2019-11-07 17:49:26 +01:00
|
|
|
"""
|
2019-11-08 11:05:34 +01:00
|
|
|
Handle the email *forward* and *reply*. phase. There are 3 actors:
|
2019-11-07 17:49:26 +01:00
|
|
|
- website: who sends emails to alias@sl.co address
|
|
|
|
- SL email handler (this script)
|
2019-11-08 11:05:34 +01:00
|
|
|
- user personal email: to be protected. Should never leak to website.
|
2019-11-07 17:49:26 +01:00
|
|
|
|
|
|
|
This script makes sure that in the forward phase, the email that is forwarded to user personal email has the following
|
|
|
|
envelope and header fields:
|
|
|
|
Envelope:
|
2019-11-21 13:42:48 +01:00
|
|
|
mail from: @website
|
2019-11-08 11:05:34 +01:00
|
|
|
rcpt to: @personal_email
|
2019-11-07 17:49:26 +01:00
|
|
|
Header:
|
|
|
|
From: @website
|
2019-11-08 11:05:34 +01:00
|
|
|
To: alias@sl.co # so user knows this email is sent to alias
|
|
|
|
Reply-to: special@sl.co # magic HERE
|
2019-11-07 17:49:26 +01:00
|
|
|
|
|
|
|
And in the reply phase:
|
|
|
|
Envelope:
|
2019-11-21 13:42:48 +01:00
|
|
|
mail from: @website
|
2019-11-07 17:49:26 +01:00
|
|
|
rcpt to: @website
|
|
|
|
|
|
|
|
Header:
|
2019-11-08 11:05:34 +01:00
|
|
|
From: alias@sl.co # so for website the email comes from alias. magic HERE
|
2019-11-07 17:49:26 +01:00
|
|
|
To: @website
|
|
|
|
|
|
|
|
The special@sl.co allows to hide user personal email when user clicks "Reply" to the forwarded email.
|
|
|
|
It should contain the following info:
|
|
|
|
- alias
|
|
|
|
- @website
|
|
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
import time
|
2020-03-15 22:29:53 +01:00
|
|
|
import uuid
|
2020-03-08 23:07:23 +01:00
|
|
|
from email import encoders
|
2020-01-04 10:25:19 +01:00
|
|
|
from email.message import Message
|
2020-03-08 23:07:23 +01:00
|
|
|
from email.mime.application import MIMEApplication
|
|
|
|
from email.mime.multipart import MIMEMultipart
|
2019-11-07 17:49:26 +01:00
|
|
|
from email.parser import Parser
|
2019-11-18 14:14:01 +01:00
|
|
|
from email.policy import SMTPUTF8
|
2020-03-15 22:29:53 +01:00
|
|
|
from email.utils import parseaddr, formataddr
|
2020-03-14 16:34:23 +01:00
|
|
|
from io import BytesIO
|
2019-11-07 17:49:26 +01:00
|
|
|
from smtplib import SMTP
|
2020-02-19 16:15:27 +01:00
|
|
|
from typing import Optional
|
2019-11-07 17:49:26 +01:00
|
|
|
|
|
|
|
from aiosmtpd.controller import Controller
|
|
|
|
|
2020-03-14 16:34:23 +01:00
|
|
|
from app import pgp_utils, s3
|
2020-02-15 11:04:22 +01:00
|
|
|
from app.config import (
|
|
|
|
EMAIL_DOMAIN,
|
|
|
|
POSTFIX_SERVER,
|
|
|
|
URL,
|
|
|
|
ALIAS_DOMAINS,
|
2020-03-03 10:48:55 +01:00
|
|
|
POSTFIX_SUBMISSION_TLS,
|
2020-02-15 11:04:22 +01:00
|
|
|
)
|
2019-12-17 17:48:06 +01:00
|
|
|
from app.email_utils import (
|
|
|
|
send_email,
|
|
|
|
add_dkim_signature,
|
2019-12-30 18:26:07 +01:00
|
|
|
get_email_domain_part,
|
2020-01-07 19:50:36 +01:00
|
|
|
add_or_replace_header,
|
|
|
|
delete_header,
|
2020-01-16 22:06:36 +01:00
|
|
|
send_cannot_create_directory_alias,
|
|
|
|
send_cannot_create_domain_alias,
|
2020-01-22 10:22:59 +01:00
|
|
|
email_belongs_to_alias_domains,
|
2020-02-11 16:46:53 +01:00
|
|
|
render,
|
2020-03-14 16:34:23 +01:00
|
|
|
get_orig_message_from_bounce,
|
2020-03-14 22:24:02 +01:00
|
|
|
delete_all_headers_except,
|
2020-01-07 19:50:36 +01:00
|
|
|
)
|
2019-11-07 17:49:26 +01:00
|
|
|
from app.extensions import db
|
|
|
|
from app.log import LOG
|
2020-01-30 08:43:31 +01:00
|
|
|
from app.models import (
|
2020-03-17 11:51:40 +01:00
|
|
|
Alias,
|
2020-03-17 10:56:59 +01:00
|
|
|
Contact,
|
2020-03-17 11:10:50 +01:00
|
|
|
EmailLog,
|
2020-01-30 08:43:31 +01:00
|
|
|
CustomDomain,
|
|
|
|
Directory,
|
|
|
|
User,
|
2020-02-14 04:52:18 +01:00
|
|
|
DeletedAlias,
|
2020-03-14 16:34:23 +01:00
|
|
|
RefusedEmail,
|
