Detect unknown mailbox using envelope mail_from
This commit is contained in:
parent
33d578c78e
commit
336bdb196d
|
@ -476,24 +476,26 @@ def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> (bool, str
|
||||||
return False, "550 SL E5"
|
return False, "550 SL E5"
|
||||||
|
|
||||||
user = alias.user
|
user = alias.user
|
||||||
mailbox_email = alias.mailbox_email()
|
mail_from = envelope.mail_from.lower().strip()
|
||||||
|
|
||||||
# bounce email initiated by Postfix
|
# bounce email initiated by Postfix
|
||||||
# can happen in case emails cannot be delivered to user-email
|
# can happen in case emails cannot be delivered to user-email
|
||||||
# in this case Postfix will try to send a bounce report to original sender, which is
|
# in this case Postfix will try to send a bounce report to original sender, which is
|
||||||
# the "reply email"
|
# the "reply email"
|
||||||
if envelope.mail_from == "<>":
|
if mail_from == "<>":
|
||||||
LOG.warning(
|
LOG.warning(
|
||||||
"Bounce when sending to alias %s from %s, user %s",
|
"Bounce when sending to alias %s from %s, user %s", alias, contact, user,
|
||||||
alias,
|
|
||||||
contact.website_email,
|
|
||||||
alias.user,
|
|
||||||
)
|
)
|
||||||
|
|
||||||
handle_bounce(contact, alias, msg, user)
|
handle_bounce(contact, alias, msg, user)
|
||||||
return False, "550 SL E6"
|
return False, "550 SL E6"
|
||||||
|
|
||||||
mailbox: Mailbox = Mailbox.get_by(email=mailbox_email)
|
mailbox = Mailbox.get_by(email=mail_from, user_id=user.id)
|
||||||
|
if not mailbox or mailbox not in alias.mailboxes:
|
||||||
|
# only mailbox can send email to the reply-email
|
||||||
|
handle_unknown_mailbox(envelope, msg, reply_email, user, alias)
|
||||||
|
return False, "550 SL E7"
|
||||||
|
|
||||||
if ENFORCE_SPF and mailbox.force_spf:
|
if ENFORCE_SPF and mailbox.force_spf:
|
||||||
ip = msg[_IP_HEADER]
|
ip = msg[_IP_HEADER]
|
||||||
if not spf_pass(ip, envelope, mailbox, user, alias, contact.website_email, msg):
|
if not spf_pass(ip, envelope, mailbox, user, alias, contact.website_email, msg):
|
||||||
|
@ -501,13 +503,7 @@ def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> (bool, str
|
||||||
|
|
||||||
delete_header(msg, _IP_HEADER)
|
delete_header(msg, _IP_HEADER)
|
||||||
|
|
||||||
# only mailbox can send email to the reply-email
|
|
||||||
if envelope.mail_from.lower() != mailbox_email.lower():
|
|
||||||
handle_unknown_mailbox(envelope, msg, mailbox, reply_email, user, alias)
|
|
||||||
return False, "550 SL E7"
|
|
||||||
|
|
||||||
delete_header(msg, "DKIM-Signature")
|
delete_header(msg, "DKIM-Signature")
|
||||||
|
|
||||||
delete_header(msg, "Received")
|
delete_header(msg, "Received")
|
||||||
|
|
||||||
# make the email comes from alias
|
# make the email comes from alias
|
||||||
|
@ -636,36 +632,33 @@ def spf_pass(
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
||||||
def handle_unknown_mailbox(
|
def handle_unknown_mailbox(envelope, msg, reply_email: str, user: User, alias: Alias):
|
||||||
envelope, msg, mailbox: Mailbox, reply_email: str, user: User, alias: Alias
|
|
||||||
):
|
|
||||||
LOG.warning(
|
LOG.warning(
|
||||||
f"Reply email can only be used by mailbox. "
|
f"Reply email can only be used by mailbox. "
|
||||||
f"Actual mail_from: %s. msg from header: %s, Mailbox %s. reply_email %s",
|
f"Actual mail_from: %s. msg from header: %s, reverse-alias %s, %s %s",
|
||||||
envelope.mail_from,
|
envelope.mail_from,
