2019-11-07 17:49:26 +01:00
|
|
|
"""
|
2019-11-08 11:05:34 +01:00
|
|
|
Handle the email *forward* and *reply*. phase. There are 3 actors:
|
2020-03-26 11:19:20 +01:00
|
|
|
- contact: who sends emails to alias@sl.co address
|
2019-11-07 17:49:26 +01:00
|
|
|
- SL email handler (this script)
|
2020-03-26 11:19:20 +01:00
|
|
|
- user personal email: to be protected. Should never leak to contact.
|
2019-11-07 17:49:26 +01:00
|
|
|
|
|
|
|
This script makes sure that in the forward phase, the email that is forwarded to user personal email has the following
|
|
|
|
envelope and header fields:
|
|
|
|
Envelope:
|
2020-03-26 11:19:20 +01:00
|
|
|
mail from: @contact
|
2019-11-08 11:05:34 +01:00
|
|
|
rcpt to: @personal_email
|
2019-11-07 17:49:26 +01:00
|
|
|
Header:
|
2020-03-26 11:19:20 +01:00
|
|
|
From: @contact
|
2019-11-08 11:05:34 +01:00
|
|
|
To: alias@sl.co # so user knows this email is sent to alias
|
|
|
|
Reply-to: special@sl.co # magic HERE
|
2019-11-07 17:49:26 +01:00
|
|
|
|
|
|
|
And in the reply phase:
|
|
|
|
Envelope:
|
2020-03-26 11:19:20 +01:00
|
|
|
mail from: @contact
|
|
|
|
rcpt to: @contact
|
2019-11-07 17:49:26 +01:00
|
|
|
|
|
|
|
Header:
|
2020-03-26 11:19:20 +01:00
|
|
|
From: alias@sl.co # so for contact the email comes from alias. magic HERE
|
|
|
|
To: @contact
|
2019-11-07 17:49:26 +01:00
|
|
|
|
|
|
|
The special@sl.co allows to hide user personal email when user clicks "Reply" to the forwarded email.
|
|
|
|
It should contain the following info:
|
|
|
|
- alias
|
2020-03-26 11:19:20 +01:00
|
|
|
- @contact
|
2019-11-07 17:49:26 +01:00
|
|
|
|
|
|
|
|
|
|
|
"""
|
2020-09-02 17:36:11 +02:00
|
|
|
import argparse
|
2020-08-16 10:22:16 +02:00
|
|
|
import asyncio
|
2020-04-02 18:10:08 +02:00
|
|
|
import email
|
2020-06-10 13:57:23 +02:00
|
|
|
import os
|
2019-11-07 17:49:26 +01:00
|
|
|
import time
|
2020-03-15 22:29:53 +01:00
|
|
|
import uuid
|
2020-03-08 23:07:23 +01:00
|
|
|
from email import encoders
|
2020-11-02 19:09:57 +01:00
|
|
|
from email.encoders import encode_noop
|
2020-01-04 10:25:19 +01:00
|
|
|
from email.message import Message
|
2020-03-08 23:07:23 +01:00
|
|
|
from email.mime.application import MIMEApplication
|
|
|
|
from email.mime.multipart import MIMEMultipart
|
2020-11-21 19:15:02 +01:00
|
|
|
from email.utils import formataddr, make_msgid, formatdate, getaddresses
|
2020-03-14 16:34:23 +01:00
|
|
|
from io import BytesIO
|
2020-11-25 14:43:02 +01:00
|
|
|
from smtplib import SMTP, SMTPRecipientsRefused, SMTPServerDisconnected
|
2020-09-28 17:41:16 +02:00
|
|
|
from typing import List, Tuple, Optional
|
2019-11-07 17:49:26 +01:00
|
|
|
|
2020-08-17 11:39:13 +02:00
|
|
|
import aiosmtpd
|
2020-08-15 16:38:16 +02:00
|
|
|
import aiospamc
|
2020-06-07 11:41:35 +02:00
|
|
|
import arrow
|
|
|
|
import spf
|
2020-09-30 11:05:21 +02:00
|
|
|
from aiosmtpd.controller import Controller
|
2020-06-07 11:41:35 +02:00
|
|
|
from aiosmtpd.smtp import Envelope
|
2020-09-03 19:42:52 +02:00
|
|
|
from sqlalchemy.exc import IntegrityError
|
2020-06-07 11:41:35 +02:00
|
|
|
|
2020-03-14 16:34:23 +01:00
|
|
|
from app import pgp_utils, s3
|
2020-04-04 15:24:27 +02:00
|
|
|
from app.alias_utils import try_auto_create
|
2020-02-15 11:04:22 +01:00
|
|
|
from app.config import (
|
|
|
|
EMAIL_DOMAIN,
|
|
|
|
POSTFIX_SERVER,
|
|
|
|
URL,
|
2020-03-03 10:48:55 +01:00
|
|
|
POSTFIX_SUBMISSION_TLS,
|
2020-03-28 23:19:25 +01:00
|
|
|
UNSUBSCRIBER,
|
2020-04-14 12:45:47 +02:00
|
|
|
LOAD_PGP_EMAIL_HANDLER,
|
2020-05-07 13:28:04 +02:00
|
|
|
ENFORCE_SPF,
|
2020-05-09 20:45:04 +02:00
|
|
|
ALERT_REVERSE_ALIAS_UNKNOWN_MAILBOX,
|
|
|
|
ALERT_BOUNCE_EMAIL,
|
|
|
|
ALERT_SPAM_EMAIL,
|
2020-05-09 23:00:30 +02:00
|
|
|
ALERT_SPF,
|
2020-05-21 20:43:03 +02:00
|
|
|
POSTFIX_PORT,
|
2020-06-10 13:57:23 +02:00
|
|
|
SENDER,
|
|
|
|
SENDER_DIR,
|
2020-08-15 16:38:16 +02:00
|
|
|
SPAMASSASSIN_HOST,
|
|
|
|
MAX_SPAM_SCORE,
|
2020-08-15 16:53:57 +02:00
|
|
|
MAX_REPLY_PHASE_SPAM_SCORE,
|
2020-08-25 12:51:05 +02:00
|
|
|
ALERT_SEND_EMAIL_CYCLE,
|
2020-08-30 19:06:50 +02:00
|
|
|
ALERT_MAILBOX_IS_ALIAS,
|
2020-11-02 19:09:57 +01:00
|
|
|
PGP_SENDER_PRIVATE_KEY,
|
2020-11-04 12:32:15 +01:00
|
|
|
ALERT_BOUNCE_EMAIL_REPLY_PHASE,
|
2020-11-14 15:55:53 +01:00
|
|
|
NOREPLY,
|
2020-02-15 11:04:22 +01:00
|
|
|
)
|
2019-12-17 17:48:06 +01:00
|
|
|
from app.email_utils import (
|
|
|
|
send_email,
|
|
|
|
add_dkim_signature,
|
2020-01-07 19:50:36 +01:00
|
|
|
add_or_replace_header,
|
|
|
|
delete_header,
|
2020-02-11 16:46:53 +01:00
|
|
|
render,
|
2020-03-14 16:34:23 +01:00
|
|
|
get_orig_message_from_bounce,
|
2020-03-14 22:24:02 +01:00
|
|
|
delete_all_headers_except,
|
2020-03-30 22:05:31 +02:00
|
|
|
get_spam_info,
|
|
|
|
get_orig_message_from_spamassassin_report,
|
2020-04-05 14:50:12 +02:00
|
|
|
parseaddr_unicode,
|
2020-05-09 20:45:04 +02:00
|
|
|
send_email_with_rate_control,
|
2020-06-09 17:16:32 +02:00
|
|
|
get_email_domain_part,
|
2020-08-21 12:03:23 +02:00
|
|
|
copy,
|
|
|
|
to_bytes,
|
2020-08-24 10:23:49 +02:00
|
|
|
get_header_from_bounce,
|
2020-08-27 10:43:48 +02:00
|
|
|
send_email_at_most_times,
|
2020-10-15 16:21:31 +02:00
|
|
|
is_valid_alias_address_domain,
|
2020-10-15 16:24:04 +02:00
|
|
|
should_add_dkim_signature,
|
2020-11-07 13:00:45 +01:00
|
|
|
add_header,
|
2020-11-09 21:16:50 +01:00
|
|
|
get_header_unicode,
|
2020-11-16 19:15:09 +01:00
|
|
|
generate_reply_email,
|
2020-11-16 19:22:19 +01:00
|
|
|
is_reply_email,
|
2020-11-22 13:07:09 +01:00
|
|
|
normalize_reply_email,
|
2020-11-25 15:20:42 +01:00
|
|
|
is_valid_email,
|
2020-11-30 15:15:44 +01:00
|
|
|
replace,
|
2020-01-07 19:50:36 +01:00
|
|
|
)
|
2019-11-07 17:49:26 +01:00
|
|
|
from app.extensions import db
|
2020-04-04 16:27:22 +02:00
|
|
|
from app.greylisting import greylisting_needed
|
2019-11-07 17:49:26 +01:00
|
|
|
from app.log import LOG
|
2020-01-30 08:43:31 +01:00
|
|
|
from app.models import (
|
2020-03-17 11:51:40 +01:00
|
|
|
Alias,
|
2020-03-17 10:56:59 +01:00
|
|
|
Contact,
|
2020-03-17 11:10:50 +01:00
|
|
|
EmailLog,
|
2020-01-30 08:43:31 +01:00
|
|
|
User,
|
2020-03-14 16:34:23 +01:00
|
|
|
RefusedEmail,
|
2020-05-07 13:28:04 +02:00
|
|
|
Mailbox,
|
2020-01-30 08:43:31 +01:00
|
|
|
)
|
2020-11-02 19:09:57 +01:00
|
|
|
from app.pgp_utils import PGPException, sign_data_with_pgpy, sign_data
|
2020-09-30 11:05:21 +02:00
|
|
|
from app.spamassassin_utils import SpamAssassin
|
2020-11-26 10:38:48 +01:00
|
|
|
from app.utils import random_string
|
2020-04-14 12:45:47 +02:00
|
|
|
from init_app import load_pgp_public_keys
|
2020-08-11 16:18:47 +02:00
|
|
|
from server import create_app, create_light_app
|
2019-11-07 17:49:26 +01:00
|
|
|
|
2020-08-25 12:46:32 +02:00
|
|
|
# forward or reply
|
|
|
|
_DIRECTION = "X-SimpleLogin-Type"
|
|
|
|
|
2020-05-09 17:30:21 +02:00
|
|
|
_IP_HEADER = "X-SimpleLogin-Client-IP"
|
2020-08-20 14:27:05 +02:00
|
|
|
_EMAIL_LOG_ID_HEADER = "X-SimpleLogin-EmailLog-ID"
|
2020-10-27 11:03:56 +01:00
|
|
|
_ENVELOPE_FROM = "X-SimpleLogin-Envelope-From"
|
2020-04-13 20:51:29 +02:00
|
|
|
|
2020-11-02 14:51:37 +01:00
|
|
|
_MIME_HEADERS = [
|
|
|
|
"MIME-Version",
|
|
|
|
"Content-Type",
|
|
|
|
"Content-Disposition",
|
|
|
|
"Content-Transfer-Encoding",
|
|
|
|
]
|
|
|
|
_MIME_HEADERS = [h.lower() for h in _MIME_HEADERS]
|
2020-08-25 12:51:05 +02:00
|
|
|
|
2020-11-02 19:09:57 +01:00
|
|
|
|
2019-12-12 17:27:31 +01:00
|
|
|
# fix the database connection leak issue
|
|
|
|
# use this method instead of create_app
|
|
|
|
def new_app():
|
2020-08-11 16:18:47 +02:00
|
|
|
app = create_light_app()
|
2019-12-12 17:27:31 +01:00
|
|
|
|
|
|
|
@app.teardown_appcontext
|
|
|
|
def shutdown_session(response_or_exc):
|
|
|
|
# same as shutdown_session() in flask-sqlalchemy but this is not enough
|
|
|
|
db.session.remove()
|
|
|
|
|
|
|
|
# dispose the engine too
|
|
|
|
db.engine.dispose()
|
|
|
|
|
|
|
|
return app
|
|
|
|
|
|
|
|
|
2020-12-05 18:15:53 +01:00
|
|
|
def get_or_create_contact(from_header: str, mail_from: str, alias: Alias) -> Contact:
|
2020-02-19 16:49:40 +01:00
|
|
|
"""
|
2020-04-05 15:24:09 +02:00
|
|
|
contact_from_header is the RFC 2047 format FROM header
|
2020-02-19 16:49:40 +01:00
|
|
|
"""
|
2020-12-05 18:15:53 +01:00
|
|
|
contact_name, contact_email = parseaddr_unicode(from_header)
|
2020-11-25 17:50:25 +01:00
|
|
|
if not is_valid_email(contact_email):
|
2020-05-15 15:46:37 +02:00
|
|
|
# From header is wrongly formatted, try with mail_from
|
2020-11-14 15:55:53 +01:00
|
|
|
if mail_from and mail_from != "<>":
|
2020-11-25 15:20:00 +01:00
|
|
|
LOG.warning(
|
|
|
|
"Cannot parse email from from_header %s, parse from mail_from %s",
|
2020-12-05 18:15:53 +01:00
|
|
|
from_header,
|
2020-11-25 15:20:00 +01:00
|
|
|
mail_from,
|
|
|
|
)
|
2020-11-14 15:55:53 +01:00
|
|
|
_, contact_email = parseaddr_unicode(mail_from)
|
2020-05-13 22:35:27 +02:00
|
|
|
|
2020-11-25 17:50:25 +01:00
|
|
|
if not is_valid_email(contact_email):
|
2020-11-26 10:06:16 +01:00
|
|
|
LOG.warning(
|
2020-11-25 15:20:42 +01:00
|
|
|
"invalid contact email %s. Parse from %s %s",
|
|
|
|
contact_email,
|
2020-12-05 18:15:53 +01:00
|
|
|
from_header,
|
2020-11-25 15:20:42 +01:00
|
|
|
mail_from,
|
|
|
|
)
|
|
|
|
# either reuse a contact with empty email or create a new contact with empty email
|
|
|
|
contact_email = ""
|
|
|
|
|
2020-04-04 20:06:35 +02:00
|
|
|
contact = Contact.get_by(alias_id=alias.id, website_email=contact_email)
|
2020-03-17 10:56:59 +01:00
|
|
|
if contact:
|
2020-04-05 15:24:09 +02:00
|
|
|
if contact.name != contact_name:
|
|
|
|
LOG.d(
|
2020-08-27 10:20:48 +02:00
|
|
|
"Update contact %s name %s to %s",
|
|
|
|
contact,
|
|
|
|
contact.name,
|
|
|
|
contact_name,
|
2020-04-05 15:24:09 +02:00
|
|
|
)
|
|
|
|
contact.name = contact_name
|
2020-02-19 16:17:13 +01:00
|
|
|
db.session.commit()
|
2020-10-27 10:40:44 +01:00
|
|
|
|
2020-11-25 15:20:00 +01:00
|
|
|
# contact created in the past does not have mail_from and from_header field
|
|
|
|
if not contact.mail_from and mail_from:
|
2020-10-27 10:40:44 +01:00
|
|
|
LOG.d(
|
2020-11-25 15:20:00 +01:00
|
|
|
"Set contact mail_from %s: %s to %s",
|
2020-10-27 10:40:44 +01:00
|
|
|
contact,
|
|
|
|
