Add SMTP sending mode

2021-09-26 11:12:01 +02:00 · 2021-09-26 11:12:01 +02:00 · 6520ba29c5
commit 6520ba29c5
parent ac660802a4
5 changed files with 109 additions and 20 deletions
--- a/README.md
+++ b/README.md
@ -85,6 +85,19 @@ pending_lifetime: 604800
 # HTTPS-terminating reverse proxy!
 host: 127.0.0.1
 port: 8080
+# Defaults to stdout, supported: stdout, smtp
+mailing_method: smtp
+# Configure smtp client options
+smtp:
+  # Connect to this SMTP server to send a mail.
+  hostname: localhost
+  port: 25
+  # if tls=True, starttls is ignored
+  tls: false
+  starttls: false
+  # Omit username/password if authentication is not needed.
+  username: webkey
+  password: SuperS3curePassword123
 # Every domain served by EasyWKS must be listed here
 domains:
  example.org:
@ -149,20 +162,15 @@ Note that the webserver built into EasyWKS validates that the `?l=<uid>` matches

 #### Postfix

-Create a small wrapper script, e.g. `/usr/local/bin/postfix-easywks`:
-
-```shell
-#!/bin/bash
-/path/to/easywks process | /usr/sbin/sendmail -t
-```
-
 Add an entry in `/etc/postfix/master.cf`:

 ```
 webkey  unix  -       n       n       -       -       pipe
-  flags=DRhu user=webkey argv=/usr/local/bin/postfix-easywks
+  flags=DRhu user=webkey argv=/path/to/easywks process
 ```

+Configure EasyWKS to send outgoing mails via SMTP.
+

 [wkd]: https://wiki.gnupg.org/WKD
 [wks]: https://wiki.gnupg.org/WKS
--- a/ROADMAP.md
+++ b/ROADMAP.md
@ -1,6 +1,5 @@
 # EasyWKS Roadmap

- [ ] Don't rely on sendmail to send out responses. Use e.g. `smtplib`.
-  - [ ] Get rid of postfix-easywks wrapper script.
 - [ ] LMTP server mode, e.g. using the `smtpd` module.
- [ ] Figure out whether file locking in the working directory is necessary to avoid races.
+- [ ] Figure out whether file locking in the working directory is necessary to avoid races.
+- [ ] Testing, testing, testing!
--- a/easywks/config.py
+++ b/easywks/config.py
@ -3,18 +3,51 @@ import string
 import yaml


+def _validate_mailing_method(value):
+    methods = ['stdout', 'smtp']
+    if value not in methods:
+        return f'permitted values: {methods}, got {value}'
+
+
+def _validate_smtp_config(value):
+    if not isinstance(value, dict):
+        return f'must be a map, got {type(value)}'
+    if not isinstance(value['host'], str):
+        return f'host must be a str, got {type(value["host"])}'
+    if not isinstance(value['port'], int):
+        return f'port must be a int, got {type(value["port"])}'
+    if 'tls' in value:
+        if not isinstance(value['tls'], bool):
+            return f'tls must be a bool, got {type(value["tls"])}'
+    else:
+        value['tls'] = False
+    if 'starttls' in value:
+        if not isinstance(value['starttls'], bool):
+            return f'starttls must be a bool, got {type(value["starttls"])}'
+    else:
+        value['starttls'] = False
+    if 'username' in value and 'password' in value:
+        if not isinstance(value['username'], str):
+            return f'username must be a str, got {type(value["username"])}'
+        if not isinstance(value['password'], str):
+            return f'password must be a str, got {type(value["password"])}'
+    else:
+        value['username'] = None
+        value['password'] = None
+
+
 def _validate_policy_flags(value):
    alphabet = string.ascii_lowercase + string.digits + '-._'
    if not isinstance(value, dict):
-        return 'policy_flags must be a map'
+        return f'must be a map, got {type(value)}'
    for flag, v in value.items():
        if not isinstance(flag, str) or len(flag) == 0:
-            return 'policy_flags has non-string or empty members'
+            return 'has non-string or empty members'
        if flag[0] not in string.ascii_lowercase:
-            return 'policy_flags must start with a lowercase letter'
+            return 'must start with a lowercase letter'
        for c in flag:
            if c not in alphabet:
-                return f'policy_flags has invalid key {flag}'
+                return f'has invalid key {flag}'


