Mailu/core/admin/mailu/internal/views/postfix.py

from mailu import models
from mailu.internal import internal

import flask
import re
import srslib


@internal.route("/postfix/domain/<domain_name>")
def postfix_mailbox_domain(domain_name):
    if re.match("^\[.*\]$", domain_name):
        return flask.abort(404)
    domain = models.Domain.query.get(domain_name) or \
             models.Alternative.query.get(domain_name) or \
             flask.abort(404)
    return flask.jsonify(domain.name)


@internal.route("/postfix/mailbox/<path:email>")
def postfix_mailbox_map(email):
    user = models.User.query.get(email) or flask.abort(404)
    return flask.jsonify(user.email)


@internal.route("/postfix/alias/<path:alias>")
def postfix_alias_map(alias):
    localpart, domain_name = models.Email.resolve_domain(alias)
    if localpart is None:
        return flask.jsonify(domain_name)
    destination = models.Email.resolve_destination(localpart, domain_name)
    return flask.jsonify(",".join(destination)) if destination else flask.abort(404)


@internal.route("/postfix/transport/<path:email>")
def postfix_transport(email):
    if email == '*' or re.match("(^|.*@)\[.*\]$", email):
        return flask.abort(404)
    localpart, domain_name = models.Email.resolve_domain(email)
    relay = models.Relay.query.get(domain_name) or flask.abort(404)
    ret = "smtp:[{0}]".format(relay.smtp)
    if ":" in relay.smtp:
        split = relay.smtp.split(':')
        ret = "smtp:[{0}]:{1}".format(split[0], split[1])
    return flask.jsonify(ret)


@internal.route("/postfix/recipient/map/<path:recipient>")
def postfix_recipient_map(recipient):
    """ Rewrite the envelope recipient if it is a valid SRS address.

    This is meant for bounces to go back to the original sender.
    """
    srs = srslib.SRS(flask.current_app.config["SECRET_KEY"])
    if srslib.SRS.is_srs_address(recipient):
        try:
            return flask.jsonify(srs.reverse(recipient))
        except srslib.Error as error:
            return flask.abort(404)
    return flask.abort(404)


@internal.route("/postfix/sender/map/<path:sender>")
def postfix_sender_map(sender):
    """ Rewrite the envelope sender in case the mail was not emitted by us.

    This is for bounces to come back the reverse path properly.
    """
    srs = srslib.SRS(flask.current_app.config["SECRET_KEY"])
    domain = flask.current_app.config["DOMAIN"]
    try:
        localpart, domain_name = models.Email.resolve_domain(sender)
    except Exception as error:
        return flask.abort(404)
    if models.Domain.query.get(domain_name):
        return flask.abort(404)
    return flask.jsonify(srs.forward(sender, domain))


@internal.route("/postfix/sender/login/<path:sender>")
def postfix_sender_login(sender):
    localpart, domain_name = models.Email.resolve_domain(sender)
    if localpart is None:
        return flask.abort(404)
    destination = models.Email.resolve_destination(localpart, domain_name, True)
    return flask.jsonify(",".join(destination)) if destination else flask.abort(404)


@internal.route("/postfix/sender/access/<path:sender>")
def postfix_sender_access(sender):
    """ Simply reject any sender that pretends to be from a local domain
    """
    if not is_void_address(sender):
        localpart, domain_name = models.Email.resolve_domain(sender)
        return flask.jsonify("REJECT") if models.Domain.query.get(domain_name) else flask.abort(404)
    else:
        return flask.abort(404)


def is_void_address(email):
    '''True if the email is void (null) email address.
    '''
    if email.startswith('<') and email.endswith('>'):
        email = email[1:-1]
    # Some MTAs use things like '<MAILER-DAEMON>' instead of '<>'; so let's
    # consider void any such thing.
    return '@' not in email
First batch of refactoring, using the app factory pattern 2018-10-18 15:57:43 +02:00			`from mailu import models`
Split the internal blueprint into multiple view files 2018-09-27 16:09:38 +02:00			`from mailu.internal import internal`

			`import flask`
Support domain literals for receiving emails 2019-08-14 01:21:25 +02:00			`import re`
Add support for SRS, related to #328 2020-01-14 01:18:30 +01:00			`import srslib`
Split the internal blueprint into multiple view files 2018-09-27 16:09:38 +02:00

			`@internal.route("/postfix/domain/<domain_name>")`
			`def postfix_mailbox_domain(domain_name):`
Support domain literals for receiving emails 2019-08-14 01:21:25 +02:00			`if re.match("^\[.*\]$", domain_name):`
			`return flask.abort(404)`
Query alternative table for domain matches At present postfix checks this view for matches in the domain table and is used to accept/deny messages sent into it however it never checks for matches in the alternative table. Fixes #718 2018-12-02 10:46:47 +00:00			`domain = models.Domain.query.get(domain_name) or \`
			`models.Alternative.query.get(domain_name) or \`
			`flask.abort(404)`
Split the internal blueprint into multiple view files 2018-09-27 16:09:38 +02:00			`return flask.jsonify(domain.name)`


add missing route fixes 2019-01-04 21:18:51 +01:00			`@internal.route("/postfix/mailbox/<path:email>")`
Split the internal blueprint into multiple view files 2018-09-27 16:09:38 +02:00			`def postfix_mailbox_map(email):`
			`user = models.User.query.get(email) or flask.abort(404)`
			`return flask.jsonify(user.email)`