contact.mail_from,
|
|
|
|
mail_from,
|
|
|
|
)
|
|
|
|
contact.mail_from = mail_from
|
|
|
|
db.session.commit()
|
|
|
|
|
2020-12-05 18:15:53 +01:00
|
|
|
if not contact.from_header and from_header:
|
2020-10-27 10:40:44 +01:00
|
|
|
LOG.d(
|
2020-11-25 15:20:00 +01:00
|
|
|
"Set contact from_header %s: %s to %s",
|
2020-10-27 10:40:44 +01:00
|
|
|
contact,
|
|
|
|
contact.from_header,
|
2020-12-05 18:15:53 +01:00
|
|
|
from_header,
|
2020-10-27 10:40:44 +01:00
|
|
|
)
|
2020-12-05 18:15:53 +01:00
|
|
|
contact.from_header = from_header
|
2020-10-27 10:40:44 +01:00
|
|
|
db.session.commit()
|
2020-02-19 16:17:13 +01:00
|
|
|
else:
|
2020-11-25 15:20:00 +01:00
|
|
|
LOG.d(
|
|
|
|
"create contact %s for alias %s",
|
|
|
|
contact_email,
|
2020-08-27 10:20:48 +02:00
|
|
|
alias,
|
2020-02-19 16:17:13 +01:00
|
|
|
)
|
2020-02-19 15:50:38 +01:00
|
|
|
|
2020-09-03 19:42:52 +02:00
|
|
|
try:
|
|
|
|
contact = Contact.create(
|
|
|
|
user_id=alias.user_id,
|
|
|
|
alias_id=alias.id,
|
|
|
|
website_email=contact_email,
|
|
|
|
name=contact_name,
|
2020-09-14 18:22:26 +02:00
|
|
|
mail_from=mail_from,
|
2020-12-05 18:15:53 +01:00
|
|
|
from_header=from_header,
|
2020-12-06 19:37:20 +01:00
|
|
|
reply_email=generate_reply_email(contact_email, alias.user)
|
2020-11-25 17:50:25 +01:00
|
|
|
if is_valid_email(contact_email)
|
2020-11-18 11:48:09 +01:00
|
|
|
else NOREPLY,
|
2020-09-03 19:42:52 +02:00
|
|
|
)
|
2020-11-18 11:48:09 +01:00
|
|
|
if not contact_email:
|
2020-11-14 15:55:53 +01:00
|
|
|
LOG.d("Create a contact with invalid email for %s", alias)
|
|
|
|
contact.invalid_email = True
|
|
|
|
|
2020-09-03 19:42:52 +02:00
|
|
|
db.session.commit()
|
|
|
|
except IntegrityError:
|
|
|
|
LOG.warning("Contact %s %s already exist", alias, contact_email)
|
|
|
|
db.session.rollback()
|
|
|
|
contact = Contact.get_by(alias_id=alias.id, website_email=contact_email)
|
2020-02-19 15:50:38 +01:00
|
|
|
|
2020-03-17 10:56:59 +01:00
|
|
|
return contact
|
2020-02-19 16:49:40 +01:00
|
|
|
|
|
|
|
|
2020-03-28 19:16:55 +01:00
|
|
|
def replace_header_when_forward(msg: Message, alias: Alias, header: str):
|
|
|
|
"""
|
|
|
|
Replace CC or To header by Reply emails in forward phase
|
|
|
|
"""
|
|
|
|
new_addrs: [str] = []
|
2020-11-26 09:49:03 +01:00
|
|
|
headers = msg.get_all(header, [])
|
|
|
|
for contact_name, contact_email in getaddresses(headers):
|
2020-11-21 19:15:02 +01:00
|
|
|
# convert back to original then parse again to make sure contact_name is unicode
|
|
|
|
addr = formataddr((contact_name, contact_email))
|
|
|
|
contact_name, contact = parseaddr_unicode(addr)
|
2020-03-28 19:16:55 +01:00
|
|
|
|
|
|
|
# no transformation when alias is already in the header
|
2020-04-05 12:59:36 +02:00
|
|
|
if contact_email == alias.email:
|
2020-03-28 19:16:55 +01:00
|
|
|
new_addrs.append(addr)
|
|
|
|
continue
|
|
|
|
|
2020-11-25 15:21:01 +01:00
|
|
|
if not is_valid_email(contact_email):
|
2020-11-30 10:50:16 +01:00
|
|
|
LOG.warning("invalid contact email %s. %s. Skip", contact_email, headers)
|
2020-11-25 15:21:01 +01:00
|
|
|
continue
|
|
|
|
|
2020-04-05 12:59:36 +02:00
|
|
|
contact = Contact.get_by(alias_id=alias.id, website_email=contact_email)
|
2020-03-28 19:16:55 +01:00
|
|
|
if contact:
|
2020-04-05 15:39:48 +02:00
|
|
|
# update the contact name if needed
|
2020-04-05 14:50:12 +02:00
|
|
|
if contact.name != contact_name:
|
|
|
|
LOG.d(
|
|
|
|
"Update contact %s name %s to %s",
|
|
|
|
contact,
|
|
|
|
contact.name,
|
|
|
|
contact_name,
|
|
|
|
)
|
|
|
|
contact.name = contact_name
|
2020-03-28 19:16:55 +01:00
|
|
|
db.session.commit()
|
|
|
|
else:
|
|
|
|
LOG.debug(
|
|
|
|
"create contact for alias %s and email %s, header %s",
|
|
|
|
alias,
|
2020-04-05 12:59:36 +02:00
|
|
|
contact_email,
|
2020-03-28 19:16:55 +01:00
|
|
|
header,
|
|
|
|
)
|
|
|
|
|
2020-09-09 17:00:07 +02:00
|
|
|
try:
|
|
|
|
contact = Contact.create(
|
|
|
|
user_id=alias.user_id,
|
|
|
|
alias_id=alias.id,
|
|
|
|
website_email=contact_email,
|
|
|
|
name=contact_name,
|
2020-12-06 19:37:20 +01:00
|
|
|
reply_email=generate_reply_email(contact_email, alias.user),
|
2020-09-09 17:00:07 +02:00
|
|
|
is_cc=header.lower() == "cc",
|
2020-09-14 18:22:26 +02:00
|
|
|
from_header=addr,
|
2020-09-09 17:00:07 +02:00
|
|
|
)
|
|
|
|
db.session.commit()
|
|
|
|
except IntegrityError:
|
|
|
|
LOG.warning("Contact %s %s already exist", alias, contact_email)
|
|
|
|
db.session.rollback()
|
|
|
|
contact = Contact.get_by(alias_id=alias.id, website_email=contact_email)
|
2020-03-28 19:16:55 +01:00
|
|
|
|
2020-04-05 15:24:09 +02:00
|
|
|
new_addrs.append(contact.new_addr())
|
2020-03-28 19:16:55 +01:00
|
|
|
|
2020-08-25 12:48:28 +02:00
|
|
|
if new_addrs:
|
2020-03-28 19:16:55 +01:00
|
|
|
new_header = ",".join(new_addrs)
|
|
|
|
LOG.d("Replace %s header, old: %s, new: %s", header, msg[header], new_header)
|
|
|
|
add_or_replace_header(msg, header, new_header)
|
|
|
|
else:
|
2020-08-25 12:48:28 +02:00
|
|
|
LOG.d("Delete %s header, old value %s", header, msg[header])
|
|
|
|
delete_header(msg, header)
|
2020-03-28 19:16:55 +01:00
|
|
|
|
|
|
|
|
|
|
|
def replace_header_when_reply(msg: Message, alias: Alias, header: str):
|
|
|
|
"""
|
|
|
|
Replace CC or To Reply emails by original emails
|
|
|
|
"""
|
|
|
|
new_addrs: [str] = []
|
|
|
|
|
2020-11-21 19:15:02 +01:00
|
|
|
for _, reply_email in getaddresses(msg.get_all(header, [])):
|
2020-03-28 19:16:55 +01:00
|
|
|
# no transformation when alias is already in the header
|
2020-04-05 15:27:35 +02:00
|
|
|
if reply_email == alias.email:
|
2020-03-28 19:16:55 +01:00
|
|
|
continue
|
|
|
|
|
2020-04-05 15:27:35 +02:00
|
|
|
contact = Contact.get_by(reply_email=reply_email)
|
2020-03-28 19:16:55 +01:00
|
|
|
if not contact:
|
2020-03-30 21:45:18 +02:00
|
|
|
LOG.warning(
|
2020-04-05 15:27:35 +02:00
|
|
|
"%s email in reply phase %s must be reply emails", header, reply_email
|
2020-03-30 21:45:18 +02:00
|
|
|
)
|
2020-03-28 19:16:55 +01:00
|
|
|
# still keep this email in header
|
2020-11-21 19:15:02 +01:00
|
|
|
new_addrs.append(reply_email)
|
2020-04-05 15:27:35 +02:00
|
|
|
else:
|
|
|
|
new_addrs.append(formataddr((contact.name, contact.website_email)))
|
2020-03-28 19:16:55 +01:00
|
|
|
|
2020-08-25 12:48:28 +02:00
|
|
|
if new_addrs:
|
|
|
|
new_header = ",".join(new_addrs)
|
|
|
|
LOG.d("Replace %s header, old: %s, new: %s", header, msg[header], new_header)
|
|
|
|
add_or_replace_header(msg, header, new_header)
|
|
|
|
else:
|
|
|
|
LOG.d("delete the %s header. Old value %s", header, msg[header])
|
|
|
|
delete_header(msg, header)
|
2020-03-28 19:16:55 +01:00
|
|
|
|
|
|
|
|
2020-03-17 12:10:13 +01:00
|
|
|
def should_append_alias(msg: Message, address: str):
|
2020-03-28 19:16:55 +01:00
|
|
|
"""whether an alias should be appended to TO header in message"""
|
2020-03-05 21:13:36 +01:00
|
|
|
|
2020-06-10 09:34:58 +02:00
|
|
|
# # force convert header to string, sometimes addrs is Header object
|
|
|
|
if msg["To"] and address.lower() in str(msg["To"]).lower():
|
2020-03-05 21:13:36 +01:00
|
|
|
return False
|
2020-06-10 09:34:58 +02:00
|
|
|
if msg["Cc"] and address.lower() in str(msg["Cc"]).lower():
|
2020-03-05 21:13:36 +01:00
|
|
|
return False
|
|
|
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
2020-11-02 19:09:57 +01:00
|
|
|
def prepare_pgp_message(
|
|
|
|
orig_msg: Message, pgp_fingerprint: str, public_key: str, can_sign: bool = False
|
2020-11-07 13:00:45 +01:00
|
|
|
) -> Message:
|
2020-03-08 23:07:23 +01:00
|
|
|
msg = MIMEMultipart("encrypted", protocol="application/pgp-encrypted")
|
|
|
|
|
2020-11-01 18:06:05 +01:00
|
|
|
# clone orig message to avoid modifying it
|
|
|
|
clone_msg = copy(orig_msg)
|
|
|
|
|
2020-04-14 20:49:48 +02:00
|
|
|
# copy all headers from original message except all standard MIME headers
|
2020-11-01 18:06:05 +01:00
|
|
|
for i in reversed(range(len(clone_msg._headers))):
|
|
|
|
header_name = clone_msg._headers[i][0].lower()
|
2020-04-14 20:49:48 +02:00
|
|
|
if header_name.lower() not in _MIME_HEADERS:
|
2020-11-01 18:06:05 +01:00
|
|
|
msg[header_name] = clone_msg._headers[i][1]
|
2020-03-08 23:07:23 +01:00
|
|
|
|
2020-11-02 19:09:57 +01:00
|
|
|
# Delete unnecessary headers in clone_msg except _MIME_HEADERS to save space
|
2020-03-14 22:24:02 +01:00
|
|
|
delete_all_headers_except(
|
2020-11-01 18:06:05 +01:00
|
|
|
clone_msg,
|
2020-08-27 10:20:48 +02:00
|
|
|
_MIME_HEADERS,
|
2020-03-14 22:24:02 +01:00
|
|
|
)
|
|
|
|
|
2020-11-01 18:06:28 +01:00
|
|
|
if clone_msg["Content-Type"] is None:
|
|
|
|
LOG.d("Content-Type missing")
|
|
|
|
clone_msg["Content-Type"] = "text/plain"
|
|
|
|
|
|
|
|
if clone_msg["Mime-Version"] is None:
|
|
|
|
LOG.d("Mime-Version missing")
|
|
|
|
clone_msg["Mime-Version"] = "1.0"
|
|
|
|
|
2020-03-08 23:07:23 +01:00
|
|
|
first = MIMEApplication(
|
|
|
|
_subtype="pgp-encrypted", _encoder=encoders.encode_7or8bit, _data=""
|
|
|
|
)
|
|
|
|
first.set_payload("Version: 1")
|
|
|
|
msg.attach(first)
|
|
|
|
|
2020-11-02 19:09:57 +01:00
|
|
|
if can_sign and PGP_SENDER_PRIVATE_KEY:
|
|
|
|
LOG.d("Sign msg")
|
|
|
|
clone_msg = sign_msg(clone_msg)
|
|
|
|
|
|
|
|
# use pgpy as fallback
|
2020-09-08 11:10:22 +02:00
|
|
|
second = MIMEApplication(
|
|
|
|
"octet-stream", _encoder=encoders.encode_7or8bit, name="encrypted.asc"
|
|
|
|
)
|
|
|
|
second.add_header("Content-Disposition", 'inline; filename="encrypted.asc"')
|
2020-10-28 11:50:14 +01:00
|
|
|
|
2020-11-02 19:09:57 +01:00
|
|
|
# encrypt
|
2020-10-28 17:07:53 +01:00
|
|
|
# use pgpy as fallback
|
2020-11-09 17:02:10 +01:00
|
|
|
msg_bytes = to_bytes(clone_msg)
|
2020-10-28 17:07:53 +01:00
|
|
|
try:
|
2020-11-01 18:06:05 +01:00
|
|
|
encrypted_data = pgp_utils.encrypt_file(BytesIO(msg_bytes), pgp_fingerprint)
|
2020-10-28 17:07:53 +01:00
|
|
|
second.set_payload(encrypted_data)
|
|
|
|
except PGPException:
|
2020-11-27 16:36:05 +01:00
|
|
|
LOG.warning("Cannot encrypt using python-gnupg, use pgpy")
|
2020-11-01 18:06:05 +01:00
|
|
|
encrypted = pgp_utils.encrypt_file_with_pgpy(msg_bytes, public_key)
|
2020-10-28 17:07:53 +01:00
|
|
|
second.set_payload(str(encrypted))
|
2020-10-28 11:50:14 +01:00
|
|
|
|
2020-03-08 23:07:23 +01:00
