mirror of
https://github.com/simple-login/app.git
synced 2024-09-30 05:31:30 +02:00
Merge pull request #264 from simple-login/spamassassin
Enable Spamassassin server
This commit is contained in:
commit
becb3fe720
@ -302,3 +302,9 @@ PLAUSIBLE_DOMAIN = os.environ.get("PLAUSIBLE_DOMAIN")
|
|||||||
|
|
||||||
# server host
|
# server host
|
||||||
HOST = socket.gethostname()
|
HOST = socket.gethostname()
|
||||||
|
|
||||||
|
# by default use a tolerant score
|
||||||
|
MAX_SPAM_SCORE = 10
|
||||||
|
SPAMASSASSIN_HOST = os.environ.get("SPAMASSASSIN_HOST")
|
||||||
|
# use a more restrictive score when replying
|
||||||
|
MAX_REPLY_PHASE_SPAM_SCORE = 5
|
||||||
|
@ -30,21 +30,26 @@
|
|||||||
|
|
||||||
{% for email_log in email_logs %}
|
{% for email_log in email_logs %}
|
||||||
{% set refused_email = email_log.refused_email %}
|
{% set refused_email = email_log.refused_email %}
|
||||||
{% set forward = email_log.forward %}
|
{% set contact = email_log.contact %}
|
||||||
{% set alias = forward.alias %}
|
{% set alias = contact.alias %}
|
||||||
|
|
||||||
<div class="card p-4 shadow-sm {% if email_log.id == highlight_id %} highlight-row {% endif %}">
|
<div class="card p-4 shadow-sm {% if email_log.id == highlight_id %} highlight-row {% endif %}">
|
||||||
<div class="small-text">
|
<div class="small-text">
|
||||||
Sent {{ refused_email.created_at | dt }}
|
Sent {{ refused_email.created_at | dt }}
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
From: {{ forward.website_email }} <br>
|
{% if email_log.is_reply %}
|
||||||
|
From: {{ alias.email }} <br>
|
||||||
|
To: {{ contact.website_email }}
|
||||||
|
{% else %}
|
||||||
|
From: {{ contact.website_email }} <br>
|
||||||
|
|
||||||
<span>
|
<span>
|
||||||
To: {{ alias.email }}
|
To: {{ alias.email }}
|
||||||
<a href='{{ url_for("dashboard.index", highlight_alias_id=alias.id) }}'
|
<a href='{{ url_for("dashboard.index", highlight_alias_id=alias.id) }}'
|
||||||
class="btn btn-sm btn-outline-danger">Disable Alias</a>
|
class="btn btn-sm btn-outline-danger">Disable Alias</a>
|
||||||
</span>
|
</span>
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if refused_email.deleted %}
|
{% if refused_email.deleted %}
|
||||||
<div>
|
<div>
|
||||||
@ -53,7 +58,7 @@
|
|||||||
{% else %}
|
{% else %}
|
||||||
<a href="{{ refused_email.get_url() }}" download
|
<a href="{{ refused_email.get_url() }}" download
|
||||||
class="mt-4">Download →</a>
|
class="mt-4">Download →</a>
|
||||||
<div class="small-text">This will download a ".eml" file that you can open in your favorite email client</div>
|
<div class="small-text">This will download a ".eml" file that you can open in your email client</div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
100
email_handler.py
100
email_handler.py
@ -43,6 +43,7 @@ from io import BytesIO
|
|||||||
from smtplib import SMTP
|
from smtplib import SMTP
|
||||||
from typing import List, Tuple
|
from typing import List, Tuple
|
||||||
|
|
||||||
|
import aiospamc
|
||||||
import arrow
|
import arrow
|
||||||
import spf
|
import spf
|
||||||
from aiosmtpd.controller import Controller
|
from aiosmtpd.controller import Controller
|
||||||
@ -66,6 +67,9 @@ from app.config import (
|
|||||||
POSTFIX_PORT,
|
POSTFIX_PORT,
|
||||||
SENDER,
|
SENDER,
|
||||||