add missing route fixes 2019-01-04 21:18:51 +01:00			`@internal.route("/postfix/alias/<path:alias>")`
Split the internal blueprint into multiple view files 2018-09-27 16:09:38 +02:00			`def postfix_alias_map(alias):`
Refactor the postfix views and implement sender checks 2018-10-07 16:24:48 +02:00			`localpart, domain_name = models.Email.resolve_domain(alias)`
Split the internal blueprint into multiple view files 2018-09-27 16:09:38 +02:00			`if localpart is None:`
Refactor the postfix views and implement sender checks 2018-10-07 16:24:48 +02:00			`return flask.jsonify(domain_name)`
			`destination = models.Email.resolve_destination(localpart, domain_name)`
			`return flask.jsonify(",".join(destination)) if destination else flask.abort(404)`
Split the internal blueprint into multiple view files 2018-09-27 16:09:38 +02:00

add missing route fixes 2019-01-04 21:18:51 +01:00			`@internal.route("/postfix/transport/<path:email>")`
Split the internal blueprint into multiple view files 2018-09-27 16:09:38 +02:00			`def postfix_transport(email):`
Support domain literals for receiving emails 2019-08-14 01:21:25 +02:00			`if email == '' or re.match("(^\|.@)\[.*\]$", email):`
Catch asterisk before resolve_domain Asterisk results in IDNA error and a 500 return code. 2018-12-04 15:40:07 +02:00			`return flask.abort(404)`
Rectify decleration of domain_name 2018-10-23 11:52:15 +03:00			`localpart, domain_name = models.Email.resolve_domain(email)`
Refactor the postfix views and implement sender checks 2018-10-07 16:24:48 +02:00			`relay = models.Relay.query.get(domain_name) or flask.abort(404)`
Add port to relay if it contains a colon This closes #1357 2020-02-09 07:25:45 -07:00			`ret = "smtp:[{0}]".format(relay.smtp)`
			`if ":" in relay.smtp:`
			`split = relay.smtp.split(':')`
			`ret = "smtp:[{0}]:{1}".format(split[0], split[1])`
			`return flask.jsonify(ret)`
Re-enable sender access check to prevent source spoofing 2018-10-07 01:52:01 +02:00

Add support for SRS, related to #328 2020-01-14 01:18:30 +01:00			`@internal.route("/postfix/recipient/map/<path:recipient>")`
			`def postfix_recipient_map(recipient):`
			`""" Rewrite the envelope recipient if it is a valid SRS address.`

			`This is meant for bounces to go back to the original sender.`
			`"""`
			`srs = srslib.SRS(flask.current_app.config["SECRET_KEY"])`
			`if srslib.SRS.is_srs_address(recipient):`
			`try:`
			`return flask.jsonify(srs.reverse(recipient))`
			`except srslib.Error as error:`
			`return flask.abort(404)`
			`return flask.abort(404)`


			`@internal.route("/postfix/sender/map/<path:sender>")`
			`def postfix_sender_map(sender):`
			`""" Rewrite the envelope sender in case the mail was not emitted by us.`

			`This is for bounces to come back the reverse path properly.`
			`"""`
			`srs = srslib.SRS(flask.current_app.config["SECRET_KEY"])`
			`domain = flask.current_app.config["DOMAIN"]`
			`try:`
			`localpart, domain_name = models.Email.resolve_domain(sender)`
			`except Exception as error:`
			`return flask.abort(404)`
			`if models.Domain.query.get(domain_name):`
			`return flask.abort(404)`
			`return flask.jsonify(srs.forward(sender, domain))`


add missing route fixes 2019-01-04 21:18:51 +01:00			`@internal.route("/postfix/sender/login/<path:sender>")`
Refactor the postfix views and implement sender checks 2018-10-07 16:24:48 +02:00			`def postfix_sender_login(sender):`
			`localpart, domain_name = models.Email.resolve_domain(sender)`
			`if localpart is None:`
			`return flask.abort(404)`
			`destination = models.Email.resolve_destination(localpart, domain_name, True)`
			`return flask.jsonify(",".join(destination)) if destination else flask.abort(404)`


add missing route fixes 2019-01-04 21:18:51 +01:00			`@internal.route("/postfix/sender/access/<path:sender>")`
Refactor the postfix views and implement sender checks 2018-10-07 16:24:48 +02:00			`def postfix_sender_access(sender):`
Re-enable sender access check to prevent source spoofing 2018-10-07 01:52:01 +02:00			`""" Simply reject any sender that pretends to be from a local domain`
			`"""`
Check if sender address is not null before trying to check the domain. 2019-01-19 06:42:42 -05:00			`if not is_void_address(sender):`
			`localpart, domain_name = models.Email.resolve_domain(sender)`
			`return flask.jsonify("REJECT") if models.Domain.query.get(domain_name) else flask.abort(404)`
			`else:`
			`return flask.abort(404)`


			`def is_void_address(email):`
			`'''True if the email is void (null) email address.`
			`'''`
			`if email.startswith('<') and email.endswith('>'):`
			`email = email[1:-1]`
			`# Some MTAs use things like '<MAILER-DAEMON>' instead of '<>'; so let's`
			`# consider void any such thing.`
			`return '@' not in email`