|
|
|
msg.attach(second)
|
|
|
|
|
|
|
|
return msg
|
|
|
|
|
|
|
|
|
2020-11-02 19:09:57 +01:00
|
|
|
def sign_msg(msg: Message) -> Message:
|
|
|
|
container = MIMEMultipart(
|
|
|
|
"signed", protocol="application/pgp-signature", micalg="pgp-sha256"
|
|
|
|
)
|
|
|
|
container.attach(msg)
|
|
|
|
|
|
|
|
signature = MIMEApplication(
|
|
|
|
_subtype="pgp-signature", name="signature.asc", _data="", _encoder=encode_noop
|
|
|
|
)
|
|
|
|
signature.add_header("Content-Disposition", 'attachment; filename="signature.asc"')
|
|
|
|
|
|
|
|
try:
|
2020-11-09 17:02:10 +01:00
|
|
|
signature.set_payload(sign_data(to_bytes(msg).replace(b"\n", b"\r\n")))
|
2020-11-02 19:09:57 +01:00
|
|
|
except Exception:
|
|
|
|
LOG.exception("Cannot sign, try using pgpy")
|
|
|
|
signature.set_payload(
|
2020-11-09 17:02:10 +01:00
|
|
|
sign_data_with_pgpy(to_bytes(msg).replace(b"\n", b"\r\n"))
|
2020-11-02 19:09:57 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
container.attach(signature)
|
|
|
|
|
|
|
|
return container
|
|
|
|
|
|
|
|
|
2020-08-25 12:51:05 +02:00
|
|
|
def handle_email_sent_to_ourself(alias, mailbox, msg: Message, user):
|
|
|
|
# store the refused email
|
|
|
|
random_name = str(uuid.uuid4())
|
|
|
|
full_report_path = f"refused-emails/cycle-{random_name}.eml"
|
2020-11-09 17:02:10 +01:00
|
|
|
s3.upload_email_from_bytesio(full_report_path, BytesIO(to_bytes(msg)), random_name)
|
2020-08-25 12:51:05 +02:00
|
|
|
refused_email = RefusedEmail.create(
|
|
|
|
path=None, full_report_path=full_report_path, user_id=alias.user_id
|
|
|
|
)
|
|
|
|
db.session.commit()
|
|
|
|
LOG.d("Create refused email %s", refused_email)
|
|
|
|
# link available for 6 days as it gets deleted in 7 days
|
|
|
|
refused_email_url = refused_email.get_url(expires_in=518400)
|
|
|
|
|
2020-08-27 10:43:48 +02:00
|
|
|
send_email_at_most_times(
|
2020-08-25 12:51:05 +02:00
|
|
|
user,
|
|
|
|
ALERT_SEND_EMAIL_CYCLE,
|
|
|
|
mailbox.email,
|
2020-08-27 11:10:16 +02:00
|
|
|
f"Email sent to {alias.email} from its own mailbox {mailbox.email}",
|
2020-08-25 12:51:05 +02:00
|
|
|
render(
|
|
|
|
"transactional/cycle-email.txt",
|
|
|
|
name=user.name or "",
|
|
|
|
alias=alias,
|
|
|
|
mailbox=mailbox,
|
|
|
|
refused_email_url=refused_email_url,
|
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/cycle-email.html",
|
|
|
|
name=user.name or "",
|
|
|
|
alias=alias,
|
|
|
|
mailbox=mailbox,
|
|
|
|
refused_email_url=refused_email_url,
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2020-09-30 11:05:21 +02:00
|
|
|
def handle_forward(envelope, msg: Message, rcpt_to: str) -> List[Tuple[bool, str]]:
|
2020-08-30 19:22:21 +02:00
|
|
|
"""return an array of SMTP status (is_success, smtp_status)
|
|
|
|
is_success indicates whether an email has been delivered and
|
|
|
|
smtp_status is the SMTP Status ("250 Message accepted", "550 Non-existent email address", etc)
|
2020-03-28 21:24:43 +01:00
|
|
|
"""
|
2020-09-14 17:38:48 +02:00
|
|
|
address = rcpt_to # alias@SL
|
2020-02-19 16:49:40 +01:00
|
|
|
|
2020-03-19 11:15:02 +01:00
|
|
|
alias = Alias.get_by(email=address)
|
2020-03-17 11:51:40 +01:00
|
|
|
if not alias:
|
2020-03-28 11:04:58 +01:00
|
|
|
LOG.d("alias %s not exist. Try to see if it can be created on the fly", address)
|
2020-03-19 11:15:02 +01:00
|
|
|
alias = try_auto_create(address)
|
2020-03-17 11:51:40 +01:00
|
|
|
if not alias:
|
2020-03-28 11:04:58 +01:00
|
|
|
LOG.d("alias %s cannot be created on-the-fly, return 550", address)
|
2020-07-05 16:25:54 +02:00
|
|
|
return [(False, "550 SL E3 Email not exist")]
|
2020-02-19 16:49:40 +01:00
|
|
|
|
2020-11-04 12:32:15 +01:00
|
|
|
user = alias.user
|
|
|
|
|
|
|
|
if user.disabled:
|
|
|
|
LOG.warning("User %s disabled, disable forwarding emails for %s", user, alias)
|
2020-10-04 12:49:27 +02:00
|
|
|
return [(False, "550 SL E20 Account disabled")]
|
|
|
|
|
2020-09-14 17:38:48 +02:00
|
|
|
mail_from = envelope.mail_from
|
2020-08-25 12:51:05 +02:00
|
|
|
for mb in alias.mailboxes:
|
|
|
|
# email send from a mailbox to alias
|
2020-09-14 20:02:46 +02:00
|
|
|
if mb.email == mail_from:
|
2020-08-27 10:15:40 +02:00
|
|
|
LOG.warning("cycle email sent from %s to %s", mb, alias)
|
2020-11-04 12:32:15 +01:00
|
|
|
handle_email_sent_to_ourself(alias, mb, msg, user)
|
2020-08-25 12:51:05 +02:00
|
|
|
return [(True, "250 Message accepted for delivery")]
|
|
|
|
|
2020-11-02 15:10:03 +01:00
|
|
|
# bounce email initiated by Postfix
|
|
|
|
# can happen in case an email cannot be sent from an alias to a contact
|
|
|
|
# in this case Postfix will send a bounce report to original sender, which is the alias
|
2020-11-05 10:26:19 +01:00
|
|
|
# if mail_from == "<>":
|
|
|
|
# LOG.warning("Bounce email sent to %s", alias)
|
|
|
|
#
|
|
|
|
# handle_bounce_reply_phase(alias, msg, user)
|
|
|
|
# return [(False, "550 SL E24 Email cannot be sent to contact")]
|
2020-11-02 15:10:03 +01:00
|
|
|
|
2020-12-05 18:15:00 +01:00
|
|
|
LOG.d("Create or get contact for %s %s", msg["From"], msg["Reply-To"])
|
|
|
|
# prefer using Reply-To when creating contact
|
|
|
|
if msg["Reply-To"]:
|
|
|
|
# force convert header to string, sometimes contact_from_header is Header object
|
|
|
|
LOG.d("Use Reply-To header")
|
|
|
|
from_header = str(msg["Reply-To"])
|
|
|
|
else:
|
|
|
|
from_header = str(msg["From"])
|
|
|
|
|
2020-12-05 18:15:53 +01:00
|
|
|
contact = get_or_create_contact(from_header, envelope.mail_from, alias)
|
2020-11-04 12:32:15 +01:00
|
|
|
|
2020-04-27 18:18:40 +02:00
|
|
|
if not alias.enabled:
|
|
|
|
LOG.d("%s is disabled, do not forward", alias)
|
2020-11-24 16:38:34 +01:00
|
|
|
EmailLog.create(
|
|
|
|
contact_id=contact.id, user_id=contact.user_id, blocked=True, commit=True
|
|
|
|
)
|
2020-04-27 18:18:40 +02:00
|
|
|
db.session.commit()
|
2020-05-10 16:31:36 +02:00
|
|
|
# do not return 5** to allow user to receive emails later when alias is enabled
|
2020-05-10 16:57:47 +02:00
|
|
|
return [(True, "250 Message accepted for delivery")]
|
2020-03-30 22:05:31 +02:00
|
|
|
|
2020-05-10 16:57:47 +02:00
|
|
|
ret = []
|
2020-08-21 10:41:50 +02:00
|
|
|
mailboxes = alias.mailboxes
|
2020-08-30 19:22:21 +02:00
|
|
|
|
|
|
|
# no valid mailbox
|
|
|
|
if not mailboxes:
|
|
|
|
return [(False, "550 SL E16 invalid mailbox")]
|
|
|
|
|
2020-08-21 10:41:50 +02:00
|
|
|
# no need to create a copy of message
|
2020-11-04 14:55:54 +01:00
|
|
|
for mailbox in mailboxes:
|
2020-09-10 09:38:30 +02:00
|
|
|
if not mailbox.verified:
|
|
|
|
LOG.debug("Mailbox %s unverified, do not forward", mailbox)
|
2020-11-04 14:55:54 +01:00
|
|
|
ret.append((False, "550 SL E19 unverified mailbox"))
|
2020-09-10 09:38:30 +02:00
|
|
|
else:
|
2020-11-04 14:55:54 +01:00
|
|
|
# create a copy of message for each forward
|
2020-09-10 09:38:30 +02:00
|
|
|
ret.append(
|
2020-09-30 11:05:21 +02:00
|
|
|
forward_email_to_mailbox(
|
2020-11-04 14:55:54 +01:00
|
|
|
alias,
|
|
|
|
copy(msg),
|
|
|
|
contact,
|
|
|
|
envelope,
|
|
|
|
mailbox,
|
|
|
|
user,
|
2020-09-10 09:38:30 +02:00
|
|
|
)
|
2020-05-10 16:57:47 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
return ret
|
|
|
|
|
|
|
|
|
2020-09-30 11:05:21 +02:00
|
|
|
def forward_email_to_mailbox(
|
2020-05-10 16:57:47 +02:00
|
|
|
alias,
|
|
|
|
msg: Message,
|
|
|
|
contact: Contact,
|
|
|
|
envelope,
|
|
|
|
mailbox,
|
|
|
|
user,
|
|
|
|
) -> (bool, str):
|
|
|
|
LOG.d("Forward %s -> %s -> %s", contact, alias, mailbox)
|
2020-06-09 17:16:32 +02:00
|
|
|
|
2020-10-12 13:28:21 +02:00
|
|
|
if mailbox.disabled:
|
|
|
|
LOG.debug("%s disabled, do not forward")
|
|
|
|
return False, "550 SL E21 Disabled mailbox"
|
|
|
|
|
2020-06-09 17:16:32 +02:00
|
|
|
# sanity check: make sure mailbox is not actually an alias
|
|
|
|
if get_email_domain_part(alias.email) == get_email_domain_part(mailbox.email):
|
2020-11-24 16:38:49 +01:00
|
|
|
LOG.exception(
|
2020-06-09 17:16:32 +02:00
|
|
|
"Mailbox has the same domain as alias. %s -> %s -> %s",
|
|
|
|
contact,
|
|
|
|
alias,
|
|
|
|
mailbox,
|
|
|
|
)
|
2020-08-30 19:06:50 +02:00
|
|
|
mailbox_url = f"{URL}/dashboard/mailbox/{mailbox.id}/"
|
|
|
|
send_email_with_rate_control(
|
|
|
|
user,
|
|
|
|
ALERT_MAILBOX_IS_ALIAS,
|
|
|
|
user.email,
|
|
|
|
f"Your SimpleLogin mailbox {mailbox.email} cannot be an email alias",
|
|
|
|
render(
|
|
|
|
"transactional/mailbox-invalid.txt",
|
|
|
|
name=user.name or "",
|
|
|
|
mailbox=mailbox,
|
|
|
|
mailbox_url=mailbox_url,
|
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/mailbox-invalid.html",
|
|
|
|
name=user.name or "",
|
|
|
|
mailbox=mailbox,
|
|
|
|
mailbox_url=mailbox_url,
|
|
|
|
),
|
2020-08-31 17:32:46 +02:00
|
|
|
max_nb_alert=1,
|
2020-08-30 19:06:50 +02:00
|
|
|
)
|
|
|
|
|
2020-08-30 19:08:53 +02:00
|
|
|
# retry later
|
|
|
|
# so when user fixes the mailbox, the email can be delivered
|
|
|
|
return False, "421 SL E14"
|
2020-06-09 17:16:32 +02:00
|
|
|
|
2020-11-24 16:38:34 +01:00
|
|
|
email_log = EmailLog.create(
|
2020-11-24 17:02:09 +01:00
|
|
|
contact_id=contact.id, user_id=user.id, mailbox_id=mailbox.id, commit=True
|
2020-11-24 16:38:34 +01:00
|
|
|
)
|
|
|
|
|
2020-08-15 16:53:57 +02:00
|
|
|
# Spam check
|
2020-08-15 16:38:16 +02:00
|
|
|
spam_status = ""
|
|
|
|
is_spam = False
|
|
|
|
|
|
|
|
if SPAMASSASSIN_HOST:
|
2020-08-24 18:39:16 +02:00
|
|
|
start = time.time()
|
2020-12-11 11:05:01 +01:00
|
|
|
spam_score = get_spam_score(msg, email_log)
|
2020-08-24 18:39:16 +02:00
|
|
|
LOG.d(
|
|
|
|
"%s -> %s - spam score %s in %s seconds",
|
|
|
|
contact,
|
|
|
|
alias,
|
|
|
|
spam_score,
|
|
|
|
time.time() - start,
|
|
|
|
)
|
2020-08-16 14:28:47 +02:00
|
|
|
email_log.spam_score = spam_score
|
2020-08-20 11:58:46 +02:00
|
|
|
db.session.commit()
|
|
|
|
|
2020-08-15 16:38:16 +02:00
|
|
|
if (user.max_spam_score and spam_score > user.max_spam_score) or (
|
|
|
|
not user.max_spam_score and spam_score > MAX_SPAM_SCORE
|
|
|
|
):
|
|
|
|
is_spam = True
|
|
|
|
spam_status = "Spam detected by SpamAssassin server"
|
|
|
|
else:
|
|
|
|
is_spam, spam_status = get_spam_info(msg, max_score=user.max_spam_score)
|
|
|
|
|
2020-05-15 16:34:07 +02:00
|
|
|
if is_spam:
|
|
|
|
