forked from MirrorHub/synapse
Add a setting to disable TLS for sending email (#10546)
This is mostly useful in case the server offers TLS, but doesn't present a valid certificate.
This commit is contained in:
parent
f5a368bb48
commit
74d7336686
8 changed files with 138 additions and 50 deletions
1
changelog.d/10546.feature
Normal file
1
changelog.d/10546.feature
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Add a setting to disable TLS when sending email.
|
|
@ -2242,6 +2242,14 @@ email:
|
||||||
#
|
#
|
||||||
#require_transport_security: true
|
#require_transport_security: true
|
||||||
|
|
||||||
|
# Uncomment the following to disable TLS for SMTP.
|
||||||
|
#
|
||||||
|
# By default, if the server supports TLS, it will be used, and the server
|
||||||
|
# must present a certificate that is valid for 'smtp_host'. If this option
|
||||||
|
# is set to false, TLS will not be used.
|
||||||
|
#
|
||||||
|
#enable_tls: false
|
||||||
|
|
||||||
# notif_from defines the "From" address to use when sending emails.
|
# notif_from defines the "From" address to use when sending emails.
|
||||||
# It must be set if email sending is enabled.
|
# It must be set if email sending is enabled.
|
||||||
#
|
#
|
||||||
|
|
|
@ -80,6 +80,12 @@ class EmailConfig(Config):
|
||||||
self.require_transport_security = email_config.get(
|
self.require_transport_security = email_config.get(
|
||||||
"require_transport_security", False
|
"require_transport_security", False
|
||||||
)
|
)
|
||||||
|
self.enable_smtp_tls = email_config.get("enable_tls", True)
|
||||||
|
if self.require_transport_security and not self.enable_smtp_tls:
|
||||||
|
raise ConfigError(
|
||||||
|
"email.require_transport_security requires email.enable_tls to be true"
|
||||||
|
)
|
||||||
|
|
||||||
if "app_name" in email_config:
|
if "app_name" in email_config:
|
||||||
self.email_app_name = email_config["app_name"]
|
self.email_app_name = email_config["app_name"]
|
||||||
else:
|
else:
|
||||||
|
@ -368,6 +374,14 @@ class EmailConfig(Config):
|
||||||
#
|
#
|
||||||
#require_transport_security: true
|
#require_transport_security: true
|
||||||
|
|
||||||
|
# Uncomment the following to disable TLS for SMTP.
|
||||||
|
#
|
||||||
|
# By default, if the server supports TLS, it will be used, and the server
|
||||||
|
# must present a certificate that is valid for 'smtp_host'. If this option
|
||||||
|
# is set to false, TLS will not be used.
|
||||||
|
#
|
||||||
|
#enable_tls: false
|
||||||
|
|
||||||
# notif_from defines the "From" address to use when sending emails.
|
# notif_from defines the "From" address to use when sending emails.
|
||||||
# It must be set if email sending is enabled.
|
# It must be set if email sending is enabled.
|
||||||
#
|
#
|
||||||
|
|
|
@ -16,7 +16,12 @@ import email.utils
|
||||||
import logging
|
import logging
|
||||||
from email.mime.multipart import MIMEMultipart
|
from email.mime.multipart import MIMEMultipart
|
||||||
from email.mime.text import MIMEText
|
from email.mime.text import MIMEText
|
||||||
from typing import TYPE_CHECKING
|
from io import BytesIO
|
||||||
|
from typing import TYPE_CHECKING, Optional
|
||||||
|
|
||||||
|
from twisted.internet.defer import Deferred
|
||||||
|
from twisted.internet.interfaces import IReactorTCP
|
||||||
|
from twisted.mail.smtp import ESMTPSenderFactory
|
||||||
|
|
||||||
from synapse.logging.context import make_deferred_yieldable
|
from synapse.logging.context import make_deferred_yieldable
|
||||||
|
|
||||||
|
@ -26,19 +31,75 @@ if TYPE_CHECKING:
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
async def _sendmail(
|
||||||
|
reactor: IReactorTCP,
|
||||||
|
smtphost: str,
|
||||||
|
smtpport: int,
|
||||||
|
from_addr: str,
|
||||||
|
to_addr: str,
|
||||||
|
msg_bytes: bytes,
|
||||||
|
username: Optional[bytes] = None,
|
||||||
|
password: Optional[bytes] = None,
|
||||||
|
require_auth: bool = False,
|
||||||
|
require_tls: bool = False,
|
||||||
|
tls_hostname: Optional[str] = None,
|
||||||
|
) -> None:
|
||||||
|
"""A simple wrapper around ESMTPSenderFactory, to allow substitution in tests
|
||||||
|
|
||||||
|
Params:
|
||||||
|
reactor: reactor to use to make the outbound connection
|
||||||
|
smtphost: hostname to connect to
|
||||||
|
smtpport: port to connect to
|
||||||
|
from_addr: "From" address for email
|
||||||
|
to_addr: "To" address for email
|
||||||
|
msg_bytes: Message content
|
||||||
|
username: username to authenticate with, if auth is enabled
|
||||||
|
password: password to give when authenticating
|
||||||
|
require_auth: if auth is not offered, fail the request
|
||||||
|
require_tls: if TLS is not offered, fail the reqest
|
||||||
|
tls_hostname: TLS hostname to check for. None to disable TLS.
