def test_email_belongs_to_alias_domains():
# default alias domain
assert email_belongs_to_alias_domains("*****@*****.**")
assert not email_belongs_to_alias_domains("*****@*****.**")
assert email_belongs_to_alias_domains("*****@*****.**")
assert not email_belongs_to_alias_domains("*****@*****.**")
def register():
if current_user.is_authenticated:
LOG.d("user is already authenticated, redirect to dashboard")
flash("You are already logged in", "warning")
return redirect(url_for("dashboard.index"))
form = RegisterForm(request.form)
next_url = request.args.get("next")
if form.validate_on_submit():
email = form.email.data
if email_belongs_to_alias_domains(email):
flash(
"You cannot use alias as your personal inbox. Nice try though 😉",
"error",
)
user = User.filter_by(email=email).first()
if user:
flash(f"Email {form.email.data} already exists", "warning")
else:
LOG.debug("create user %s", form.email.data)
user = User.create(
email=form.email.data.lower(),
name="",
password=form.password.data,
)
db.session.commit()
send_activation_email(user, next_url)
return render_template("auth/register_waiting_activation.html")
return render_template("auth/register.html", form=form, next_url=next_url)
def try_auto_create_directory(address: str) -> Optional[Alias]:
"""
Try to create an alias with directory
"""
# check if alias belongs to a directory, ie having directory/anything@EMAIL_DOMAIN format
if email_belongs_to_alias_domains(address):
# if there's no directory separator in the alias, no way to auto-create it
if "/" not in address and "+" not in address and "#" not in address:
return None
# alias contains one of the 3 special directory separator: "/", "+" or "#"
if "/" in address:
sep = "/"
elif "+" in address:
sep = "+"
else:
sep = "#"
directory_name = address[:address.find(sep)]
LOG.d("directory_name %s", directory_name)
directory = Directory.get_by(name=directory_name)
if not directory:
return None
dir_user: User = directory.user
if not dir_user.can_create_new_alias():
send_cannot_create_directory_alias(dir_user, address,
directory_name)
return None
try:
LOG.d("create alias %s for directory %s", address, directory)
mailboxes = directory.mailboxes
alias = Alias.create(
email=address,
user_id=directory.user_id,
directory_id=directory.id,
mailbox_id=mailboxes[0].id,
)
db.session.flush()
for i in range(1, len(mailboxes)):
AliasMailbox.create(
alias_id=alias.id,
mailbox_id=mailboxes[i].id,
)
db.session.commit()
return alias
except AliasInTrashError:
LOG.warning(
"Alias %s was deleted before, cannot auto-create using directory %s, user %s",
address,
directory_name,
dir_user,
)
return None
def try_auto_create_directory(alias: str) -> Optional[GenEmail]:
"""
Try to create an alias with directory
"""
# check if alias belongs to a directory, ie having directory/anything@EMAIL_DOMAIN format
if email_belongs_to_alias_domains(alias):
# if there's no directory separator in the alias, no way to auto-create it
if "/" not in alias and "+" not in alias and "#" not in alias:
return None
# alias contains one of the 3 special directory separator: "/", "+" or "#"
if "/" in alias:
sep = "/"
elif "+" in alias:
sep = "+"
else:
sep = "#"
directory_name = alias[: alias.find(sep)]
LOG.d("directory_name %s", directory_name)
directory = Directory.get_by(name=directory_name)
if not directory:
return None
dir_user: User = directory.user
if not dir_user.can_create_new_alias():
send_cannot_create_directory_alias(dir_user, alias, directory_name)
return None
# if alias has been deleted before, do not auto-create it
if DeletedAlias.get_by(email=alias, user_id=directory.user_id):
LOG.warning(
"Alias %s was deleted before, cannot auto-create using directory %s, user %s",
alias,
directory_name,
dir_user,
)
return None
LOG.d("create alias %s for directory %s", alias, directory)
