12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013 |
- """
- Handle the email *forward* and *reply*. phase. There are 3 actors:
- - contact: who sends emails to alias@sl.co address
- - SL email handler (this script)
- - user personal email: to be protected. Should never leak to contact.
- This script makes sure that in the forward phase, the email that is forwarded to user personal email has the following
- envelope and header fields:
- Envelope:
- mail from: @contact
- rcpt to: @personal_email
- Header:
- From: @contact
- To: alias@sl.co # so user knows this email is sent to alias
- Reply-to: special@sl.co # magic HERE
- And in the reply phase:
- Envelope:
- mail from: @contact
- rcpt to: @contact
- Header:
- From: alias@sl.co # so for contact the email comes from alias. magic HERE
- To: @contact
- The special@sl.co allows to hide user personal email when user clicks "Reply" to the forwarded email.
- It should contain the following info:
- - alias
- - @contact
- """
- import email
- import time
- import uuid
- from email import encoders
- from email.message import Message
- from email.mime.application import MIMEApplication
- from email.mime.multipart import MIMEMultipart
- from email.utils import parseaddr, formataddr
- from io import BytesIO
- from smtplib import SMTP
- from typing import List, Tuple
- import arrow
- import spf
- from aiosmtpd.controller import Controller
- from aiosmtpd.smtp import Envelope
- from app import pgp_utils, s3
- from app.alias_utils import try_auto_create
- from app.config import (
- EMAIL_DOMAIN,
- POSTFIX_SERVER,
- URL,
- ALIAS_DOMAINS,
- POSTFIX_SUBMISSION_TLS,
- UNSUBSCRIBER,
- LOAD_PGP_EMAIL_HANDLER,
- ENFORCE_SPF,
- ALERT_REVERSE_ALIAS_UNKNOWN_MAILBOX,
- ALERT_BOUNCE_EMAIL,
- ALERT_SPAM_EMAIL,
- ALERT_SPF,
- )
- from app.email_utils import (
- send_email,
- add_dkim_signature,
- add_or_replace_header,
- delete_header,
- email_belongs_to_alias_domains,
- render,
- get_orig_message_from_bounce,
- delete_all_headers_except,
- get_addrs_from_header,
- get_spam_info,
- get_orig_message_from_spamassassin_report,
- parseaddr_unicode,
- send_email_with_rate_control,
- )
- from app.extensions import db
- from app.greylisting import greylisting_needed
- from app.log import LOG
- from app.models import (
- Alias,
- Contact,
- EmailLog,
- CustomDomain,
- User,
- RefusedEmail,
- Mailbox,
- )
- from app.utils import random_string
- from init_app import load_pgp_public_keys
- from server import create_app
- _IP_HEADER = "X-SimpleLogin-Client-IP"
- _MAILBOX_ID_HEADER = "X-SimpleLogin-Mailbox-ID"
- # fix the database connection leak issue
- # use this method instead of create_app
- def new_app():
- app = create_app()
- @app.teardown_appcontext
- def shutdown_session(response_or_exc):
- # same as shutdown_session() in flask-sqlalchemy but this is not enough
- db.session.remove()
- # dispose the engine too
- db.engine.dispose()
- return app
- def get_or_create_contact(contact_from_header: str, alias: Alias) -> Contact:
- """
- contact_from_header is the RFC 2047 format FROM header
- """
- # force convert header to string, sometimes contact_from_header is Header object
- contact_from_header = str(contact_from_header)
- contact_name, contact_email = parseaddr_unicode(contact_from_header)
