Merge #1349

1349: Add support for SRS, related to #328 r=mergify[bot] a=kaiyou

## What type of PR?

Feature

## What does this PR do?

It implements SRS using a Python SRS library.

### Related issue(s)
- closes #328 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: kaiyou <pierre@jaury.eu>

core/admin/mailu/internal/views/postfix.py

@@ -3,6 +3,7 @@ from mailu.internal import internal
 
 import flask
 import re
+import srslib
 
 
 @internal.route("/postfix/domain/<domain_name>")
@@ -39,6 +40,38 @@ def postfix_transport(email):
     return flask.jsonify("smtp:[{}]".format(relay.smtp))
 
 
+@internal.route("/postfix/recipient/map/<path:recipient>")
+def postfix_recipient_map(recipient):
+    """ Rewrite the envelope recipient if it is a valid SRS address.
+
+    This is meant for bounces to go back to the original sender.
+    """
+    srs = srslib.SRS(flask.current_app.config["SECRET_KEY"])
+    if srslib.SRS.is_srs_address(recipient):
+        try:
+            return flask.jsonify(srs.reverse(recipient))
+        except srslib.Error as error:
+            return flask.abort(404)
+    return flask.abort(404)
+
+
+@internal.route("/postfix/sender/map/<path:sender>")
+def postfix_sender_map(sender):
+    """ Rewrite the envelope sender in case the mail was not emitted by us.
+
+    This is for bounces to come back the reverse path properly.
+    """
+    srs = srslib.SRS(flask.current_app.config["SECRET_KEY"])
+    domain = flask.current_app.config["DOMAIN"]
+    try:
+        localpart, domain_name = models.Email.resolve_domain(sender)
+    except Exception as error:
+        return flask.abort(404)
+    if models.Domain.query.get(domain_name):
+        return flask.abort(404)
+    return flask.jsonify(srs.forward(sender, domain))
+
+
 @internal.route("/postfix/sender/login/<path:sender>")
 def postfix_sender_login(sender):
     localpart, domain_name = models.Email.resolve_domain(sender)

core/admin/requirements-prod.txt

@@ -41,6 +41,7 @@ redis==3.2.1
 six==1.12.0
 socrate==0.1.1
 SQLAlchemy==1.3.3
+srslib==0.1.4
 tabulate==0.8.3
 tenacity==5.0.4
 validators==0.12.5

core/admin/requirements.txt

@@ -22,3 +22,4 @@ tenacity
 mysqlclient
 psycopg2
 idna
+srslib

core/postfix/conf/main.cf

@@ -75,6 +75,12 @@ relay_domains = ${podop}transport
 transport_maps = ${podop}transport
 virtual_transport = lmtp:inet:{{ LMTP_ADDRESS }}
 
+# Sender and recipient canonical maps, mostly for SRS
+sender_canonical_maps = ${podop}sendermap
+sender_canonical_classes = envelope_sender
+recipient_canonical_maps = ${podop}recipientmap
+recipient_canonical_classes= envelope_recipient,header_recipient
+
 # In order to prevent Postfix from running DNS query, enforce the use of the
 # native DNS stack, that will check /etc/hosts properly.
 lmtp_host_lookup = native
@@ -120,4 +126,3 @@ milter_default_action = tempfail
 ###############
 # Extra Settings
 ###############
-

core/postfix/start.py

@@ -21,6 +21,8 @@ def start_podop():
 		("alias", "url", url + "alias/§"),
 		("domain", "url", url + "domain/§"),
         ("mailbox", "url", url + "mailbox/§"),
+        ("recipientmap", "url", url + "recipient/map/§"),
+        ("sendermap", "url", url + "sender/map/§"),
         ("senderaccess", "url", url + "sender/access/§"),
         ("senderlogin", "url", url + "sender/login/§")
     ])

towncrier/newsfragments/328.feature

@@ -0,0 +1 @@
+Add support for backward-forwarding using SRS