ghaymah_dev/postal
1
0
نسخ 0
مراية لـ https://github.com/postalserver/postal.git تم المزامنة 2026-04-20 13:48:10 +00:00
الشفرة المشكلات Packages المشاريع الإصدارات الويكي النشاط

style(rubocop): fix all safe auto correctable offenses

تصفح المصدر
هذا الالتزام موجود في:
Charlie Smurthwaite
2023-03-16 15:50:53 +00:00
الأصل 02c93a4850
التزام fd289c46fd
204 ملفات معدلة مع 2611 إضافات و2486 حذوفات
تنزيل ملف التصحيح تنزيل ملف الاختلاف توسيع جميع الملفات طي جميع الملفات

195
lib/postal/smtp_server/client.rb
عرض الملف

@@ -1,11 +1,11 @@
require 'resolv'
require 'nifty/utils/random_string'
require "resolv"
require "nifty/utils/random_string"
module Postal
module SMTPServer
class Client
CRAM_MD5_DIGEST = OpenSSL::Digest.new('md5')
CRAM_MD5_DIGEST = OpenSSL::Digest.new("md5")
LOG_REDACTION_STRING = "[redacted]".freeze
attr_reader :logging_enabled
@@ -23,9 +23,9 @@ module Postal
end
def check_ip_address
if @ip_address && Postal.config.smtp_server.log_exclude_ips && @ip_address =~ Regexp.new(Postal.config.smtp_server.log_exclude_ips)
@logging_enabled = false
end
return unless @ip_address && Postal.config.smtp_server.log_exclude_ips && @ip_address =~ Regexp.new(Postal.config.smtp_server.log_exclude_ips)
@logging_enabled = false
end
def transaction_reset
@@ -36,7 +36,7 @@ module Postal
end
def id
@id ||= Nifty::Utils::RandomString.generate(:length => 6).upcase
@id ||= Nifty::Utils::RandomString.generate(length: 6).upcase
end
def handle(data)
@@ -56,13 +56,13 @@ module Postal
def sanitize_input_for_log(data)
if @password_expected_next
@password_expected_next = false
if data =~ /\A[a-z0-9]{3,}\=*\z/i
if data =~ /\A[a-z0-9]{3,}=*\z/i
return LOG_REDACTION_STRING
end
end
data = data.dup
data.gsub!(/(.*AUTH \w+) (.*)\z/i) { "#{$1} #{LOG_REDACTION_STRING}" }
data.gsub!(/(.*AUTH \w+) (.*)\z/i) { "#{::Regexp.last_match(1)} #{LOG_REDACTION_STRING}" }
data
end
@@ -74,9 +74,7 @@ module Postal
@start_tls || false
end
def start_tls=(value)
@start_tls = value
end
attr_writer :start_tls
def handle_command(data)
case data
@@ -93,12 +91,13 @@ module Postal
when /^RCPT TO/i then rcpt_to(data)
when /^DATA/i then data(data)
else
'502 Invalid/unsupported command'
"502 Invalid/unsupported command"
end
end
def log(text)
return false unless @logging_enabled
Postal.logger_for(:smtp_server).debug "[#{id}] #{text}"
end
@@ -106,8 +105,12 @@ module Postal
def resolve_hostname
Resolv::DNS.open do |dns|
dns.timeouts = [10,5]
@hostname = dns.getname(@ip_address) rescue @ip_address
dns.timeouts = [10, 5]
@hostname = begin
dns.getname(@ip_address)
rescue StandardError
@ip_address
end
end
end
@@ -120,7 +123,7 @@ module Postal
"220 #{Postal.config.dns.smtp_server_hostname} ESMTP Postal/#{id}"
else
@finished = true
'502 Proxy Error'
"502 Proxy Error"
end
end
@@ -141,15 +144,15 @@ module Postal
def ehlo(data)
resolve_hostname
@helo_name = data.strip.split(' ', 2)[1]
@helo_name = data.strip.split(" ", 2)[1]
transaction_reset
@state = :welcomed
["250-My capabilities are", Postal.config.smtp_server.tls_enabled? && !@tls ? "250-STARTTLS" : nil, "250 AUTH CRAM-MD5 PLAIN LOGIN", ]
["250-My capabilities are", Postal.config.smtp_server.tls_enabled? && !@tls ? "250-STARTTLS" : nil, "250 AUTH CRAM-MD5 PLAIN LOGIN"]
end
def helo(data)
resolve_hostname
@helo_name = data.strip.split(' ', 2)[1]
@helo_name = data.strip.split(" ", 2)[1]
transaction_reset
@state = :welcomed