- contact = Contact.get_by(alias_id=alias.id, website_email=contact_email)
- if contact:
- if contact.name != contact_name:
- LOG.d(
- "Update contact %s name %s to %s", contact, contact.name, contact_name,
- )
- contact.name = contact_name
- db.session.commit()
- else:
- LOG.debug(
- "create contact for alias %s and contact %s", alias, contact_from_header,
- )
- reply_email = generate_reply_email()
- contact = Contact.create(
- user_id=alias.user_id,
- alias_id=alias.id,
- website_email=contact_email,
- name=contact_name,
- reply_email=reply_email,
- )
- db.session.commit()
- return contact
- def replace_header_when_forward(msg: Message, alias: Alias, header: str):
- """
- Replace CC or To header by Reply emails in forward phase
- """
- addrs = get_addrs_from_header(msg, header)
- # Nothing to do
- if not addrs:
- return
- new_addrs: [str] = []
- need_replace = False
- for addr in addrs:
- contact_name, contact_email = parseaddr_unicode(addr)
- # no transformation when alias is already in the header
- if contact_email == alias.email:
- new_addrs.append(addr)
- continue
- contact = Contact.get_by(alias_id=alias.id, website_email=contact_email)
- if contact:
- # update the contact name if needed
- if contact.name != contact_name:
- LOG.d(
- "Update contact %s name %s to %s",
- contact,
- contact.name,
- contact_name,
- )
- contact.name = contact_name
- db.session.commit()
- else:
- LOG.debug(
- "create contact for alias %s and email %s, header %s",
- alias,
- contact_email,
- header,
- )
- reply_email = generate_reply_email()
- contact = Contact.create(
- user_id=alias.user_id,
- alias_id=alias.id,
- website_email=contact_email,
- name=contact_name,
- reply_email=reply_email,
- is_cc=header.lower() == "cc",
- )
- db.session.commit()
- new_addrs.append(contact.new_addr())
- need_replace = True
- if need_replace:
- new_header = ",".join(new_addrs)
- LOG.d("Replace %s header, old: %s, new: %s", header, msg[header], new_header)
- add_or_replace_header(msg, header, new_header)
- else:
- LOG.d("No need to replace %s header", header)
- def replace_header_when_reply(msg: Message, alias: Alias, header: str):
- """
- Replace CC or To Reply emails by original emails
- """
- addrs = get_addrs_from_header(msg, header)
- # Nothing to do
- if not addrs:
- return
- new_addrs: [str] = []
- for addr in addrs:
- name, reply_email = parseaddr(addr)
- # no transformation when alias is already in the header
- if reply_email == alias.email:
- continue
- contact = Contact.get_by(reply_email=reply_email)
- if not contact:
- LOG.warning(
- "%s email in reply phase %s must be reply emails", header, reply_email
- )
- # still keep this email in header
- new_addrs.append(addr)
- else:
- new_addrs.append(formataddr((contact.name, contact.website_email)))
- new_header = ",".join(new_addrs)
- LOG.d("Replace %s header, old: %s, new: %s", header, msg[header], new_header)
- add_or_replace_header(msg, header, new_header)
- def generate_reply_email():
- # generate a reply_email, make sure it is unique
- # not use while loop to avoid infinite loop
- reply_email = f"reply+{random_string(30)}@{EMAIL_DOMAIN}"
- for _ in range(1000):
- if not Contact.get_by(reply_email=reply_email):
- # found!
