paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 21:43:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
10705e0db37afdf05fc70f56f5227f6f4e49e8ea
zulip/scripts/stop-server
Alex Vandiver 1f0cfd4662 email-mirror: Add a standalone server that processes incoming email. 
Using postfix to handle the incoming email gateway complicates things
a great deal:

- It cannot verify that incoming email addresses exist in Zulip before
  accepting them; it thus accepts mail at the `RCPT TO` stage which it
  cannot handle, and thus must reject after the `DATA`.

- It is built to handle both incoming and outgoing email, which
  results in subtle errors (1c17583ad5, 79931051bd, a53092687e,
  #18600).

- Rate-limiting happens much too late to avoid denial of
  service (#12501).

- Mis-configurations of the HTTP endpoint can break incoming
  mail (#18105).

Provide a replacement SMTP server which accepts incoming email on port
25, verifies that Zulip can accept the address, and that no
rate-limits are being broken, and then adds it directly to the
relevant queue.

Removes an incorrect comment which implied that missed-message
addresses were only usable once.  We leave rate-limiting to only
channel email addresses, since missed-message addresses are unlikely
to be placed into automated systems, as channel email addresses are.

Also simplifies #7814 somewhat.
2025-05-19 16:39:44 -07:00

77 lines
2.4 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/env python3
import logging
import os
import pwd
import subprocess
import sys
import time
sys.path.append(os.path.join(os.path.dirname(__file__), ".."))
from scripts.lib.setup_path import setup_path
setup_path()
from scripts.lib.supervisor import list_supervisor_processes
from scripts.lib.zulip_tools import (
ENDC,
OKGREEN,
WARNING,
has_application_server,
has_process_fts_updates,
su_to_zulip,
)
deploy_path = os.path.realpath(os.path.join(os.path.dirname(__file__), ".."))
os.chdir(deploy_path)
username = pwd.getpwuid(os.getuid()).pw_name
if username == "root":
su_to_zulip()
elif username != "zulip":
logging.error("Must be run as user 'zulip'.")
sys.exit(1)
logging.Formatter.converter = time.gmtime
logging.basicConfig(format="%(asctime)s stop-server: %(message)s", level=logging.INFO)
services = []
# Start with the least-critical services:
if has_process_fts_updates():
services.append("process-fts-updates")
if has_application_server():
# Contrary to the order in (re)start-server, we stop django before the
# workers, to increase the chance that we finish processing any work
# that may have been enqueued by the Django, leaving the final state
# closer to "empty." We stop Django before Tornado so it doesn't try
# to make requests to make queues with a down'd Tornado.
services.append("zulip-django")
services.append("zulip-tornado:*")
services.append("zulip-workers:*")
services.append("zulip-tus")
services.append("zulip-katex")
services.append("zulip-email-server")
if has_application_server(once=True):
# These used to be included in "zulip-workers:*"; we may be
# stopping an older version of Zulip, which has not applied
# puppet to reload the new list of processes, but the
# list_supervisor_processes below will filter them out if they
# do not exist.
services.append("zulip_deliver_scheduled_emails")
services.append("zulip_deliver_scheduled_messages")
services = list_supervisor_processes(services, only_running=True)
if services:
subprocess.check_call(["supervisorctl", "stop", *services])
print()
print(OKGREEN + "Zulip stopped successfully!" + ENDC)
using_sso = subprocess.check_output(["./scripts/get-django-setting", "USING_APACHE_SSO"])
if using_sso.strip() == b"True":
print()
print(WARNING + "Apache2 needs to be shut down; as root, run:" + ENDC)
print(" service apache2 stop")
print()
Reference in New Issue View Git Blame Copy Permalink