email-mirror: Add a standalone server that processes incoming email.

Using postfix to handle the incoming email gateway complicates things a great deal: - It cannot verify that incoming email addresses exist in Zulip before accepting them; it thus accepts mail at the `RCPT TO` stage which it cannot handle, and thus must reject after the `DATA`. - It is built to handle both incoming and outgoing email, which results in subtle errors (1c17583ad5, 79931051bd, a53092687e, #18600). - Rate-limiting happens much too late to avoid denial of service (#12501). - Mis-configurations of the HTTP endpoint can break incoming mail (#18105). Provide a replacement SMTP server which accepts incoming email on port 25, verifies that Zulip can accept the address, and that no rate-limits are being broken, and then adds it directly to the relevant queue. Removes an incorrect comment which implied that missed-message addresses were only usable once. We leave rate-limiting to only channel email addresses, since missed-message addresses are unlikely to be placed into automated systems, as channel email addresses are. Also simplifies #7814 somewhat.
2025-10-23 04:52:12 +00:00 · 2021-09-13 18:06:26 +00:00
parent e6bcde00e3
commit 1f0cfd4662
13 changed files with 737 additions and 109 deletions
--- a/puppet/zulip/manifests/local_mailserver.pp
+++ b/puppet/zulip/manifests/local_mailserver.pp
@@ -0,0 +1,23 @@
+class zulip::local_mailserver {
+  include zulip::snakeoil
+
+  package { 'postfix':
+    # TODO/compatibility: We can remove this when upgrading directly
+    # from 10.x is no longer possible.  We do not use "purged" here,
+    # since that would remove config files, which users may have had
+    # installed.
+    ensure => absent,
+  }
+  file { "${zulip::common::supervisor_conf_dir}/email-mirror.conf":
+    ensure  => file,
+    require => [
+      Package[supervisor],
+      Package[postfix],
+    ],
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    content => template('zulip/supervisor/email-mirror.conf.template.erb'),
+    notify  => Service[$zulip::common::supervisor_service],
+  }
+}
--- a/puppet/zulip/templates/supervisor/email-mirror.conf.template.erb
+++ b/puppet/zulip/templates/supervisor/email-mirror.conf.template.erb
@@ -0,0 +1,14 @@
+[program:zulip-email-server]
+command=nice -n15 /home/zulip/deployments/current/manage.py email_server --user zulip --group zulip
+environment=HTTP_proxy="<%= @proxy %>",HTTPS_proxy="<%= @proxy %>"
+priority=350                   ; the relative start priority (default 999)
+autostart=true                 ; start at supervisord start (default: true)
+autorestart=true               ; whether/when to restart (default: unexpected)
+stopsignal=TERM                ; signal used to kill process (default TERM)
+topwaitsecs=30                 ; max num secs to wait b4 SIGKILL (default 10)
+user=root                      ; setuid to this UNIX account to run the program
+redirect_stderr=true           ; redirect proc stderr to stdout (default false)
+stdout_logfile=/var/log/zulip/email_server.log         ; stdout log path, NONE for none; default AUTO
+stdout_logfile_maxbytes=20MB   ; max # logfile bytes b4 rotation (default 50MB)
+stdout_logfile_backups=3     ; # of stdout logfile backups (default 10)
+directory=/home/zulip/deployments/current/