- break
- reply_email = f"reply+{random_string(30)}@{EMAIL_DOMAIN}"
- return reply_email
- def should_append_alias(msg: Message, address: str):
- """whether an alias should be appended to TO header in message"""
- if msg["To"] and address in msg["To"]:
- return False
- if msg["Cc"] and address in msg["Cc"]:
- return False
- return True
- _MIME_HEADERS = [
- "MIME-Version",
- "Content-Type",
- "Content-Disposition",
- "Content-Transfer-Encoding",
- ]
- _MIME_HEADERS = [h.lower() for h in _MIME_HEADERS]
- def prepare_pgp_message(orig_msg: Message, pgp_fingerprint: str):
- msg = MIMEMultipart("encrypted", protocol="application/pgp-encrypted")
- # copy all headers from original message except all standard MIME headers
- for i in reversed(range(len(orig_msg._headers))):
- header_name = orig_msg._headers[i][0].lower()
- if header_name.lower() not in _MIME_HEADERS:
- msg[header_name] = orig_msg._headers[i][1]
- # Delete unnecessary headers in orig_msg except to save space
- delete_all_headers_except(
- orig_msg, _MIME_HEADERS,
- )
- first = MIMEApplication(
- _subtype="pgp-encrypted", _encoder=encoders.encode_7or8bit, _data=""
- )
- first.set_payload("Version: 1")
- msg.attach(first)
- second = MIMEApplication("octet-stream", _encoder=encoders.encode_7or8bit)
- second.add_header("Content-Disposition", "inline")
- # encrypt original message
- encrypted_data = pgp_utils.encrypt_file(
- BytesIO(orig_msg.as_bytes()), pgp_fingerprint
- )
- second.set_payload(encrypted_data)
- msg.attach(second)
- return msg
- def handle_forward(
- envelope, smtp: SMTP, msg: Message, rcpt_to: str
- ) -> List[Tuple[bool, str]]:
- """return whether an email has been delivered and
- the smtp status ("250 Message accepted", "550 Non-existent email address", etc)
- """
- address = rcpt_to.lower().strip() # alias@SL
- alias = Alias.get_by(email=address)
- if not alias:
- LOG.d("alias %s not exist. Try to see if it can be created on the fly", address)
- alias = try_auto_create(address)
- if not alias:
- LOG.d("alias %s cannot be created on-the-fly, return 550", address)
- return [(False, "550 SL E3")]
- contact = get_or_create_contact(msg["From"], alias)
- email_log = EmailLog.create(contact_id=contact.id, user_id=contact.user_id)
- if not alias.enabled:
- LOG.d("%s is disabled, do not forward", alias)
- email_log.blocked = True
- db.session.commit()
- # do not return 5** to allow user to receive emails later when alias is enabled
- return [(True, "250 Message accepted for delivery")]
- user = alias.user
- ret = []
- for mailbox in alias.mailboxes:
- ret.append(
- forward_email_to_mailbox(
- alias, msg, email_log, contact, envelope, smtp, mailbox, user
- )
- )
- return ret
- def forward_email_to_mailbox(
- alias,
- msg: Message,
- email_log: EmailLog,
- contact: Contact,
- envelope,
- smtp: SMTP,
- mailbox,
- user,
- ) -> (bool, str):
- LOG.d("Forward %s -> %s -> %s", contact, alias, mailbox)
- spam_check = True
- # create PGP email if needed
- if mailbox.pgp_finger_print and user.is_premium():
- LOG.d("Encrypt message using mailbox %s", mailbox)
- msg = prepare_pgp_message(msg, mailbox.pgp_finger_print)
- # no need to spam check for encrypted message
- spam_check = False
- if spam_check:
- is_spam, spam_status = get_spam_info(msg)
- if is_spam:
- LOG.warning("Email detected as spam. Alias: %s, from: %s", alias, contact)
- email_log.is_spam = True
- email_log.spam_status = spam_status
- handle_spam(contact, alias, msg, user, mailbox.email, email_log)
- return False, "550 SL E1"