gen_email = GenEmail.create(
email=alias,
user_id=directory.user_id,
directory_id=directory.id,
mailbox_id=dir_user.default_mailbox_id,
)
db.session.commit()
return gen_email
def verify_prefix_suffix(user, alias_prefix, alias_suffix) -> bool:
"""verify if user could create an alias with the given prefix and suffix"""
if not alias_prefix or not alias_suffix: # should be caught on frontend
return False
user_custom_domains = [cd.domain for cd in user.verified_custom_domains()]
alias_prefix = alias_prefix.strip()
alias_prefix = convert_to_id(alias_prefix)
# make sure alias_suffix is either [email protected] or @my-domain.com
alias_suffix = alias_suffix.strip()
if alias_suffix.startswith("@"):
alias_domain = alias_suffix[1:]
# alias_domain can be either custom_domain or if DISABLE_ALIAS_SUFFIX, one of the default ALIAS_DOMAINS
if DISABLE_ALIAS_SUFFIX:
if (alias_domain not in user_custom_domains
and alias_domain not in ALIAS_DOMAINS):
LOG.exception("wrong alias suffix %s, user %s", alias_suffix,
user)
return False
else:
if alias_domain not in user_custom_domains:
LOG.exception("wrong alias suffix %s, user %s", alias_suffix,
user)
return False
else:
if not alias_suffix.startswith("."):
LOG.exception("User %s submits a wrong alias suffix %s", user,
alias_suffix)
return False
full_alias = alias_prefix + alias_suffix
if not email_belongs_to_alias_domains(full_alias):
LOG.exception(
"Alias suffix should end with one of the alias domains %s",
user,
alias_suffix,
)
return False
random_word_part = alias_suffix[1:alias_suffix.find("@")]
if not word_exist(random_word_part):
LOG.exception(
"alias suffix %s needs to start with a random word, user %s",
alias_suffix,
user,
)
return False
return True
def handle_reply(envelope, smtp: SMTP, msg: Message,
rcpt_to: str) -> (bool, str):
"""
return whether an email has been delivered and
the smtp status ("250 Message accepted", "550 Non-existent email address", etc)
"""
reply_email = rcpt_to.lower().strip()
# reply_email must end with EMAIL_DOMAIN
if not reply_email.endswith(EMAIL_DOMAIN):
LOG.warning(f"Reply email {reply_email} has wrong domain")
return False, "550 SL E2"
contact = Contact.get_by(reply_email=reply_email)
if not contact:
LOG.warning(f"No such forward-email with {reply_email} as reply-email")
return False, "550 SL E4"
alias = contact.alias
address: str = contact.alias.email
alias_domain = address[address.find("@") + 1:]
# alias must end with one of the ALIAS_DOMAINS or custom-domain
if not email_belongs_to_alias_domains(alias.email):
if not CustomDomain.get_by(domain=alias_domain):
return False, "550 SL E5"
user = alias.user
mail_from = envelope.mail_from.lower().strip()
# bounce email initiated by Postfix
# can happen in case emails cannot be delivered to user-email
# in this case Postfix will try to send a bounce report to original sender, which is
# the "reply email"
if mail_from == "<>":
LOG.warning(
"Bounce when sending to alias %s from %s, user %s",
alias,
contact,
user,
)
handle_bounce(contact, alias, msg, user)
return False, "550 SL E6"
mailbox = Mailbox.get_by(email=mail_from, user_id=user.id)
if not mailbox or mailbox not in alias.mailboxes:
# only mailbox can send email to the reply-email
handle_unknown_mailbox(envelope, msg, reply_email, user, alias)
return False, "550 SL E7"
if ENFORCE_SPF and mailbox.force_spf:
ip = msg[_IP_HEADER]
if not spf_pass(ip, envelope, mailbox, user, alias,
contact.website_email, msg):
# cannot use 4** here as sender will retry. 5** because that generates bounce report
return True, "250 SL E11"
delete_header(msg, _IP_HEADER)
delete_header(msg, "DKIM-Signature")
delete_header(msg, "Received")
# make the email comes from alias
from_header = alias.email
# add alias name from alias
if alias.name:
LOG.d("Put alias name in from header")