"250 #{Postal.config.dns.smtp_server_hostname}"
@@ -158,59 +161,61 @@ module Postal
def rset
transaction_reset
@state = :welcomed
'250 OK'
"250 OK"
end
def noop
'250 OK'
"250 OK"
end
def auth_plain(data)
handler = Proc.new do |data|
handler = proc do |data|
@proc = nil
data = Base64.decode64(data)
parts = data.split("\0")
username, password = parts[-2], parts[-1]
username = parts[-2]
password = parts[-1]
unless username && password
next '535 Authenticated failed - protocol error'
next "535 Authenticated failed - protocol error"
end
authenticate(password)
end
data = data.gsub(/AUTH PLAIN ?/i, '')
if data.strip == ''
data = data.gsub(/AUTH PLAIN ?/i, "")
if data.strip == ""
@proc = handler
@password_expected_next = true
'334'
"334"
else
handler.call(data)
end
end
def auth_login(data)
password_handler = Proc.new do |data|
password_handler = proc do |data|
@proc = nil
password = Base64.decode64(data)
authenticate(password)
end
username_handler = Proc.new do |data|
username_handler = proc do |data|
@proc = password_handler
@password_expected_next = true
'334 UGFzc3dvcmQ6' # "Password:"
"334 UGFzc3dvcmQ6" # "Password:"
end
data = data.gsub!(/AUTH LOGIN ?/i, '')
if data.strip == ''
data = data.gsub!(/AUTH LOGIN ?/i, "")
if data.strip == ""
@proc = username_handler
'334 VXNlcm5hbWU6' # "Username:"
"334 VXNlcm5hbWU6" # "Username:"
else
username_handler.call(nil)
end
end
def authenticate(password)
if @credential = Credential.where(:type => 'SMTP', :key => password).first
if @credential = Credential.where(type: "SMTP", key: password).first
@credential.use
"235 Granted for #{@credential.server.organization.permalink}/#{@credential.server.permalink}"
else
@@ -220,27 +225,27 @@ module Postal
end
def auth_cram_md5(data)
challenge = Digest::SHA1.hexdigest(Time.now.to_i.to_s + rand(100000).to_s)
challenge = "<#{challenge[0,20]}@#{Postal.config.dns.smtp_server_hostname}>"
challenge = Digest::SHA1.hexdigest(Time.now.to_i.to_s + rand(100_000).to_s)
challenge = "<#{challenge[0, 20]}@#{Postal.config.dns.smtp_server_hostname}>"
handler = Proc.new do |data|
handler = proc do |data|
@proc = nil
username, password = Base64.decode64(data).split(' ', 2).map{ |a| a.chomp }
org_permlink, server_permalink = username.split(/[\/\_]/, 2)
server = ::Server.includes(:organization).where(:organizations => {:permalink => org_permlink}, :permalink => server_permalink).first
username, password = Base64.decode64(data).split(" ", 2).map { |a| a.chomp }
org_permlink, server_permalink = username.split(/[\/_]/, 2)
server = ::Server.includes(:organization).where(organizations: { permalink: org_permlink }, permalink: server_permalink).first
if server.nil?
log "\e[33m WARN: AUTH failure for #{@ip_address}\e[0m"
next '535 Denied'
next "535 Denied"
end
grant = nil
server.credentials.where(:type => 'SMTP').each do |credential|
server.credentials.where(type: "SMTP").each do |credential|
correct_response = OpenSSL::HMAC.hexdigest(CRAM_MD5_DIGEST, credential.key, challenge)
if password == correct_response
@credential = credential
@credential.use
grant = "235 Granted for #{credential.server.organization.permalink}/#{credential.server.permalink}"
break
end
next unless password == correct_response
@credential = credential
@credential.use
grant = "235 Granted for #{credential.server.organization.permalink}/#{credential.server.permalink}"
break
end
if grant.nil?