SENDER_DIR,
|
SENDER_DIR,
|
||||||
|
SPAMASSASSIN_HOST,
|
||||||
|
MAX_SPAM_SCORE,
|
||||||
|
MAX_REPLY_PHASE_SPAM_SCORE,
|
||||||
)
|
)
|
||||||
from app.email_utils import (
|
from app.email_utils import (
|
||||||
send_email,
|
send_email,
|
||||||
@ -359,7 +363,7 @@ def prepare_pgp_message(orig_msg: Message, pgp_fingerprint: str):
|
|||||||
return msg
|
return msg
|
||||||
|
|
||||||
|
|
||||||
def handle_forward(
|
async def handle_forward(
|
||||||
envelope, smtp: SMTP, msg: Message, rcpt_to: str
|
envelope, smtp: SMTP, msg: Message, rcpt_to: str
|
||||||
) -> List[Tuple[bool, str]]:
|
) -> List[Tuple[bool, str]]:
|
||||||
"""return whether an email has been delivered and
|
"""return whether an email has been delivered and
|
||||||
@ -391,7 +395,7 @@ def handle_forward(
|
|||||||
ret = []
|
ret = []
|
||||||
for mailbox in alias.mailboxes:
|
for mailbox in alias.mailboxes:
|
||||||
ret.append(
|
ret.append(
|
||||||
forward_email_to_mailbox(
|
await forward_email_to_mailbox(
|
||||||
alias, copy(msg), email_log, contact, envelope, smtp, mailbox, user
|
alias, copy(msg), email_log, contact, envelope, smtp, mailbox, user
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
@ -399,7 +403,7 @@ def handle_forward(
|
|||||||
return ret
|
return ret
|
||||||
|
|
||||||
|
|
||||||
def forward_email_to_mailbox(
|
async def forward_email_to_mailbox(
|
||||||
alias,
|
alias,
|
||||||
msg: Message,
|
msg: Message,
|
||||||
email_log: EmailLog,
|
email_log: EmailLog,
|
||||||
@ -421,7 +425,20 @@ def forward_email_to_mailbox(
|
|||||||
)
|
)
|
||||||
return False, "550 SL E14"
|
return False, "550 SL E14"
|
||||||
|
|
||||||
|
# Spam check
|
||||||
|
spam_status = ""
|
||||||
|
is_spam = False
|
||||||
|
|
||||||
|
if SPAMASSASSIN_HOST:
|
||||||
|
spam_score = await get_spam_score(msg)
|
||||||
|
if (user.max_spam_score and spam_score > user.max_spam_score) or (
|
||||||
|
not user.max_spam_score and spam_score > MAX_SPAM_SCORE
|
||||||
|
):
|
||||||
|
is_spam = True
|
||||||
|
spam_status = "Spam detected by SpamAssassin server"
|
||||||
|
else:
|
||||||
is_spam, spam_status = get_spam_info(msg, max_score=user.max_spam_score)
|
is_spam, spam_status = get_spam_info(msg, max_score=user.max_spam_score)
|
||||||
|
|
||||||
if is_spam:
|
if is_spam:
|
||||||
LOG.warning("Email detected as spam. Alias: %s, from: %s", alias, contact)
|
LOG.warning("Email detected as spam. Alias: %s, from: %s", alias, contact)
|
||||||
email_log.is_spam = True
|
email_log.is_spam = True
|
||||||
@ -509,7 +526,7 @@ def forward_email_to_mailbox(
|
|||||||
return True, "250 Message accepted for delivery"
|
return True, "250 Message accepted for delivery"
|
||||||
|
|
||||||
|
|
||||||
def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> (bool, str):
|
async def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> (bool, str):
|
||||||
"""
|
"""
|
||||||
return whether an email has been delivered and
|
return whether an email has been delivered and
|
||||||
the smtp status ("250 Message accepted", "550 Non-existent email address", etc)
|
the smtp status ("250 Message accepted", "550 Non-existent email address", etc)
|
||||||
@ -562,6 +579,33 @@ def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> (bool, str
|
|||||||