|
||||||
|
"""
|
||||||
|
msg = BytesIO(msg_bytes)
|
||||||
|
|
||||||
|
d: "Deferred[object]" = Deferred()
|
||||||
|
|
||||||
|
factory = ESMTPSenderFactory(
|
||||||
|
username,
|
||||||
|
password,
|
||||||
|
from_addr,
|
||||||
|
to_addr,
|
||||||
|
msg,
|
||||||
|
d,
|
||||||
|
heloFallback=True,
|
||||||
|
requireAuthentication=require_auth,
|
||||||
|
requireTransportSecurity=require_tls,
|
||||||
|
hostname=tls_hostname,
|
||||||
|
)
|
||||||
|
|
||||||
|
# the IReactorTCP interface claims host has to be a bytes, which seems to be wrong
|
||||||
|
reactor.connectTCP(smtphost, smtpport, factory, timeout=30, bindAddress=None) # type: ignore[arg-type]
|
||||||
|
|
||||||
|
await make_deferred_yieldable(d)
|
||||||
|
|
||||||
|
|
||||||
class SendEmailHandler:
|
class SendEmailHandler:
|
||||||
def __init__(self, hs: "HomeServer"):
|
def __init__(self, hs: "HomeServer"):
|
||||||
self.hs = hs
|
self.hs = hs
|
||||||
|
|
||||||
self._sendmail = hs.get_sendmail()
|
|
||||||
self._reactor = hs.get_reactor()
|
self._reactor = hs.get_reactor()
|
||||||
|
|
||||||
self._from = hs.config.email.email_notif_from
|
self._from = hs.config.email.email_notif_from
|
||||||
self._smtp_host = hs.config.email.email_smtp_host
|
self._smtp_host = hs.config.email.email_smtp_host
|
||||||
self._smtp_port = hs.config.email.email_smtp_port
|
self._smtp_port = hs.config.email.email_smtp_port
|
||||||
self._smtp_user = hs.config.email.email_smtp_user
|
|
||||||
self._smtp_pass = hs.config.email.email_smtp_pass
|
user = hs.config.email.email_smtp_user
|
||||||
|
self._smtp_user = user.encode("utf-8") if user is not None else None
|
||||||
|
passwd = hs.config.email.email_smtp_pass
|
||||||
|
self._smtp_pass = passwd.encode("utf-8") if passwd is not None else None
|
||||||
self._require_transport_security = hs.config.email.require_transport_security
|
self._require_transport_security = hs.config.email.require_transport_security
|
||||||
|
self._enable_tls = hs.config.email.enable_smtp_tls
|
||||||
|
|
||||||
|
self._sendmail = _sendmail
|
||||||
|
|
||||||
async def send_email(
|
async def send_email(
|
||||||
self,
|
self,
|
||||||
|
@ -82,17 +143,16 @@ class SendEmailHandler:
|
||||||
|
|
||||||
logger.info("Sending email to %s" % email_address)
|
logger.info("Sending email to %s" % email_address)
|
||||||
|
|
||||||
await make_deferred_yieldable(
|
await self._sendmail(
|
||||||
self._sendmail(
|
self._reactor,
|
||||||
self._smtp_host,
|
self._smtp_host,
|
||||||
raw_from,
|
self._smtp_port,
|
||||||
raw_to,
|
raw_from,
|
||||||
multipart_msg.as_string().encode("utf8"),
|
raw_to,
|
||||||
reactor=self._reactor,
|
multipart_msg.as_string().encode("utf8"),
|
||||||
port=self._smtp_port,
|
username=self._smtp_user,
|
||||||
requireAuthentication=self._smtp_user is not None,
|
password=self._smtp_pass,
|
||||||
username=self._smtp_user,
|