log "\e[33m WARN: AUTH failure for #{@ip_address}\e[0m"
@@ -250,12 +255,12 @@ module Postal
end
@proc = handler
"334 " + Base64.encode64(challenge).gsub(/[\r\n]/, '')
"334 " + Base64.encode64(challenge).gsub(/[\r\n]/, "")
end
def mail_from(data)
unless in_state(:welcomed, :mail_from_received)
return '503 EHLO/HELO first please'
return "503 EHLO/HELO first please"
end
@state = :mail_from_received
@@ -263,93 +268,93 @@ module Postal
if data =~ /AUTH=/
# Discard AUTH= parameter and anything that follows.
# We don't need this parameter as we don't trust any client to set it
mail_from_line = data.sub(/ *AUTH=.*/, '')
mail_from_line = data.sub(/ *AUTH=.*/, "")
else
mail_from_line = data
end
@mail_from = mail_from_line.gsub(/MAIL FROM\s*:\s*/i, '').gsub(/.*</, '').gsub(/>.*/, '').strip
'250 OK'
@mail_from = mail_from_line.gsub(/MAIL FROM\s*:\s*/i, "").gsub(/.*</, "").gsub(/>.*/, "").strip
"250 OK"
end
def rcpt_to(data)
unless in_state(:mail_from_received, :rcpt_to_received)
return '503 EHLO/HELO and MAIL FROM first please'
return "503 EHLO/HELO and MAIL FROM first please"
end
rcpt_to = data.gsub(/RCPT TO\s*:\s*/i, '').gsub(/.*</, '').gsub(/>.*/, '').strip
rcpt_to = data.gsub(/RCPT TO\s*:\s*/i, "").gsub(/.*</, "").gsub(/>.*/, "").strip
if rcpt_to.blank?
return '501 RCPT TO should not be empty'
return "501 RCPT TO should not be empty"
end
uname, domain = rcpt_to.split('@', 2)
uname, domain = rcpt_to.split("@", 2)
if domain.blank?
return '501 Invalid RCPT TO'
return "501 Invalid RCPT TO"
end
uname, tag = uname.split('+', 2)
uname, tag = uname.split("+", 2)
if domain == Postal.config.dns.return_path || domain =~ /\A#{Regexp.escape(Postal.config.dns.custom_return_path_prefix)}\./
# This is a return path
@state = :rcpt_to_received
if server = ::Server.where(:token => uname).first
if server = ::Server.where(token: uname).first
if server.suspended?
'535 Mail server has been suspended'
"535 Mail server has been suspended"
else
log "Added bounce on server #{server.id}"
@recipients << [:bounce, rcpt_to, server]
'250 OK'
"250 OK"
end
else
'550 Invalid server token'
"550 Invalid server token"
end
elsif domain == Postal.config.dns.route_domain
# This is an email direct to a route. This isn't actually supported yet.
@state = :rcpt_to_received
if route = Route.where(:token => uname).first
if route = Route.where(token: uname).first
if route.server.suspended?
'535 Mail server has been suspended'
elsif route.mode == 'Reject'
'550 Route does not accept incoming messages'
"535 Mail server has been suspended"
elsif route.mode == "Reject"
"550 Route does not accept incoming messages"
else
log "Added route #{route.id} to recipients (tag: #{tag.inspect})"
actual_rcpt_to = "#{route.name}" + (tag ? "+#{tag}" : "") + "@#{route.domain.name}"
@recipients << [:route, actual_rcpt_to, route.server, :route => route]
'250 OK'
@recipients << [:route, actual_rcpt_to, route.server, { route: route }]
"250 OK"
end
else
'550 Invalid route token'
"550 Invalid route token"
end
elsif @credential
# This is outgoing mail for an authenticated user
@state = :rcpt_to_received
if @credential.server.suspended?
'535 Mail server has been suspended'
"535 Mail server has been suspended"
else
log "Added external address '#{rcpt_to}'"
@recipients << [:credential, rcpt_to, @credential.server]
'250 OK'
"250 OK"
end
elsif uname && domain && route = Route.find_by_name_and_domain(uname, domain)
# This is incoming mail for a route
@state = :rcpt_to_received
if route.server.suspended?