# cannot use 4** here as sender will retry. 5** because that generates bounce report
|
# cannot use 4** here as sender will retry. 5** because that generates bounce report
|
||||||
return True, "250 SL E11"
|
return True, "250 SL E11"
|
||||||
|
|
||||||
|
# Spam check
|
||||||
|
spam_status = ""
|
||||||
|
is_spam = False
|
||||||
|
|
||||||
|
# do not use user.max_spam_score here
|
||||||
|
if SPAMASSASSIN_HOST:
|
||||||
|
spam_score = await get_spam_score(msg)
|
||||||
|
if spam_score > MAX_REPLY_PHASE_SPAM_SCORE:
|
||||||
|
is_spam = True
|
||||||
|
spam_status = "Spam detected by SpamAssassin server"
|
||||||
|
else:
|
||||||
|
is_spam, spam_status = get_spam_info(msg, max_score=MAX_REPLY_PHASE_SPAM_SCORE)
|
||||||
|
|
||||||
|
if is_spam:
|
||||||
|
LOG.exception(
|
||||||
|
"Reply phase - email sent from %s to %s detected as spam", alias, contact
|
||||||
|
)
|
||||||
|
email_log = EmailLog.create(
|
||||||
|
contact_id=contact.id, is_reply=True, user_id=contact.user_id
|
||||||
|
)
|
||||||
|
email_log.is_spam = True
|
||||||
|
email_log.spam_status = spam_status
|
||||||
|
db.session.commit()
|
||||||
|
|
||||||
|
handle_spam(contact, alias, msg, user, mailbox.email, email_log, is_reply=True)
|
||||||
|
return False, "550 SL E15 Email detected as spam"
|
||||||
|
|
||||||
delete_header(msg, _IP_HEADER)
|
delete_header(msg, _IP_HEADER)
|
||||||
|
|
||||||
delete_header(msg, "DKIM-Signature")
|
delete_header(msg, "DKIM-Signature")
|
||||||
@ -926,6 +970,7 @@ def handle_spam(
|
|||||||
user: User,
|
user: User,
|
||||||
mailbox_email: str,
|
mailbox_email: str,
|
||||||
email_log: EmailLog,
|
email_log: EmailLog,
|
||||||
|
is_reply=False, # whether the email is in forward or reply phase
|
||||||
):
|
):
|
||||||
# Store the report & original email
|
# Store the report & original email
|
||||||
orig_msg = get_orig_message_from_spamassassin_report(msg)
|
orig_msg = get_orig_message_from_spamassassin_report(msg)
|
||||||
@ -957,12 +1002,42 @@ def handle_spam(
|
|||||||
)
|
)
|
||||||
disable_alias_link = f"{URL}/dashboard/unsubscribe/{alias.id}"
|
disable_alias_link = f"{URL}/dashboard/unsubscribe/{alias.id}"
|
||||||
|
|
||||||
|
if is_reply:
|
||||||
|
LOG.d(
|
||||||
|
"Inform user %s about spam email sent from alias %s to %s",
|
||||||
|
user,
|
||||||
|
alias,
|
||||||
|
contact,
|
||||||
|
)
|
||||||
|
send_email_with_rate_control(
|
||||||
|
user,
|
||||||
|
ALERT_SPAM_EMAIL,
|
||||||
|
mailbox_email,
|
||||||
|
f"Email from {contact.website_email} to {alias.email} is detected as spam",
|
||||||
|
render(
|
||||||
|
"transactional/spam-email-reply-phase.txt",
|
||||||
|
name=user.name,
|
||||||
|
alias=alias,
|
||||||
|
website_email=contact.website_email,
|
||||||
|
disable_alias_link=disable_alias_link,
|
||||||
|
refused_email_url=refused_email_url,
|
||||||
|
),
|
||||||
|
render(
|
||||||
|
"transactional/spam-email-reply-phase.html",
|
||||||
|
name=user.name,
|
||||||
|
alias=alias,
|
||||||
|
website_email=contact.website_email,
|
||||||
|
disable_alias_link=disable_alias_link,
|
||||||
|
refused_email_url=refused_email_url,
|
||||||
|
),
|
||||||
|
)
|
||||||
|
else:
|
||||||
# inform user
|
# inform user
|
||||||
LOG.d(
|
LOG.d(
|
||||||
"Inform user %s about spam email sent by %s to alias %s",
|
"Inform user %s about spam email sent by %s to alias %s",