- # add custom header
- add_or_replace_header(msg, "X-SimpleLogin-Type", "Forward")
- # remove reply-to & sender header if present
- delete_header(msg, "Reply-To")
- delete_header(msg, "Sender")
- delete_header(msg, _IP_HEADER)
- add_or_replace_header(msg, _MAILBOX_ID_HEADER, str(mailbox.id))
- # change the from header so the sender comes from @SL
- # so it can pass DMARC check
- # replace the email part in from: header
- contact_from_header = msg["From"]
- new_from_header = contact.new_addr()
- add_or_replace_header(msg, "From", new_from_header)
- LOG.d("new_from_header:%s, old header %s", new_from_header, contact_from_header)
- # replace CC & To emails by reply-email for all emails that are not alias
- replace_header_when_forward(msg, alias, "Cc")
- replace_header_when_forward(msg, alias, "To")
- # append alias into the TO header if it's not present in To or CC
- if should_append_alias(msg, alias.email):
- LOG.d("append alias %s to TO header %s", alias, msg["To"])
- if msg["To"]:
- to_header = msg["To"] + "," + alias.email
- else:
- to_header = alias.email
- add_or_replace_header(msg, "To", to_header.strip())
- # add List-Unsubscribe header
- if UNSUBSCRIBER:
- unsubscribe_link = f"mailto:{UNSUBSCRIBER}?subject={alias.id}="
- add_or_replace_header(msg, "List-Unsubscribe", f"<{unsubscribe_link}>")
- else:
- unsubscribe_link = f"{URL}/dashboard/unsubscribe/{alias.id}"
- add_or_replace_header(msg, "List-Unsubscribe", f"<{unsubscribe_link}>")
- add_or_replace_header(
- msg, "List-Unsubscribe-Post", "List-Unsubscribe=One-Click"
- )
- add_dkim_signature(msg, EMAIL_DOMAIN)
- LOG.d(
- "Forward mail from %s to %s, mail_options %s, rcpt_options %s ",
- contact.website_email,
- mailbox.email,
- envelope.mail_options,
- envelope.rcpt_options,
- )
- # smtp.send_message has UnicodeEncodeErroremail issue
- # encode message raw directly instead
- smtp.sendmail(
- contact.reply_email,
- mailbox.email,
- msg.as_bytes(),
- envelope.mail_options,
- envelope.rcpt_options,
- )
- db.session.commit()
- return True, "250 Message accepted for delivery"
- def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> (bool, str):
- """
- return whether an email has been delivered and
- the smtp status ("250 Message accepted", "550 Non-existent email address", etc)
- """
- reply_email = rcpt_to.lower().strip()
- # reply_email must end with EMAIL_DOMAIN
- if not reply_email.endswith(EMAIL_DOMAIN):
- LOG.warning(f"Reply email {reply_email} has wrong domain")
- return False, "550 SL E2"
- contact = Contact.get_by(reply_email=reply_email)
- if not contact:
- LOG.warning(f"No such forward-email with {reply_email} as reply-email")
- return False, "550 SL E4"
- alias = contact.alias
- address: str = contact.alias.email
- alias_domain = address[address.find("@") + 1 :]
- # alias must end with one of the ALIAS_DOMAINS or custom-domain
- if not email_belongs_to_alias_domains(alias.email):
- if not CustomDomain.get_by(domain=alias_domain):
- return False, "550 SL E5"
- user = alias.user
- mail_from = envelope.mail_from.lower().strip()
- # bounce email initiated by Postfix
- # can happen in case emails cannot be delivered to user-email
- # in this case Postfix will try to send a bounce report to original sender, which is
- # the "reply email"
- if mail_from == "<>":
- LOG.warning(
- "Bounce when sending to alias %s from %s, user %s", alias, contact, user,
- )
- handle_bounce(contact, alias, msg, user)
- return False, "550 SL E6"
- mailbox = Mailbox.get_by(email=mail_from, user_id=user.id)
