diff options
Diffstat (limited to 'actionmailbox')
-rw-r--r-- | actionmailbox/README.md | 2 | ||||
-rw-r--r-- | actionmailbox/app/controllers/action_mailbox/ingresses/relay/inbound_emails_controller.rb (renamed from actionmailbox/app/controllers/action_mailbox/ingresses/postfix/inbound_emails_controller.rb) | 30 | ||||
-rw-r--r-- | actionmailbox/config/routes.rb | 2 | ||||
-rw-r--r-- | actionmailbox/lib/action_mailbox/relayer.rb (renamed from actionmailbox/lib/action_mailbox/postfix_relayer.rb) | 28 | ||||
-rw-r--r-- | actionmailbox/lib/tasks/ingress.rake | 58 | ||||
-rw-r--r-- | actionmailbox/test/controllers/ingresses/relay/inbound_emails_controller_test.rb (renamed from actionmailbox/test/controllers/ingresses/postfix/inbound_emails_controller_test.rb) | 20 | ||||
-rw-r--r-- | actionmailbox/test/unit/relayer_test.rb (renamed from actionmailbox/test/unit/postfix_relayer_test.rb) | 34 |
7 files changed, 122 insertions, 52 deletions
diff --git a/actionmailbox/README.md b/actionmailbox/README.md index c70f73b40f..9a47223d3b 100644 --- a/actionmailbox/README.md +++ b/actionmailbox/README.md @@ -1,6 +1,6 @@ # Action Mailbox -Action Mailbox routes incoming emails to controller-like mailboxes for processing in Rails. It ships with ingresses for Amazon SES, Mailgun, Mandrill, Postmark, and SendGrid. You can also handle inbound mails directly via the built-in Postfix ingress. +Action Mailbox routes incoming emails to controller-like mailboxes for processing in Rails. It ships with ingresses for Amazon SES, Mailgun, Mandrill, Postmark, and SendGrid. You can also handle inbound mails directly via the built-in Exim, Postfix, and Qmail ingresses. The inbound emails are turned into `InboundEmail` records using Active Record and feature lifecycle tracking, storage of the original email on cloud storage via Active Storage, and responsible data handling with on-by-default incineration. diff --git a/actionmailbox/app/controllers/action_mailbox/ingresses/postfix/inbound_emails_controller.rb b/actionmailbox/app/controllers/action_mailbox/ingresses/relay/inbound_emails_controller.rb index c0d5002a12..2d91c968c8 100644 --- a/actionmailbox/app/controllers/action_mailbox/ingresses/postfix/inbound_emails_controller.rb +++ b/actionmailbox/app/controllers/action_mailbox/ingresses/relay/inbound_emails_controller.rb @@ -1,31 +1,31 @@ # frozen_string_literal: true module ActionMailbox - # Ingests inbound emails relayed from Postfix. + # Ingests inbound emails relayed from an SMTP server. # # Authenticates requests using HTTP basic access authentication. The username is always +actionmailbox+, and the # password is read from the application's encrypted credentials or an environment variable. See the Usage section below. # # Note that basic authentication is insecure over unencrypted HTTP. An attacker that intercepts cleartext requests to - # the Postfix ingress can learn its password. You should only use the Postfix ingress over HTTPS. + # the ingress can learn its password. You should only use this ingress over HTTPS. # # Returns: # # - <tt>204 No Content</tt> if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox # - <tt>401 Unauthorized</tt> if the request could not be authenticated - # - <tt>404 Not Found</tt> if Action Mailbox is not configured to accept inbound emails from Postfix + # - <tt>404 Not Found</tt> if Action Mailbox is not configured to accept inbound emails relayed from an SMTP server # - <tt>415 Unsupported Media Type</tt> if the request does not contain an RFC 822 message # - <tt>500 Server Error</tt> if the ingress password is not configured, or if one of the Active Record database, # the Active Storage service, or the Active Job backend is misconfigured or unavailable # # == Usage # - # 1. Tell Action Mailbox to accept emails from Postfix: + # 1. Tell Action Mailbox to