|
||||||
user,
|
user,
|
||||||
contact.website_email,
|
contact,
|
||||||
alias.email,
|
alias,
|
||||||
)
|
)
|
||||||
send_email_with_rate_control(
|
send_email_with_rate_control(
|
||||||
user,
|
user,
|
||||||
@ -1065,7 +1140,7 @@ def handle_sender_email(envelope: Envelope):
|
|||||||
return "250 email to sender accepted"
|
return "250 email to sender accepted"
|
||||||
|
|
||||||
|
|
||||||
def handle(envelope: Envelope, smtp: SMTP) -> str:
|
async def handle(envelope: Envelope, smtp: SMTP) -> str:
|
||||||
"""Return SMTP status"""
|
"""Return SMTP status"""
|
||||||
# unsubscribe request
|
# unsubscribe request
|
||||||
if UNSUBSCRIBER and envelope.rcpt_tos == [UNSUBSCRIBER]:
|
if UNSUBSCRIBER and envelope.rcpt_tos == [UNSUBSCRIBER]:
|
||||||
@ -1097,7 +1172,7 @@ def handle(envelope: Envelope, smtp: SMTP) -> str:
|
|||||||
LOG.debug(
|
LOG.debug(
|
||||||
">>> Reply phase %s(%s) -> %s", envelope.mail_from, msg["From"], rcpt_to
|
">>> Reply phase %s(%s) -> %s", envelope.mail_from, msg["From"], rcpt_to
|
||||||
)
|
)
|
||||||
is_delivered, smtp_status = handle_reply(envelope, smtp, msg, rcpt_to)
|
is_delivered, smtp_status = await handle_reply(envelope, smtp, msg, rcpt_to)
|
||||||
res.append((is_delivered, smtp_status))
|
res.append((is_delivered, smtp_status))
|
||||||
else: # Forward case
|
else: # Forward case
|
||||||
LOG.debug(
|
LOG.debug(
|
||||||
@ -1106,7 +1181,7 @@ def handle(envelope: Envelope, smtp: SMTP) -> str:
|
|||||||
msg["From"],
|
msg["From"],
|
||||||
rcpt_to,
|
rcpt_to,
|
||||||
)
|
)
|
||||||
for is_delivered, smtp_status in handle_forward(
|
for is_delivered, smtp_status in await handle_forward(
|
||||||
envelope, smtp, msg, rcpt_to
|
envelope, smtp, msg, rcpt_to
|
||||||
):
|
):
|
||||||
res.append((is_delivered, smtp_status))
|
res.append((is_delivered, smtp_status))
|
||||||
@ -1120,6 +1195,11 @@ def handle(envelope: Envelope, smtp: SMTP) -> str:
|
|||||||
return res[0][1]
|
return res[0][1]
|
||||||
|
|
||||||
|
|
||||||
|
async def get_spam_score(message) -> float:
|
||||||
|
response = await aiospamc.check(message, host=SPAMASSASSIN_HOST)
|
||||||
|
return response.headers["Spam"].score
|
||||||
|
|
||||||
|
|
||||||
class MailHandler:
|
class MailHandler:
|
||||||
async def handle_DATA(self, server, session, envelope: Envelope):
|
async def handle_DATA(self, server, session, envelope: Envelope):
|
||||||
start = time.time()
|
start = time.time()
|
||||||
@ -1137,7 +1217,7 @@ class MailHandler:
|
|||||||
|
|
||||||
app = new_app()
|
app = new_app()
|
||||||
with app.app_context():
|
with app.app_context():
|
||||||
ret = handle(envelope, smtp)
|
ret = await handle(envelope, smtp)
|
||||||
LOG.debug("takes %s seconds <<===", time.time() - start)
|
LOG.debug("takes %s seconds <<===", time.time() - start)
|
||||||
return ret
|
return ret
|
||||||
|
|
||||||
|
@ -154,3 +154,6 @@ DISABLE_ONBOARDING=true
|
|||||||
# Set the 2 below variables to enable Plausible Analytics
|
# Set the 2 below variables to enable Plausible Analytics
|
||||||
# PLAUSIBLE_HOST=https://plausible.io
|
# PLAUSIBLE_HOST=https://plausible.io
|
||||||
# PLAUSIBLE_DOMAIN=yourdomain.com
|
# PLAUSIBLE_DOMAIN=yourdomain.com
|
||||||
|
|
||||||
|
# Spamassassin server
|
||||||
|
# SPAMASSASSIN_HOST = 127.0.0.1
|