- if not mailbox or mailbox not in alias.mailboxes:
- # only mailbox can send email to the reply-email
- handle_unknown_mailbox(envelope, msg, reply_email, user, alias)
- return False, "550 SL E7"
- if ENFORCE_SPF and mailbox.force_spf:
- ip = msg[_IP_HEADER]
- if not spf_pass(ip, envelope, mailbox, user, alias, contact.website_email, msg):
- # cannot use 4** here as sender will retry. 5** because that generates bounce report
- return True, "250 SL E11"
- delete_header(msg, _IP_HEADER)
- delete_header(msg, "DKIM-Signature")
- delete_header(msg, "Received")
- # make the email comes from alias
- from_header = alias.email
- # add alias name from alias
- if alias.name:
- LOG.d("Put alias name in from header")
- from_header = formataddr((alias.name, alias.email))
- elif alias.custom_domain:
- LOG.d("Put domain default alias name in from header")
- # add alias name from domain
- if alias.custom_domain.name:
- from_header = formataddr((alias.custom_domain.name, alias.email))
- add_or_replace_header(msg, "From", from_header)
- # some email providers like ProtonMail adds automatically the Reply-To field
- # make sure to delete it
- delete_header(msg, "Reply-To")
- # remove sender header if present as this could reveal user real email
- delete_header(msg, "Sender")
- delete_header(msg, "X-Sender")
- replace_header_when_reply(msg, alias, "To")
- replace_header_when_reply(msg, alias, "Cc")
- # Received-SPF is injected by postfix-policyd-spf-python can reveal user original email
- delete_header(msg, "Received-SPF")
- LOG.d(
- "send email from %s to %s, mail_options:%s,rcpt_options:%s",
- alias.email,
- contact.website_email,
- envelope.mail_options,
- envelope.rcpt_options,
- )
- if alias_domain in ALIAS_DOMAINS:
- add_dkim_signature(msg, alias_domain)
- # add DKIM-Signature for custom-domain alias
- else:
- custom_domain: CustomDomain = CustomDomain.get_by(domain=alias_domain)
- if custom_domain.dkim_verified:
- add_dkim_signature(msg, alias_domain)
- smtp.sendmail(
- alias.email,
- contact.website_email,
- msg.as_bytes(),
- envelope.mail_options,
- envelope.rcpt_options,
- )
- EmailLog.create(contact_id=contact.id, is_reply=True, user_id=contact.user_id)
- db.session.commit()
- return True, "250 Message accepted for delivery"
- def spf_pass(
- ip: str,
- envelope,
- mailbox: Mailbox,
- user: User,
- alias: Alias,
- contact_email: str,
- msg: Message,
- ) -> bool:
- if ip:
- LOG.d("Enforce SPF")
- try:
- r = spf.check2(i=ip, s=envelope.mail_from.lower(), h=None)
- except Exception:
- LOG.error("SPF error, mailbox %s, ip %s", mailbox.email, ip)
- else:
- # TODO: Handle temperr case (e.g. dns timeout)
- # only an absolute pass, or no SPF policy at all is 'valid'
- if r[0] not in ["pass", "none"]:
- LOG.error(
- "SPF fail for mailbox %s, reason %s, failed IP %s",
- mailbox.email,
- r[0],
- ip,
- )
- send_email_with_rate_control(
- user,
- ALERT_SPF,
- mailbox.email,
- f"SimpleLogin Alert: attempt to send emails from your alias {alias.email} from unknown IP Address",
- render(
- "transactional/spf-fail.txt",
- name=user.name,
- alias=alias.email,
- ip=ip,
- mailbox_url=URL + f"/dashboard/mailbox/{mailbox.id}#spf",
- to_email=contact_email,
- subject=msg["Subject"],
- time=arrow.now(),
- ),
- render(
- "transactional/spf-fail.html",
- name=user.name,
- alias=alias.email,
- ip=ip,
- mailbox_url=URL + f"/dashboard/mailbox/{mailbox.id}#spf",
- to_email=contact_email,
- subject=msg["Subject"],
- time=arrow.now(),
- ),
- # as the returned error status is 4**,