'535 Mail server has been suspended'
elsif route.mode == 'Reject'
'550 Route does not accept incoming messages'
"535 Mail server has been suspended"
elsif route.mode == "Reject"
"550 Route does not accept incoming messages"
else
log "Added route #{route.id} to recipients (tag: #{tag.inspect})"
@recipients << [:route, rcpt_to, route.server, :route => route]
'250 OK'
@recipients << [:route, rcpt_to, route.server, { route: route }]
"250 OK"
end
else
# User is trying to relay but is not authenticated. Try to authenticate by IP address
@credential = Credential.where(:type => 'SMTP-IP').all.sort_by { |c| c.ipaddr&.prefix || 0 }.reverse.find do |credential|
@credential = Credential.where(type: "SMTP-IP").all.sort_by { |c| c.ipaddr&.prefix || 0 }.reverse.find do |credential|
credential.ipaddr.include?(@ip_address)
end
@@ -358,33 +363,33 @@ module Postal
@credential.use
rcpt_to(data)
else
'530 Authentication required'
"530 Authentication required"
end
end
end
def data(data)
unless in_state(:rcpt_to_received)
return '503 HELO/EHLO, MAIL FROM and RCPT TO before sending data'
return "503 HELO/EHLO, MAIL FROM and RCPT TO before sending data"
end
@data = "".force_encoding("BINARY")
@headers = {}
@receiving_headers = true
received_header_content = "from #{@helo_name} (#{@hostname} [#{@ip_address}]) by #{Postal.config.dns.smtp_server_hostname} with SMTP; #{Time.now.utc.rfc2822.to_s}".force_encoding('BINARY')
if !Postal.config.smtp_server.strip_received_headers?
received_header_content = "from #{@helo_name} (#{@hostname} [#{@ip_address}]) by #{Postal.config.dns.smtp_server_hostname} with SMTP; #{Time.now.utc.rfc2822}".force_encoding("BINARY")
unless Postal.config.smtp_server.strip_received_headers?
@data << "Received: #{received_header_content}\r\n"
end
@headers['received'] = [received_header_content]
@headers["received"] = [received_header_content]
handler = Proc.new do |data|
if data == '.'
handler = proc do |data|
if data == "."
@logging_enabled = true
@proc = nil
finished
else
data = data.to_s.sub(/\A\.\./, '.')
data = data.to_s.sub(/\A\.\./, ".")
if @credential && @credential.server.log_smtp_data?
# We want to log if enabled
@@ -405,7 +410,7 @@ module Postal
# skip the append methods at the bottom of this loop.
next if Postal.config.smtp_server.strip_received_headers? && @header_key && @header_key.downcase == "received"
else
@header_key, value = data.split(/\:\s*/, 2)
@header_key, value = data.split(/:\s*/, 2)
@headers[@header_key.downcase] ||= []
@headers[@header_key.downcase] << value
# As above
@@ -419,7 +424,7 @@ module Postal
end
@proc = handler
'354 Go ahead'
"354 Go ahead"
end
def finished
@@ -429,10 +434,10 @@ module Postal
return "552 Message too large (maximum size %dMB)" % Postal.config.smtp_server.max_message_size
end
if @headers['received'].select { |r| r =~ /by #{Postal.config.dns.smtp_server_hostname}/ }.count > 4
if @headers["received"].select { |r| r =~ /by #{Postal.config.dns.smtp_server_hostname}/ }.count > 4
transaction_reset
@state = :welcomed
return '550 Loop detected'
return "550 Loop detected"
end
authenticated_domain = nil
@@ -441,7 +446,7 @@ module Postal
if authenticated_domain.nil?
transaction_reset
@state = :welcomed
return '530 From/Sender name is not valid'
return "530 From/Sender name is not valid"
end
end
@@ -456,13 +461,13 @@ module Postal
message.mail_from = @mail_from
message.raw_message = @data
message.received_with_ssl = @tls
message.scope = 'outgoing'
message.scope = "outgoing"
message.domain_id = authenticated_domain&.id
message.credential_id = @credential.id
message.save
when :bounce
if rp_route = server.routes.where(:name => "__returnpath__").first
if rp_route = server.routes.where(name: "__returnpath__").first
# If there's a return path route, we can use this to create the message
rp_route.create_messages do |message|
message.rcpt_to = rcpt_to
@@ -478,7 +483,7 @@ module Postal
message.mail_from = @mail_from
message.raw_message = @data
message.received_with_ssl = @tls
message.scope = 'incoming'
message.scope = "incoming"
message.bounce = 1
message.save
end
@@ -493,7 +498,7 @@ module Postal
end
transaction_reset
@state = :welcomed
'250 OK'
"250 OK"
end
def in_state(*states)

119
lib/postal/smtp_server/server.rb
عرض الملف

@@ -1,5 +1,5 @@
require 'ipaddr'
require 'nio'
require "ipaddr"
require "nio"
module Postal
module SMTPServer
@@ -18,11 +18,11 @@ module Postal
trap("USR1") do
STDOUT.puts "Received USR1 signal, respawning."