@ -44,3 +44,4 @@ Flask-Limiter
|
|||||||
memory_profiler
|
memory_profiler
|
||||||
gevent
|
gevent
|
||||||
aiocontextvars
|
aiocontextvars
|
||||||
|
aiospamc
|
@ -8,6 +8,7 @@ aiocontextvars==0.2.2 # via -r requirements.in
|
|||||||
aiohttp==3.5.4 # via raven-aiohttp, yacron
|
aiohttp==3.5.4 # via raven-aiohttp, yacron
|
||||||
aiosmtpd==1.2 # via -r requirements.in
|
aiosmtpd==1.2 # via -r requirements.in
|
||||||
aiosmtplib==1.0.6 # via yacron
|
aiosmtplib==1.0.6 # via yacron
|
||||||
|
aiospamc==0.6.1 # via -r requirements.in
|
||||||
alembic==1.0.10 # via flask-migrate
|
alembic==1.0.10 # via flask-migrate
|
||||||
appnope==0.1.0 # via ipython
|
appnope==0.1.0 # via ipython
|
||||||
arrow==0.14.2 # via -r requirements.in
|
arrow==0.14.2 # via -r requirements.in
|
||||||
@ -23,7 +24,7 @@ boto3==1.9.167 # via -r requirements.in, watchtower
|
|||||||
botocore==1.12.167 # via boto3, s3transfer
|
botocore==1.12.167 # via boto3, s3transfer
|
||||||
cachetools==4.0.0 # via google-auth
|
cachetools==4.0.0 # via google-auth
|
||||||
cbor2==5.1.0 # via webauthn
|
cbor2==5.1.0 # via webauthn
|
||||||
certifi==2019.3.9 # via requests, sentry-sdk
|
certifi==2019.11.28 # via aiospamc, requests, sentry-sdk
|
||||||
cffi==1.12.3 # via bcrypt, cryptography
|
cffi==1.12.3 # via bcrypt, cryptography
|
||||||
chardet==3.0.4 # via aiohttp, requests
|
chardet==3.0.4 # via aiohttp, requests
|
||||||
click==7.0 # via flask, pip-tools
|
click==7.0 # via flask, pip-tools
|
||||||
|
17
templates/emails/transactional/spam-email-reply-phase.html
Normal file
17
templates/emails/transactional/spam-email-reply-phase.html
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
{% extends "base.html" %}
|
||||||
|
|
||||||
|
{% block content %}
|
||||||
|
{{ render_text("Hi " + name) }}
|
||||||
|
{{ render_text("An email sent from your alias <b>" + alias.email + "</b> to <b>" + website_email + "</b> is detected as spam by our Spam Detection Engine (SpamAssassin).") }}
|
||||||
|
|
||||||
|
{{ render_text('In most of the cases, the email will be refused by your contact.') }}
|
||||||
|
|
||||||
|
{{ render_button("View the email", refused_email_url) }}
|
||||||
|
|
||||||
|
{{ render_text('The email is automatically deleted in 7 days.') }}
|
||||||
|
|
||||||
|
{{ render_text('Please let us know if you have any question by replying to this email.') }}
|
||||||
|
|
||||||
|
{{ render_text('Thanks, <br />SimpleLogin Team.') }}
|
||||||
|
{{ raw_url(disable_alias_link) }}
|
||||||
|
{% endblock %}
|
15
templates/emails/transactional/spam-email-reply-phase.txt
Normal file
15
templates/emails/transactional/spam-email-reply-phase.txt
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
Hi {{name}}
|
||||||
|
|
||||||
|
An email sent from your alias {{alias.email}} to {{website_email}} is detected as spam by our Spam Detection Engine (SpamAssassin).
|
||||||
|
|
||||||
|
In most of the cases, the email will be refused by your contact.
|
||||||
|
|
||||||
|
You can view this email here:
|
||||||
|
{{ refused_email_url }}
|
||||||
|
|
||||||
|
The email is automatically deleted in 7 days.
|
||||||
|
|
||||||
|
Please let us know if you have any question by replying to this email.
|
||||||
|
|
||||||
|
Best,
|
||||||
|
SimpleLogin team.
|
Loading…
Reference in New Issue
Block a user