- # the sender will try to resend the email. Send the error message only once
- max_alert_24h=1,
- )
- return False
- else:
- LOG.warning(
- "Could not find %s header %s -> %s",
- _IP_HEADER,
- mailbox.email,
- contact_email,
- )
- return True
- def handle_unknown_mailbox(envelope, msg, reply_email: str, user: User, alias: Alias):
- LOG.warning(
- f"Reply email can only be used by mailbox. "
- f"Actual mail_from: %s. msg from header: %s, reverse-alias %s, %s %s",
- envelope.mail_from,
- msg["From"],
- reply_email,
- alias,
- user,
- )
- send_email_with_rate_control(
- user,
- ALERT_REVERSE_ALIAS_UNKNOWN_MAILBOX,
- user.email,
- f"Reply from your alias {alias.email} only works from your mailbox",
- render(
- "transactional/reply-must-use-personal-email.txt",
- name=user.name,
- alias=alias,
- sender=envelope.mail_from,
- ),
- render(
- "transactional/reply-must-use-personal-email.html",
- name=user.name,
- alias=alias,
- sender=envelope.mail_from,
- ),
- )
- # Notify sender that they cannot send emails to this address
- send_email_with_rate_control(
- user,
- ALERT_REVERSE_ALIAS_UNKNOWN_MAILBOX,
- envelope.mail_from,
- f"Your email ({envelope.mail_from}) is not allowed to send emails to {reply_email}",
- render(
- "transactional/send-from-alias-from-unknown-sender.txt",
- sender=envelope.mail_from,
- reply_email=reply_email,
- ),
- render(
- "transactional/send-from-alias-from-unknown-sender.html",
- sender=envelope.mail_from,
- reply_email=reply_email,
- ),
- )
- def handle_bounce(contact: Contact, alias: Alias, msg: Message, user: User):
- address = alias.email
- email_log: EmailLog = EmailLog.create(
- contact_id=contact.id, bounced=True, user_id=contact.user_id
- )
- db.session.commit()
- nb_bounced = EmailLog.filter_by(contact_id=contact.id, bounced=True).count()
- disable_alias_link = f"{URL}/dashboard/unsubscribe/{alias.id}"
- # Store the bounced email
- orig_msg = get_orig_message_from_bounce(msg)
- # generate a name for the email
- random_name = str(uuid.uuid4())
- full_report_path = f"refused-emails/full-{random_name}.eml"
- s3.upload_email_from_bytesio(full_report_path, BytesIO(msg.as_bytes()), random_name)
- if not orig_msg:
- LOG.error(
- "Cannot parse original message from bounce message %s %s %s",
- alias,
- user,
- contact,
- )
- return
- file_path = f"refused-emails/{random_name}.eml"
- s3.upload_email_from_bytesio(file_path, BytesIO(orig_msg.as_bytes()), random_name)
- mailbox_id = int(orig_msg[_MAILBOX_ID_HEADER])
- mailbox = Mailbox.get(mailbox_id)
- if not mailbox or mailbox.user_id != user.id:
- LOG.error(
- "Tampered message mailbox_id %s, %s, %s, %s",
- mailbox_id,
- user,
- alias,
- contact,
- )
- return
- refused_email = RefusedEmail.create(
- path=file_path, full_report_path=full_report_path, user_id=user.id
- )
- db.session.flush()
- email_log.refused_email_id = refused_email.id
- email_log.bounced_mailbox_id = mailbox.id
- db.session.commit()
- LOG.d("Create refused email %s", refused_email)
- refused_email_url = (
- URL + f"/dashboard/refused_email?highlight_id=" + str(email_log.id)
- )
- # inform user if this is the first bounced email
- if nb_bounced == 1:
- LOG.d(
- "Inform user %s about bounced email sent by %s to alias %s",
- user,
- contact.website_email,
- address,
- )
- send_email_with_rate_control(
- user,
- ALERT_BOUNCE_EMAIL,
- # use user mail here as only user is authenticated to see the refused email
- user.email,
- f"Email from {contact.website_email} to {address} cannot be delivered to your inbox",
- render(