accept emails from an SMTP relay: # # # config/environments/production.rb - # config.action_mailbox.ingress = :postfix + # config.action_mailbox.ingress = :relay # - # 2. Generate a strong password that Action Mailbox can use to authenticate requests to the Postfix ingress. + # 2. Generate a strong password that Action Mailbox can use to authenticate requests to the ingress. # # Use <tt>rails credentials:edit</tt> to add the password to your application's encrypted credentials under # +action_mailbox.ingress_password+, where Action Mailbox will automatically find it: @@ -35,14 +35,20 @@ module ActionMailbox # # Alternatively, provide the password in the +RAILS_INBOUND_EMAIL_PASSWORD+ environment variable. # - # 3. {Configure Postfix}[https://serverfault.com/questions/258469/how-to-configure-postfix-to-pipe-all-incoming-email-to-a-script] - # to pipe inbound emails to <tt>bin/rails action_mailbox:ingress:postfix</tt>, providing the +URL+ of the Postfix - # ingress and the +INGRESS_PASSWORD+ you previously generated. + # 3. Configure your SMTP server to pipe inbound emails to the appropriate ingress command, providing the +URL+ of the + # relay ingress and the +INGRESS_PASSWORD+ you previously generated. # - # If your application lived at <tt>https://example.com</tt>, the full command would look like this: + # If your application lives at <tt>https://example.com</tt>, you would configure the Postfix SMTP server to pipe + # inbound emails to the following command: # - # URL=https://example.com/rails/action_mailbox/postfix/inbound_emails INGRESS_PASSWORD=... bin/rails action_mailbox:ingress:postfix - class Ingresses::Postfix::InboundEmailsController < ActionMailbox::BaseController + # bin/rails action_mailbox:ingress:postfix URL=https://example.com/rails/action_mailbox/postfix/inbound_emails INGRESS_PASSWORD=... + # + # Built-in ingress commands are available for these popular SMTP servers: + # + # - Exim (<tt>bin/rails action_mailbox:ingress:exim) + # - Postfix (<tt>bin/rails action_mailbox:ingress:postfix) + # - Qmail (<tt>bin/rails action_mailbox:ingress:qmail) + class Ingresses::Relay::InboundEmailsController < ActionMailbox::BaseController before_action :authenticate_by_password, :require_valid_rfc822_message def create diff --git a/actionmailbox/config/routes.rb b/actionmailbox/config/routes.rb index 7aa230fdff..517d2835af 100644 --- a/actionmailbox/config/routes.rb +++ b/actionmailbox/config/routes.rb @@ -4,8 +4,8 @@ Rails.application.routes.draw do scope "/rails/action_mailbox", module: "action_mailbox/ingresses" do post "/amazon/inbound_emails" => "amazon/inbound_emails#create", as: :rails_amazon_inbound_emails post "/mandrill/inbound_emails" => "mandrill/inbound_emails#create", as: :rails_mandrill_inbound_emails - post "/postfix/inbound_emails" => "postfix/inbound_emails#create", as: :rails_postfix_inbound_emails post "/postmark/inbound_emails" => "postmark/inbound_emails#create", as: :rails_postmark_inbound_emails + post "/relay/inbound_emails" => "relay/inbound_emails#create", as: :rails_relay_inbound_emails post "/sendgrid/inbound_emails" => "sendgrid/inbound_emails#create", as: :rails_sendgrid_inbound_emails # Mailgun requires that a webhook's URL end in 'mime' for it to receive the raw contents of emails. diff --git a/actionmailbox/lib/action_mailbox/postfix_relayer.rb b/actionmailbox/lib/action_mailbox/relayer.rb index d43c56ed2b..e2890acb60 100644 --- a/actionmailbox/lib/action_mailbox/postfix_relayer.rb +++ b/actionmailbox/lib/action_mailbox/relayer.rb @@ -5,19 +5,27 @@ require "net/http" require "uri" module ActionMailbox - class PostfixRelayer - class Result < Struct.new(:output) + class Relayer + class Result < Struct.new(:status_code, :message) def success? !failure? end def failure? - output.match?(/\A[45]\.\d{1,3}\.