README
¶
Blackmail is a Go package to send emails. It has an easy to use API and supports email signing without too much effort.
Current status: work-in-progress. Most of it works, but the API isn't stable yet and some things are not yet implemented as documented (specifically: signing and "direct" sending doesn't work yet, and some Mailer options don't either).
Why a new package? I didn't care much for the API of many of the existing solutions. I also wanted an email package which supports easy PGP signing out-of-the-box (see this article for some background on that).
Import the library as zgo.at/blackmail; godoc. There is also a smtp
client library at zgo.at/blackmail/smtp which can be used without the main
blackmail client if you want. It's a modified version of net/smtp (via
go-smtp, although I removed most added features from that).
There is a small commandline utility at cmd/blackmail; try it with go run ./cmd/blackmail.
The main use case where you just want to send off an email and be done with it. Non-goals include things like parsing email messages, support for encodings other than ASCII and UTF-8, or a one-stop-shop for your very specific complex requirements. It should be able to handle all common (and not-so-common) use cases though.
Example
// Send a new message using blackmail.DefaultMailer
err := blackmail.Send("Send me bitcoins or I will leak your browsing history!",
blackmail.From("", "blackmail@example.com"),
blackmail.To("Name", "victim@example.com"),
blackmail.Bodyf("I can haz ur bitcoinz?"))
// A more complex message with a text and HTML part and inline image.
err = blackmail.Send("I saw what you did last night 😏",
blackmail.From("😏", "blackmail@example.com"),
append(blackmail.To("Name", "victim@example.com"), blackmail.Cc("Other", "other@example.com")...),
blackmail.Text("Text part")
blackmail.HTML("HTML part: <img src="cid:blackmail:1">",
blackmail.InlineImage("image/png", "logo.png", imgbytes)))
// You can create your own (re-usable) mailer.
mailer := blackmail.NewMailer("smtp://user:pass@localhost:25")
err = mailer.Send([..])
// Add some options to your mailer.
mailer = blackmail.NewMailer("smtp://user:pass@localhost:25
blackmail.MailerAuth(..),
blackmail.MailerTLS(&tls.Config{}),
blackmail.RequireSTARTLS(true))
// Get RF5322 message with a list of recipients to send it to (To + Cc + Bcc).
msg, to := blackmail.Message([.. same arguments as Send() ..])
See the test cases in blackmail_test.go for various
other examples.
Supports signing out-of-the-box (this is not yet functional):
// Create a new signing key.
priv, pub, err := blackmail.SignCreateKeys()
// Convenience function to read keys from filesystem.
//priv, pub, err := blackmail.SignKeys("test.priv", "test.pub")
err := blackmail.Send("Subject!",
blackmail.From("My name", "myemail@example.com"),
blackmail.To("Name", "addr"),
blackmail.Bodyf("Well, hello there!"),
blackmail.Sign(priv, pub)
Note there is no support for PGP encryption (and never will be).
You can use the blackmail_no_sign build tag to exclude signing support and
avoid depending on golang.org/x/crypto if you want.
Questions you may have
Is this package stable?
Not quite; I might tweak the API a bit. For example I'm not 100% with how
passing options to the Mailer works, and this may get a backwards
incompatible change. I'll probably also change some of the smtp package.
Regular users will never understand all this OpenPGP signing stuff!
Setting up email clients to verify signatures is easy:
- Import public key from a trusted(ish) source, such as the applications website or "welcome to our service" email.
And that's it. Signing your own stuff, encryption, and key distribution from random strangers from the internet is hard, but this kind of trust-on-first-use model isn't too hard.
I suspect a lot of the opposition against any form of PGP comes from people
traumatised from the gpg CLI or other really hard PGP interfaces like
Enigmail. If you restrict yourself to just a subset then it's mostly okay.
I wrote a thing about this last year: Why isn’t Amazon.com signing their emails?.
But that gives a false sense of security!
There's always at least one person who says that, and I don't buy it. Does a cheap lock on your front door give you a "false sense of security" or does it make it harder for many people to break in to your house?
Even experts can struggle to determine if an email is genuine or a phising/scam attempt. Signing doesn't provide perfect protection against it, but it does improve on the current situation – a situation which has been unchanged for over 20 years. Perfect security guarantees don't exist, but this is better security.
There are perhaps better solutions – there is certainly space for a better signing protocol like minisign – but the infrastructure and support already exists for OpenPGP and it will be years before [something-else] will gain enough traction to be usable. For the time being, OpenPGP is what we're stuck with.
I get the error "tls: first record does not look like a TLS handshake"
You are attempting to establish a TLS connection to a server which doesn't
support TLS or only supports it via the STARTTLS command.
I get the error "x509: certificate signed by unknown authority"
The certificate chain used for the TLS connection is not signed by a known authority. It's a self-signed certificate or you don't have the root certificates installed.