LOG.warning("Email detected as spam. Alias: %s, from: %s", alias, contact)
|
|
|
|
email_log.is_spam = True
|
|
|
|
email_log.spam_status = spam_status
|
2020-08-20 11:58:46 +02:00
|
|
|
db.session.commit()
|
2020-05-15 16:34:07 +02:00
|
|
|
|
2020-08-21 10:18:58 +02:00
|
|
|
handle_spam(contact, alias, msg, user, mailbox, email_log)
|
2020-07-05 16:25:54 +02:00
|
|
|
return False, "550 SL E1 Email detected as spam"
|
2020-03-30 22:05:31 +02:00
|
|
|
|
2020-11-14 15:55:53 +01:00
|
|
|
if contact.invalid_email:
|
|
|
|
LOG.d("add noreply information %s %s", alias, mailbox)
|
|
|
|
msg = add_header(
|
|
|
|
msg,
|
|
|
|
f"""Email sent to {alias.email} from an invalid address and cannot be replied""",
|
|
|
|
f"""Email sent to {alias.email} from an invalid address and cannot be replied""",
|
|
|
|
)
|
|
|
|
|
2020-03-08 23:07:23 +01:00
|
|
|
# create PGP email if needed
|
2020-11-24 11:28:14 +01:00
|
|
|
if mailbox.pgp_enabled() and user.is_premium() and not alias.disable_pgp:
|
2020-03-08 23:07:23 +01:00
|
|
|
LOG.d("Encrypt message using mailbox %s", mailbox)
|
2020-11-07 13:00:45 +01:00
|
|
|
if mailbox.generic_subject:
|
|
|
|
LOG.d("Use a generic subject for %s", mailbox)
|
2020-11-07 17:23:28 +01:00
|
|
|
orig_subject = msg["Subject"]
|
2020-11-09 21:16:50 +01:00
|
|
|
orig_subject = get_header_unicode(orig_subject)
|
2020-11-07 13:00:45 +01:00
|
|
|
add_or_replace_header(msg, "Subject", mailbox.generic_subject)
|
|
|
|
msg = add_header(
|
|
|
|
msg,
|
2020-11-07 17:23:28 +01:00
|
|
|
f"""Forwarded by SimpleLogin to {alias.email} with "{orig_subject}" as subject""",
|
|
|
|
f"""Forwarded by SimpleLogin to {alias.email} with <b>{orig_subject}</b> as subject""",
|
2020-11-07 13:00:45 +01:00
|
|
|
)
|
|
|
|
|
2020-06-08 13:54:42 +02:00
|
|
|
try:
|
2020-10-28 11:50:14 +01:00
|
|
|
msg = prepare_pgp_message(
|
2020-11-02 19:09:57 +01:00
|
|
|
msg, mailbox.pgp_finger_print, mailbox.pgp_public_key, can_sign=True
|
2020-10-28 11:50:14 +01:00
|
|
|
)
|
2020-06-08 13:54:42 +02:00
|
|
|
except PGPException:
|
2020-07-17 12:59:07 +02:00
|
|
|
LOG.exception(
|
2020-06-08 13:54:42 +02:00
|
|
|
"Cannot encrypt message %s -> %s. %s %s", contact, alias, mailbox, user
|
|
|
|
)
|
|
|
|
# so the client can retry later
|
2020-07-05 16:25:54 +02:00
|
|
|
return False, "421 SL E12 Retry later"
|
2020-03-08 23:07:23 +01:00
|
|
|
|
2020-04-27 18:18:40 +02:00
|
|
|
# add custom header
|
2020-08-25 12:46:32 +02:00
|
|
|
add_or_replace_header(msg, _DIRECTION, "Forward")
|
2020-04-27 18:18:40 +02:00
|
|
|
|
|
|
|
# remove reply-to & sender header if present
|
|
|
|
delete_header(msg, "Reply-To")
|
|
|
|
delete_header(msg, "Sender")
|
|
|
|
|
2020-05-09 17:30:21 +02:00
|
|
|
delete_header(msg, _IP_HEADER)
|
2020-08-20 14:27:05 +02:00
|
|
|
add_or_replace_header(msg, _EMAIL_LOG_ID_HEADER, str(email_log.id))
|
2020-12-11 11:12:38 +01:00
|
|
|
|
|
|
|
# fill up the message-id if ever it's absent. Should never happen for a normal email
|
|
|
|
if not msg["Message-ID"]:
|
|
|
|
LOG.exception("Set Message-ID before forwarding email")
|
|
|
|
msg["Message-ID"] = make_msgid(str(email_log.id), EMAIL_DOMAIN)
|
|
|
|
|
2020-10-27 11:03:56 +01:00
|
|
|
add_or_replace_header(msg, _ENVELOPE_FROM, envelope.mail_from)
|
2020-05-09 17:30:21 +02:00
|
|
|
|
2020-11-02 14:53:22 +01:00
|
|
|
if not msg["Date"]:
|
|
|
|
date_header = formatdate()
|
|
|
|
msg["Date"] = date_header
|
|
|
|
|
2020-11-01 18:13:50 +01:00
|
|
|
# change the from header so the sender comes from a reverse-alias
|
2020-04-27 18:18:40 +02:00
|
|
|
# so it can pass DMARC check
|
|
|
|
# replace the email part in from: header
|
|
|
|
contact_from_header = msg["From"]
|
|
|
|
new_from_header = contact.new_addr()
|
|
|
|
add_or_replace_header(msg, "From", new_from_header)
|
|
|
|
LOG.d("new_from_header:%s, old header %s", new_from_header, contact_from_header)
|
|
|
|
|
2020-11-01 18:13:50 +01:00
|
|
|
# replace CC & To emails by reverse-alias for all emails that are not alias
|
2020-04-27 18:18:40 +02:00
|
|
|
replace_header_when_forward(msg, alias, "Cc")
|
|
|
|
replace_header_when_forward(msg, alias, "To")
|
|
|
|
|
|
|
|
# append alias into the TO header if it's not present in To or CC
|
|
|
|
if should_append_alias(msg, alias.email):
|
|
|
|
LOG.d("append alias %s to TO header %s", alias, msg["To"])
|
|
|
|
if msg["To"]:
|
|
|
|
to_header = msg["To"] + "," + alias.email
|
2020-03-28 23:19:25 +01:00
|
|
|
else:
|
2020-04-27 18:18:40 +02:00
|
|
|
to_header = alias.email
|
2020-02-19 16:17:13 +01:00
|
|
|
|
2020-04-27 18:18:40 +02:00
|
|
|
add_or_replace_header(msg, "To", to_header.strip())
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-04-27 18:18:40 +02:00
|
|
|
# add List-Unsubscribe header
|
2020-10-22 10:37:02 +02:00
|
|
|
unsubscribe_link, via_email = alias.unsubscribe_link()
|
|
|
|
add_or_replace_header(msg, "List-Unsubscribe", f"<{unsubscribe_link}>")
|
|
|
|
if not via_email:
|
2020-04-27 18:18:40 +02:00
|
|
|
add_or_replace_header(
|
|
|
|
msg, "List-Unsubscribe-Post", "List-Unsubscribe=One-Click"
|
2019-11-19 10:23:06 +01:00
|
|
|
)
|
2019-12-15 10:18:33 +01:00
|
|
|
|
2020-04-27 18:18:40 +02:00
|
|
|
add_dkim_signature(msg, EMAIL_DOMAIN)
|
|
|
|
|
|
|
|
LOG.d(
|
|
|
|
"Forward mail from %s to %s, mail_options %s, rcpt_options %s ",
|
|
|
|
contact.website_email,
|
2020-05-10 16:32:54 +02:00
|
|
|
mailbox.email,
|
2020-04-27 18:18:40 +02:00
|
|
|
envelope.mail_options,
|
|
|
|
envelope.rcpt_options,
|
|
|
|
)
|
|
|
|
|
2020-09-02 10:16:13 +02:00
|
|
|
try:
|
2020-09-29 12:57:14 +02:00
|
|
|
sl_sendmail(
|
2020-09-02 10:16:13 +02:00
|
|
|
contact.reply_email,
|
|
|
|
mailbox.email,
|
2020-09-29 12:57:14 +02:00
|
|
|
msg,
|
2020-09-02 10:16:13 +02:00
|
|
|
envelope.mail_options,
|
|
|
|
envelope.rcpt_options,
|
|
|
|
)
|
|
|
|
except SMTPRecipientsRefused:
|
|
|
|
# that means the mailbox is maybe invalid
|
2020-09-02 10:20:04 +02:00
|
|
|
LOG.warning(
|
2020-09-02 10:16:13 +02:00
|
|
|
"SMTPRecipientsRefused forward phase %s -> %s -> %s",
|
|
|
|
contact,
|
|
|
|
alias,
|
|
|
|
mailbox,
|
|
|
|
)
|
|
|
|
# return 421 so Postfix can retry later
|
|
|
|
return False, "421 SL E17 Retry later"
|
|
|
|
else:
|
|
|
|
db.session.commit()
|
|
|
|
return True, "250 Message accepted for delivery"
|
2019-11-19 10:23:06 +01:00
|
|
|
|
|
|
|
|
2020-09-30 11:05:21 +02:00
|
|
|
def handle_reply(envelope, msg: Message, rcpt_to: str) -> (bool, str):
|
2020-03-28 21:24:43 +01:00
|
|
|
"""
|
|
|
|
return whether an email has been delivered and
|
|
|
|
the smtp status ("250 Message accepted", "550 Non-existent email address", etc)
|
|
|
|
"""
|
2020-09-14 17:38:48 +02:00
|
|
|
reply_email = rcpt_to
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
# reply_email must end with EMAIL_DOMAIN
|
|
|
|
if not reply_email.endswith(EMAIL_DOMAIN):
|
|
|
|
LOG.warning(f"Reply email {reply_email} has wrong domain")
|
2020-04-13 19:33:45 +02:00
|
|
|
return False, "550 SL E2"
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-11-22 13:07:09 +01:00
|
|
|
# handle case where reply email is generated with non-allowed char
|
|
|
|
reply_email = normalize_reply_email(reply_email)
|
2020-11-18 16:11:00 +01:00
|
|
|
|
2020-03-17 10:56:59 +01:00
|
|
|
contact = Contact.get_by(reply_email=reply_email)
|
|
|
|
if not contact:
|
2020-02-19 16:17:13 +01:00
|
|
|
LOG.warning(f"No such forward-email with {reply_email} as reply-email")
|
2020-07-05 16:25:54 +02:00
|
|
|
return False, "550 SL E4 Email not exist"
|
2019-12-18 17:07:20 +01:00
|
|
|
|
2020-03-28 19:16:55 +01:00
|
|
|
alias = contact.alias
|
2020-03-17 11:51:40 +01:00
|
|
|
address: str = contact.alias.email
|
|
|
|
alias_domain = address[address.find("@") + 1 :]
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-10-15 16:21:31 +02:00
|
|
|
# Sanity check: verify alias domain is managed by SimpleLogin
|
|
|
|
# scenario: a user have removed a domain but due to a bug, the aliases are still there
|
|
|
|
if not is_valid_alias_address_domain(alias.email):
|
|
|
|
LOG.exception("%s domain isn't known", alias)
|
|
|
|
return False, "550 SL E5"
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-03-17 11:51:40 +01:00
|
|
|
user = alias.user
|
2020-09-14 17:38:48 +02:00
|
|
|
mail_from = envelope.mail_from
|
2020-02-19 16:17:13 +01:00
|
|
|
|
2020-10-04 12:49:27 +02:00
|
|
|
if user.disabled:
|
|
|
|
LOG.exception(
|
|
|
|
"User %s disabled, disable sending emails from %s to %s",
|
|
|
|
user,
|
|
|
|
alias,
|
|
|
|
contact,
|
|
|
|
)
|
|
|
|
return [(False, "550 SL E20 Account disabled")]
|
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
# bounce email initiated by Postfix
|
|
|
|
# can happen in case emails cannot be delivered to user-email
|
|
|
|
# in this case Postfix will try to send a bounce report to original sender, which is
|
|
|
|
# the "reply email"
|
2020-05-10 18:19:29 +02:00
|
|
|
if mail_from == "<>":
|
2020-03-29 23:12:06 +02:00
|
|
|
LOG.warning(
|
2020-08-27 10:20:48 +02:00
|
|
|
"Bounce when sending to alias %s from %s, user %s",
|
|
|
|
alias,
|
|
|
|
contact,
|
|
|
|
user,
|
2020-03-14 16:34:23 +01:00
|
|
|
)
|
2019-11-19 10:23:06 +01:00
|
|
|
|
2020-05-10 17:53:37 +02:00
|
|
|
handle_bounce(contact, alias, msg, user)
|
2020-04-13 19:33:45 +02:00
|
|
|
return False, "550 SL E6"
|
2020-02-19 16:17:13 +01:00
|
|
|
|
2020-09-28 17:43:09 +02:00
|
|
|
# Anti-spoofing
|
|
|
|
mailbox = get_mailbox_from_mail_from(mail_from, alias)
|
|
|
|
if not mailbox:
|
2020-08-26 14:39:51 +02:00
|
|
|
if alias.disable_email_spoofing_check:
|
|
|
|
# ignore this error, use default alias mailbox
|
|
|
|
LOG.warning(
|
|
|
|
"ignore unknown sender to reverse-alias %s: %s -> %s",
|
|
|
|
mail_from,
|
|
|
|
alias,
|
|
|
|
contact,
|
|
|
|
)
|
|
|
|
mailbox = alias.mailbox
|
|
|
|
else:
|
|
|
|
# only mailbox can send email to the reply-email
|
2020-09-16 17:24:42 +02:00
|
|
|
handle_unknown_mailbox(envelope, msg, reply_email, user, alias, contact)
|
2020-08-26 14:39:51 +02:00
|
|
|
return False, "550 SL E7"
|
2020-05-10 18:19:29 +02:00
|
|
|
|
2020-08-26 14:39:51 +02:00
|
|
|
if ENFORCE_SPF and mailbox.force_spf and not alias.disable_email_spoofing_check:
|
2020-05-09 22:54:55 +02:00
|
|
|
ip = msg[_IP_HEADER]
|
2020-05-10 10:37:56 +02:00
|
|
|