from_header = formataddr((alias.name, alias.email))
elif alias.custom_domain:
LOG.d("Put domain default alias name in from header")
# add alias name from domain
if alias.custom_domain.name:
from_header = formataddr((alias.custom_domain.name, alias.email))
add_or_replace_header(msg, "From", from_header)
# some email providers like ProtonMail adds automatically the Reply-To field
# make sure to delete it
delete_header(msg, "Reply-To")
# remove sender header if present as this could reveal user real email
delete_header(msg, "Sender")
delete_header(msg, "X-Sender")
replace_header_when_reply(msg, alias, "To")
replace_header_when_reply(msg, alias, "Cc")
# Received-SPF is injected by postfix-policyd-spf-python can reveal user original email
delete_header(msg, "Received-SPF")
LOG.d(
"send email from %s to %s, mail_options:%s,rcpt_options:%s",
alias.email,
contact.website_email,
envelope.mail_options,
envelope.rcpt_options,
)
if alias_domain in ALIAS_DOMAINS:
add_dkim_signature(msg, alias_domain)
# add DKIM-Signature for custom-domain alias
else:
custom_domain: CustomDomain = CustomDomain.get_by(domain=alias_domain)
if custom_domain.dkim_verified:
add_dkim_signature(msg, alias_domain)
smtp.sendmail(
alias.email,
contact.website_email,
msg.as_bytes(),
envelope.mail_options,
envelope.rcpt_options,
)
EmailLog.create(contact_id=contact.id,
is_reply=True,
user_id=contact.user_id)
db.session.commit()
return True, "250 Message accepted for delivery"
def handle_reply(self, envelope, smtp: SMTP, msg: Message) -> str:
reply_email = envelope.rcpt_tos[0].lower()
# reply_email must end with EMAIL_DOMAIN
if not reply_email.endswith(EMAIL_DOMAIN):
LOG.error(f"Reply email {reply_email} has wrong domain")
return "550 wrong reply email"
forward_email = ForwardEmail.get_by(reply_email=reply_email)
alias: str = forward_email.gen_email.email
alias_domain = alias[alias.find("@") + 1:]
# alias must end with one of the ALIAS_DOMAINS or custom-domain
if not email_belongs_to_alias_domains(alias):
if not CustomDomain.get_by(domain=alias_domain):
return "550 alias unknown by SimpleLogin"
user_email = forward_email.gen_email.user.email
if envelope.mail_from.lower() != user_email.lower():
LOG.error(
f"Reply email can only be used by user email. Actual mail_from: %s. msg from header: %s, User email %s. reply_email %s",
envelope.mail_from,
msg["From"],
user_email,
reply_email,
)
send_reply_alias_must_use_personal_email(
forward_email.gen_email.user,
forward_email.gen_email.email,
envelope.mail_from,
)
send_email(
envelope.mail_from,
f"Your email ({envelope.mail_from}) is not allowed to send email to {reply_email}",
"",
"",
)
return "550 ignored"
delete_header(msg, "DKIM-Signature")
# the email comes from alias
msg.replace_header("From", alias)
# some email providers like ProtonMail adds automatically the Reply-To field
# make sure to delete it
delete_header(msg, "Reply-To")
msg.replace_header("To", forward_email.website_email)
# add List-Unsubscribe header
unsubscribe_link = f"{URL}/dashboard/unsubscribe/{forward_email.gen_email_id}"
add_or_replace_header(msg, "List-Unsubscribe", f"<{unsubscribe_link}>")
add_or_replace_header(msg, "List-Unsubscribe-Post",
"List-Unsubscribe=One-Click")
# Received-SPF is injected by postfix-policyd-spf-python can reveal user original email
delete_header(msg, "Received-SPF")
LOG.d(
"send email from %s to %s, mail_options:%s,rcpt_options:%s",
alias,
forward_email.website_email,
envelope.mail_options,
envelope.rcpt_options,
)
if alias_domain in ALIAS_DOMAINS:
add_dkim_signature(msg, alias_domain)
# add DKIM-Signature for custom-domain alias
else:
custom_domain: CustomDomain = CustomDomain.get_by(
domain=alias_domain)
if custom_domain.dkim_verified:
add_dkim_signature(msg, alias_domain)
msg_raw = msg.as_string().encode()