\d{1,3}(\s|\z)/) + transient_failure? || permanent_failure? + end + + def transient_failure? + status_code.start_with?("4.") + end + + def permanent_failure? + status_code.start_with?("5.") end end CONTENT_TYPE = "message/rfc822" - USER_AGENT = "Action Mailbox Postfix relayer v#{ActionMailbox.version}" + USER_AGENT = "Action Mailbox relayer v#{ActionMailbox.version}" attr_reader :uri, :username, :password @@ -28,18 +36,18 @@ module ActionMailbox def relay(source) case response = post(source) when Net::HTTPSuccess - Result.new "2.0.0 Successfully relayed message to Postfix ingress" + Result.new "2.0.0", "Successfully relayed message to ingress" when Net::HTTPUnauthorized - Result.new "4.7.0 Invalid credentials for Postfix ingress" + Result.new "4.7.0", "Invalid credentials for ingress" else - Result.new "4.0.0 HTTP #{response.code}" + Result.new "4.0.0", "HTTP #{response.code}" end rescue IOError, SocketError, SystemCallError => error - Result.new "4.4.2 Network error relaying to Postfix ingress: #{error.message}" + Result.new "4.4.2", "Network error relaying to ingress: #{error.message}" rescue Timeout::Error - Result.new "4.4.2 Timed out relaying to Postfix ingress" + Result.new "4.4.2", "Timed out relaying to ingress" rescue => error - Result.new "4.0.0 Error relaying to Postfix ingress: #{error.message}" + Result.new "4.0.0", "Error relaying to ingress: #{error.message}" end private diff --git a/actionmailbox/lib/tasks/ingress.rake b/actionmailbox/lib/tasks/ingress.rake index f775bbdfd7..43b613ea12 100644 --- a/actionmailbox/lib/tasks/ingress.rake +++ b/actionmailbox/lib/tasks/ingress.rake @@ -2,12 +2,37 @@ namespace :action_mailbox do namespace :ingress do - desc "Pipe an inbound email from STDIN to the Postfix ingress (URL and INGRESS_PASSWORD required)" - task :postfix do + task :environment do require "active_support" require "active_support/core_ext/object/blank" - require "action_mailbox/postfix_relayer" + require "action_mailbox/relayer" + end + + desc "Relay an inbound email from Exim to Action Mailbox (URL and INGRESS_PASSWORD required)" + task exim: "action_mailbox:ingress:environment" do + url, password = ENV.values_at("URL", "INGRESS_PASSWORD") + + if url.blank? || password.blank? + print "URL and INGRESS_PASSWORD are required" + exit 64 # EX_USAGE + end + + ActionMailbox::Relayer.new(url: url, password: password).relay(STDIN.read).tap do |result| + print result.message + + case + when result.success? + exit 0 + when result.transient_failure? + exit 75 # EX_TEMPFAIL + else + exit 69 # EX_UNAVAILABLE + end + end + end + desc "Relay an inbound email from Postfix to Action Mailbox (URL and INGRESS_PASSWORD required)" + task postfix: "action_mailbox:ingress:environment" do url, password = ENV.values_at("URL", "INGRESS_PASSWORD") if url.blank? || password.blank? @@ -15,10 +40,33 @@ namespace :action_mailbox do exit 1 end - ActionMailbox::PostfixRelayer.new(url: url, password: password).relay(STDIN.read).tap do |result| - print result.output + ActionMailbox::Relayer.new(url: url, password: password).relay(STDIN.read).tap do |result| + print "#{result.status_code} #{result.message}" exit result.success? end end + + desc "Relay an inbound email from Qmail to Action Mailbox (URL and INGRESS_PASSWORD required)" + task qmail: "action_mailbox:ingress:environment" do + url, password = ENV.values_at("URL", "INGRESS_PASSWORD") + + if url.blank? || password.blank? + print "URL and INGRESS_PASSWORD are required" + exit 111 + end + + ActionMailbox::Relayer.new(url: url, password: password).relay(STDIN.read).tap do |result| + print result.message + + case + when result.success? + exit 0 + when result.transient_failure? + exit 111 + else + exit 100 + end + end + end end end diff --git a/actionmailbox/test/controllers/ingresses/postfix/inbound_emails_controller_test.rb