require_auth=self._smtp_user is not None,
|
||||||
password=self._smtp_pass,
|
require_tls=self._require_transport_security,
|
||||||
requireTransportSecurity=self._require_transport_security,
|
tls_hostname=self._smtp_host if self._enable_tls else None,
|
||||||
)
|
|
||||||
)
|
)
|
||||||
|
|
|
@ -34,8 +34,6 @@ from typing import (
|
||||||
)
|
)
|
||||||
|
|
||||||
import twisted.internet.tcp
|
import twisted.internet.tcp
|
||||||
from twisted.internet import defer
|
|
||||||
from twisted.mail.smtp import sendmail
|
|
||||||
from twisted.web.iweb import IPolicyForHTTPS
|
from twisted.web.iweb import IPolicyForHTTPS
|
||||||
from twisted.web.resource import IResource
|
from twisted.web.resource import IResource
|
||||||
|
|
||||||
|
@ -442,10 +440,6 @@ class HomeServer(metaclass=abc.ABCMeta):
|
||||||
def get_room_shutdown_handler(self) -> RoomShutdownHandler:
|
def get_room_shutdown_handler(self) -> RoomShutdownHandler:
|
||||||
return RoomShutdownHandler(self)
|
return RoomShutdownHandler(self)
|
||||||
|
|
||||||
@cache_in_self
|
|
||||||
def get_sendmail(self) -> Callable[..., defer.Deferred]:
|
|
||||||
return sendmail
|
|
||||||
|
|
||||||
@cache_in_self
|
@cache_in_self
|
||||||
def get_state_handler(self) -> StateHandler:
|
def get_state_handler(self) -> StateHandler:
|
||||||
return StateHandler(self)
|
return StateHandler(self)
|
||||||
|
|
|
@ -45,14 +45,6 @@ class EmailPusherTests(HomeserverTestCase):
|
||||||
|
|
||||||
def make_homeserver(self, reactor, clock):
|
def make_homeserver(self, reactor, clock):
|
||||||
|
|
||||||
# List[Tuple[Deferred, args, kwargs]]
|
|
||||||
self.email_attempts = []
|
|
||||||
|
|
||||||
def sendmail(*args, **kwargs):
|
|
||||||
d = Deferred()
|
|
||||||
self.email_attempts.append((d, args, kwargs))
|
|
||||||
return d
|
|
||||||
|
|
||||||
config = self.default_config()
|
config = self.default_config()
|
||||||
config["email"] = {
|
config["email"] = {
|
||||||
"enable_notifs": True,
|
"enable_notifs": True,
|
||||||
|
@ -75,7 +67,17 @@ class EmailPusherTests(HomeserverTestCase):
|
||||||
config["public_baseurl"] = "aaa"
|
config["public_baseurl"] = "aaa"
|
||||||
config["start_pushers"] = True
|
config["start_pushers"] = True
|
||||||
|
|
||||||
hs = self.setup_test_homeserver(config=config, sendmail=sendmail)
|
hs = self.setup_test_homeserver(config=config)
|
||||||
|
|
||||||
|
# List[Tuple[Deferred, args, kwargs]]
|
||||||
|
self.email_attempts = []
|
||||||
|
|
||||||
|
def sendmail(*args, **kwargs):
|
||||||
|
d = Deferred()
|
||||||
|
self.email_attempts.append((d, args, kwargs))
|
||||||
|
return d
|
||||||
|
|
||||||
|
hs.get_send_email_handler()._sendmail = sendmail
|
||||||
|
|
||||||
return hs
|
return hs
|
||||||
|
|
||||||
|
|
|
@ -47,12 +47,6 @@ class PasswordResetTestCase(unittest.HomeserverTestCase):
|
||||||
config = self.default_config()
|
config = self.default_config()