if not spf_pass(ip, envelope, mailbox, user, alias, contact.website_email, msg):
|
2020-05-11 10:21:44 +02:00
|
|
|
# cannot use 4** here as sender will retry. 5** because that generates bounce report
|
|
|
|
return True, "250 SL E11"
|
2020-05-07 13:28:04 +02:00
|
|
|
|
2020-08-16 14:28:47 +02:00
|
|
|
email_log = EmailLog.create(
|
2020-11-24 16:38:34 +01:00
|
|
|
contact_id=contact.id,
|
|
|
|
is_reply=True,
|
|
|
|
user_id=contact.user_id,
|
|
|
|
mailbox_id=mailbox.id,
|
2020-12-11 11:13:19 +01:00
|
|
|
commit=True,
|
2020-08-16 14:28:47 +02:00
|
|
|
)
|
|
|
|
|
2020-08-15 16:53:57 +02:00
|
|
|
# Spam check
|
|
|
|
spam_status = ""
|
|
|
|
is_spam = False
|
|
|
|
|
|
|
|
# do not use user.max_spam_score here
|
|
|
|
if SPAMASSASSIN_HOST:
|
2020-08-24 17:47:56 +02:00
|
|
|
start = time.time()
|
2020-12-11 11:05:01 +01:00
|
|
|
spam_score = get_spam_score(msg, email_log)
|
2020-08-24 17:47:56 +02:00
|
|
|
LOG.d(
|
|
|
|
"%s -> %s - spam score %s in %s seconds",
|
|
|
|
alias,
|
|
|
|
contact,
|
|
|
|
spam_score,
|
|
|
|
time.time() - start,
|
|
|
|
)
|
2020-08-16 14:28:47 +02:00
|
|
|
email_log.spam_score = spam_score
|
2020-08-15 16:53:57 +02:00
|
|
|
if spam_score > MAX_REPLY_PHASE_SPAM_SCORE:
|
|
|
|
is_spam = True
|
|
|
|
spam_status = "Spam detected by SpamAssassin server"
|
|
|
|
else:
|
|
|
|
is_spam, spam_status = get_spam_info(msg, max_score=MAX_REPLY_PHASE_SPAM_SCORE)
|
|
|
|
|
|
|
|
if is_spam:
|
|
|
|
LOG.exception(
|
2020-11-09 17:03:47 +01:00
|
|
|
"Reply phase - email sent from %s to %s detected as spam. %s",
|
|
|
|
alias,
|
|
|
|
contact,
|
|
|
|
user,
|
2020-08-15 16:53:57 +02:00
|
|
|
)
|
2020-08-16 14:28:47 +02:00
|
|
|
|
2020-08-15 16:53:57 +02:00
|
|
|
email_log.is_spam = True
|
|
|
|
email_log.spam_status = spam_status
|
|
|
|
db.session.commit()
|
|
|
|
|
2020-08-21 10:18:58 +02:00
|
|
|
handle_spam(contact, alias, msg, user, mailbox, email_log, is_reply=True)
|
2020-08-15 16:53:57 +02:00
|
|
|
return False, "550 SL E15 Email detected as spam"
|
|
|
|
|
2020-11-02 14:51:37 +01:00
|
|
|
delete_all_headers_except(
|
|
|
|
msg,
|
|
|
|
[
|
|
|
|
"From",
|
|
|
|
"To",
|
|
|
|
"Cc",
|
|
|
|
"Subject",
|
2020-12-11 11:13:19 +01:00
|
|
|
# References and In-Reply-To are used for keeping the email thread
|
|
|
|
"References",
|
|
|
|
"In-Reply-To",
|
2020-11-02 14:51:37 +01:00
|
|
|
]
|
|
|
|
+ _MIME_HEADERS,
|
|
|
|
)
|
2020-11-01 18:12:09 +01:00
|
|
|
|
2020-11-16 19:15:09 +01:00
|
|
|
# replace the reverse-alias (i.e. "ra+string@simplelogin.co") by the contact email in the email body
|
2020-11-01 18:02:43 +01:00
|
|
|
# as this is usually included when replying
|
|
|
|
if user.replace_reverse_alias:
|
2020-11-30 15:15:44 +01:00
|
|
|
LOG.d("Replace reverse-alias %s by contact email %s", reply_email, contact)
|
|
|
|
msg = replace(msg, reply_email, contact.website_email)
|
2020-11-01 18:02:43 +01:00
|
|
|
|
|
|
|
# create PGP email if needed
|
|
|
|
if contact.pgp_finger_print and user.is_premium():
|
|
|
|
LOG.d("Encrypt message for contact %s", contact)
|
|
|
|
try:
|
|
|
|
msg = prepare_pgp_message(
|
|
|
|
msg, contact.pgp_finger_print, contact.pgp_public_key
|
|
|
|
)
|
|
|
|
except PGPException:
|
|
|
|
LOG.exception(
|
|
|
|
"Cannot encrypt message %s -> %s. %s %s", alias, contact, mailbox, user
|
|
|
|
)
|
|
|
|
# to not save the email_log
|
2020-12-11 11:03:52 +01:00
|
|
|
EmailLog.delete(email_log.id)
|
|
|
|
db.session.commit()
|
2020-11-01 18:02:43 +01:00
|
|
|
# return 421 so the client can retry later
|
|
|
|
return False, "421 SL E13 Retry later"
|
|
|
|
|
2020-11-04 12:32:15 +01:00
|
|
|
db.session.commit()
|
|
|
|
|
2020-03-28 19:16:55 +01:00
|
|
|
# make the email comes from alias
|
2020-05-03 16:05:34 +02:00
|
|
|
from_header = alias.email
|
|
|
|
# add alias name from alias
|
2020-04-26 10:41:24 +02:00
|
|
|
if alias.name:
|
|
|
|
LOG.d("Put alias name in from header")
|
|
|
|
from_header = formataddr((alias.name, alias.email))
|
2020-05-03 16:05:34 +02:00
|
|
|
elif alias.custom_domain:
|
|
|
|
LOG.d("Put domain default alias name in from header")
|
|
|
|
|
|
|
|
# add alias name from domain
|
|
|
|
if alias.custom_domain.name:
|
|
|
|
from_header = formataddr((alias.custom_domain.name, alias.email))
|
|
|
|
|
2020-04-26 10:41:24 +02:00
|
|
|
add_or_replace_header(msg, "From", from_header)
|
2020-02-10 17:24:14 +01:00
|
|
|
|
2020-03-28 19:16:55 +01:00
|
|
|
replace_header_when_reply(msg, alias, "To")
|
|
|
|
replace_header_when_reply(msg, alias, "Cc")
|
2019-12-15 17:04:46 +01:00
|
|
|
|
2020-12-11 11:13:19 +01:00
|
|
|
# Message-ID can reveal about the mailbox -> replace it
|
2020-08-25 12:45:55 +02:00
|
|
|
add_or_replace_header(
|
|
|
|
msg,
|
2020-12-11 11:02:52 +01:00
|
|
|
"Message-ID",
|
2020-08-25 12:45:55 +02:00
|
|
|
make_msgid(str(email_log.id), get_email_domain_part(alias.email)),
|
|
|
|
)
|
2020-11-02 14:51:37 +01:00
|
|
|
date_header = formatdate()
|
|
|
|
msg["Date"] = date_header
|
2020-08-25 12:47:28 +02:00
|
|
|
|
2020-11-04 12:32:15 +01:00
|
|
|
msg[_DIRECTION] = "Reply"
|
|
|
|
msg[_EMAIL_LOG_ID_HEADER] = str(email_log.id)
|
2020-08-25 12:47:28 +02:00
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
LOG.d(
|
|
|
|
"send email from %s to %s, mail_options:%s,rcpt_options:%s",
|
2020-03-28 19:16:55 +01:00
|
|
|
alias.email,
|
2020-03-17 10:56:59 +01:00
|
|
|
contact.website_email,
|
2020-02-19 16:17:13 +01:00
|
|
|
envelope.mail_options,
|
|
|
|
envelope.rcpt_options,
|
|
|
|
)
|
2019-12-17 17:48:06 +01:00
|
|
|
|
2020-10-15 16:24:04 +02:00
|
|
|
if should_add_dkim_signature(alias_domain):
|
2020-02-19 16:17:13 +01:00
|
|
|
add_dkim_signature(msg, alias_domain)
|
2020-01-07 19:14:36 +01:00
|
|
|
|
2020-06-20 16:19:01 +02:00
|
|
|
try:
|
2020-09-29 12:57:14 +02:00
|
|
|
sl_sendmail(
|
2020-06-20 16:19:01 +02:00
|
|
|
alias.email,
|
|
|
|
contact.website_email,
|
2020-09-29 12:57:14 +02:00
|
|
|
msg,
|
2020-06-20 16:19:01 +02:00
|
|
|
envelope.mail_options,
|
|
|
|
envelope.rcpt_options,
|
|
|
|
)
|
|
|
|
except Exception:
|
2020-08-16 14:28:47 +02:00
|
|
|
# to not save the email_log
|
|
|
|
db.session.rollback()
|
|
|
|
|
2020-09-02 10:16:13 +02:00
|
|
|
LOG.warning("Cannot send email from %s to %s", alias, contact)
|
2020-06-20 16:19:01 +02:00
|
|
|
send_email(
|
|
|
|
mailbox.email,
|
|
|
|
f"Email cannot be sent to {contact.email} from {alias.email}",
|
|
|
|
render(
|
|
|
|
"transactional/reply-error.txt",
|
|
|
|
user=user,
|
|
|
|
alias=alias,
|
|
|
|
contact=contact,
|
|
|
|
contact_domain=get_email_domain_part(contact.email),
|
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/reply-error.html",
|
|
|
|
user=user,
|
|
|
|
alias=alias,
|
|
|
|
contact=contact,
|
|
|
|
contact_domain=get_email_domain_part(contact.email),
|
|
|
|
),
|
|
|
|
)
|
2020-01-07 19:14:36 +01:00
|
|
|
|
2020-09-02 10:16:13 +02:00
|
|
|
# return 250 even if error as user is already informed of the incident and can retry sending the email
|
2020-11-04 12:32:15 +01:00
|
|
|
|
2020-03-28 21:24:43 +01:00
|
|
|
return True, "250 Message accepted for delivery"
|
2019-11-20 18:52:49 +01:00
|
|
|
|
2020-01-08 12:44:29 +01:00
|
|
|
|
2020-09-28 17:41:16 +02:00
|
|
|
def get_mailbox_from_mail_from(mail_from: str, alias) -> Optional[Mailbox]:
|
|
|
|
"""return the corresponding mailbox given the mail_from and alias
|
|
|
|
Usually the mail_from=mailbox.email but it can also be one of the authorized address
|
|
|
|
"""
|
|
|
|
for mailbox in alias.mailboxes:
|
|
|
|
if mailbox.email == mail_from:
|
|
|
|
return mailbox
|
|
|
|
|
|
|
|
for address in mailbox.authorized_addresses:
|
|
|
|
if address.email == mail_from:
|
|
|
|
LOG.debug(
|
|
|
|
"Found an authorized address for %s %s %s", alias, mailbox, address
|
|
|
|
)
|
|
|
|
return mailbox
|
|
|
|
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
2020-05-09 23:09:11 +02:00
|
|
|
def spf_pass(
|
2020-05-10 10:37:56 +02:00
|
|
|
ip: str,
|
|
|
|
envelope,
|
|
|
|
mailbox: Mailbox,
|
|
|
|
user: User,
|
|
|
|
alias: Alias,
|
|
|
|
contact_email: str,
|
|
|
|
msg: Message,
|
2020-05-09 23:09:11 +02:00
|
|
|
) -> bool:
|
|
|
|
if ip:
|
|
|
|
LOG.d("Enforce SPF")
|
|
|
|
try:
|
2020-09-14 17:38:48 +02:00
|
|
|
r = spf.check2(i=ip, s=envelope.mail_from, h=None)
|
2020-05-09 23:09:11 +02:00
|
|
|
except Exception:
|
2020-07-17 12:59:07 +02:00
|
|
|
LOG.exception("SPF error, mailbox %s, ip %s", mailbox.email, ip)
|
2020-05-09 23:09:11 +02:00
|
|
|
else:
|
|
|
|
# TODO: Handle temperr case (e.g. dns timeout)
|
|
|
|
# only an absolute pass, or no SPF policy at all is 'valid'
|
|
|
|
if r[0] not in ["pass", "none"]:
|
2020-06-06 23:38:19 +02:00
|
|
|
LOG.warning(
|
2020-05-09 23:09:11 +02:00
|
|
|
"SPF fail for mailbox %s, reason %s, failed IP %s",
|
|
|
|
mailbox.email,
|
|
|
|
r[0],
|
|
|
|
ip,
|
|
|
|
)
|
2020-11-25 09:53:27 +01:00
|
|
|
subject = get_header_unicode(msg["Subject"])
|
2020-05-09 23:09:11 +02:00
|
|
|
send_email_with_rate_control(
|
|
|
|
user,
|
|
|
|
ALERT_SPF,
|
|
|
|
mailbox.email,
|
|
|
|
f"SimpleLogin Alert: attempt to send emails from your alias {alias.email} from unknown IP Address",
|
|
|
|
render(
|
|
|
|
"transactional/spf-fail.txt",
|
|
|
|
name=user.name,
|
|
|
|
alias=alias.email,
|
|
|
|
ip=ip,
|
|
|
|
mailbox_url=URL + f"/dashboard/mailbox/{mailbox.id}#spf",
|
2020-05-10 10:37:56 +02:00
|
|
|
to_email=contact_email,
|
2020-11-25 09:53:27 +01:00
|
|
|
subject=subject,
|
2020-05-10 10:37:56 +02:00
|
|
|
time=arrow.now(),
|
2020-05-09 23:09:11 +02:00
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/spf-fail.html",
|
|
|
|
name=user.name,
|
|
|
|
alias=alias.email,
|
|
|
|
ip=ip,
|
|
|
|
mailbox_url=URL + f"/dashboard/mailbox/{mailbox.id}#spf",
|
2020-05-10 10:37:56 +02:00
|
|
|
to_email=contact_email,
|
2020-11-25 09:53:27 +01:00
|
|
|
subject=subject,
|
2020-05-10 10:37:56 +02:00
|
|
|
time=arrow.now(),
|
2020-05-09 23:09:11 +02:00
|
|
|
),
|
|
|
|
)
|
|
|
|
return False
|
|
|
|
|
|
|
|
else:
|
|
|
|
LOG.warning(
|
|
|
|
"Could not find %s header %s -> %s",
|
|
|
|
_IP_HEADER,
|
|
|
|
mailbox.email,
|
|
|
|
contact_email,
|
|
|
|
)
|
|
|
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
2020-09-16 17:24:42 +02:00
|
|
|
def handle_unknown_mailbox(
|
|
|
|