b/actionmailbox/test/controllers/ingresses/relay/inbound_emails_controller_test.rb index d646f5e859..67c5993f7f 100644 --- a/actionmailbox/test/controllers/ingresses/postfix/inbound_emails_controller_test.rb +++ b/actionmailbox/test/controllers/ingresses/relay/inbound_emails_controller_test.rb @@ -2,12 +2,12 @@ require "test_helper" -class ActionMailbox::Ingresses::Postfix::InboundEmailsControllerTest < ActionDispatch::IntegrationTest - setup { ActionMailbox.ingress = :postfix } +class ActionMailbox::Ingresses::Relay::InboundEmailsControllerTest < ActionDispatch::IntegrationTest + setup { ActionMailbox.ingress = :relay } - test "receiving an inbound email from Postfix" do + test "receiving an inbound email relayed from an SMTP server" do assert_difference -> { ActionMailbox::InboundEmail.count }, +1 do - post rails_postfix_inbound_emails_url, headers: { "Authorization" => credentials, "Content-Type" => "message/rfc822" }, + post rails_relay_inbound_emails_url, headers: { "Authorization" => credentials, "Content-Type" => "message/rfc822" }, params: file_fixture("../files/welcome.eml").read end @@ -18,18 +18,18 @@ class ActionMailbox::Ingresses::Postfix::InboundEmailsControllerTest < ActionDis assert_equal "0CB459E0-0336-41DA-BC88-E6E28C697DDB@37signals.com", inbound_email.message_id end - test "rejecting an unauthorized inbound email from Postfix" do + test "rejecting an unauthorized inbound email" do assert_no_difference -> { ActionMailbox::InboundEmail.count } do - post rails_postfix_inbound_emails_url, headers: { "Content-Type" => "message/rfc822" }, + post rails_relay_inbound_emails_url, headers: { "Content-Type" => "message/rfc822" }, params: file_fixture("../files/welcome.eml").read end assert_response :unauthorized end - test "rejecting an inbound email of an unsupported media type from Postfix" do + test "rejecting an inbound email of an unsupported media type" do assert_no_difference -> { ActionMailbox::InboundEmail.count } do - post rails_postfix_inbound_emails_url, headers: { "Authorization" => credentials, "Content-Type" => "text/plain" }, + post rails_relay_inbound_emails_url, headers: { "Authorization" => credentials, "Content-Type" => "text/plain" }, params: file_fixture("../files/welcome.eml").read end @@ -39,7 +39,7 @@ class ActionMailbox::Ingresses::Postfix::InboundEmailsControllerTest < ActionDis test "raising when the configured password is nil" do switch_password_to nil do assert_raises ArgumentError do - post rails_postfix_inbound_emails_url, headers: { "Authorization" => credentials, "Content-Type" => "message/rfc822" }, + post rails_relay_inbound_emails_url, headers: { "Authorization" => credentials, "Content-Type" => "message/rfc822" }, params: file_fixture("../files/welcome.eml").read end end @@ -48,7 +48,7 @@ class ActionMailbox::Ingresses::Postfix::InboundEmailsControllerTest < ActionDis test "raising when the configured password is blank" do switch_password_to "" do assert_raises ArgumentError do - post rails_postfix_inbound_emails_url, headers: { "Authorization" => credentials, "Content-Type" => "message/rfc822" }, + post rails_relay_inbound_emails_url, headers: { "Authorization" => credentials, "Content-Type" => "message/rfc822" }, params: file_fixture("../files/welcome.eml").read end end diff --git a/actionmailbox/test/unit/postfix_relayer_test.rb b/actionmailbox/test/unit/relayer_test.rb index 5f7496ec3f..fb2b48ea16 100644 --- a/actionmailbox/test/unit/postfix_relayer_test.rb +++ b/actionmailbox/test/unit/relayer_test.rb @@ -2,35 +2,37 @@ require_relative "../test_helper" -require "action_mailbox/postfix_relayer" +require "action_mailbox/relayer" module ActionMailbox - class PostfixRelayerTest < ActiveSupport::TestCase - URL = "https://example.com/rails/action_mailbox/postfix/inbound_emails" + class RelayerTest < ActiveSupport::TestCase + URL = "https://example.com/rails/action_mailbox/relay/inbound_emails" INGRESS_PASSWORD = "secret" setup do - @relayer = ActionMailbox::PostfixRelayer.new(url: URL, password: INGRESS_PASSWORD) + @relayer = ActionMailbox::Relayer.new(url: URL, password: INGRESS_PASSWORD) end test "successfully relaying an email" do stub_request(:post, URL).to_return status: 204 result = @relayer.relay(file_fixture("welcome.eml").read) - assert_equal "2.0.0 Successfully relayed message to Postfix ingress", result.output + assert_equal "2.0.0", result.status_code + assert_equal "Successfully relayed message to ingress", result.message assert result.success? assert_not result.failure? assert_requested :post, URL, body: file_fixture("welcome.eml").read, basic_auth: [ "actionmailbox", INGRESS_PASSWORD ], - headers: { "Content-Type" => "message/rfc822", "User-Agent" => /\AAction Mailbox Postfix relayer v\d+\./ } + headers: { "Content-Type" => "message/rfc822", "User-Agent" => /\AAction Mailbox relayer v\d+\./ } end test "unsuccessfully relaying with invalid credentials" do stub_request(:post, URL).to_return status: 401 result = @relayer.relay(file_fixture("welcome.eml").read) - assert_equal "4.7.0 Invalid credentials for Postfix ingress", result.output + assert_equal "4.7.0", result.status_code + assert_equal "Invalid credentials for ingress", result.message assert_not result.success? assert result.failure? end @@ -39,7 +41,8 @@ module ActionMailbox stub_request(:post, URL).to_return status: 500 result = @relayer.relay(file_fixture("welcome.eml").read) - assert_equal "4.0.0 HTTP 500", result.output + assert_equal "4.0.0", result.status_code + assert_equal "HTTP 500", result.message assert_not result.success? assert result.failure? end @@ -48,7 +51,8 @@ module ActionMailbox stub_request(:post, URL).to_return status: 504 result = @relayer.relay(file_fixture("welcome.eml").read) - assert_equal "4.0.0 HTTP 504", result.output + assert_equal "4.0.0", result.status_code + assert_equal "HTTP 504", result.message assert_not result.success? assert result.failure? end @@ -57,7 +61,8 @@ module ActionMailbox stub_request(:post, URL).to_raise Errno::ECONNRESET.new result = @relayer.relay(file_fixture("welcome.eml").read) - assert_equal "4.4.2 Network error relaying to Postfix ingress: Connection reset by peer", result.output + assert_equal "4.4.2", result.status_code + assert_equal "Network error relaying to ingress: Connection reset by peer", result.message assert_not result.success? assert result.failure? end @@ -66,7 +71,8 @@ module ActionMailbox stub_request(:post, URL).to_raise SocketError.new("Failed to open TCP connection to example.com:443") result = @relayer.relay(file_fixture("welcome.eml").read) - assert_equal "4.4.2 Network error relaying to Postfix ingress: Failed to open TCP connection to example.com:443", result.output + assert_equal "4.4.2", result.status_code + assert_equal "Network error relaying to ingress: Failed to open TCP connection to example.com:443", result.message assert_not result.success? assert result.failure? end @@ -75,7 +81,8 @@ module ActionMailbox stub_request(:post, URL).to_timeout result = @relayer.relay(file_fixture("welcome.eml").read) - assert_equal "4.4.2 Timed out relaying to Postfix ingress", result.output + assert_equal "4.4.2", result.status_code + assert_equal "Timed out relaying to ingress", result.message assert_not result.success? assert result.failure? end @@ -84,7 +91,8 @@ module ActionMailbox stub_request(:post, URL).to_raise StandardError.new("Something went wrong") result = @relayer.relay(file_fixture("welcome.eml").read) - assert_equal "4.0.0 Error relaying to Postfix ingress: Something went wrong", result.output + assert_equal "4.0.0", result.status_code + assert_equal "Error relaying to ingress: Something went wrong", result.message assert_not result.success? assert result.failure? end |