2020-01-30 08:43:31 +01:00
|
|
|
)
|
2019-12-15 17:04:46 +01:00
|
|
|
from app.utils import random_string
|
2019-11-08 09:11:01 +01:00
|
|
|
from server import create_app
|
2019-11-07 17:49:26 +01:00
|
|
|
|
|
|
|
|
2019-12-12 17:27:31 +01:00
|
|
|
# fix the database connection leak issue
|
|
|
|
# use this method instead of create_app
|
|
|
|
def new_app():
|
|
|
|
app = create_app()
|
|
|
|
|
|
|
|
@app.teardown_appcontext
|
|
|
|
def shutdown_session(response_or_exc):
|
|
|
|
# same as shutdown_session() in flask-sqlalchemy but this is not enough
|
|
|
|
db.session.remove()
|
|
|
|
|
|
|
|
# dispose the engine too
|
|
|
|
db.engine.dispose()
|
|
|
|
|
|
|
|
return app
|
|
|
|
|
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
def try_auto_create(address: str) -> Optional[Alias]:
|
2020-02-19 16:15:27 +01:00
|
|
|
"""Try to auto-create the alias using directory or catch-all domain
|
|
|
|
"""
|
2020-03-17 11:51:40 +01:00
|
|
|
alias = try_auto_create_catch_all_domain(address)
|
|
|
|
if not alias:
|
|
|
|
alias = try_auto_create_directory(address)
|
2020-02-20 09:36:02 +01:00
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
return alias
|
2020-02-20 09:36:02 +01:00
|
|
|
|
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
def try_auto_create_directory(address: str) -> Optional[Alias]:
|
2020-02-20 09:36:02 +01:00
|
|
|
"""
|
|
|
|
Try to create an alias with directory
|
|
|
|
"""
|
2020-02-19 16:15:27 +01:00
|
|
|
# check if alias belongs to a directory, ie having directory/anything@EMAIL_DOMAIN format
|
2020-03-17 11:51:40 +01:00
|
|
|
if email_belongs_to_alias_domains(address):
|
2020-02-19 16:15:27 +01:00
|
|
|
# if there's no directory separator in the alias, no way to auto-create it
|
2020-03-17 11:51:40 +01:00
|
|
|
if "/" not in address and "+" not in address and "#" not in address:
|
2020-02-19 16:15:27 +01:00
|
|
|
return None
|
|
|
|
|
|
|
|
# alias contains one of the 3 special directory separator: "/", "+" or "#"
|
2020-03-17 11:51:40 +01:00
|
|
|
if "/" in address:
|
2020-02-19 16:15:27 +01:00
|
|
|
sep = "/"
|
2020-03-17 11:51:40 +01:00
|
|
|
elif "+" in address:
|
2020-02-19 16:15:27 +01:00
|
|
|
sep = "+"
|
|
|
|
else:
|
|
|
|
sep = "#"
|
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
directory_name = address[: address.find(sep)]
|
2020-02-19 16:15:27 +01:00
|
|
|
LOG.d("directory_name %s", directory_name)
|
|
|
|
|
|
|
|
directory = Directory.get_by(name=directory_name)
|
|
|
|
if not directory:
|
|
|
|
return None
|
|
|
|
|
|
|
|
dir_user: User = directory.user
|
|
|
|
|
|
|
|
if not dir_user.can_create_new_alias():
|
2020-03-17 11:51:40 +01:00
|
|
|
send_cannot_create_directory_alias(dir_user, address, directory_name)
|
2020-02-19 16:15:27 +01:00
|
|
|
return None
|
|
|
|
|
|
|
|
# if alias has been deleted before, do not auto-create it
|
2020-03-17 11:51:40 +01:00
|
|
|
if DeletedAlias.get_by(email=address, user_id=directory.user_id):
|
2020-02-22 15:49:19 +01:00
|
|
|
LOG.warning(
|
2020-02-19 16:15:27 +01:00
|
|
|
"Alias %s was deleted before, cannot auto-create using directory %s, user %s",
|
2020-03-17 11:51:40 +01:00
|
|
|
address,
|
2020-02-19 16:15:27 +01:00
|
|
|
directory_name,
|
|
|
|
dir_user,
|
|
|
|
)
|
|
|
|
return None
|
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
LOG.d("create alias %s for directory %s", address, directory)
|
2020-02-19 16:15:27 +01:00
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
alias = Alias.create(
|
|
|
|
email=address,
|
2020-03-05 17:03:07 +01:00
|
|
|
user_id=directory.user_id,
|
|
|
|
directory_id=directory.id,
|
|
|
|
mailbox_id=dir_user.default_mailbox_id,
|
2020-02-19 16:15:27 +01:00
|
|
|
)
|
|
|
|
db.session.commit()
|
2020-03-17 11:51:40 +01:00
|
|
|
return alias
|
2020-02-19 16:15:27 +01:00
|
|
|
|
