~sircmpwn/lists.sr.ht

ref: 0.39.1 lists.sr.ht/listssrht-lmtp -rwxr-xr-x 12.1 KiB
562b46beDrew DeVault Set server_default access to normal 1 year, 2 days ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
#!/usr/bin/env python3
from aiosmtpd.lmtp import SMTP, LMTP
from email.utils import parseaddr
from fnmatch import fnmatch
from grp import getgrnam
from srht.config import cfg
from listssrht.types.listaccess import ListAccess
import asyncio
import asyncpg
import email
import os
import signal
import sys

from listssrht.process import dispatch_message, send_error_for

loop = asyncio.new_event_loop()

always_reject = cfg("lists.sr.ht::worker", "reject-mimetypes")
always_reject = always_reject.split(",")
posting_domain = cfg("lists.sr.ht", "posting-domain")

html_error = """Hi {}!

We received your email, but were unable to deliver it because it
contains HTML. HTML emails are not permitted. The following guide can
help you configure your client to send in plain text instead:

https://useplaintext.email

If you have any questions, please reply to this email to reach the mail
admin. We apologise for the inconvenience.
"""

forbidden_mimetype_error = """Hi {}!

We received your email, but were unable to deliver it because it
contains content which has been blacklisted by the list admin. Please
remove your {} attachments and send again.

You are also advised to configure your email client to send emails in
plain text to avoid additional errors in the future:

https://useplaintext.email

If you have any questions, please reply to this email to reach the mail
admin. We apologise for the inconvenience.
"""

text_plain_required_error = """Hi {}!

We received your email, but were unable to deliver it because there were
no text/plain parts. Our mail system requires all emails to have at
least one plain text part. The following guide can help you configure
your client to send in plain text:

https://useplaintext.email

If you have any questions, please reply to this email to reach the mail
admin. We apologise for the inconvenience.
"""

unknown_mailing_list_error = """Hi {}!

We received your email, but were unable to deliver it because the
mailing list you wrote to was not found. The correct posting addresses
are:

~username/list-name@{}

Or if your mail system has trouble sending to addresses with ~ or / in
them, you can use:

u.username.list-name@{}

If your mail system does not support our normal posting addresses, we
would appreciate it if you wrote to your mail admin to ask them to fix
their system. Our posting addresses are valid per RFC-5322.

If you have any questions, please reply to this email to reach the mail
admin. We apologise for the inconvenience.
"""

class MailHandler:
    def __init__(self, pg):
        self.pg = pg

    async def fetch_user(self, conn):
        return await conn.prepare(
                '''SELECT "id" FROM "user"
                   WHERE username = $1''')

    async def fetch_user_by_email(self, conn):
        return await conn.prepare(
                '''SELECT "id" FROM "user"
                   WHERE email = $1''')

    async def fetch_list(self, conn):
        return await conn.prepare(
                '''SELECT
                       "id",
                       "owner_id",
                       "nonsubscriber_permissions",
                       "subscriber_permissions",
                       "account_permissions",
                       "permit_mimetypes",
                       "reject_mimetypes"
                   FROM "list"
                   WHERE "owner_id" = $1 AND "name" = $2''')

    async def fetch_subscription(self, conn):
        return await conn.prepare(
                '''SELECT "id" FROM "subscription"
                   WHERE (email IS NOT NULL AND email = $1) or
                         (user_id IS NOT NULL AND user_id = $2)''')

    async def fetch_email(self, conn):
        return await conn.prepare(
                '''SELECT "list_id" FROM "email"
                   WHERE "message_id" = $1''')

    async def fetch_acl_by_email(self, conn):
        return await conn.prepare(
                '''SELECT "permissions" FROM "access"
                   WHERE list_id = $1 AND email = $2''')

    async def fetch_acl_by_user(self, conn):
        return await conn.prepare(
                '''SELECT "permissions" FROM "access"
                   WHERE list_id = $1 AND user_id = $2''')

    async def lookup_destination(self, conn, address):
        """Looks up the list this message is addressed to and returns its ID."""
        # Note: we assume postfix took care of the domain
        address = address[:address.rfind("@")]
        command = "post"
        if "+" in address:
            command = address[address.rfind("+") + 1:]
            address = address[:address.rfind("+")]
        if not command in ["subscribe", "unsubscribe", "post"]:
            return None, None
        # Get redirect if present
        address = cfg("lists.sr.ht::redirects", address, default=address)
        if address.startswith("~"):
            # TODO: user groups
            if not "/" in address:
                return None, None
            owner, list_name = address.split("/")
        else:
            address = address.split(".")
            if len(address) != 3:
                return None, None
            prefix, owner, list_name = address
            if prefix == "u":
                owner = "~" + owner
            else:
                # TODO: user groups
                return None, None
        fetch_user = await self.fetch_user(conn)
        owner_id = await fetch_user.fetchval(owner[1:])
        if not owner_id:
            return None, None
        fetch_list = await self.fetch_list(conn)
        result = await fetch_list.fetchrow(owner_id, list_name)
        return result, command