envelope, msg, reply_email: str, user: User, alias: Alias, contact: Contact
|
|
|
|
):
|
2020-05-09 23:12:30 +02:00
|
|
|
LOG.warning(
|
2020-12-06 13:54:59 +01:00
|
|
|
"Reply email can only be used by mailbox. "
|
|
|
|
"Actual mail_from: %s. msg from header: %s, reverse-alias %s, %s %s %s",
|
2020-05-09 23:12:30 +02:00
|
|
|
envelope.mail_from,
|
|
|
|
msg["From"],
|
|
|
|
reply_email,
|
2020-05-10 18:19:29 +02:00
|
|
|
alias,
|
|
|
|
user,
|
2020-09-16 17:24:42 +02:00
|
|
|
contact,
|
2020-05-09 23:12:30 +02:00
|
|
|
)
|
|
|
|
|
2020-09-29 11:00:50 +02:00
|
|
|
authorize_address_link = (
|
|
|
|
f"{URL}/dashboard/mailbox/{alias.mailbox_id}/#authorized-address"
|
|
|
|
)
|
2020-09-29 13:03:15 +02:00
|
|
|
mailbox_emails = [mailbox.email for mailbox in alias.mailboxes]
|
2020-05-09 23:12:30 +02:00
|
|
|
send_email_with_rate_control(
|
|
|
|
user,
|
|
|
|
ALERT_REVERSE_ALIAS_UNKNOWN_MAILBOX,
|
2020-05-10 18:19:29 +02:00
|
|
|
user.email,
|
2020-08-27 11:12:48 +02:00
|
|
|
f"Attempt to use your alias {alias.email} from {envelope.mail_from}",
|
2020-05-09 23:12:30 +02:00
|
|
|
render(
|
|
|
|
"transactional/reply-must-use-personal-email.txt",
|
|
|
|
name=user.name,
|
2020-05-10 18:19:29 +02:00
|
|
|
alias=alias,
|
2020-05-09 23:12:30 +02:00
|
|
|
sender=envelope.mail_from,
|
2020-09-29 11:00:50 +02:00
|
|
|
authorize_address_link=authorize_address_link,
|
2020-09-29 13:11:04 +02:00
|
|
|
mailbox_emails=mailbox_emails,
|
2020-05-09 23:12:30 +02:00
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/reply-must-use-personal-email.html",
|
|
|
|
name=user.name,
|
2020-05-10 18:19:29 +02:00
|
|
|
alias=alias,
|
2020-05-09 23:12:30 +02:00
|
|
|
sender=envelope.mail_from,
|
2020-09-29 11:00:50 +02:00
|
|
|
authorize_address_link=authorize_address_link,
|
2020-09-29 13:11:04 +02:00
|
|
|
mailbox_emails=mailbox_emails,
|
2020-05-09 23:12:30 +02:00
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
# Notify sender that they cannot send emails to this address
|
|
|
|
send_email_with_rate_control(
|
|
|
|
user,
|
|
|
|
ALERT_REVERSE_ALIAS_UNKNOWN_MAILBOX,
|
|
|
|
envelope.mail_from,
|
|
|
|
f"Your email ({envelope.mail_from}) is not allowed to send emails to {reply_email}",
|
|
|
|
render(
|
|
|
|
"transactional/send-from-alias-from-unknown-sender.txt",
|
|
|
|
sender=envelope.mail_from,
|
|
|
|
reply_email=reply_email,
|
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/send-from-alias-from-unknown-sender.html",
|
|
|
|
sender=envelope.mail_from,
|
|
|
|
reply_email=reply_email,
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2020-05-10 17:53:37 +02:00
|
|
|
def handle_bounce(contact: Contact, alias: Alias, msg: Message, user: User):
|
2020-11-24 16:38:54 +01:00
|
|
|
"""
|
|
|
|
Handle bounce that is sent to the reverse-alias
|
|
|
|
Happens when an email cannot be to a mailbox
|
|
|
|
"""
|
2020-03-17 11:51:40 +01:00
|
|
|
disable_alias_link = f"{URL}/dashboard/unsubscribe/{alias.id}"
|
2020-02-22 14:57:19 +01:00
|
|
|
|
2020-08-24 10:23:49 +02:00
|
|
|
# Store the bounced email
|
2020-03-15 18:39:59 +01:00
|
|
|
# generate a name for the email
|
|
|
|
random_name = str(uuid.uuid4())
|
2020-03-14 16:34:23 +01:00
|
|
|
|
|
|
|
full_report_path = f"refused-emails/full-{random_name}.eml"
|
2020-11-09 17:02:10 +01:00
|
|
|
s3.upload_email_from_bytesio(full_report_path, BytesIO(to_bytes(msg)), random_name)
|
2020-03-14 16:34:23 +01:00
|
|
|
|
2020-05-17 14:01:55 +02:00
|
|
|
file_path = None
|
2020-11-24 16:50:55 +01:00
|
|
|
|
2020-05-16 18:24:51 +02:00
|
|
|
orig_msg = get_orig_message_from_bounce(msg)
|
2020-05-10 17:53:37 +02:00
|
|
|
if not orig_msg:
|
2020-05-17 14:01:55 +02:00
|
|
|
# Some MTA does not return the original message in bounce message
|
|
|
|
# nothing we can do here
|
2020-05-21 20:05:07 +02:00
|
|
|
LOG.warning(
|
2020-05-16 18:24:51 +02:00
|
|
|
"Cannot parse original message from bounce message %s %s %s %s",
|
2020-05-10 17:53:37 +02:00
|
|
|
alias,
|
|
|
|
user,
|
|
|
|
contact,
|
2020-05-16 18:24:51 +02:00
|
|
|
full_report_path,
|
2020-03-22 16:56:08 +01:00
|
|
|
)
|
2020-05-17 14:01:55 +02:00
|
|
|
else:
|
|
|
|
file_path = f"refused-emails/{random_name}.eml"
|
2020-11-09 17:02:10 +01:00
|
|
|
s3.upload_email_from_bytesio(file_path, BytesIO(to_bytes(msg)), random_name)
|
2020-08-20 14:27:05 +02:00
|
|
|
|
2020-03-14 16:34:23 +01:00
|
|
|
refused_email = RefusedEmail.create(
|
|
|
|
path=file_path, full_report_path=full_report_path, user_id=user.id
|
|
|
|
)
|
|
|
|
db.session.flush()
|
2020-08-24 10:23:49 +02:00
|
|
|
LOG.d("Create refused email %s", refused_email)
|
|
|
|
|
2020-11-24 16:50:55 +01:00
|
|
|
# try to parse email_log
|
|
|
|
email_log = None
|
|
|
|
try:
|
|
|
|
email_log_id = int(get_header_from_bounce(msg, _EMAIL_LOG_ID_HEADER))
|
|
|
|
except Exception:
|
|
|
|
LOG.warning("cannot get email log id from bounce report, %s", refused_email)
|
|
|
|
else:
|
|
|
|
email_log = EmailLog.get(email_log_id)
|
2020-08-24 10:23:49 +02:00
|
|
|
|
2020-11-24 16:50:55 +01:00
|
|
|
# create new email_log if unable to parse from bounce report
|
2020-08-20 14:27:05 +02:00
|
|
|
if not email_log:
|
|
|
|
LOG.warning("cannot get the original email_log, create a new one")
|
|
|
|
email_log: EmailLog = EmailLog.create(
|
|
|
|
contact_id=contact.id, user_id=contact.user_id
|
|
|
|
)
|
2020-08-20 14:28:57 +02:00
|
|
|
|
2020-11-24 16:50:55 +01:00
|
|
|
# try to get mailbox
|
|
|
|
mailbox = None
|
|
|
|
if email_log:
|
|
|
|
mailbox = email_log.mailbox
|
|
|
|
|
|
|
|
# use the default mailbox if unable to parse from bounce report
|
|
|
|
if not mailbox:
|
|
|
|
LOG.warning("Use %s default mailbox %s", alias, refused_email)
|
|
|
|
mailbox = alias.mailbox
|
|
|
|
|
2020-08-20 14:27:05 +02:00
|
|
|
email_log.bounced = True
|
2020-04-04 19:21:31 +02:00
|
|
|
email_log.refused_email_id = refused_email.id
|
2020-05-10 18:35:13 +02:00
|
|
|
email_log.bounced_mailbox_id = mailbox.id
|
2020-03-14 16:34:23 +01:00
|
|
|
db.session.commit()
|
|
|
|
|
2020-12-06 13:54:59 +01:00
|
|
|
refused_email_url = f"{URL}/dashboard/refused_email?highlight_id={email_log.id}"
|
2020-03-14 16:34:23 +01:00
|
|
|
|
2020-08-21 10:32:10 +02:00
|
|
|
nb_bounced = EmailLog.filter_by(contact_id=contact.id, bounced=True).count()
|
2020-08-24 10:48:54 +02:00
|
|
|
if nb_bounced >= 2 and alias.cannot_be_disabled:
|
|
|
|
LOG.warning("%s cannot be disabled", alias)
|
|
|
|
|
2020-02-22 14:57:19 +01:00
|
|
|
# inform user if this is the first bounced email
|
2020-08-24 10:48:54 +02:00
|
|
|
if nb_bounced == 1 or (nb_bounced >= 2 and alias.cannot_be_disabled):
|
2020-02-22 14:57:19 +01:00
|
|
|
LOG.d(
|
|
|
|
"Inform user %s about bounced email sent by %s to alias %s",
|
|
|
|
user,
|
2020-04-05 11:59:24 +02:00
|
|
|
contact.website_email,
|
2020-08-21 10:32:10 +02:00
|
|
|
alias,
|
2020-02-22 14:57:19 +01:00
|
|
|
)
|
2020-05-09 20:45:04 +02:00
|
|
|
send_email_with_rate_control(
|
|
|
|
user,
|
|
|
|
ALERT_BOUNCE_EMAIL,
|
2020-03-15 12:15:11 +01:00
|
|
|
user.email,
|
2020-08-21 10:32:10 +02:00
|
|
|
f"Email from {contact.website_email} to {alias.email} cannot be delivered to your inbox",
|
2020-02-22 14:57:19 +01:00
|
|
|
render(
|
|
|
|
"transactional/bounced-email.txt",
|
|
|
|
name=user.name,
|
|
|
|
alias=alias,
|
2020-03-17 10:56:59 +01:00
|
|
|
website_email=contact.website_email,
|
2020-02-22 14:57:19 +01:00
|
|
|
disable_alias_link=disable_alias_link,
|
2020-03-14 16:34:23 +01:00
|
|
|
refused_email_url=refused_email_url,
|
2020-05-10 17:53:37 +02:00
|
|
|
mailbox_email=mailbox.email,
|
2020-02-22 14:57:19 +01:00
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/bounced-email.html",
|
|
|
|
name=user.name,
|
|
|
|
alias=alias,
|
2020-03-17 10:56:59 +01:00
|
|
|
website_email=contact.website_email,
|
2020-02-22 14:57:19 +01:00
|
|
|
disable_alias_link=disable_alias_link,
|
2020-03-14 16:34:23 +01:00
|
|
|
refused_email_url=refused_email_url,
|
2020-05-10 17:53:37 +02:00
|
|
|
mailbox_email=mailbox.email,
|
2020-02-22 14:57:19 +01:00
|
|
|
),
|
|
|
|
)
|
|
|
|
# disable the alias the second time email is bounced
|
|
|
|
elif nb_bounced >= 2:
|
2020-08-24 10:48:54 +02:00
|
|
|
LOG.d(
|
|
|
|
"Bounce happens again with alias %s from %s. Disable alias now ",
|
|
|
|
alias,
|
|
|
|
contact.website_email,
|
|
|
|
)
|
|
|
|
alias.enabled = False
|
|
|
|
db.session.commit()
|
2020-02-22 14:57:19 +01:00
|
|
|
|
2020-05-09 20:45:04 +02:00
|
|
|
send_email_with_rate_control(
|
|
|
|
user,
|
|
|
|
ALERT_BOUNCE_EMAIL,
|
2020-03-15 12:15:11 +01:00
|
|
|
user.email,
|
2020-08-21 10:32:10 +02:00
|
|
|
f"Alias {alias.email} has been disabled due to second undelivered email from {contact.website_email}",
|
2020-02-22 14:57:19 +01:00
|
|
|
render(
|
|
|
|
"transactional/automatic-disable-alias.txt",
|
|
|
|
name=user.name,
|
|
|
|
alias=alias,
|
2020-03-17 10:56:59 +01:00
|
|
|
website_email=contact.website_email,
|
2020-03-15 10:50:46 +01:00
|
|
|
refused_email_url=refused_email_url,
|
2020-05-10 17:53:37 +02:00
|
|
|
mailbox_email=mailbox.email,
|
2020-02-22 14:57:19 +01:00
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/automatic-disable-alias.html",
|
|
|
|
name=user.name,
|
|
|
|
alias=alias,
|
2020-03-17 10:56:59 +01:00
|
|
|
website_email=contact.website_email,
|
2020-03-15 10:50:46 +01:00
|
|
|
refused_email_url=refused_email_url,
|
2020-05-10 17:53:37 +02:00
|
|
|
mailbox_email=mailbox.email,
|
2020-02-22 14:57:19 +01:00
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2020-11-04 12:32:15 +01:00
|
|
|
def handle_bounce_reply_phase(alias: Alias, msg: Message, user: User):
|
|
|
|
"""
|
|
|
|
Handle bounce that is sent to alias
|
|
|
|
Happens when an email cannot be sent from an alias to a contact
|
|
|
|
"""
|
2020-11-04 15:38:26 +01:00
|
|
|
try:
|
|
|
|
email_log_id = int(get_header_from_bounce(msg, _EMAIL_LOG_ID_HEADER))
|
|
|
|
except Exception:
|
|
|
|
# save the data for debugging
|
|
|
|
file_path = f"/tmp/{random_string(10)}.eml"
|
|
|
|
with open(file_path, "wb") as f:
|
2020-11-09 17:02:10 +01:00
|
|
|
f.write(to_bytes(msg))
|
2020-11-04 15:38:26 +01:00
|
|
|
|
|
|
|
LOG.exception(
|
|
|
|
"Cannot get email-log-id from bounced report, %s %s %s",
|
|
|
|
alias,
|
|
|
|