How can I use a @ in my username?
Encode as %40:
smtp://carpetsmoker%40fastmail.nl:PASS@smtp.fastmail.com:587'
Dedication
I first had the idea of blackmail well over 10 years ago after seeing some Joe Armstrong interview where he mentioned he or a co-worker (I forgot) maintained an email client in the 80s blackmail. I rewrote my PHP "mailview" webmail client to Python years ago and called it blackmail, but never finished or released it.
Finally, after all these years I have a change to ~steal~ use the blackmail name for an email-related thing!
This package is dedicated to Joe Armstrong. I never programmed Erlang, but found many of his writings and talks insightful, and – more importantly – he was a funny guy.
…and now for the tricky bit…
Documentation
¶
Overview ¶
Package blackmail sends emails.
Index ¶
- Constants
- Variables
- func Attachment(contentType, filename string, body []byte) bodyPart
- func Bcc(addr ...string) []recipient
- func BccAddress(addr ...mail.Address) []recipient
- func BccNames(nameAddr ...string) []recipient
- func Body(contentType string, body []byte) bodyPart
- func BodyHTML(body []byte, images ...bodyPart) bodyPart
- func BodyMust(contentType string, fn func() ([]byte, error)) bodyPart
- func BodyMustHTML(fn func() ([]byte, error)) bodyPart
- func BodyMustText(fn func() ([]byte, error)) bodyPart
- func BodyText(body []byte) bodyPart
- func Bodyf(s string, args ...interface{}) bodyPart
- func Cc(addr ...string) []recipient
- func CcAddress(addr ...mail.Address) []recipient
- func CcNames(nameAddr ...string) []recipient
- func From(name, address string) mail.Address
- func Headers(keyValue ...string) bodyPart
- func HeadersAutoreply() bodyPart
- func InlineImage(contentType, filename string, body []byte) bodyPart
- func MailerAuth(v string) senderOpt
- func MailerOut(v io.Writer) senderOpt
- func MailerRequireTLS(v bool) senderOpt
- func MailerTLS(v *tls.Config) senderOpt
- func Message(subject string, from mail.Address, rcpt []recipient, firstPart bodyPart, ...) ([]byte, []string, error)
- func NopCloser(r io.Writer) io.WriteCloser
- func Send(subject string, from mail.Address, rcpt []recipient, firstPart bodyPart, ...) error
- func Sign(pubkey, privkey []byte, parts ...bodyPart) bodyPart
- func SignCreateKeys() ([]byte, []byte, error)
- func SignKeys(pubFile, privFile string) (pub, priv []byte, err error)
- func To(addr ...string) []recipient
- func ToAddress(addr ...mail.Address) []recipient
- func ToNames(nameAddr ...string) []recipient
- type Mailer
- type SoftError
Constants ¶
const ( ConnectWriter = "writer" // Write to an io.Writer. ConnectDirect = "direct" // Connect directly to MX records. )
const ( AuthLogin = "login" AuthPlain = "plain" AuthCramMD5 = "cram-md5" )
Authentication methods for MailerAuth().
Variables ¶
var DefaultMailer = NewMailer(ConnectDirect)
DefaultMailer is used with blackmail.Send().
Functions ¶
func Attachment ¶
Attachment returns a new attachment part with the given Content-Type.
It will try to guess the Content-Type if empty.
func BccAddress ¶
func BodyHTML ¶
func BodyHTML(body []byte, images ...bodyPart) bodyPart
BodyHTML returns a new text/html part.
func BodyMust ¶
BodyMust sets the body using a callback, propagating any errors back up.
This is useful when using Go templates for the mail body;
buf := new(bytes.Buffer)
err := tpl.ExecuteTemplate(buf, "email", struct{
Name string
}{"Martin"})
if err != nil {
log.Fatal(err)
}
err := Send("Basic test", From("", "me@example.com"),
To("to@to.to"),
Body("text/plain", buf.Bytes()))
With BodyMust(), it's simpler; you just need to define a little helper re-usable helper function and call that:
func template(tplname string, args interface{}) func() ([]byte, error) {
return func() ([]byte, error) {
buf := new(bytes.Buffer)
err := tpl.ExecuteTemplate(buf, tplname, args)
return buf.Bytes(), err
}
}
err := Send("Basic test", From("", "me@example.com"),
To("to@to.to"),
BodyMust("text/html", template("email", struct {
Name string
}{"Martin"})))
Other use cases include things like loading data from a file, reading from a stream, etc.
func BodyMustHTML ¶
BodyMustHTML is like BodyMust() with contentType text/html.
func BodyMustText ¶
BodyMustText is like BodyMust() with contentType text/plain.
func Bodyf ¶
func Bodyf(s string, args ...interface{}) bodyPart
Bodyf returns a new text/plain part.
func From ¶
From makes creating a mail.Address a bit more convenient.
mail.Address{Name: "foo, Address: "foo@example.com}
blackmail.From{"foo, "foo@example.com)
func Headers ¶
func Headers(keyValue ...string) bodyPart
Headers adds the headers to the message.