fork do
if ENV['APP_ROOT']
Dir.chdir(ENV['APP_ROOT'])
if ENV["APP_ROOT"]
Dir.chdir(ENV["APP_ROOT"])
end
ENV.delete('BUNDLE_GEMFILE')
exec("bundle exec --keep-file-descriptors rake postal:smtp_server", :close_others => false)
ENV.delete("BUNDLE_GEMFILE")
exec("bundle exec --keep-file-descriptors rake postal:smtp_server", close_others: false)
end
end
@@ -30,7 +30,6 @@ module Postal
STDOUT.puts "Received TERM signal, shutting down."
unlisten
end
end
def ssl_context
@@ -38,7 +37,7 @@ module Postal
ssl_context = OpenSSL::SSL::SSLContext.new
ssl_context.cert = Postal.smtp_certificates[0]
ssl_context.extra_chain_cert = Postal.smtp_certificates[1..-1]
ssl_context.key = Postal.smtp_private_key
ssl_context.key = Postal.smtp_private_key
ssl_context.ssl_version = Postal.config.smtp_server.ssl_version if Postal.config.smtp_server.ssl_version
ssl_context.ciphers = Postal.config.smtp_server.tls_ciphers if Postal.config.smtp_server.tls_ciphers
ssl_context
@@ -46,8 +45,8 @@ module Postal
end
def listen
if ENV['SERVER_FD']
@server = TCPServer.for_fd(ENV['SERVER_FD'].to_i)
if ENV["SERVER_FD"]
@server = TCPServer.for_fd(ENV["SERVER_FD"].to_i)
else
@server = TCPServer.open(Postal.config.smtp_server.bind_address, Postal.config.smtp_server.port)
end
@@ -61,7 +60,7 @@ module Postal
@server.setsockopt(Socket::SOL_TCP, Socket::TCP_KEEPINTVL, 10)
@server.setsockopt(Socket::SOL_TCP, Socket::TCP_KEEPCNT, 5)
end
ENV['SERVER_FD'] = @server.to_i.to_s
ENV["SERVER_FD"] = @server.to_i.to_s
logger.info "Listening on #{Postal.config.smtp_server.bind_address}:#{Postal.config.smtp_server.port}"
end
@@ -72,7 +71,7 @@ module Postal
end
def kill_parent
Process.kill('TERM', Process.ppid)
Process.kill("TERM", Process.ppid)
end
def run_event_loop
@@ -81,7 +80,7 @@ module Postal
# Register the SMTP listener
@io_selector.register(@server, :r)
# Create a hash to contain a buffer for each client.
buffers = Hash.new { |h, k| h[k] = String.new.force_encoding('BINARY') }
buffers = Hash.new { |h, k| h[k] = String.new.force_encoding("BINARY") }
loop do
# Wait for an event to occur
@io_selector.select do |monitor|
@@ -112,17 +111,25 @@ module Postal
# Register the client and its socket with nio4r
monitor = @io_selector.register(new_io, :r)
monitor.value = client
rescue => e
rescue StandardError => e
# If something goes wrong, log as appropriate and disconnect the client
if defined?(Raven)
Raven.capture_exception(e, :extra => {:log_id => (client.id rescue nil)})
Raven.capture_exception(e, extra: { log_id: begin
client.id
rescue StandardError
nil
end })
end
logger.error "An error occurred while accepting a new client."
logger.error "#{e.class}: #{e.message}"
e.backtrace.each do |line|
logger.error line
end
new_io.close rescue nil
begin
new_io.close
rescue StandardError
nil
end
end
else
# This event is not an incoming connection so it must be data from a client
@@ -135,7 +142,7 @@ module Postal
if client.start_tls?
