELAY_HOST='your.provider.com'
export RELAY_PORT='465'
export RELAY_USER='user@example.com'
export RELAY_PASS='your-secure-password'
node index.js

This service is designed to run in a lightweight container.

# Dockerfile
FROM node:18-slim
WORKDIR /app
RUN npm install smtp-server nodemailer
COPY index.js .
EXPOSE 2525
CMD ["node", "index.js"]

Bash:

docker run -d \
  --name smtp-proxy \
  -p 25:2525 \
  -e RELAY_HOST='smtp.provider.com' \
  -e RELAY_PORT='465' \
  -e RELAY_USER='username' \
  -e RELAY_PASS='password' \
  --restart always \
  smtp-proxy

Client Configuration (legacy device)

Point your legacy hardware or software to this proxy using the following settings:

SMTP Server
The IP of the host running this bridge.

Port
The mapped port (e.g., 25).

Authentication
Disabled

Security/Encryption
Disabled (None/Plain).

Security Note

This proxy is an open relay for anyone with network access to it. Do not expose the SMTP_PORT to the public internet. Restrict access via firewall or run it on an isolated internal management VLAN.