2020-02-20 09:36:02 +01:00
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
def try_auto_create_catch_all_domain(address: str) -> Optional[Alias]:
|
2020-02-20 09:36:02 +01:00
|
|
|
"""Try to create an alias with catch-all domain"""
|
|
|
|
|
2020-02-19 16:15:27 +01:00
|
|
|
# try to create alias on-the-fly with custom-domain catch-all feature
|
|
|
|
# check if alias is custom-domain alias and if the custom-domain has catch-all enabled
|
2020-03-17 11:51:40 +01:00
|
|
|
alias_domain = get_email_domain_part(address)
|
2020-02-19 16:15:27 +01:00
|
|
|
custom_domain = CustomDomain.get_by(domain=alias_domain)
|
|
|
|
|
2020-02-20 09:36:02 +01:00
|
|
|
if not custom_domain:
|
|
|
|
return None
|
|
|
|
|
|
|
|
# custom_domain exists
|
|
|
|
if not custom_domain.catch_all:
|
2020-02-19 16:15:27 +01:00
|
|
|
return None
|
|
|
|
|
|
|
|
# custom_domain has catch-all enabled
|
|
|
|
domain_user: User = custom_domain.user
|
|
|
|
|
|
|
|
if not domain_user.can_create_new_alias():
|
2020-03-17 11:51:40 +01:00
|
|
|
send_cannot_create_domain_alias(domain_user, address, alias_domain)
|
2020-02-19 16:15:27 +01:00
|
|
|
return None
|
|
|
|
|
|
|
|
# if alias has been deleted before, do not auto-create it
|
2020-03-17 11:51:40 +01:00
|
|
|
if DeletedAlias.get_by(email=address, user_id=custom_domain.user_id):
|
2020-02-22 15:49:19 +01:00
|
|
|
LOG.warning(
|
2020-02-19 16:15:27 +01:00
|
|
|
"Alias %s was deleted before, cannot auto-create using domain catch-all %s, user %s",
|
2020-03-17 11:51:40 +01:00
|
|
|
address,
|
2020-02-19 16:15:27 +01:00
|
|
|
custom_domain,
|
|
|
|
domain_user,
|
|
|
|
)
|
|
|
|
return None
|
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
LOG.d("create alias %s for domain %s", address, custom_domain)
|
2020-02-19 16:15:27 +01:00
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
alias = Alias.create(
|
|
|
|
email=address,
|
2020-02-19 16:15:27 +01:00
|
|
|
user_id=custom_domain.user_id,
|
|
|
|
custom_domain_id=custom_domain.id,
|
|
|
|
automatic_creation=True,
|
2020-03-05 17:03:07 +01:00
|
|
|
mailbox_id=domain_user.default_mailbox_id,
|
2020-02-19 16:15:27 +01:00
|
|
|
)
|
2020-03-05 17:03:07 +01:00
|
|
|
|
2020-02-19 16:15:27 +01:00
|
|
|
db.session.commit()
|
2020-03-17 11:51:40 +01:00
|
|
|
return alias
|
2020-02-19 16:15:27 +01:00
|
|
|
|
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
def get_or_create_contact(website_from_header: str, alias: Alias) -> Contact:
|
2020-02-19 16:49:40 +01:00
|
|
|
"""
|
|
|
|
website_from_header can be the full-form email, i.e. "First Last <email@example.com>"
|
|
|
|
"""
|
2020-03-15 22:32:48 +01:00
|
|
|
_, website_email = parseaddr(website_from_header)
|
2020-03-17 12:01:18 +01:00
|
|
|
contact = Contact.get_by(alias_id=alias.id, website_email=website_email)
|
2020-03-17 10:56:59 +01:00
|
|
|
if contact:
|
2020-02-19 16:49:40 +01:00
|
|
|
# update the website_from if needed
|
2020-03-17 10:56:59 +01:00
|
|
|
if contact.website_from != website_from_header:
|
|
|
|
LOG.d("Update From header for %s", contact)
|
|
|
|
contact.website_from = website_from_header
|
2020-02-19 16:17:13 +01:00
|
|
|
db.session.commit()
|
|
|
|
else:
|
|
|
|
LOG.debug(
|
|
|
|
"create forward email for alias %s and website email %s",
|
2020-03-17 11:51:40 +01:00
|
|
|
alias,
|
2020-02-19 16:49:40 +01:00
|
|
|
website_from_header,
|
2020-02-19 16:17:13 +01:00
|
|
|
)
|
2020-02-19 15:50:38 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
# generate a reply_email, make sure it is unique
|
2020-02-19 16:49:40 +01:00
|
|
|
# not use while loop to avoid infinite loop
|
|
|
|
reply_email = f"reply+{random_string(30)}@{EMAIL_DOMAIN}"
|
2020-02-19 16:17:13 +01:00
|
|
|
for _ in range(1000):
|
2020-03-17 10:56:59 +01:00
|
|
|
if not Contact.get_by(reply_email=reply_email):
