add more info to spf alert email. Set the max number of emails per 24h to 1

This commit is contained in:
Son NK 2020-05-10 10:37:56 +02:00
parent ac6d1c1106
commit 9ddb8ff2d4
4 changed files with 35 additions and 5 deletions

View File

@ -261,7 +261,7 @@ def send_email_with_rate_control(
.count()
)
if nb_alert > max_alert_24h:
if nb_alert >= max_alert_24h:
LOG.error(
"%s emails were sent to %s in the last 24h, alert type %s",
nb_alert,

View File

@ -32,6 +32,8 @@ It should contain the following info:
"""
import email
import re
import arrow
import spf
import time
import uuid
@ -480,7 +482,7 @@ def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> (bool, str
mailbox: Mailbox = Mailbox.get_by(email=mailbox_email)
if ENFORCE_SPF and mailbox.force_spf:
ip = msg[_IP_HEADER]
if not spf_pass(ip, envelope, mailbox, user, alias, address):
if not spf_pass(ip, envelope, mailbox, user, alias, contact.website_email, msg):
return False, "451 SL E11"
delete_header(msg, _IP_HEADER)
@ -554,7 +556,13 @@ def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> (bool, str
def spf_pass(
ip: str, envelope, mailbox: Mailbox, user: User, alias: Alias, contact_email: str
ip: str,
envelope,
mailbox: Mailbox,
user: User,
alias: Alias,
contact_email: str,
msg: Message,
) -> bool:
if ip:
LOG.d("Enforce SPF")
@ -583,6 +591,9 @@ def spf_pass(
alias=alias.email,
ip=ip,
mailbox_url=URL + f"/dashboard/mailbox/{mailbox.id}#spf",
to_email=contact_email,
subject=msg["Subject"],
time=arrow.now(),
),
render(
"transactional/spf-fail.html",
@ -590,7 +601,13 @@ def spf_pass(
alias=alias.email,
ip=ip,
mailbox_url=URL + f"/dashboard/mailbox/{mailbox.id}#spf",
to_email=contact_email,
subject=msg["Subject"],
time=arrow.now(),
),
# as the returned error status is 4**,
# the sender will try to resend the email. Send the error message only once
max_alert_24h=1,
)
return False

View File

@ -4,10 +4,18 @@
{{ render_text("Hi " + name) }}
{% call text() %}
We have recorded an attempt to send an email from your alias <b>{{ alias }}</b> from an unknown IP address
We have recorded an attempt to send the following email from your alias <b>{{ alias }}</b> from an unknown IP
address
<b>{{ ip }}</b>.
{% endcall %}
{% call text() %}
- From: <b>{{ alias }}</b> <br>
- To: <b>{{ to_email }}</b> <br>
- Subject: <b>{{ subject }}</b> <br>
- Time: <b>{{ time.humanize() }}</b>
{% endcall %}
{% call text() %}
To prevent email-spoofing, SimpleLogin enforces the SPF (Sender Policy Framework).
Emails sent from an IP address that is <b>unknown</b> by your email service are refused by default.

View File

@ -1,6 +1,11 @@
Hi {{name}}
We have recorded an attempt to send an email from your alias {{ alias }} from an unknown IP address {{ ip }}.
We have recorded an attempt to send the following email from your alias {{ alias }} from an unknown IP address {{ ip }}.
- From: {{alias}}
- To: {{to_email}}
- Subject: {{subject}}
- Time: {{ time.humanize() }}
To prevent email-spoofing, SimpleLogin enforces the SPF (Sender Policy Framework).
Emails sent from an IP address that is unknown by your email service are refused by default.