email-mirror: Add a standalone server that processes incoming email.

Using postfix to handle the incoming email gateway complicates things a great deal: - It cannot verify that incoming email addresses exist in Zulip before accepting them; it thus accepts mail at the `RCPT TO` stage which it cannot handle, and thus must reject after the `DATA`. - It is built to handle both incoming and outgoing email, which results in subtle errors (1c17583ad5, 79931051bd, a53092687e, #18600). - Rate-limiting happens much too late to avoid denial of service (#12501). - Mis-configurations of the HTTP endpoint can break incoming mail (#18105). Provide a replacement SMTP server which accepts incoming email on port 25, verifies that Zulip can accept the address, and that no rate-limits are being broken, and then adds it directly to the relevant queue. Removes an incorrect comment which implied that missed-message addresses were only usable once. We leave rate-limiting to only channel email addresses, since missed-message addresses are unlikely to be placed into automated systems, as channel email addresses are. Also simplifies #7814 somewhat.
2025-11-02 13:03:29 +00:00 · 2021-09-13 18:06:26 +00:00
parent e6bcde00e3
commit 1f0cfd4662
13 changed files with 737 additions and 109 deletions
--- a/zerver/worker/email_mirror.py
+++ b/zerver/worker/email_mirror.py
@@ -9,13 +9,7 @@ from typing import Any

 from typing_extensions import override

-from zerver.lib.email_mirror import (
-    decode_stream_email_address,
-    is_missed_message_address,
-    rate_limit_mirror_by_realm,
-)
 from zerver.lib.email_mirror import process_message as mirror_email
-from zerver.lib.exceptions import RateLimitedError
 from zerver.worker.base import QueueProcessingWorker, WorkerTimeoutError, assign_queue

 logger = logging.getLogger(__name__)
@@ -32,20 +26,6 @@ class MirrorWorker(QueueProcessingWorker):
        msg = email.parser.BytesParser(_class=EmailMessage, policy=email.policy.default).parsebytes(
            content
        )
-        if not is_missed_message_address(rcpt_to):
-            # Missed message addresses are one-time use, so we don't need
-            # to worry about emails to them resulting in message spam.
-            recipient_realm = decode_stream_email_address(rcpt_to)[0].realm
-            try:
-                rate_limit_mirror_by_realm(recipient_realm)
-            except RateLimitedError:
-                logger.warning(
-                    "MirrorWorker: Rejecting an email from: %s to realm: %s - rate limited.",
-                    msg["From"],
-                    recipient_realm.subdomain,
-                )
-                return
-
        try:
            mirror_email(msg, rcpt_to=rcpt_to)
        except WorkerTimeoutError:  # nocoverage