|
2020-02-19 16:49:40 +01:00
|
|
|
# found!
|
2020-02-19 16:17:13 +01:00
|
|
|
break
|
2020-02-19 16:49:40 +01:00
|
|
|
reply_email = f"reply+{random_string(30)}@{EMAIL_DOMAIN}"
|
2020-02-19 16:17:13 +01:00
|
|
|
|
2020-03-17 10:56:59 +01:00
|
|
|
contact = Contact.create(
|
2020-03-17 12:01:18 +01:00
|
|
|
alias_id=alias.id,
|
2020-02-19 16:17:13 +01:00
|
|
|
website_email=website_email,
|
2020-02-19 16:49:40 +01:00
|
|
|
website_from=website_from_header,
|
2020-02-19 16:17:13 +01:00
|
|
|
reply_email=reply_email,
|
|
|
|
)
|
|
|
|
db.session.commit()
|
2020-02-19 15:50:38 +01:00
|
|
|
|
2020-03-17 10:56:59 +01:00
|
|
|
return contact
|
2020-02-19 16:49:40 +01:00
|
|
|
|
|
|
|
|
2020-03-05 21:13:36 +01:00
|
|
|
def should_append_alias(msg, alias):
|
|
|
|
"""whether an alias should be appened to TO header in message"""
|
|
|
|
|
|
|
|
if msg["To"] and alias in msg["To"]:
|
|
|
|
return False
|
|
|
|
if msg["Cc"] and alias in msg["Cc"]:
|
|
|
|
return False
|
|
|
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
2020-03-08 23:07:23 +01:00
|
|
|
def prepare_pgp_message(orig_msg: Message, pgp_fingerprint: str):
|
|
|
|
msg = MIMEMultipart("encrypted", protocol="application/pgp-encrypted")
|
|
|
|
|
|
|
|
# copy all headers from original message except the "Content-Type"
|
|
|
|
for i in reversed(range(len(orig_msg._headers))):
|
|
|
|
header_name = orig_msg._headers[i][0].lower()
|
|
|
|
if header_name != "Content-Type".lower():
|
|
|
|
msg[header_name] = orig_msg._headers[i][1]
|
|
|
|
|
2020-03-14 22:24:02 +01:00
|
|
|
# Delete unnecessary headers in orig_msg except to save space
|
|
|
|
delete_all_headers_except(
|
|
|
|
orig_msg,
|
|
|
|
[
|
|
|
|
"MIME-Version",
|
|
|
|
"Content-Type",
|
|
|
|
"Content-Disposition",
|
|
|
|
"Content-Transfer-Encoding",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2020-03-08 23:07:23 +01:00
|
|
|
first = MIMEApplication(
|
|
|
|
_subtype="pgp-encrypted", _encoder=encoders.encode_7or8bit, _data=""
|
|
|
|
)
|
|
|
|
first.set_payload("Version: 1")
|
|
|
|
msg.attach(first)
|
|
|
|
|
|
|
|
second = MIMEApplication("octet-stream", _encoder=encoders.encode_7or8bit)
|
|
|
|
second.add_header("Content-Disposition", "inline")
|
|
|
|
# encrypt original message
|
|
|
|
encrypted_data = pgp_utils.encrypt(orig_msg.as_string(), pgp_fingerprint)
|
|
|
|
second.set_payload(encrypted_data)
|
|
|
|
msg.attach(second)
|
|
|
|
|
|
|
|
return msg
|
|
|
|
|
|
|
|
|
2020-02-19 16:49:40 +01:00
|
|
|
def handle_forward(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> str:
|
|
|
|
"""return *status_code message*"""
|
|
|
|
alias = rcpt_to.lower() # alias@SL
|
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
alias = Alias.get_by(email=alias)
|
|
|
|
if not alias:
|
2020-02-19 16:49:40 +01:00
|
|
|
LOG.d("alias %s not exist. Try to see if it can be created on the fly", alias)
|
2020-03-17 11:51:40 +01:00
|
|
|
alias = try_auto_create(alias)
|
|
|
|
if not alias:
|
2020-02-19 16:49:40 +01:00
|
|
|
LOG.d("alias %s cannot be created on-the-fly, return 510", alias)
|
|
|
|
return "510 Email not exist"
|
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
mailbox = alias.mailbox
|
2020-03-08 23:07:23 +01:00
|
|
|
mailbox_email = mailbox.email
|
|
|
|
|
|
|
|
# create PGP email if needed
|
|
|
|
if mailbox.pgp_finger_print:
|
|
|
|
LOG.d("Encrypt message using mailbox %s", mailbox)
|
|
|
|
msg = prepare_pgp_message(msg, mailbox.pgp_finger_print)
|
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
contact = get_or_create_contact(msg["From"], alias)
|
2020-03-17 11:10:50 +01:00
|
|
|
forward_log = EmailLog.create(contact_id=contact.id)
|
2020-02-19 15:50:38 +01:00
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
if alias.enabled:
|
2020-02-19 16:17:13 +01:00
|
|
|
# add custom header
|
|
|
|
add_or_replace_header(msg, "X-SimpleLogin-Type", "Forward")
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-03-13 10:34:02 +01:00
|
|
|
# remove reply-to & sender header if present
|
2020-02-19 16:17:13 +01:00
|
|
|
delete_header(msg, "Reply-To")
|
2020-03-13 10:34:02 +01:00
|
|
|
delete_header(msg, "Sender")