    def validate(self, mail, permit_mimetypes, reject_mimetypes):
        required_headers = ["To", "From", "Subject", "Message-Id"]
        for header in required_headers:
            if not mail.get(header):
                return "The {} header is required.".format(header)
        found_textpart = False
        sender = parseaddr(mail["From"])
        sender = sender[0] or sender[1]
        permit_mimetypes = permit_mimetypes.split(",")
        reject_mimetypes = reject_mimetypes.split(",") + always_reject
        for part in mail.walk():
            content_type = part.get_content_type()
            if content_type == "text/plain":
                found_textpart = True
            if fnmatch(content_type, "multipart/*"):
                continue
            permit = False
            for whitelist in permit_mimetypes:
                if fnmatch(content_type, whitelist):
                    permit = True
                    break
            if not permit:
                if content_type == "text/html":
                    return html_error.format(sender)
                else:
                    return forbidden_mimetype_error.format(
                            sender, content_type)
            for blacklist in reject_mimetypes:
                if fnmatch(content_type, blacklist):
                    if content_type == "text/html":
                        return html_error.format(sender)
                    else:
                        return forbidden_mimetype_error.format(
                                sender, content_type)
        if not found_textpart:
            return text_plain_required_error.format(sender)
        return None

    async def handle_RCPT(self, server, session,
            envelope, address, rcpt_options):
        print("RCPT {}".format(address))
        envelope.rcpt_tos.append(address)
        return "250 OK"

    async def handle_DATA(self, server, session, envelope):
        async with self.pg.acquire() as conn:
            return await self.handle_DATA_w_conn(
                    server, session, envelope, conn)

    async def handle_DATA_w_conn(self, server, session, envelope, conn):
        address = envelope.rcpt_tos[0]
        mail = email.message_from_bytes(envelope.content,
                policy=email.policy.SMTPUTF8.clone(max_line_length=998))
        dest, command = await self.lookup_destination(conn, address)
        if dest is None:
            sender = parseaddr(mail["From"])
            sender = sender[0] or sender[1]
            print("Rejected, mailing list not found")
            send_error_for.delay(str(mail), unknown_mailing_list_error.format(
                        sender, posting_domain, posting_domain))
            return "250 Mailing list not found, but sending bounce out of band"
        (dest_id, owner_id,
                nonsub_perms, sub_perms, external_perms,
                permit_mimetypes, reject_mimetypes) = dest
        nonsub_perms = ListAccess(nonsub_perms)
        sub_perms = ListAccess(sub_perms)
        external_perms = ListAccess(external_perms)

        fetch_email = await self.fetch_email(conn)
        in_reply_to = mail.get("In-Reply-To")
        in_reply_to = await fetch_email.fetchval(in_reply_to)
        access = ListAccess.reply if in_reply_to == dest_id else ListAccess.post

        fetch_user_by_email = await self.fetch_user_by_email(conn)
        _from = parseaddr(mail["From"])
        user_id = await fetch_user_by_email.fetchval(_from[1])

        fetch_acl_by_user = await self.fetch_acl_by_user(conn)
        fetch_acl_by_email = await self.fetch_acl_by_email(conn)
        if user_id:
            acl = await fetch_acl_by_user.fetchrow(dest_id, user_id)
        else:
            acl = await fetch_acl_by_email.fetchrow(dest_id, _from[1])

        if command != "post":
            print("Command accepted: {}".format(mail.get("Subject")))
            dispatch_message.delay(address, dest_id, str(mail))
            return "250 Message accepted for delivery"

        err = self.validate(mail, permit_mimetypes, reject_mimetypes)
        if err is not None:
            print("Rejected due to validation errors")
            send_error_for.delay(str(mail), err)
            return "250 Validation failed, but sending bounce out of band"

        if owner_id == user_id:
            print("Message accepted: {}".format(mail.get("Subject")))
            dispatch_message.delay(address, dest_id, str(mail))
            return "250 Message accepted for delivery"

        if acl is not None:
            if access not in ListAccess(acl[0]):
                print("Rejected: your account is not allowed to post to this list")
                return "500 Rejected. Your account is not allowed to post to this list."
        else:
            fetch_sub = await self.fetch_subscription(conn)
            sub = await fetch_sub.fetchval(_from[1], user_id)

            if access not in nonsub_perms and not sub:
                print("Rejected: non-subscribers are not allowed to post")
                return "500 Rejected. Non-subscribers are not allowed to post to this list."

            if access not in sub_perms and sub:
                print("Rejected: non-subscribers are not allowed to post")
                return "500 Rejected. You are not allowed to post to this list."

            if access not in external_perms and not user_id:
                print("Rejected: non-users are not allowed to post")
                return "500 Rejected. Users without an account are not allowed to post to this list."

        print("Message accepted: {}".format(mail.get("Subject")))
        dispatch_message.delay(address, dest_id, str(mail))
        return "250 Message accepted for delivery"

async def create_server():
    pg = await asyncpg.create_pool(dsn=cfg("lists.sr.ht", "connection-string"))
    handler = MailHandler(pg)
    sock = cfg("lists.sr.ht::worker", "sock")
    protocol = cfg("lists.sr.ht::worker", "protocol",
            default="lmtp" if "/" in sock else "smtp")
    if protocol == "smtp":
        def serve():
            return SMTP(handler, enable_SMTPUTF8=True)
    else:
        def serve():
            return LMTP(handler, enable_SMTPUTF8=True)
    if "/" in sock:
        sock_gid = getgrnam(cfg("lists.sr.ht::worker", "sock-group")).gr_gid
        await loop.create_unix_server(serve, path=sock)
        os.chmod(sock, 0o775)
        os.chown(sock, os.getuid(), sock_gid)
    else:
        host, port = sock.split(":")
        await loop.create_server(serve, host=host, port=int(port))

def sigint_handler():
    print("Exiting due to SIGINT")
    sys.exit(0)

loop.add_signal_handler(signal.SIGINT, sigint_handler)

print("Starting incoming mail daemon")
loop.run_until_complete(create_server())
loop.run_forever()
loop.close()