From 9a793088c6a5951c4c2e9e27d05b3a0d6fe3a10d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Fri, 21 Apr 2017 16:58:01 +0000 Subject: [PATCH] Use local MTA for sending e-mail --- certidude/api/__init__.py | 9 ++--- certidude/cli.py | 11 ++++++ certidude/config.py | 5 +-- certidude/mailer.py | 55 ++------------------------ certidude/static/views/authority.html | 5 +-- certidude/templates/mail/test.md | 3 ++ certidude/templates/server/server.conf | 13 ++++-- 7 files changed, 35 insertions(+), 66 deletions(-) create mode 100644 certidude/templates/mail/test.md diff --git a/certidude/api/__init__.py b/certidude/api/__init__.py index 65534aa..bd4a357 100644 --- a/certidude/api/__init__.py +++ b/certidude/api/__init__.py @@ -115,11 +115,10 @@ class SessionResource(object): ), common_name = authority.ca_cert.subject.get_attributes_for_oid( NameOID.COMMON_NAME)[0].value, - outbox = dict( - server = config.OUTBOX, - name = config.OUTBOX_NAME, - mail = config.OUTBOX_MAIL - ), + mailer = dict( + name = config.MAILER_NAME, + address = config.MAILER_ADDRESS + ) if config.MAILER_ADDRESS else None, machine_enrollment_allowed=config.MACHINE_ENROLLMENT_ALLOWED, user_enrollment_allowed=config.USER_ENROLLMENT_ALLOWED, user_multiple_certificates=config.USER_MULTIPLE_CERTIFICATES, diff --git a/certidude/cli.py b/certidude/cli.py index c4d5812..7d90114 100755 --- a/certidude/cli.py +++ b/certidude/cli.py @@ -1313,6 +1313,16 @@ def certidude_setup_yubikey(authority, slot, username, pin): subprocess.call(cmd) +@click.command("test", help="Test mailer") +@click.argument("recipient") +def certidude_test(recipient): + from certidude import mailer + mailer.send( + "test.md", + to=recipient + ) + + @click.group("strongswan", help="strongSwan helpers") def certidude_setup_strongswan(): pass @@ -1344,6 +1354,7 @@ entry_point.add_command(certidude_revoke) entry_point.add_command(certidude_list) entry_point.add_command(certidude_users) entry_point.add_command(certidude_cron) +entry_point.add_command(certidude_test) if __name__ == "__main__": entry_point() diff --git a/certidude/config.py b/certidude/config.py index 7f7e317..3ed18c8 100644 --- a/certidude/config.py +++ b/certidude/config.py @@ -41,9 +41,8 @@ SIGNED_DIR = cp.get("authority", "signed dir") REVOKED_DIR = cp.get("authority", "revoked dir") EXPIRED_DIR = cp.get("authority", "expired dir") -OUTBOX = cp.get("authority", "outbox uri") -OUTBOX_NAME = cp.get("authority", "outbox sender name") -OUTBOX_MAIL = cp.get("authority", "outbox sender address") +MAILER_NAME = cp.get("mailer", "name") +MAILER_ADDRESS = cp.get("mailer", "address") BUNDLE_FORMAT = cp.get("bundle", "format") OPENVPN_PROFILE_TEMPLATE = cp.get("bundle", "openvpn profile template") diff --git a/certidude/mailer.py b/certidude/mailer.py index fe7d5c6..6bea074 100644 --- a/certidude/mailer.py +++ b/certidude/mailer.py @@ -14,7 +14,7 @@ env = Environment(loader=PackageLoader("certidude", "templates/mail")) def send(template, to=None, attachments=(), **context): from certidude import authority, config - if not config.OUTBOX: + if not config.MAILER_ADDRESS: # Mailbox disabled, don't send e-mail return @@ -25,52 +25,12 @@ def send(template, to=None, attachments=(), **context): click.echo("Sending e-mail %s to %s" % (template, recipients)) - scheme, netloc, path, params, query, fragment = urlparse(config.OUTBOX) - scheme = scheme.lower() - - if path: - raise ValueError("Path for URL not supported") - if params: - raise ValueError("Parameters for URL not supported") - if query: - raise ValueError("Query for URL not supported") - if fragment: - raise ValueError("Fragment for URL not supported") - - - username = None - password = "" - - if scheme == "smtp": - secure = False - port = 25 - elif scheme == "smtps": - secure = True - port = 465 - else: - raise ValueError("Unknown scheme '%s', currently SMTP and SMTPS are only supported" % scheme) - - if "@" in netloc: - credentials, netloc = netloc.split("@") - - if ":" in credentials: - username, password = credentials.split(":") - else: - username = credentials - - if ":" in netloc: - server, port_str = netloc.split(":") - port = int(port_str) - else: - server = netloc - - subject, text = env.get_template(template).render(context).split("\n\n", 1) html = markdown(text) msg = MIMEMultipart("alternative") msg["Subject"] = subject - msg["From"] = "%s <%s>" % (config.OUTBOX_NAME, config.OUTBOX_MAIL) + msg["From"] = "%s <%s>" % (config.MAILER_NAME, config.MAILER_ADDRESS) msg["To"] = recipients part1 = MIMEText(text, "plain") @@ -85,12 +45,5 @@ def send(template, to=None, attachments=(), **context): part.set_payload(attachment) msg.attach(part) - # Gmail employs some sort of IPS - # https://accounts.google.com/DisplayUnlockCaptcha - conn = smtplib.SMTP(server, port) - if secure: - conn.starttls() - if username and password: - conn.login(username, password) - - conn.sendmail(config.OUTBOX_MAIL, recipients, msg.as_string()) + conn = smtplib.SMTP("localhost") + conn.sendmail(config.MAILER_ADDRESS, recipients, msg.as_string()) diff --git a/certidude/static/views/authority.html b/certidude/static/views/authority.html index 63e7252..385a65d 100644 --- a/certidude/static/views/authority.html +++ b/certidude/static/views/authority.html @@ -18,9 +18,8 @@ as such require complete reset of X509 infrastructure if some of them needs to b

These can be reconfigured via /etc/certidude/server.conf on the server.

-{% if session.authority.outbox %} -

Outgoing mail server: {{ session.authority.outbox.server }}

-

Mails will appear from: {{ session.authority.outbox.name }} <{{ session.authority.outbox.mail }}>

+{% if session.authority.mailer %} +

Mails will appear from: {{ session.authority.mailer.name }} <{{ session.authority.mailer.address }}>

{% else %}

E-mail disabled

{% endif %} diff --git a/certidude/templates/mail/test.md b/certidude/templates/mail/test.md new file mode 100644 index 0000000..a17dda1 --- /dev/null +++ b/certidude/templates/mail/test.md @@ -0,0 +1,3 @@ +Test mail + +Testing! diff --git a/certidude/templates/server/server.conf b/certidude/templates/server/server.conf index 65a67ce..287df1b 100644 --- a/certidude/templates/server/server.conf +++ b/certidude/templates/server/server.conf @@ -131,10 +131,15 @@ signed dir = {{ directory }}/signed/ revoked dir = {{ directory }}/revoked/ expired dir = {{ directory }}/expired/ -outbox uri = -;outbox uri = {{ outbox }} -outbox sender name = Certificate management -outbox sender address = certificates@example.com +[mailer] +# Certidude submits mails to local MTA. +# In case of Postfix configure it as "Sattelite system", +# and make sure Certidude machine doesn't try to accept mails. +# uncomment mail sender address to enable e-mails. +# Make sure used e-mail address is reachable for end users. +name = Certificate management +address = +;address = certificates@example.com [bundle] format = p12