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
# change the from header so the sender comes from @SL
|
|
|
|
# so it can pass DMARC check
|
|
|
|
# replace the email part in from: header
|
2020-02-19 16:49:40 +01:00
|
|
|
website_from_header = msg["From"]
|
2020-03-15 22:29:53 +01:00
|
|
|
website_name, website_email = parseaddr(website_from_header)
|
|
|
|
new_website_name = (
|
|
|
|
website_name
|
|
|
|
+ (" - " if website_name else "")
|
2020-02-19 16:17:13 +01:00
|
|
|
+ website_email.replace("@", " at ")
|
|
|
|
)
|
2020-03-17 10:56:59 +01:00
|
|
|
from_header = formataddr((new_website_name, contact.reply_email))
|
2020-03-10 09:56:47 +01:00
|
|
|
add_or_replace_header(msg, "From", from_header)
|
2020-02-19 16:17:13 +01:00
|
|
|
LOG.d("new from header:%s", from_header)
|
2019-11-21 13:58:06 +01:00
|
|
|
|
2020-03-05 21:13:36 +01:00
|
|
|
# append alias into the TO header if it's not present in To or CC
|
|
|
|
if should_append_alias(msg, alias):
|
|
|
|
LOG.d("append alias %s to TO header %s", alias, msg["To"])
|
|
|
|
if msg["To"]:
|
|
|
|
to_header = msg["To"] + "," + alias
|
|
|
|
else:
|
|
|
|
to_header = alias
|
|
|
|
|
2020-03-10 09:56:47 +01:00
|
|
|
add_or_replace_header(msg, "To", to_header)
|
2020-03-05 21:13:36 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
# add List-Unsubscribe header
|
2020-03-17 11:51:40 +01:00
|
|
|
unsubscribe_link = f"{URL}/dashboard/unsubscribe/{alias.id}"
|
2020-02-19 16:17:13 +01:00
|
|
|
add_or_replace_header(msg, "List-Unsubscribe", f"<{unsubscribe_link}>")
|
|
|
|
add_or_replace_header(
|
|
|
|
msg, "List-Unsubscribe-Post", "List-Unsubscribe=One-Click"
|
|
|
|
)
|
|
|
|
|
|
|
|
add_dkim_signature(msg, EMAIL_DOMAIN)
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
LOG.d(
|
|
|
|
"Forward mail from %s to %s, mail_options %s, rcpt_options %s ",
|
|
|
|
website_email,
|
|
|
|
mailbox_email,
|
|
|
|
envelope.mail_options,
|
|
|
|
envelope.rcpt_options,
|
2019-11-19 10:23:06 +01:00
|
|
|
)
|
2019-12-15 10:18:33 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
# smtp.send_message has UnicodeEncodeErroremail issue
|
|
|
|
# encode message raw directly instead
|
|
|
|
msg_raw = msg.as_string().encode()
|
|
|
|
smtp.sendmail(
|
2020-03-17 10:56:59 +01:00
|
|
|
contact.reply_email,
|
2020-02-19 16:17:13 +01:00
|
|
|
mailbox_email,
|
|
|
|
msg_raw,
|
|
|
|
envelope.mail_options,
|
|
|
|
envelope.rcpt_options,
|
|
|
|
)
|
|
|
|
else:
|
2020-03-17 11:51:40 +01:00
|
|
|
LOG.d("%s is disabled, do not forward", alias)
|
2020-02-19 16:17:13 +01:00
|
|
|
forward_log.blocked = True
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
db.session.commit()
|
|
|
|
return "250 Message accepted for delivery"
|
2019-11-19 10:23:06 +01:00
|
|
|
|
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> str:
|
|
|
|
reply_email = rcpt_to.lower()
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
# reply_email must end with EMAIL_DOMAIN
|
|
|
|
if not reply_email.endswith(EMAIL_DOMAIN):
|
|
|
|
LOG.warning(f"Reply email {reply_email} has wrong domain")
|
|
|
|
return "550 wrong reply email"
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-03-17 10:56:59 +01:00
|
|
|
contact = Contact.get_by(reply_email=reply_email)
|
|
|
|
if not contact:
|
2020-02-19 16:17:13 +01:00
|
|
|
LOG.warning(f"No such forward-email with {reply_email} as reply-email")
|
|
|
|
return "550 wrong reply email"
|
2019-12-18 17:07:20 +01:00
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
address: str = contact.alias.email
|
|
|
|
alias_domain = address[address.find("@") + 1 :]
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
# alias must end with one of the ALIAS_DOMAINS or custom-domain
|
2020-03-17 11:51:40 +01:00
|
|
|
if not email_belongs_to_alias_domains(address):
|
2020-02-19 16:17:13 +01:00
|
|
|
if not CustomDomain.get_by(domain=alias_domain):
|
|
|
|
return "550 alias unknown by SimpleLogin"
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
alias = contact.alias
|
|
|
|
user = alias.user
|
|
|
|
mailbox_email = alias.mailbox_email()
|
2020-02-19 16:17:13 +01:00
|
|
|
|
|
|
|
# bounce email initiated by Postfix
|
|
|
|
# can happen in case emails cannot be delivered to user-email
|
|
|
|
# in this case Postfix will try to send a bounce report to original sender, which is
|
|
|
|
# the "reply email"
|
|
|
|
if envelope.mail_from == "<>":
|
2020-03-14 16:34:23 +01:00
|
|
|
LOG.error(
|
|
|
|
"Bounce when sending to alias %s from %s, user %s",
|
2020-03-17 11:51:40 +01:00
|
|
|
address,
|
2020-03-17 10:56:59 +01:00
|
|
|
contact.website_from,
|
2020-03-17 11:51:40 +01:00
|
|
|
alias.user,
|
2020-03-14 16:34:23 +01:00
|
|
|
)
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
handle_bounce(address, envelope, contact, alias, msg, smtp, user, mailbox_email)
|
2020-02-19 16:17:13 +01:00
|
|
|
return "550 ignored"
|
|
|
|
|
|
|
|
# only mailbox can send email to the reply-email
|
|
|
|
if envelope.mail_from.lower() != mailbox_email.lower():
|
|
|
|
LOG.warning(
|
|
|
|
f"Reply email can only be used by user email. Actual mail_from: %s. msg from header: %s, User email %s. reply_email %s",
|
|
|
|
envelope.mail_from,
|
|
|
|
msg["From"],
|
|
|
|
mailbox_email,
|
|
|
|
reply_email,
|
|
|
|
)
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
user = alias.user
|
2020-02-19 16:17:13 +01:00
|
|
|
send_email(
|
|
|
|
mailbox_email,
|
2020-03-17 11:51:40 +01:00
|
|
|
f"Reply from your alias {address} only works from your mailbox",
|
2020-02-19 16:17:13 +01:00
|
|
|
render(
|
|
|
|
"transactional/reply-must-use-personal-email.txt",
|
|
|
|
name=user.name,
|
2020-03-17 11:51:40 +01:00
|
|
|
alias=address,
|
2020-02-19 16:17:13 +01:00
|
|
|
sender=envelope.mail_from,
|
|
|
|
mailbox_email=mailbox_email,
|
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/reply-must-use-personal-email.html",
|
|
|
|
name=user.name,
|
2020-03-17 11:51:40 +01:00
|
|
|
alias=address,
|
2020-02-19 16:17:13 +01:00
|
|
|
sender=envelope.mail_from,
|
|
|
|
mailbox_email=mailbox_email,
|
|
|
|
),
|
|
|
|
)
|
2019-11-30 20:34:52 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
# Notify sender that they cannot send emails to this address
|
|
|
|
send_email(
|
|
|
|
envelope.mail_from,
|
|
|
|
f"Your email ({envelope.mail_from}) is not allowed to send emails to {reply_email}",
|
|
|
|
render(
|
|
|
|
"transactional/send-from-alias-from-unknown-sender.txt",
|
|
|
|
sender=envelope.mail_from,
|
|
|
|
reply_email=reply_email,
|
|
|
|
),
|
|
|
|
"",
|
|
|
|
)
|
2020-02-02 12:53:26 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
return "550 ignored"
|
2020-01-22 10:22:59 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
delete_header(msg, "DKIM-Signature")
|
2019-12-25 18:23:43 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
# the email comes from alias
|
2020-03-17 11:51:40 +01:00
|
|
|
add_or_replace_header(msg, "From", address)
|
2020-02-10 17:24:14 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
# some email providers like ProtonMail adds automatically the Reply-To field
|
|
|
|
# make sure to delete it
|
|
|
|
delete_header(msg, "Reply-To")
|
2019-12-15 17:04:46 +01:00
|
|
|
|
2020-03-13 10:34:02 +01:00
|
|
|
# remove sender header if present as this could reveal user real email
|
|
|
|
delete_header(msg, "Sender")
|
|
|
|
|
2020-03-17 10:56:59 +01:00
|
|
|
add_or_replace_header(msg, "To", contact.website_email)
|
2020-01-22 23:18:27 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
# add List-Unsubscribe header
|
2020-03-17 12:01:18 +01:00
|
|
|
unsubscribe_link = f"{URL}/dashboard/unsubscribe/{contact.alias_id}"
|
2020-02-19 16:17:13 +01:00
|
|
|
add_or_replace_header(msg, "List-Unsubscribe", f"<{unsubscribe_link}>")
|
|
|
|
add_or_replace_header(msg, "List-Unsubscribe-Post", "List-Unsubscribe=One-Click")
|
2019-12-15 17:04:46 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
# Received-SPF is injected by postfix-policyd-spf-python can reveal user original email
|
|
|
|
delete_header(msg, "Received-SPF")
|
2019-12-15 15:50:04 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
LOG.d(
|
|
|
|
"send email from %s to %s, mail_options:%s,rcpt_options:%s",
|
2020-03-17 11:51:40 +01:00
|
|
|
address,
|
2020-03-17 10:56:59 +01:00
|
|
|
contact.website_email,
|
2020-02-19 16:17:13 +01:00
|
|
|
envelope.mail_options,
|
|
|
|
envelope.rcpt_options,
|
|
|
|
)
|
2019-12-17 17:48:06 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
if alias_domain in ALIAS_DOMAINS:
|
|
|
|
add_dkim_signature(msg, alias_domain)
|
|
|
|
# add DKIM-Signature for custom-domain alias
|
|
|
|
else:
|
|
|
|
custom_domain: CustomDomain = CustomDomain.get_by(domain=alias_domain)
|
|
|
|
if custom_domain.dkim_verified:
|
|
|
|
add_dkim_signature(msg, alias_domain)
|
2020-01-07 19:14:36 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
msg_raw = msg.as_string().encode()
|
|
|
|
smtp.sendmail(
|
2020-03-17 11:51:40 +01:00
|
|
|
address,
|
2020-03-17 10:56:59 +01:00
|
|
|
contact.website_email,
|
2020-02-19 16:17:13 +01:00
|
|
|
msg_raw,
|
|
|
|
envelope.mail_options,
|
|
|
|
envelope.rcpt_options,
|
|
|
|
)
|
2020-01-07 19:14:36 +01:00
|
|
|
|
2020-03-17 11:10:50 +01:00
|
|
|
EmailLog.create(contact_id=contact.id, is_reply=True)
|
2020-02-19 16:17:13 +01:00
|
|
|
db.session.commit()
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
return "250 Message accepted for delivery"
|
2019-11-20 18:52:49 +01:00
|
|
|
|
2020-01-08 12:44:29 +01:00
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
def handle_bounce(address, envelope, contact, alias, msg, smtp, user, mailbox_email):
|
2020-03-17 11:10:50 +01:00
|
|
|
fel: EmailLog = EmailLog.create(contact_id=contact.id, bounced=True)
|
2020-02-22 14:57:19 +01:00
|
|
|
db.session.commit()
|
|
|
|
|
2020-03-17 11:10:50 +01:00
|
|
|
nb_bounced = EmailLog.filter_by(contact_id=contact.id, bounced=True).count()
|
2020-03-17 11:51:40 +01:00
|
|
|
disable_alias_link = f"{URL}/dashboard/unsubscribe/{alias.id}"
|
2020-02-22 14:57:19 +01:00
|
|
|
|
2020-03-14 16:34:23 +01:00
|
|
|
# Store the bounced email
|
2020-03-15 18:39:59 +01:00
|
|
|
orig_msg = get_orig_message_from_bounce(msg)
|
|
|
|
# generate a name for the email
|
|
|
|
random_name = str(uuid.uuid4())
|
2020-03-14 16:34:23 +01:00
|
|
|
|
|
|
|
full_report_path = f"refused-emails/full-{random_name}.eml"
|
2020-03-15 18:39:59 +01:00
|
|
|
s3.upload_email_from_bytesio(full_report_path, BytesIO(msg.as_bytes()), random_name)
|
2020-03-14 16:34:23 +01:00
|
|
|
|
|
|
|
file_path = f"refused-emails/{random_name}.eml"
|
2020-03-15 18:39:59 +01:00
|
|
|
s3.upload_email_from_bytesio(file_path, BytesIO(orig_msg.as_bytes()), random_name)
|
2020-03-14 16:34:23 +01:00
|
|
|
|
|
|
|
refused_email = RefusedEmail.create(
|
|
|
|
path=file_path, full_report_path=full_report_path, user_id=user.id
|
|
|
|
)
|
|
|
|
db.session.flush()
|
|
|
|
|
|
|
|
fel.refused_email_id = refused_email.id
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
LOG.d("Create refused email %s", refused_email)
|
|
|
|
|
|
|
|
refused_email_url = (
|
|
|
|
URL + f"/dashboard/refused_email?highlight_fel_id=" + str(fel.id)
|
|
|
|
)
|
|
|
|
|
2020-02-22 14:57:19 +01:00
|
|
|
# inform user if this is the first bounced email
|
|
|
|
if nb_bounced == 1:
|
|
|
|
LOG.d(
|
|
|
|
"Inform user %s about bounced email sent by %s to alias %s",
|
|
|
|
user,
|
2020-03-17 10:56:59 +01:00
|
|
|
contact.website_from,
|
2020-03-17 11:51:40 +01:00
|
|
|
address,
|
2020-02-22 14:57:19 +01:00
|
|
|
)
|
|
|
|
send_email(
|
2020-03-15 12:15:11 +01:00
|
|
|
# use user mail here as only user is authenticated to see the refused email
|
|
|
|
user.email,
|
2020-03-17 11:51:40 +01:00
|
|
|
f"Email from {contact.website_from} to {address} cannot be delivered to your inbox",
|
2020-02-22 14:57:19 +01:00
|
|
|
render(
|
|
|
|
"transactional/bounced-email.txt",
|
|
|
|
name=user.name,
|
|
|
|
alias=alias,
|
2020-03-17 10:56:59 +01:00
|
|
|
website_from=contact.website_from,
|
|
|
|
website_email=contact.website_email,
|
2020-02-22 14:57:19 +01:00
|
|
|
disable_alias_link=disable_alias_link,
|
2020-03-14 16:34:23 +01:00
|
|
|
refused_email_url=refused_email_url,
|
2020-03-15 12:26:35 +01:00
|
|
|
mailbox_email=mailbox_email,
|
2020-02-22 14:57:19 +01:00
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/bounced-email.html",
|
|
|
|
name=user.name,
|
|
|
|
alias=alias,
|
2020-03-17 10:56:59 +01:00
|
|
|