- "transactional/bounced-email.txt",
- name=user.name,
- alias=alias,
- website_email=contact.website_email,
- disable_alias_link=disable_alias_link,
- refused_email_url=refused_email_url,
- mailbox_email=mailbox.email,
- ),
- render(
- "transactional/bounced-email.html",
- name=user.name,
- alias=alias,
- website_email=contact.website_email,
- disable_alias_link=disable_alias_link,
- refused_email_url=refused_email_url,
- mailbox_email=mailbox.email,
- ),
- # cannot include bounce email as it can contain spammy text
- # bounced_email=msg,
- )
- # disable the alias the second time email is bounced
- elif nb_bounced >= 2:
- LOG.d(
- "Bounce happens again with alias %s from %s. Disable alias now ",
- address,
- contact.website_email,
- )
- alias.enabled = False
- db.session.commit()
- send_email_with_rate_control(
- user,
- ALERT_BOUNCE_EMAIL,
- # use user mail here as only user is authenticated to see the refused email
- user.email,
- f"Alias {address} has been disabled due to second undelivered email from {contact.website_email}",
- render(
- "transactional/automatic-disable-alias.txt",
- name=user.name,
- alias=alias,
- website_email=contact.website_email,
- refused_email_url=refused_email_url,
- mailbox_email=mailbox.email,
- ),
- render(
- "transactional/automatic-disable-alias.html",
- name=user.name,
- alias=alias,
- website_email=contact.website_email,
- refused_email_url=refused_email_url,
- mailbox_email=mailbox.email,
- ),
- # cannot include bounce email as it can contain spammy text
- # bounced_email=msg,
- )
- def handle_spam(
- contact: Contact,
- alias: Alias,
- msg: Message,
- user: User,
- mailbox_email: str,
- email_log: EmailLog,
- ):
- # Store the report & original email
- orig_msg = get_orig_message_from_spamassassin_report(msg)
- # generate a name for the email
- random_name = str(uuid.uuid4())
- full_report_path = f"spams/full-{random_name}.eml"
- s3.upload_email_from_bytesio(full_report_path, BytesIO(msg.as_bytes()), random_name)
- file_path = None
- if orig_msg:
- file_path = f"spams/{random_name}.eml"
- s3.upload_email_from_bytesio(
- file_path, BytesIO(orig_msg.as_bytes()), random_name
- )
- refused_email = RefusedEmail.create(
- path=file_path, full_report_path=full_report_path, user_id=user.id
- )
- db.session.flush()
- email_log.refused_email_id = refused_email.id
- db.session.commit()
- LOG.d("Create spam email %s", refused_email)
- refused_email_url = (
- URL + f"/dashboard/refused_email?highlight_id=" + str(email_log.id)
- )
- disable_alias_link = f"{URL}/dashboard/unsubscribe/{alias.id}"
- # inform user
- LOG.d(
- "Inform user %s about spam email sent by %s to alias %s",
- user,
- contact.website_email,
- alias.email,
- )
- send_email_with_rate_control(
- user,
- ALERT_SPAM_EMAIL,
- mailbox_email,
- f"Email from {contact.website_email} to {alias.email} is detected as spam",
- render(
- "transactional/spam-email.txt",
- name=user.name,
- alias=alias,
- website_email=contact.website_email,
- disable_alias_link=disable_alias_link,
- refused_email_url=refused_email_url,
- ),
- render(
- "transactional/spam-email.html",
- name=user.name,
- alias=alias,
- website_email=contact.website_email,
- disable_alias_link=disable_alias_link,
- refused_email_url=refused_email_url,
- ),
- )
- def handle_unsubscribe(envelope: Envelope):
- msg = email.message_from_bytes(envelope.original_content)
- # format: alias_id:
- subject = msg["Subject"]
- try:
- # subject has the format {alias.id}=
- if subject.endswith("="):