This will override any headers set automatically by the system, such as Date: or Message-Id:
Headers("My-Header", "value",
"Message-Id", "<my-message-id@example.com>")
func HeadersAutoreply ¶
func HeadersAutoreply() bodyPart
HeadersAutoreply sets headers to indicate this message is a an autoreply.
See e.g: https://www.arp242.net/autoreply.html#what-you-need-to-set-on-your-auto-response
func InlineImage ¶
InlineImage returns a new inline image part.
It will try to guess the Content-Type if empty.
Then use "cid:blackmail:<n>" to reference it:
<img src="cid:blackmail:1"> First InlineImage() <img src="cid:blackmail:2"> Second InlineImage()
func MailerAuth ¶
func MailerAuth(v string) senderOpt
MailerAuth sets the AUTH method for the relay mailer. Currently LOGIN, PLAIN, and CRAM-MD5 are supported.
In general, PLAIN is preferred and it's the default. Note that CRAM-MD5 only provides weak security over untrusted connections.
func MailerRequireTLS ¶
func MailerRequireTLS(v bool) senderOpt
MailerRequireTLS sets whether TLS is required.
func Message ¶
func Message(subject string, from mail.Address, rcpt []recipient, firstPart bodyPart, parts ...bodyPart) ([]byte, []string, error)
Message formats a message.
func Send ¶
func Send(subject string, from mail.Address, rcpt []recipient, firstPart bodyPart, parts ...bodyPart) error
Send an email using the DefaultMailer.
The arguments are identical to Message().
func Sign ¶
func Sign(pubkey, privkey []byte, parts ...bodyPart) bodyPart
Sign the message with the given PGP key.
func SignCreateKeys ¶
SignCreateKeys creates a new signing key.
$ gpg2 --no-default-keyring --keyring /tmp/test.gpg --batch --passphrase ” --quick-gen-key 'martin@arp242.net' gpg: keybox '/tmp/test.gpg' created gpg: key 6B4ED72ADCA0189C marked as ultimately trusted gpg: revocation certificate stored as '/home/martin/.config/gnupg/openpgp-revocs.d/B0D7F5E12D2E1FBB7F20CB256B4ED72ADCA0189C.rev'
$ gpg2 -a --no-default-keyring --keyring /tmp/test.gpg --export 6B4ED72ADCA0189C > test.pub $ gpg2 -a --no-default-keyring --keyring /tmp/test.gpg --export-secret-keys B0D7F5E12D2E1FBB7F20CB256B4ED72ADCA0189C > test.priv
$ gpg2 -a --no-keyring --detach-sign $ gpg2 -a --no-default-keyring --keyring /tmp/test.gpg --detach-sign < signed >! signature
$ gpg2 --no-default-keyring --keyring /tmp/test.gpg --verify ./signature ./signed gpg: Signature made Tue 26 May 2020 19:06:03 WITA gpg: using RSA key B0D7F5E12D2E1FBB7F20CB256B4ED72ADCA0189C gpg: Good signature from "martin@arp242.net" [ultimate]
gpg: Signature made Tue 26 May 2020 19:09:50 WITA gpg: using RSA key 6B4ED72ADCA0189C gpg: BAD signature from "martin@arp242.net" [ultimate]
public is gpg export w/p --armor $ gpg2 --no-default-keyring --keyring ./public --verify ./signature ./signed
https://gist.github.com/eliquious/9e96017f47d9bd43cdf9 https://github.com/jchavannes/go-pgp
Types ¶
type Mailer ¶
type Mailer struct {
// contains filtered or unexported fields
}
Mailer to send messages; use NewMailer() to construct a new instance.
func NewMailer ¶
NewMailer returns a new re-usable mailer.
Setting the connection string to blackmail.Writer will print all messages to stdout without sending them:
NewMailer(blackmail.Writer)
You can pass Mailer.Writer() as an option to send them somewhere else:
NewMailer(blackmail.Writer, blackmail.MailerOut(os.Stderr)) buf := new(bytes.Buffer) NewMailer(blackmail.Writer, blackmail.MailerOut(buf))
If the connection string is set to blackmail.Direct, blackmail will look up the MX records and attempt to deliver to them.
NewMailer(blackmail.Direct)
Any URL will be used as a SMTP relay:
NewMailer("smtps://foo:foo@mail.foo.com")
The default authentication is PLAIN; add MailerAuth() to set something different.
Source Files
Directories