paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-25 17:14:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f86e22a443b14c2cf4de39e2fbd06943ba0d1837
zulip/scripts/lib/email-mirror-postfix
Tim Abbott 0d5d3c4912 email_mirror: Rewrite docstrings to focus on current reality. 
These docstrings hadn't been properly updated in years, and bad an
awkward mix of a bad version of the user-facing documentation and
details that are no longer true (e.g. references to "Voyager").

(One important detail is that we have real documentation for this
system now).
2020-02-19 12:08:55 -08:00

142 lines
5.2 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/env python3
"""Postfix implementation of the incoming email gateway's helper for
forwarding emails into Zulip.
https://zulip.readthedocs.io/en/latest/production/settings.html#email-gateway
The email gateway supports two major modes of operation: An email
server (using postfix) where the email address configured in
EMAIL_GATEWAY_PATTERN delivers emails directly to Zulip (this) or a
cron job that connects to an IMAP inbox (which receives the emails)
periodically.
Zulip's puppet configuration takes care of configuring postfix to
execute this script when emails are received by postfix, piping the
email content via standard input (and the destination email address in
the ORIGINAL_RECIPIENT environment variable).
In Postfix, you can express that via an /etc/aliases entry like this:
|/home/zulip/deployments/current/scripts/lib/email-mirror-postfix -r ${original_recipient}
To manage DoS issues, this script does very little work (just sending
an HTTP request to queue the message for processing) to avoid
importing expensive libraries.
Also you can use optional keys to configure the script and change default values:
-s SHARED_SECRET For adding shared secret key if it is not contained in
"/etc/zulip/zulip-secrets.conf". This key is used to authenticate
the HTTP requests made by this tool.
-d HOST Destination Zulip host for email uploading. Address must contain type of
HTTP protocol, i.e "https://example.com". Default value: "https://127.0.0.1".
-u URL Destination relative for email uploading. Default value: "/email_mirror_message".
-n Disable checking ssl certificate. This option is used for
self-signed certificates. Default value: False.
-t Disable sending request to the Zulip server. Default value: False.
"""
import os
import ssl
import sys
import argparse
import posix
import json
from urllib.parse import urljoin, urlencode
from urllib.request import Request, urlopen
from urllib.error import HTTPError
from configparser import RawConfigParser
parser = argparse.ArgumentParser()
parser.add_argument('-r', '--recipient', dest="recipient", type=str, default='',
help="Original recipient.")
parser.add_argument('-s', '--shared-secret', dest="shared_secret", type=str, default='',
help="Secret access key.")
parser.add_argument('-d', '--dst-host', dest="host", type=str, default='https://127.0.0.1',
help="Destination server address for uploading email from email mirror. "
"Address must contain a HTTP protocol.")
parser.add_argument('-u', '--dst-url', dest="url", type=str, default='/email_mirror_message',
help="Destination relative url for uploading email from email mirror.")
parser.add_argument('-n', '--not-verify-ssl', dest="verify_ssl", action='store_false', default=True,
help="Disable ssl certificate verifying for self-signed certificates")
parser.add_argument('-t', '--test', dest="test", action='store_true', default=False,
help="Test mode.")
options = parser.parse_args()
MAX_ALLOWED_PAYLOAD = 25 * 1024 * 1024
def process_response_error(e):
# type: (HTTPError) -> None
if e.code == 400:
response_content = e.read()
response_data = json.loads(response_content.decode('utf8'))
print(response_data['msg'])
exit(posix.EX_NOUSER)
else:
print("4.4.2 Connection dropped: Internal server error.")
exit(1)
def send_email_mirror(rcpt_to, shared_secret, host, url, test, verify_ssl):
# type: (str, str, str, str, bool, bool) -> None
if not rcpt_to:
print("5.1.1 Bad destination mailbox address: No missed message email address.")
exit(posix.EX_NOUSER)
msg_text = sys.stdin.read(MAX_ALLOWED_PAYLOAD + 1)
if len(msg_text) > MAX_ALLOWED_PAYLOAD:
# We're not at EOF, reject large mail.
print("5.3.4 Message too big for system: Max size is 25MiB")
exit(posix.EX_DATAERR)
secrets_file = RawConfigParser()
secrets_file.read("/etc/zulip/zulip-secrets.conf")
if not shared_secret:
shared_secret = secrets_file.get('secrets', 'shared_secret')
request_data = {
"recipient": rcpt_to,
"msg_text": msg_text
}
if test:
exit(0)
if host == 'https://127.0.0.1':
# Don't try to verify SSL when posting to 127.0.0.1; it won't
# work, and connections to 127.0.0.1 are secure without SSL.
verify_ssl = False
context = None
if not verify_ssl:
context = ssl.create_default_context()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
data = {"data": json.dumps(request_data),
"secret": shared_secret}
req = Request(url=urljoin(host, url), data=urlencode(data).encode('utf8'))
try:
urlopen(req, context=context)
except HTTPError as err:
process_response_error(err)
recipient = str(os.environ.get("ORIGINAL_RECIPIENT", options.recipient))
send_email_mirror(recipient, options.shared_secret, options.host, options.url, options.test,
options.verify_ssl)
Reference in New Issue View Git Blame Copy Permalink