#!/usr/bin/env python3 """Postfix implementation of the incoming email gateway's helper for forwarding emails into Zulip. https://zulip.readthedocs.io/en/latest/production/email-gateway.html The email gateway supports two major modes of operation: An email server (using Postfix) where the email address configured in EMAIL_GATEWAY_PATTERN delivers emails directly to Zulip (this) or a cron job that connects to an IMAP inbox (which receives the emails) periodically. Zulip's Puppet configuration takes care of configuring Postfix to execute this script when emails are received by Postfix, piping the email content via standard input (and the destination email address in the ORIGINAL_RECIPIENT environment variable). In Postfix, you can express that via an /etc/aliases entry like this: |/home/zulip/deployments/current/scripts/lib/email-mirror-postfix -r ${original_recipient} To manage DoS issues, this script does very little work (just sending an HTTP request to queue the message for processing) to avoid importing expensive libraries. Also you can use optional keys to configure the script and change default values: -s SHARED_SECRET For adding shared secret key if it is not contained in "/etc/zulip/zulip-secrets.conf". This key is used to authenticate the HTTP requests made by this tool. -d HOST Destination Zulip host for email uploading. Address must contain type of HTTP protocol, e.g. "https://example.com". Default value: "https://127.0.0.1". -u URL Destination relative for email uploading. Default value: "/email_mirror_message". -n Disable checking ssl certificate. This option is used for self-signed certificates. Default value: False. -t Disable sending request to the Zulip server. Default value: False. """ import argparse import base64 import json import os import posix import ssl import sys from configparser import RawConfigParser from typing import NoReturn from urllib.error import HTTPError from urllib.parse import urlencode, urljoin, urlparse from urllib.request import Request, urlopen sys.path.append(os.path.join(os.path.dirname(__file__), "..", "..")) from scripts.lib.zulip_tools import get_config, get_config_file parser = argparse.ArgumentParser() parser.add_argument("-r", "--recipient", default="", help="Original recipient.") parser.add_argument("-s", "--shared-secret", default="", help="Secret access key.") parser.add_argument( "-d", "--dst-host", dest="host", default="127.0.0.1", help="Destination server address for uploading email from email mirror. " "Address must contain a HTTP protocol. Otherwise, default value is assumed " "based on the http_only setting.", ) parser.add_argument( "-u", "--dst-url", dest="url", default="/email_mirror_message", help="Destination relative URL for uploading email from email mirror.", ) parser.add_argument( "-n", "--not-verify-ssl", dest="verify_ssl", action="store_false", help="Disable ssl certificate verifying for self-signed certificates", ) parser.add_argument("-t", "--test", action="store_true", help="Test mode.") options = parser.parse_args() MAX_ALLOWED_PAYLOAD = 25 * 1024 * 1024 def process_response_error(e: HTTPError) -> NoReturn: if e.code == 400: response_content = e.read() response_data = json.loads(response_content) print(response_data["msg"]) sys.exit(posix.EX_NOUSER) else: print("4.4.2 Connection dropped: Internal server error.") sys.exit(1) def send_email_mirror( rcpt_to: str, shared_secret: str, host: str, url: str, test: bool, verify_ssl: bool, ) -> None: if not rcpt_to: print("5.1.1 Bad destination mailbox address: No missed message email address.") sys.exit(posix.EX_NOUSER) msg_bytes = sys.stdin.buffer.read(MAX_ALLOWED_PAYLOAD + 1) if len(msg_bytes) > MAX_ALLOWED_PAYLOAD: # We're not at EOF, reject large mail. print("5.3.4 Message too big for system: Max size is 25MiB") sys.exit(posix.EX_DATAERR) secrets_file = RawConfigParser() secrets_file.read("/etc/zulip/zulip-secrets.conf") if not shared_secret: shared_secret = secrets_file.get("secrets", "shared_secret") if test: return if not urlparse(host).scheme: config_file = get_config_file() http_only_config = get_config(config_file, "application_server", "http_only", "") http_only = http_only_config == "true" scheme = "http://" if http_only else "https://" host = scheme + host if host == "https://127.0.0.1": # Don't try to verify SSL when posting to 127.0.0.1; it won't # work, and connections to 127.0.0.1 are secure without SSL. verify_ssl = False # Because this script is run from postfix, it does not have any # http proxy environment variables set which might interfere with # access to localhost. context = None if not verify_ssl: context = ssl.create_default_context() context.check_hostname = False context.verify_mode = ssl.CERT_NONE data = { "rcpt_to": rcpt_to, "msg_base64": base64.b64encode(msg_bytes).decode(), "secret": shared_secret, } req = Request(url=urljoin(host, url), data=urlencode(data).encode()) try: urlopen(req, context=context) except HTTPError as err: process_response_error(err) recipient = str(os.environ.get("ORIGINAL_RECIPIENT", options.recipient)) send_email_mirror( recipient, options.shared_secret, options.host, options.url, options.test, options.verify_ssl )