website_from=contact.website_from,
|
|
|
|
website_email=contact.website_email,
|
2020-02-22 14:57:19 +01:00
|
|
|
disable_alias_link=disable_alias_link,
|
2020-03-14 16:34:23 +01:00
|
|
|
refused_email_url=refused_email_url,
|
2020-03-15 12:26:35 +01:00
|
|
|
mailbox_email=mailbox_email,
|
2020-02-22 14:57:19 +01:00
|
|
|
),
|
2020-03-14 16:34:23 +01:00
|
|
|
# cannot include bounce email as it can contain spammy text
|
|
|
|
# bounced_email=msg,
|
2020-02-22 14:57:19 +01:00
|
|
|
)
|
|
|
|
# disable the alias the second time email is bounced
|
|
|
|
elif nb_bounced >= 2:
|
|
|
|
LOG.d(
|
|
|
|
"Bounce happens again with alias %s from %s. Disable alias now ",
|
2020-03-17 11:51:40 +01:00
|
|
|
address,
|
2020-03-17 10:56:59 +01:00
|
|
|
contact.website_from,
|
2020-02-22 14:57:19 +01:00
|
|
|
)
|
2020-03-17 11:51:40 +01:00
|
|
|
alias.enabled = False
|
2020-02-22 14:57:19 +01:00
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
send_email(
|
2020-03-15 12:15:11 +01:00
|
|
|
# use user mail here as only user is authenticated to see the refused email
|
|
|
|
user.email,
|
2020-03-17 11:51:40 +01:00
|
|
|
f"Alias {address} has been disabled due to second undelivered email from {contact.website_from}",
|
2020-02-22 14:57:19 +01:00
|
|
|
render(
|
|
|
|
"transactional/automatic-disable-alias.txt",
|
|
|
|
name=user.name,
|
|
|
|
alias=alias,
|
2020-03-17 10:56:59 +01:00
|
|
|
website_from=contact.website_from,
|
|
|
|
website_email=contact.website_email,
|
2020-03-15 10:50:46 +01:00
|
|
|
refused_email_url=refused_email_url,
|
2020-03-15 12:26:35 +01:00
|
|
|
mailbox_email=mailbox_email,
|
2020-02-22 14:57:19 +01:00
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/automatic-disable-alias.html",
|
|
|
|
name=user.name,
|
|
|
|
alias=alias,
|
2020-03-17 10:56:59 +01:00
|
|
|
website_from=contact.website_from,
|
|
|
|
website_email=contact.website_email,
|
2020-03-15 10:50:46 +01:00
|
|
|
refused_email_url=refused_email_url,
|
2020-03-15 12:26:35 +01:00
|
|
|
mailbox_email=mailbox_email,
|
2020-02-22 14:57:19 +01:00
|
|
|
),
|
2020-03-15 10:50:46 +01:00
|
|
|
# cannot include bounce email as it can contain spammy text
|
|
|
|
# bounced_email=msg,
|
2020-02-22 14:57:19 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
class MailHandler:
|
|
|
|
async def handle_DATA(self, server, session, envelope):
|
|
|
|
LOG.debug(">>> New message <<<")
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
LOG.debug("Mail from %s", envelope.mail_from)
|
|
|
|
LOG.debug("Rcpt to %s", envelope.rcpt_tos)
|
|
|
|
message_data = envelope.content.decode("utf8", errors="replace")
|
2019-12-17 20:43:31 +01:00
|
|
|
|
2020-03-03 10:48:55 +01:00
|
|
|
if POSTFIX_SUBMISSION_TLS:
|
|
|
|
smtp = SMTP(POSTFIX_SERVER, 587)
|
|
|
|
smtp.starttls()
|
|
|
|
else:
|
|
|
|
smtp = SMTP(POSTFIX_SERVER, 25)
|
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
msg = Parser(policy=SMTPUTF8).parsestr(message_data)
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
for rcpt_to in envelope.rcpt_tos:
|
|
|
|
# Reply case
|
|
|
|
# recipient starts with "reply+" or "ra+" (ra=reverse-alias) prefix
|
|
|
|
if rcpt_to.startswith("reply+") or rcpt_to.startswith("ra+"):
|
|
|
|
LOG.debug("Reply phase")
|
|
|
|
app = new_app()
|
2019-11-16 17:07:59 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
with app.app_context():
|
|
|
|
return handle_reply(envelope, smtp, msg, rcpt_to)
|
|
|
|
else: # Forward case
|
|
|
|
LOG.debug("Forward phase")
|
|
|
|
app = new_app()
|
|
|
|
|
|
|
|
with app.app_context():
|
|
|
|
return handle_forward(envelope, smtp, msg, rcpt_to)
|
2019-11-07 17:49:26 +01:00
|
|
|
|
|
|
|
|
2019-11-08 07:55:29 +01:00
|
|
|
if __name__ == "__main__":
|
2019-11-08 09:11:01 +01:00
|
|
|
controller = Controller(MailHandler(), hostname="0.0.0.0", port=20381)
|
2019-11-07 17:49:26 +01:00
|
|
|
|
2019-11-08 07:55:29 +01:00
|
|
|
controller.start()
|
2019-11-08 11:05:34 +01:00
|
|
|
LOG.d("Start mail controller %s %s", controller.hostname, controller.port)
|
2019-11-07 17:49:26 +01:00
|
|
|
|
2019-11-08 07:55:29 +01:00
|
|
|
while True:
|
2019-12-09 22:09:28 +01:00
|
|
|
time.sleep(2)
|