 class _ConfigOption:
@ -87,5 +120,12 @@ Config = _GlobalConfig(
    working_directory=_ConfigOption('directory', str, '/var/lib/easywks'),
    host=_ConfigOption('host', str, '127.0.0.1'),
    port=_ConfigOption('port', int, 8080),
-    pending_lifetime=_ConfigOption('pending_lifetime', int, 604800)
+    pending_lifetime=_ConfigOption('pending_lifetime', int, 604800),
+    mailing_method=_ConfigOption('mailing_method', str, 'stdout', validator=_validate_mailing_method),
+    smtp=_ConfigOption('smtp', dict, {
+        'host': 'localhost',
+        'port': 25,
+        'tls': False,
+        'starttls': False
+    }, validator=_validate_smtp_config),
 )
--- a/easywks/mailing.py
+++ b/easywks/mailing.py
@ -0,0 +1,38 @@
+
+import smtplib
+import email.policy
+from email.message import EmailMessage
+
+from .config import Config
+
+
+def _stdout_mailing(message: EmailMessage):
+    print(message.as_string(policy=email.policy.default))
+
+
+def _smtp_mailing(message: EmailMessage):
+    conf = Config.smtp
+    cls = smtplib.SMTP
+    if conf['tls']:
+        cls = smtplib.SMTP_SSL
+    with cls(conf['host'], conf['port']) as smtp:
+        if not conf['tls'] and conf['starttls']:
+            smtp.starttls()
+        if conf['username'] is not None:
+            smtp.login(conf['username'], conf['password'])
+        smtp.send_message(message)
+        smtp.quit()
+
+
+_mailing_methods = {
+    'stdout': _stdout_mailing,
+    'smtp': _smtp_mailing,
+}
+
+
+def list_mailing_methods():
+    return list(_mailing_methods.keys())
+
+
+def get_mailing_method(method: str):
+    return _mailing_methods.get(method)
--- a/easywks/process.py
+++ b/easywks/process.py
@ -2,6 +2,7 @@ import sys
 from typing import List, Dict

 from .crypto import pgp_decrypt
+from .mailing import get_mailing_method
 from .util import xloop_header
 from .config import Config
 from .files import read_pending_key, write_public_key, remove_pending_key, write_pending_key
@ -133,6 +134,7 @@ def process_mail(mail: bytes = None):
    leafs = _get_mime_leafs(msg)
    pgp: PGPMessage = _get_pgp_message(leafs)
    decrypted = pgp_decrypt(sender_domain, pgp)
+    rmsg = None
    if decrypted.is_signed:
        request: ConfirmationResponse = _parse_confirmation_response(decrypted, submission_address, sender_mail)
        try:
@ -142,13 +144,15 @@ def process_mail(mail: bytes = None):
            return
        # this throws an error if signature verification fails
        response: PublishResponse = request.verify_signature(key)
-        rmsg = response.create_signed_message().as_string(policy=SMTP)
+        rmsg = response.create_signed_message()
        write_public_key(sender_domain, sender_mail, key)
        remove_pending_key(sender_domain, request.nonce)
-        print(rmsg)
    else:
        request: SubmissionRequest = _parse_submission_request(decrypted, submission_address, sender_mail)
        response: ConfirmationRequest = request.confirmation_request()
-        rmsg = response.create_signed_message().as_string(policy=SMTP)
+        rmsg = response.create_signed_message()
        write_pending_key(sender_domain, response.nonce, request.key)
-        print(rmsg)
+    # Finally send out the response
+    if rmsg:
+        method = get_mailing_method(Config.mailing_method)
+        method(rmsg)