- alias_id = int(subject[:-1])
- # some email providers might strip off the = suffix
- else:
- alias_id = int(subject)
- alias = Alias.get(alias_id)
- except Exception:
- LOG.warning("Cannot parse alias from subject %s", msg["Subject"])
- return "550 SL E8"
- if not alias:
- LOG.warning("No such alias %s", alias_id)
- return "550 SL E9"
- # This sender cannot unsubscribe
- mail_from = envelope.mail_from.lower().strip()
- mailbox = Mailbox.get_by(user_id=alias.user_id, email=mail_from)
- if not mailbox or mailbox not in alias.mailboxes:
- LOG.d("%s cannot disable alias %s", envelope.mail_from, alias)
- return "550 SL E10"
- # Sender is owner of this alias
- alias.enabled = False
- db.session.commit()
- user = alias.user
- enable_alias_url = URL + f"/dashboard/?highlight_alias_id={alias.id}"
- for mailbox in alias.mailboxes:
- send_email(
- mailbox.email,
- f"Alias {alias.email} has been disabled successfully",
- render(
- "transactional/unsubscribe-disable-alias.txt",
- user=user,
- alias=alias.email,
- enable_alias_url=enable_alias_url,
- ),
- render(
- "transactional/unsubscribe-disable-alias.html",
- user=user,
- alias=alias.email,
- enable_alias_url=enable_alias_url,
- ),
- )
- return "250 Unsubscribe request accepted"
- def handle(envelope: Envelope, smtp: SMTP) -> str:
- """Return SMTP status"""
- # unsubscribe request
- if UNSUBSCRIBER and envelope.rcpt_tos == [UNSUBSCRIBER]:
- LOG.d("Handle unsubscribe request from %s", envelope.mail_from)
- return handle_unsubscribe(envelope)
- # Whether it's necessary to apply greylisting
- if greylisting_needed(envelope.mail_from, envelope.rcpt_tos):
- LOG.warning(
- "Grey listing applied for %s %s", envelope.mail_from, envelope.rcpt_tos
- )
- return "421 SL Retry later"
- # result of all deliveries
- # each element is a couple of whether the delivery is successful and the smtp status
- res: [(bool, str)] = []
- for rcpt_to in envelope.rcpt_tos:
- msg = email.message_from_bytes(envelope.original_content)
- # Reply case
- # recipient starts with "reply+" or "ra+" (ra=reverse-alias) prefix
- if rcpt_to.startswith("reply+") or rcpt_to.startswith("ra+"):
- LOG.debug(">>> Reply phase %s -> %s", envelope.mail_from, rcpt_to)
- is_delivered, smtp_status = handle_reply(envelope, smtp, msg, rcpt_to)
- res.append((is_delivered, smtp_status))
- else: # Forward case
- LOG.debug(">>> Forward phase %s -> %s", envelope.mail_from, rcpt_to)
- for is_delivered, smtp_status in handle_forward(
- envelope, smtp, msg, rcpt_to
- ):
- res.append((is_delivered, smtp_status))
- for (is_success, smtp_status) in res:
- # Consider all deliveries successful if 1 delivery is successful
- if is_success:
- return smtp_status
- # Failed delivery for all, return the first failure
- return res[0][1]
- class MailHandler:
- async def handle_DATA(self, server, session, envelope: Envelope):
- LOG.debug(
- "===>> New message, mail from %s, rctp tos %s ",
- envelope.mail_from,
- envelope.rcpt_tos,
- )
- if POSTFIX_SUBMISSION_TLS:
- smtp = SMTP(POSTFIX_SERVER, 587)
- smtp.starttls()
- else:
- smtp = SMTP(POSTFIX_SERVER, 25)
- app = new_app()
- with app.app_context():
- return handle(envelope, smtp)
- if __name__ == "__main__":
- controller = Controller(MailHandler(), hostname="0.0.0.0", port=20381)
- controller.start()
- LOG.d("Start mail controller %s %s", controller.hostname, controller.port)
- if LOAD_PGP_EMAIL_HANDLER:
- LOG.warning("LOAD PGP keys")
- app = create_app()
- with app.app_context():
- load_pgp_public_keys(app)
- while True:
- time.sleep(2)
|