user,
|
|
|
|
file_path,
|
|
|
|
)
|
|
|
|
return
|
|
|
|
|
|
|
|
email_log = EmailLog.get(email_log_id)
|
|
|
|
contact = email_log.contact
|
|
|
|
|
2020-11-04 12:32:15 +01:00
|
|
|
# Store the bounced email
|
|
|
|
# generate a name for the email
|
|
|
|
random_name = str(uuid.uuid4())
|
|
|
|
|
|
|
|
full_report_path = f"refused-emails/full-{random_name}.eml"
|
2020-11-09 17:02:10 +01:00
|
|
|
s3.upload_email_from_bytesio(full_report_path, BytesIO(to_bytes(msg)), random_name)
|
2020-11-04 12:32:15 +01:00
|
|
|
|
|
|
|
orig_msg = get_orig_message_from_bounce(msg)
|
2020-11-04 15:38:26 +01:00
|
|
|
file_path = None
|
|
|
|
if orig_msg:
|
|
|
|
file_path = f"refused-emails/{random_name}.eml"
|
|
|
|
s3.upload_email_from_bytesio(
|
2020-11-09 17:02:10 +01:00
|
|
|
file_path, BytesIO(to_bytes(orig_msg)), random_name
|
2020-11-04 15:38:26 +01:00
|
|
|
)
|
2020-11-04 12:32:15 +01:00
|
|
|
|
2020-11-04 15:38:26 +01:00
|
|
|
refused_email = RefusedEmail.create(
|
|
|
|
path=file_path, full_report_path=full_report_path, user_id=user.id, commit=True
|
|
|
|
)
|
|
|
|
LOG.d("Create refused email %s", refused_email)
|
2020-11-04 12:32:15 +01:00
|
|
|
|
2020-11-04 15:38:26 +01:00
|
|
|
email_log.bounced = True
|
|
|
|
email_log.refused_email_id = refused_email.id
|
2020-11-04 12:32:15 +01:00
|
|
|
|
2020-11-24 16:50:55 +01:00
|
|
|
mailbox = email_log.mailbox or alias.mailbox
|
|
|
|
email_log.bounced_mailbox_id = mailbox.id
|
|
|
|
|
|
|
|
db.session.commit()
|
2020-11-04 12:32:15 +01:00
|
|
|
|
2020-12-06 13:54:59 +01:00
|
|
|
refused_email_url = f"{URL}/dashboard/refused_email?highlight_id={email_log.id}"
|
2020-11-04 12:32:15 +01:00
|
|
|
|
|
|
|
LOG.d(
|
|
|
|
"Inform user %s about bounced email sent by %s to %s",
|
|
|
|
user,
|
|
|
|
alias,
|
|
|
|
contact,
|
|
|
|
)
|
|
|
|
send_email_with_rate_control(
|
|
|
|
user,
|
|
|
|
ALERT_BOUNCE_EMAIL_REPLY_PHASE,
|
|
|
|
mailbox.email,
|
|
|
|
f"Email cannot be sent to { contact.email } from your alias { alias.email }",
|
|
|
|
render(
|
|
|
|
"transactional/bounce-email-reply-phase.txt",
|
|
|
|
alias=alias,
|
|
|
|
contact=contact,
|
|
|
|
refused_email_url=refused_email_url,
|
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/bounce-email-reply-phase.html",
|
|
|
|
alias=alias,
|
|
|
|
contact=contact,
|
|
|
|
refused_email_url=refused_email_url,
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2020-03-30 22:05:31 +02:00
|
|
|
def handle_spam(
|
|
|
|
contact: Contact,
|
|
|
|
alias: Alias,
|
|
|
|
msg: Message,
|
|
|
|
user: User,
|
2020-08-21 10:18:58 +02:00
|
|
|
mailbox: Mailbox,
|
2020-04-27 18:18:40 +02:00
|
|
|
email_log: EmailLog,
|
2020-08-15 16:53:57 +02:00
|
|
|
is_reply=False, # whether the email is in forward or reply phase
|
2020-03-30 22:05:31 +02:00
|
|
|
):
|
|
|
|
# Store the report & original email
|
|
|
|
orig_msg = get_orig_message_from_spamassassin_report(msg)
|
|
|
|
# generate a name for the email
|
|
|
|
random_name = str(uuid.uuid4())
|
|
|
|
|
2020-04-02 18:09:05 +02:00
|
|
|
full_report_path = f"spams/full-{random_name}.eml"
|
2020-11-09 17:02:10 +01:00
|
|
|
s3.upload_email_from_bytesio(full_report_path, BytesIO(to_bytes(msg)), random_name)
|
2020-03-30 22:05:31 +02:00
|
|
|
|
|
|
|
file_path = None
|
|
|
|
if orig_msg:
|
2020-04-02 18:09:05 +02:00
|
|
|
file_path = f"spams/{random_name}.eml"
|
2020-03-30 22:05:31 +02:00
|
|
|
s3.upload_email_from_bytesio(
|
2020-11-09 17:02:10 +01:00
|
|
|
file_path, BytesIO(to_bytes(orig_msg)), random_name
|
2020-03-30 22:05:31 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
refused_email = RefusedEmail.create(
|
|
|
|
path=file_path, full_report_path=full_report_path, user_id=user.id
|
|
|
|
)
|
|
|
|
db.session.flush()
|
|
|
|
|
|
|
|
email_log.refused_email_id = refused_email.id
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
LOG.d("Create spam email %s", refused_email)
|
|
|
|
|
2020-12-06 13:54:59 +01:00
|
|
|
refused_email_url = f"{URL}/dashboard/refused_email?highlight_id={email_log.id}"
|
2020-03-30 22:05:31 +02:00
|
|
|
disable_alias_link = f"{URL}/dashboard/unsubscribe/{alias.id}"
|
|
|
|
|
2020-08-15 16:53:57 +02:00
|
|
|
if is_reply:
|
|
|
|
LOG.d(
|
2020-12-02 12:40:29 +01:00
|
|
|
"Inform %s (%s) about spam email sent from alias %s to %s. %s",
|
2020-08-21 10:20:08 +02:00
|
|
|
mailbox,
|
2020-08-15 16:53:57 +02:00
|
|
|
user,
|
|
|
|
alias,
|
|
|
|
contact,
|
2020-12-02 12:40:29 +01:00
|
|
|
refused_email,
|
2020-08-15 16:53:57 +02:00
|
|
|
)
|
|
|
|
send_email_with_rate_control(
|
|
|
|
user,
|
|
|
|
ALERT_SPAM_EMAIL,
|
2020-08-21 10:18:58 +02:00
|
|
|
mailbox.email,
|
2020-11-18 16:16:37 +01:00
|
|
|
f"Email from {alias.email} to {contact.website_email} is detected as spam",
|
2020-08-15 16:53:57 +02:00
|
|
|
render(
|
|
|
|
"transactional/spam-email-reply-phase.txt",
|
|
|
|
name=user.name,
|
|
|
|
alias=alias,
|
|
|
|
website_email=contact.website_email,
|
|
|
|
disable_alias_link=disable_alias_link,
|
|
|
|
refused_email_url=refused_email_url,
|
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/spam-email-reply-phase.html",
|
|
|
|
name=user.name,
|
|
|
|
alias=alias,
|
|
|
|
website_email=contact.website_email,
|
|
|
|
disable_alias_link=disable_alias_link,
|
|
|
|
refused_email_url=refused_email_url,
|
|
|
|
),
|
|
|
|
)
|
|
|
|
else:
|
|
|
|
# inform user
|
|
|
|
LOG.d(
|
2020-08-21 10:20:08 +02:00
|
|
|
"Inform %s (%s) about spam email sent by %s to alias %s",
|
|
|
|
mailbox,
|
2020-08-15 16:53:57 +02:00
|
|
|
user,
|
|
|
|
contact,
|
|
|
|
alias,
|
|
|
|
)
|
|
|
|
send_email_with_rate_control(
|
|
|
|
user,
|
|
|
|
ALERT_SPAM_EMAIL,
|
2020-08-21 10:18:58 +02:00
|
|
|
mailbox.email,
|
2020-08-15 16:53:57 +02:00
|
|
|
f"Email from {contact.website_email} to {alias.email} is detected as spam",
|
|
|
|
render(
|
|
|
|
"transactional/spam-email.txt",
|
|
|
|
name=user.name,
|
|
|
|
alias=alias,
|
|
|
|
website_email=contact.website_email,
|
|
|
|
disable_alias_link=disable_alias_link,
|
|
|
|
refused_email_url=refused_email_url,
|
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/spam-email.html",
|
|
|
|
name=user.name,
|
|
|
|
alias=alias,
|
|
|
|
website_email=contact.website_email,
|
|
|
|
disable_alias_link=disable_alias_link,
|
|
|
|
refused_email_url=refused_email_url,
|
|
|
|
),
|
|
|
|
)
|
2020-03-30 22:05:31 +02:00
|
|
|
|
|
|
|
|
2020-10-22 10:34:52 +02:00
|
|
|
def handle_unsubscribe(envelope: Envelope) -> str:
|
|
|
|
"""return the SMTP status"""
|
2020-04-02 18:10:08 +02:00
|
|
|
msg = email.message_from_bytes(envelope.original_content)
|
2020-03-28 23:19:25 +01:00
|
|
|
|
|
|
|
# format: alias_id:
|
|
|
|
subject = msg["Subject"]
|
|
|
|
try:
|
2020-04-24 09:09:11 +02:00
|
|
|
# subject has the format {alias.id}=
|
|
|
|
if subject.endswith("="):
|
|
|
|
alias_id = int(subject[:-1])
|
2020-10-22 10:34:52 +02:00
|
|
|
# {user.id}*
|
|
|
|
elif subject.endswith("*"):
|
|
|
|
user_id = int(subject[:-1])
|
|
|
|
return handle_unsubscribe_user(user_id, envelope.mail_from)
|
2020-04-24 09:09:11 +02:00
|
|
|
# some email providers might strip off the = suffix
|
|
|
|
else:
|
|
|
|
alias_id = int(subject)
|
|
|
|
|
2020-03-28 23:19:25 +01:00
|
|
|
alias = Alias.get(alias_id)
|
|
|
|
except Exception:
|
|
|
|
LOG.warning("Cannot parse alias from subject %s", msg["Subject"])
|
2020-07-05 16:25:54 +02:00
|
|
|
return "550 SL E8 Wrongly formatted subject"
|
2020-03-28 23:19:25 +01:00
|
|
|
|
|
|
|
if not alias:
|
|
|
|
LOG.warning("No such alias %s", alias_id)
|
2020-07-05 16:25:54 +02:00
|
|
|
return "550 SL E9 Email not exist"
|
2020-03-28 23:19:25 +01:00
|
|
|
|
|
|
|
# This sender cannot unsubscribe
|
2020-09-14 17:38:48 +02:00
|
|
|
mail_from = envelope.mail_from
|
2020-10-23 13:29:20 +02:00
|
|
|
# Only alias's owning mailbox can send the unsubscribe request
|
|
|
|
mailbox = get_mailbox_from_mail_from(mail_from, alias)
|
|
|
|
if not mailbox:
|
2020-03-28 23:19:25 +01:00
|
|
|
LOG.d("%s cannot disable alias %s", envelope.mail_from, alias)
|
2020-07-05 16:25:54 +02:00
|
|
|
return "550 SL E10 unauthorized"
|
2020-03-28 23:19:25 +01:00
|
|
|
|
|
|
|
# Sender is owner of this alias
|
|
|
|
alias.enabled = False
|
|
|
|
db.session.commit()
|
|
|
|
user = alias.user
|
|
|
|
|
|
|
|
enable_alias_url = URL + f"/dashboard/?highlight_alias_id={alias.id}"
|
2020-05-10 18:23:43 +02:00
|
|
|
for mailbox in alias.mailboxes:
|
|
|
|
send_email(
|
|
|
|
mailbox.email,
|
|
|
|
f"Alias {alias.email} has been disabled successfully",
|
|
|
|
render(
|
|
|
|
"transactional/unsubscribe-disable-alias.txt",
|
|
|
|
user=user,
|
|
|
|
alias=alias.email,
|
|
|
|
enable_alias_url=enable_alias_url,
|
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/unsubscribe-disable-alias.html",
|
|
|
|
user=user,
|
|
|
|
alias=alias.email,
|
|
|
|
enable_alias_url=enable_alias_url,
|
|
|
|
),
|
|
|
|
)
|
2020-03-28 23:19:25 +01:00
|
|
|
|
|
|
|
return "250 Unsubscribe request accepted"
|
|
|
|
|
|
|
|
|
2020-10-22 10:34:52 +02:00
|
|
|
def handle_unsubscribe_user(user_id: int, mail_from: str) -> str:
|
|
|
|
"""return the SMTP status"""
|
|
|
|
user = User.get(user_id)
|
|
|
|
if not user:
|
|
|
|
LOG.exception("No such user %s %s", user_id, mail_from)
|
|
|
|
return "550 SL E22 so such user"
|
|
|
|
|
|
|
|
if mail_from != user.email:
|
|
|
|
LOG.exception("Unauthorized mail_from %s %s", user, mail_from)
|
|
|
|
return "550 SL E23 unsubscribe error"
|
|
|
|
|
|
|
|
user.notification = False
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
send_email(
|
|
|
|
user.email,
|
2020-12-06 13:54:59 +01:00
|
|
|
"You have been unsubscribed from SimpleLogin newsletter",
|
2020-10-22 10:34:52 +02:00
|
|
|
render(
|
|
|
|
"transactional/unsubscribe-newsletter.txt",
|
|
|
|
user=user,
|
|
|
|
),
|
|
|
|
render(
|
|
|
|
"transactional/unsubscribe-newsletter.html",
|
|
|
|
user=user,
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
2020-10-22 12:26:45 +02:00
|
|
|
return "250 Unsubscribe request accepted"
|
|
|
|
|
2020-10-22 10:34:52 +02:00
|
|
|
|
2020-06-10 13:57:23 +02:00
|
|
|
def handle_sender_email(envelope: Envelope):
|
|
|
|
filename = (
|
|
|
|
arrow.now().format("YYYY-MM-DD_HH-mm-ss") + "_" + random_string(10) + ".eml"
|
|
|
|
)
|
|
|
|