|
||||||
|
|
||||||
# Email config.
|
# Email config.
|
||||||
self.email_attempts = []
|
|
||||||
|
|
||||||
async def sendmail(smtphost, from_addr, to_addrs, msg, **kwargs):
|
|
||||||
self.email_attempts.append(msg)
|
|
||||||
return
|
|
||||||
|
|
||||||
config["email"] = {
|
config["email"] = {
|
||||||
"enable_notifs": False,
|
"enable_notifs": False,
|
||||||
"template_dir": os.path.abspath(
|
"template_dir": os.path.abspath(
|
||||||
|
@ -67,7 +61,16 @@ class PasswordResetTestCase(unittest.HomeserverTestCase):
|
||||||
}
|
}
|
||||||
config["public_baseurl"] = "https://example.com"
|
config["public_baseurl"] = "https://example.com"
|
||||||
|
|
||||||
hs = self.setup_test_homeserver(config=config, sendmail=sendmail)
|
hs = self.setup_test_homeserver(config=config)
|
||||||
|
|
||||||
|
async def sendmail(
|
||||||
|
reactor, smtphost, smtpport, from_addr, to_addrs, msg, **kwargs
|
||||||
|
):
|
||||||
|
self.email_attempts.append(msg)
|
||||||
|
|
||||||
|
self.email_attempts = []
|
||||||
|
hs.get_send_email_handler()._sendmail = sendmail
|
||||||
|
|
||||||
return hs
|
return hs
|
||||||
|
|
||||||
def prepare(self, reactor, clock, hs):
|
def prepare(self, reactor, clock, hs):
|
||||||
|
@ -511,11 +514,6 @@ class ThreepidEmailRestTestCase(unittest.HomeserverTestCase):
|
||||||
config = self.default_config()
|
config = self.default_config()
|
||||||
|
|
||||||
# Email config.
|
# Email config.
|
||||||
self.email_attempts = []
|
|
||||||
|
|
||||||
async def sendmail(smtphost, from_addr, to_addrs, msg, **kwargs):
|
|
||||||
self.email_attempts.append(msg)
|
|
||||||
|
|
||||||
config["email"] = {
|
config["email"] = {
|
||||||
"enable_notifs": False,
|
"enable_notifs": False,
|
||||||
"template_dir": os.path.abspath(
|
"template_dir": os.path.abspath(
|
||||||
|
@ -530,7 +528,16 @@ class ThreepidEmailRestTestCase(unittest.HomeserverTestCase):
|
||||||
}
|
}
|
||||||
config["public_baseurl"] = "https://example.com"
|
config["public_baseurl"] = "https://example.com"
|
||||||
|
|
||||||
self.hs = self.setup_test_homeserver(config=config, sendmail=sendmail)
|
self.hs = self.setup_test_homeserver(config=config)
|
||||||
|
|
||||||
|
async def sendmail(
|
||||||
|
reactor, smtphost, smtpport, from_addr, to_addrs, msg, **kwargs
|
||||||
|
):
|
||||||
|
self.email_attempts.append(msg)
|
||||||
|
|
||||||
|
self.email_attempts = []
|
||||||
|
self.hs.get_send_email_handler()._sendmail = sendmail
|
||||||
|
|
||||||
return self.hs
|
return self.hs
|
||||||
|
|
||||||
def prepare(self, reactor, clock, hs):
|
def prepare(self, reactor, clock, hs):
|
||||||
|
|
|
@ -509,10 +509,6 @@ class AccountValidityRenewalByEmailTestCase(unittest.HomeserverTestCase):
|
||||||
}
|
}
|
||||||
|
|
||||||
# Email config.
|
# Email config.
|
||||||
self.email_attempts = []
|
|
||||||
|
|
||||||
async def sendmail(*args, **kwargs):
|
|
||||||
self.email_attempts.append((args, kwargs))
|
|
||||||
|
|
||||||
config["email"] = {
|
config["email"] = {
|
||||||
"enable_notifs": True,
|
"enable_notifs": True,
|
||||||
|
@ -532,7 +528,13 @@ class AccountValidityRenewalByEmailTestCase(unittest.HomeserverTestCase):
|
||||||
}
|
}
|
||||||
config["public_baseurl"] = "aaa"
|
config["public_baseurl"] = "aaa"
|
||||||
|
|
||||||
self.hs = self.setup_test_homeserver(config=config, sendmail=sendmail)
|
self.hs = self.setup_test_homeserver(config=config)
|
||||||
|
|
||||||
|
async def sendmail(*args, **kwargs):
|
||||||
|
self.email_attempts.append((args, kwargs))
|
||||||
|
|
||||||
|
self.email_attempts = []
|
||||||
|
self.hs.get_send_email_handler()._sendmail = sendmail
|
||||||
|
|
||||||
self.store = self.hs.get_datastore()
|
self.store = self.hs.get_datastore()
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue