From 512b5316dd33a8aa36821ee9b134d6652fd4a35f Mon Sep 17 00:00:00 2001 From: George Claghorn Date: Sat, 12 Jan 2019 21:38:26 -0500 Subject: Add Exim and Qmail support to Action Mailbox --- .../ingresses/postfix/inbound_emails_controller.rb | 59 -------------------- .../ingresses/relay/inbound_emails_controller.rb | 65 ++++++++++++++++++++++ 2 files changed, 65 insertions(+), 59 deletions(-) delete mode 100644 actionmailbox/app/controllers/action_mailbox/ingresses/postfix/inbound_emails_controller.rb create mode 100644 actionmailbox/app/controllers/action_mailbox/ingresses/relay/inbound_emails_controller.rb (limited to 'actionmailbox/app/controllers/action_mailbox/ingresses') diff --git a/actionmailbox/app/controllers/action_mailbox/ingresses/postfix/inbound_emails_controller.rb b/actionmailbox/app/controllers/action_mailbox/ingresses/postfix/inbound_emails_controller.rb deleted file mode 100644 index c0d5002a12..0000000000 --- a/actionmailbox/app/controllers/action_mailbox/ingresses/postfix/inbound_emails_controller.rb +++ /dev/null @@ -1,59 +0,0 @@ -# frozen_string_literal: true - -module ActionMailbox - # Ingests inbound emails relayed from Postfix. - # - # Authenticates requests using HTTP basic access authentication. The username is always +actionmailbox+, and the - # password is read from the application's encrypted credentials or an environment variable. See the Usage section below. - # - # Note that basic authentication is insecure over unencrypted HTTP. An attacker that intercepts cleartext requests to - # the Postfix ingress can learn its password. You should only use the Postfix ingress over HTTPS. - # - # Returns: - # - # - 204 No Content if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox - # - 401 Unauthorized if the request could not be authenticated - # - 404 Not Found if Action Mailbox is not configured to accept inbound emails from Postfix - # - 415 Unsupported Media Type if the request does not contain an RFC 822 message - # - 500 Server Error if the ingress password is not configured, or if one of the Active Record database, - # the Active Storage service, or the Active Job backend is misconfigured or unavailable - # - # == Usage - # - # 1. Tell Action Mailbox to accept emails from Postfix: - # - # # config/environments/production.rb - # config.action_mailbox.ingress = :postfix - # - # 2. Generate a strong password that Action Mailbox can use to authenticate requests to the Postfix ingress. - # - # Use rails credentials:edit to add the password to your application's encrypted credentials under - # +action_mailbox.ingress_password+, where Action Mailbox will automatically find it: - # - # action_mailbox: - # ingress_password: ... - # - # Alternatively, provide the password in the +RAILS_INBOUND_EMAIL_PASSWORD+ environment variable. - # - # 3. {Configure Postfix}[https://serverfault.com/questions/258469/how-to-configure-postfix-to-pipe-all-incoming-email-to-a-script] - # to pipe inbound emails to bin/rails action_mailbox:ingress:postfix, providing the +URL+ of the Postfix - # ingress and the +INGRESS_PASSWORD+ you previously generated. - # - # If your application lived at https://example.com, the full command would look like this: - # - # URL=https://example.com/rails/action_mailbox/postfix/inbound_emails INGRESS_PASSWORD=... bin/rails action_mailbox:ingress:postfix - class Ingresses::Postfix::InboundEmailsController < ActionMailbox::BaseController - before_action :authenticate_by_password, :require_valid_rfc822_message - - def create - ActionMailbox::InboundEmail.create_and_extract_message_id! request.body.read - end - - private - def require_valid_rfc822_message - unless request.content_type == "message/rfc822" - head :unsupported_media_type - end - end - end -end diff --git a/actionmailbox/app/controllers/action_mailbox/ingresses/relay/inbound_emails_controller.rb b/actionmailbox/app/controllers/action_mailbox/ingresses/relay/inbound_emails_controller.rb new file mode 100644 index 0000000000..2d91c968c8 --- /dev/null +++ b/actionmailbox/app/controllers/action_mailbox/ingresses/relay/inbound_emails_controller.rb @@ -0,0 +1,65 @@ +# frozen_string_literal: true + +module ActionMailbox + # Ingests inbound emails relayed from an SMTP server. + # + # Authenticates requests using HTTP basic access authentication. The username is always +actionmailbox+, and the + # password is read from the application's encrypted credentials or an environment variable. See the Usage section below. + # + # Note that basic authentication is insecure over unencrypted HTTP. An attacker that intercepts cleartext requests to + # the ingress can learn its password. You should only use this ingress over HTTPS. + # + # Returns: + # + # - 204 No Content if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox + # - 401 Unauthorized if the request could not be authenticated + # - 404 Not Found if Action Mailbox is not configured to accept inbound emails relayed from an SMTP server + # - 415 Unsupported Media Type if the request does not contain an RFC 822 message + # - 500 Server Error if the ingress password is not configured, or if one of the Active Record database, + # the Active Storage service, or the Active Job backend is misconfigured or unavailable + # + # == Usage + # + # 1. Tell Action Mailbox to accept emails from an SMTP relay: + # + # # config/environments/production.rb + # config.action_mailbox.ingress = :relay + # + # 2. Generate a strong password that Action Mailbox can use to authenticate requests to the ingress. + # + # Use rails credentials:edit to add the password to your application's encrypted credentials under + # +action_mailbox.ingress_password+, where Action Mailbox will automatically find it: + # + # action_mailbox: + # ingress_password: ... + # + # Alternatively, provide the password in the +RAILS_INBOUND_EMAIL_PASSWORD+ environment variable. + # + # 3. Configure your SMTP server to pipe inbound emails to the appropriate ingress command, providing the +URL+ of the + # relay ingress and the +INGRESS_PASSWORD+ you previously generated. + # + # If your application lives at https://example.com, you would configure the Postfix SMTP server to pipe + # inbound emails to the following command: + # + # bin/rails action_mailbox:ingress:postfix URL=https://example.com/rails/action_mailbox/postfix/inbound_emails INGRESS_PASSWORD=... + # + # Built-in ingress commands are available for these popular SMTP servers: + # + # - Exim (bin/rails action_mailbox:ingress:exim) + # - Postfix (bin/rails action_mailbox:ingress:postfix) + # - Qmail (bin/rails action_mailbox:ingress:qmail) + class Ingresses::Relay::InboundEmailsController < ActionMailbox::BaseController + before_action :authenticate_by_password, :require_valid_rfc822_message + + def create + ActionMailbox::InboundEmail.create_and_extract_message_id! request.body.read + end + + private + def require_valid_rfc822_message + unless request.content_type == "message/rfc822" + head :unsupported_media_type + end + end + end +end -- cgit v1.2.3