|
||||||
msg["From"],
|
msg["From"],
|
||||||
mailbox.email,
|
|
||||||
reply_email,
|
reply_email,
|
||||||
|
alias,
|
||||||
|
user,
|
||||||
)
|
)
|
||||||
|
|
||||||
send_email_with_rate_control(
|
send_email_with_rate_control(
|
||||||
user,
|
user,
|
||||||
ALERT_REVERSE_ALIAS_UNKNOWN_MAILBOX,
|
ALERT_REVERSE_ALIAS_UNKNOWN_MAILBOX,
|
||||||
mailbox.email,
|
user.email,
|
||||||
f"Reply from your alias {alias.email} only works from your mailbox",
|
f"Reply from your alias {alias.email} only works from your mailbox",
|
||||||
render(
|
render(
|
||||||
"transactional/reply-must-use-personal-email.txt",
|
"transactional/reply-must-use-personal-email.txt",
|
||||||
name=user.name,
|
name=user.name,
|
||||||
alias=alias.email,
|
alias=alias,
|
||||||
sender=envelope.mail_from,
|
sender=envelope.mail_from,
|
||||||
mailbox_email=mailbox.email,
|
|
||||||
),
|
),
|
||||||
render(
|
render(
|
||||||
"transactional/reply-must-use-personal-email.html",
|
"transactional/reply-must-use-personal-email.html",
|
||||||
name=user.name,
|
name=user.name,
|
||||||
alias=alias.email,
|
alias=alias,
|
||||||
sender=envelope.mail_from,
|
sender=envelope.mail_from,
|
||||||
mailbox_email=mailbox.email,
|
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -2,10 +2,27 @@
|
||||||
|
|
||||||
{% block content %}
|
{% block content %}
|
||||||
{{ render_text("Hi " + name) }}
|
{{ render_text("Hi " + name) }}
|
||||||
{{ render_text("We have recorded an attempt to send an email from your alias <b>"+ alias +"</b> using <b>" + sender + "</b>.") }}
|
|
||||||
{{ render_text("Please note that sending from this alias only works from <b>" + mailbox_email + "</b>.") }}
|
{% call text() %}
|
||||||
{{ render_text("Indeed, only you (or the mailbox that owns <b>" + alias + "</b>) can send emails on behalf of this alias.") }}
|
We have recorded an attempt to send an email from your alias <b>{{ alias.email }}</b> using <b>{{ sender }}</b>>
|
||||||
{{ render_text('Thanks, <br />SimpleLogin Team.') }}
|
{% endcall %}
|
||||||
|
|
||||||
|
{% call text() %}
|
||||||
|
Please note that sending from this alias only works from one of these mailboxes: <br>
|
||||||
|
{% for mailbox in alias.mailboxes %}
|
||||||
|
- {{ mailbox.email }} <br>
|
||||||
|
{% endfor %}
|
||||||
|
{% endcall %}
|
||||||
|
|
||||||
|
{% call text() %}
|
||||||
|
Indeed only you can send emails on behalf of your alias.
|
||||||
|
{% endcall %}
|
||||||
|
|
||||||
|
{% call text() %}
|
||||||
|
Thanks, <br/>
|
||||||
|
SimpleLogin Team.
|
||||||
|
{% endcall %}
|
||||||
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,15 @@
|
||||||
Hi {{name}}
|
Hi {{name}}
|
||||||
|
|
||||||
We have recorded an attempt to send an email from your alias {{ alias }} using {{ sender }}.
|
We have recorded an attempt to send an email from your alias {{ alias.email }} using {{ sender }}.
|
||||||
|
|
||||||
Please note that sending from this alias only works from {{mailbox_email}}: only you (i.e. no one else) can send emails on behalf of your alias.
|
Please note that sending from this alias only works from one of these mailboxes:
|
||||||
|
|
||||||
|
{% for mailbox in alias.mailboxes %}
|
||||||
|
- {{mailbox.email}}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
|
||||||
|
Indeed only you can send emails on behalf of your alias.
|
||||||
|
|
||||||
Best,
|
Best,
|
||||||
SimpleLogin team.
|
SimpleLogin team.
|
||||||
|
|
Loading…
Reference in New Issue