begin
# Can we accept the TLS connection at this time?
io.accept_nonblock()
io.accept_nonblock
# We were able to accept the connection, the client is no longer handshaking
client.start_tls = false
rescue IO::WaitReadable, IO::WaitWritable => e
@@ -153,12 +160,10 @@ module Postal
# There is an extra step for SSL sockets
case io
when OpenSSL::SSL::SSLSocket
buffers[io] << io.readpartial(10240)
while(io.pending > 0)
buffers[io] << io.readpartial(10240)
end
buffers[io] << io.readpartial(10_240)
buffers[io] << io.readpartial(10_240) while io.pending > 0
else
buffers[io] << io.readpartial(10240)
buffers[io] << io.readpartial(10_240)
end
rescue EOFError, Errno::ECONNRESET, Errno::ETIMEDOUT
# Client went away
@@ -167,7 +172,7 @@ module Postal
# Normalize all \r\n and \n to \r\n, but ignore only \r.
# A \r\n may be split in 2 buffers (\n in one buffer and \r in the other)
buffers[io] = buffers[io].gsub(/\r/,"").encode(buffers[io].encoding, crlf_newline: true)
buffers[io] = buffers[io].gsub(/\r/, "").encode(buffers[io].encoding, crlf_newline: true)
# We line buffer, so look to see if we have received a newline
# and keep doing so until all buffered lines have been processed.
@@ -178,17 +183,17 @@ module Postal
# Send the received line to the client object for processing
result = client.handle(line)
# If the client object returned some data, write it back to the client
unless result.nil?
result = [result] unless result.is_a?(Array)
result.compact.each do |line|
client.log "\e[34m=> #{line.strip}\e[0m"
begin
io.write(line.to_s + "\r\n")
io.flush
rescue Errno::ECONNRESET
# Client disconnected before we could write response
eof = true
end
next if result.nil?
result = [result] unless result.is_a?(Array)
result.compact.each do |line|
client.log "\e[34m=> #{line.strip}\e[0m"
begin
io.write(line.to_s + "\r\n")
io.flush
rescue Errno::ECONNRESET
# Client disconnected before we could write response
eof = true
end
end
end
@@ -219,11 +224,15 @@ module Postal
Process.exit(0)
end
end
rescue => e
rescue StandardError => e
# Something went wrong, log as appropriate
client_id = client ? client.id : '------'
client_id = client ? client.id : "------"
if defined?(Raven)
Raven.capture_exception(e, :extra => {:log_id => (client.id rescue nil)})
Raven.capture_exception(e, extra: { log_id: begin
client.id
rescue StandardError
nil
end })
end
logger.error "[#{client_id}] An error occurred while processing data from a client."
logger.error "[#{client_id}] #{e.class}: #{e.message}"
@@ -231,9 +240,17 @@ module Postal
logger.error "[#{client_id}] #{line}"
end
# Close all IO and forget this client
@io_selector.deregister(io) rescue nil
begin
@io_selector.deregister(io)
rescue StandardError
nil
end
buffers.delete(io)
io.close rescue nil
begin
io.close
rescue StandardError
nil
end
if @io_selector.empty?
Process.exit(0)
end
@@ -241,27 +258,27 @@ module Postal
end
end
# If unlisten has been called, stop listening
if $unlisten
@io_selector.deregister(@server)
@server.close
# If there's nothing left to do, shut down the process
if @io_selector.empty?
Process.exit(0)
end
# Clear the request
$unlisten = false
next unless $unlisten
@io_selector.deregister(@server)
@server.close
# If there's nothing left to do, shut down the process
if @io_selector.empty?
Process.exit(0)
end
# Clear the request
$unlisten = false
end
end
def run
# Write PID to file if path specified
if ENV['PID_FILE']
File.open(ENV['PID_FILE'], 'w') { |f| f.write(Process.pid.to_s + "\n") }
if ENV["PID_FILE"]
File.write(ENV["PID_FILE"], Process.pid.to_s + "\n")
end
# If we have been spawned to replace an existing processm shut down the
# parent after listening.
if ENV['SERVER_FD']
if ENV["SERVER_FD"]
listen
kill_parent
else