filepath = os.path.join(SENDER_DIR, filename)
|
|
|
|
|
|
|
|
with open(filepath, "wb") as f:
|
|
|
|
f.write(envelope.original_content)
|
|
|
|
|
|
|
|
LOG.d("Write email to sender at %s", filepath)
|
|
|
|
|
|
|
|
msg = email.message_from_bytes(envelope.original_content)
|
|
|
|
orig = get_orig_message_from_bounce(msg)
|
|
|
|
if orig:
|
|
|
|
LOG.warning(
|
|
|
|
"Original message %s -> %s saved at %s", orig["From"], orig["To"], filepath
|
|
|
|
)
|
|
|
|
|
|
|
|
return "250 email to sender accepted"
|
|
|
|
|
|
|
|
|
2020-09-30 11:05:21 +02:00
|
|
|
def handle(envelope: Envelope) -> str:
|
2020-04-04 16:09:24 +02:00
|
|
|
"""Return SMTP status"""
|
2020-09-14 17:19:29 +02:00
|
|
|
|
|
|
|
# sanitize mail_from, rcpt_tos
|
|
|
|
mail_from = envelope.mail_from.lower().strip().replace(" ", "")
|
|
|
|
rcpt_tos = [
|
|
|
|
rcpt_to.lower().strip().replace(" ", "") for rcpt_to in envelope.rcpt_tos
|
|
|
|
]
|
|
|
|
envelope.mail_from = mail_from
|
|
|
|
envelope.rcpt_tos = rcpt_tos
|
|
|
|
|
2020-04-04 16:09:24 +02:00
|
|
|
# unsubscribe request
|
2020-09-14 17:19:29 +02:00
|
|
|
if UNSUBSCRIBER and rcpt_tos == [UNSUBSCRIBER]:
|
|
|
|
LOG.d("Handle unsubscribe request from %s", mail_from)
|
2020-04-04 16:09:24 +02:00
|
|
|
return handle_unsubscribe(envelope)
|
|
|
|
|
2020-06-10 13:57:23 +02:00
|
|
|
# emails sent to sender. Probably bounce emails
|
2020-09-14 17:19:29 +02:00
|
|
|
if SENDER and rcpt_tos == [SENDER]:
|
|
|
|
LOG.d("Handle email sent to sender from %s", mail_from)
|
2020-06-10 13:57:23 +02:00
|
|
|
return handle_sender_email(envelope)
|
|
|
|
|
2020-04-04 16:27:22 +02:00
|
|
|
# Whether it's necessary to apply greylisting
|
2020-09-14 17:19:29 +02:00
|
|
|
if greylisting_needed(mail_from, rcpt_tos):
|
|
|
|
LOG.warning("Grey listing applied for %s %s", mail_from, rcpt_tos)
|
2020-04-04 16:27:22 +02:00
|
|
|
return "421 SL Retry later"
|
|
|
|
|
2020-04-04 16:09:24 +02:00
|
|
|
# result of all deliveries
|
|
|
|
# each element is a couple of whether the delivery is successful and the smtp status
|
|
|
|
res: [(bool, str)] = []
|
|
|
|
|
2020-09-14 17:19:29 +02:00
|
|
|
for rcpt_to in rcpt_tos:
|
2020-11-14 15:55:53 +01:00
|
|
|
if rcpt_to == NOREPLY:
|
|
|
|
LOG.exception("email sent to noreply address from %s", mail_from)
|
|
|
|
return "550 SL E25 Email sent to noreply address"
|
|
|
|
|
2020-04-04 16:09:24 +02:00
|
|
|
msg = email.message_from_bytes(envelope.original_content)
|
|
|
|
|
|
|
|
# Reply case
|
|
|
|
# recipient starts with "reply+" or "ra+" (ra=reverse-alias) prefix
|
2020-11-16 19:22:19 +01:00
|
|
|
if is_reply_email(rcpt_to):
|
2020-11-04 19:42:20 +01:00
|
|
|
LOG.debug("Reply phase %s(%s) -> %s", mail_from, msg["From"], rcpt_to)
|
2020-09-30 11:05:21 +02:00
|
|
|
is_delivered, smtp_status = handle_reply(envelope, msg, rcpt_to)
|
2020-04-04 16:09:24 +02:00
|
|
|
res.append((is_delivered, smtp_status))
|
|
|
|
else: # Forward case
|
2020-07-23 10:32:10 +02:00
|
|
|
LOG.debug(
|
2020-11-04 19:42:20 +01:00
|
|
|
"Forward phase %s(%s) -> %s",
|
2020-09-14 17:19:29 +02:00
|
|
|
mail_from,
|
2020-07-23 10:32:10 +02:00
|
|
|
msg["From"],
|
|
|
|
rcpt_to,
|
|
|
|
)
|
2020-09-30 11:05:21 +02:00
|
|
|
for is_delivered, smtp_status in handle_forward(envelope, msg, rcpt_to):
|
2020-05-10 16:57:47 +02:00
|
|
|
res.append((is_delivered, smtp_status))
|
2020-04-04 16:09:24 +02:00
|
|
|
|
|
|
|
for (is_success, smtp_status) in res:
|
|
|
|
# Consider all deliveries successful if 1 delivery is successful
|
|
|
|
if is_success:
|
|
|
|
return smtp_status
|
|
|
|
|
|
|
|
# Failed delivery for all, return the first failure
|
|
|
|
return res[0][1]
|
|
|
|
|
|
|
|
|
2020-09-30 11:05:21 +02:00
|
|
|
async def get_spam_score_async(message: Message) -> float:
|
2020-08-21 12:01:11 +02:00
|
|
|
sa_input = to_bytes(message)
|
2020-08-16 14:34:50 +02:00
|
|
|
|
|
|
|
# Spamassassin requires to have an ending linebreak
|
|
|
|
if not sa_input.endswith(b"\n"):
|
|
|
|
LOG.d("add linebreak to spamassassin input")
|
|
|
|
sa_input += b"\n"
|
|
|
|
|
2020-08-16 10:22:16 +02:00
|
|
|
try:
|
2020-08-17 11:41:33 +02:00
|
|
|
# wait for at max 300s which is the default spamd timeout-child
|
2020-08-16 10:22:16 +02:00
|
|
|
response = await asyncio.wait_for(
|
2020-09-17 17:03:20 +02:00
|
|
|
aiospamc.check(sa_input, host=SPAMASSASSIN_HOST), timeout=300
|
2020-08-16 10:22:16 +02:00
|
|
|
)
|
|
|
|
return response.headers["Spam"].score
|
|
|
|
except asyncio.TimeoutError:
|
2020-08-16 21:54:19 +02:00
|
|
|
LOG.exception("SpamAssassin timeout")
|
2020-08-16 10:22:16 +02:00
|
|
|
# return a negative score so the message is always considered as ham
|
2020-08-16 14:34:50 +02:00
|
|
|
return -999
|
2020-08-16 21:54:19 +02:00
|
|
|
except Exception:
|
|
|
|
LOG.exception("SpamAssassin exception")
|
|
|
|
return -999
|
2020-08-15 16:38:16 +02:00
|
|
|
|
|
|
|
|
2020-12-11 11:05:01 +01:00
|
|
|
def get_spam_score(message: Message, email_log: EmailLog) -> float:
|
|
|
|
LOG.debug("get spam score for %s", email_log)
|
2020-09-30 11:05:21 +02:00
|
|
|
sa_input = to_bytes(message)
|
|
|
|
|
|
|
|
# Spamassassin requires to have an ending linebreak
|
|
|
|
if not sa_input.endswith(b"\n"):
|
|
|
|
LOG.d("add linebreak to spamassassin input")
|
|
|
|
sa_input += b"\n"
|
|
|
|
|
|
|
|
try:
|
2020-09-30 14:03:19 +02:00
|
|
|
# wait for at max 300s which is the default spamd timeout-child
|
|
|
|
sa = SpamAssassin(sa_input, host=SPAMASSASSIN_HOST, timeout=300)
|
2020-12-02 12:40:29 +01:00
|
|
|
score = sa.get_score()
|
|
|
|
LOG.d("SA report, score %s. %s", score, sa.get_report_json())
|
|
|
|
return score
|
2020-09-30 11:05:21 +02:00
|
|
|
except Exception:
|
|
|
|
LOG.exception("SpamAssassin exception")
|
|
|
|
# return a negative score so the message is always considered as ham
|
|
|
|
return -999
|
|
|
|
|
|
|
|
|
2020-11-25 14:43:02 +01:00
|
|
|
def sl_sendmail(
|
|
|
|
from_addr, to_addr, msg: Message, mail_options, rcpt_options, can_retry=True
|
|
|
|
):
|
2020-09-29 12:57:14 +02:00
|
|
|
"""replace smtp.sendmail"""
|
|
|
|
if POSTFIX_SUBMISSION_TLS:
|
|
|
|
smtp = SMTP(POSTFIX_SERVER, 587)
|
|
|
|
smtp.starttls()
|
|
|
|
else:
|
|
|
|
smtp = SMTP(POSTFIX_SERVER, POSTFIX_PORT or 25)
|
|
|
|
|
2020-11-25 14:56:54 +01:00
|
|
|
# smtp.send_message has UnicodeEncodeError
|
2020-09-29 12:57:14 +02:00
|
|
|
# encode message raw directly instead
|
2020-11-25 14:43:02 +01:00
|
|
|
try:
|
|
|
|
smtp.sendmail(
|
|
|
|
from_addr,
|
|
|
|
to_addr,
|
|
|
|
to_bytes(msg),
|
|
|
|
mail_options,
|
|
|
|
rcpt_options,
|
|
|
|
)
|
|
|
|
except SMTPServerDisconnected:
|
|
|
|
if can_retry:
|
|
|
|
LOG.warning("SMTPServerDisconnected error, retry")
|
2020-11-25 14:56:54 +01:00
|
|
|
time.sleep(3)
|
2020-11-25 14:43:02 +01:00
|
|
|
sl_sendmail(
|
|
|
|
from_addr, to_addr, msg, mail_options, rcpt_options, can_retry=False
|
|
|
|
)
|
|
|
|
else:
|
|
|
|
raise
|
2020-09-29 12:57:14 +02:00
|
|
|
|
|
|
|
|
2020-02-19 16:17:13 +01:00
|
|
|
class MailHandler:
|
2020-04-02 18:10:08 +02:00
|
|
|
async def handle_DATA(self, server, session, envelope: Envelope):
|
2020-08-17 11:40:58 +02:00
|
|
|
try:
|
2020-09-30 11:05:21 +02:00
|
|
|
ret = self._handle(envelope)
|
2020-08-17 11:40:58 +02:00
|
|
|
return ret
|
|
|
|
except Exception:
|
|
|
|
LOG.exception(
|
2020-08-27 10:20:48 +02:00
|
|
|
"email handling fail %s -> %s",
|
|
|
|
envelope.mail_from,
|
|
|
|
envelope.rcpt_tos,
|
2020-08-17 11:40:58 +02:00
|
|
|
)
|
|
|
|
return "421 SL Retry later"
|
2020-08-16 11:10:01 +02:00
|
|
|
|
2020-09-30 11:05:21 +02:00
|
|
|
def _handle(self, envelope: Envelope):
|
|
|
|
start = time.time()
|
|
|
|
LOG.info(
|
|
|
|
"===>> New message, mail from %s, rctp tos %s ",
|
|
|
|
envelope.mail_from,
|
|
|
|
envelope.rcpt_tos,
|
|
|
|
)
|
2019-12-17 20:43:31 +01:00
|
|
|
|
2020-09-30 11:05:21 +02:00
|
|
|
app = new_app()
|
|
|
|
with app.app_context():
|
|
|
|
ret = handle(envelope)
|
|
|
|
LOG.info("takes %s seconds <<===", time.time() - start)
|
|
|
|
return ret
|
2019-11-07 17:49:26 +01:00
|
|
|
|
|
|
|
|
2020-09-30 11:05:21 +02:00
|
|
|
def main(port: int):
|
|
|
|
"""Use aiosmtpd Controller"""
|
|
|
|
controller = Controller(MailHandler(), hostname="0.0.0.0", port=port)
|
2020-09-02 17:36:11 +02:00
|
|
|
|
2020-09-30 11:05:21 +02:00
|
|
|
controller.start()
|
|
|
|
LOG.d("Start mail controller %s %s", controller.hostname, controller.port)
|
2020-09-02 17:36:11 +02:00
|
|
|
|
2020-09-30 11:05:21 +02:00
|
|
|
if LOAD_PGP_EMAIL_HANDLER:
|
|
|
|
LOG.warning("LOAD PGP keys")
|
|
|
|
app = create_app()
|
|
|
|
with app.app_context():
|
|
|
|
load_pgp_public_keys()
|
|
|
|
|
|
|
|
while True:
|
|
|
|
time.sleep(2)
|
|
|
|
|
|
|
|
|
|
|
|
def asyncio_main(port: int):
|
|
|
|
"""
|
|
|
|
Main entrypoint using asyncio directly without passing by aiosmtpd Controller
|
|
|
|
"""
|
2020-04-14 12:45:47 +02:00
|
|
|
if LOAD_PGP_EMAIL_HANDLER:
|
|
|
|
LOG.warning("LOAD PGP keys")
|
|
|
|
app = create_app()
|
|
|
|
with app.app_context():
|
2020-06-07 12:46:59 +02:00
|
|
|
load_pgp_public_keys()
|
2020-04-14 12:45:47 +02:00
|
|
|
|
2020-08-17 11:39:13 +02:00
|
|
|
loop = asyncio.new_event_loop()
|
|
|
|
asyncio.set_event_loop(loop)
|
2020-08-17 11:40:58 +02:00
|
|
|
lock = asyncio.Lock()
|
|
|
|
handler = MailHandler(lock)
|
2020-08-17 11:39:13 +02:00
|
|
|
|
|
|
|
def factory():
|
|
|
|
return aiosmtpd.smtp.SMTP(handler, enable_SMTPUTF8=True)
|
|
|
|
|
|
|
|
server = loop.run_until_complete(
|
2020-09-30 11:05:21 +02:00
|
|
|
loop.create_server(factory, host="0.0.0.0", port=port)
|
2020-08-17 11:39:13 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
try:
|
|
|
|
loop.run_forever()
|
|
|
|
except KeyboardInterrupt:
|
|
|
|
pass
|
|
|
|
|
|
|
|
# Close the server
|
|
|
|
LOG.info("Close SMTP server")
|
|
|
|
server.close()
|
|
|
|
loop.run_until_complete(server.wait_closed())
|
|
|
|
loop.close()
|
2020-09-30 11:05:21 +02:00
|
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
parser = argparse.ArgumentParser()
|
|
|
|
parser.add_argument(
|
|
|
|
"-p", "--port", help="SMTP port to listen for", type=int, default=20381
|
|
|
|
)
|
|
|
|
args = parser.parse_args()
|
|
|
|
|
|
|
|
LOG.info("Listen for port %s", args.port)
|
|
|
|
main(port=args.port)
|