smtp.sendmail(
alias,
forward_email.website_email,
msg_raw,
envelope.mail_options,
envelope.rcpt_options,
)
ForwardEmailLog.create(forward_id=forward_email.id, is_reply=True)
db.session.commit()
return "250 Message accepted for delivery"
def handle_forward(self, envelope, smtp: SMTP, msg: Message) -> str:
"""return *status_code message*"""
alias = envelope.rcpt_tos[0].lower() # alias@SL
gen_email = GenEmail.get_by(email=alias)
if not gen_email:
LOG.d(
"alias %s not exist. Try to see if it can be created on the fly",
alias)
# try to see if alias could be created on-the-fly
on_the_fly = False
# check if alias belongs to a directory, ie having directory/anything@EMAIL_DOMAIN format
if email_belongs_to_alias_domains(alias):
if "/" in alias or "+" in alias or "#" in alias:
if "/" in alias:
sep = "/"
elif "+" in alias:
sep = "+"
else:
sep = "#"
directory_name = alias[:alias.find(sep)]
LOG.d("directory_name %s", directory_name)
directory = Directory.get_by(name=directory_name)
# Only premium user can use the directory feature
if directory:
dir_user = directory.user
if dir_user.is_premium():
LOG.d("create alias %s for directory %s", alias,
directory)
on_the_fly = True
gen_email = GenEmail.create(
email=alias,
user_id=directory.user_id,
directory_id=directory.id,
)
db.session.commit()
else:
LOG.error(
"User %s is not premium anymore and cannot create alias with directory",
dir_user,
)
send_cannot_create_directory_alias(
dir_user, alias, directory_name)
# try to create alias on-the-fly with custom-domain catch-all feature
# check if alias is custom-domain alias and if the custom-domain has catch-all enabled
if not on_the_fly:
alias_domain = get_email_domain_part(alias)
custom_domain = CustomDomain.get_by(domain=alias_domain)
# Only premium user can continue using the catch-all feature
if custom_domain and custom_domain.catch_all:
domain_user = custom_domain.user
if domain_user.is_premium():
LOG.d("create alias %s for domain %s", alias,
custom_domain)
on_the_fly = True
gen_email = GenEmail.create(
email=alias,
user_id=custom_domain.user_id,
custom_domain_id=custom_domain.id,
automatic_creation=True,
)
db.session.commit()
else:
LOG.error(
"User %s is not premium anymore and cannot create alias with domain %s",
domain_user,
alias_domain,
)
send_cannot_create_domain_alias(
domain_user, alias, alias_domain)
if not on_the_fly:
LOG.d("alias %s cannot be created on-the-fly, return 510",
alias)
return "510 Email not exist"
user_email = gen_email.user.email
website_email = get_email_part(msg["From"])
forward_email = ForwardEmail.get_by(gen_email_id=gen_email.id,
website_email=website_email)
if not forward_email:
LOG.debug(
"create forward email for alias %s and website email %s",
alias,
website_email,
)
# generate a reply_email, make sure it is unique
# not use while to avoid infinite loop
for _ in range(1000):
reply_email = f"reply+{random_string(30)}@{EMAIL_DOMAIN}"
if not ForwardEmail.get_by(reply_email=reply_email):
break
forward_email = ForwardEmail.create(
gen_email_id=gen_email.id,
website_email=website_email,
website_from=msg["From"],
reply_email=reply_email,
)
db.session.commit()
forward_log = ForwardEmailLog.create(forward_id=forward_email.id)
if gen_email.enabled:
# add custom header
add_or_replace_header(msg, "X-SimpleLogin-Type", "Forward")
# remove reply-to header if present
delete_header(msg, "Reply-To")
# change the from header so the sender comes from @SL
# so it can pass DMARC check
# replace the email part in from: header
from_header = (get_email_name(msg["From"]) + " - " +
website_email.replace("@", " at ") +
f" <{forward_email.reply_email}>")
msg.replace_header("From", from_header)
LOG.d("new from header:%s", from_header)
# add List-Unsubscribe header
unsubscribe_link = f"{URL}/dashboard/unsubscribe/{gen_email.id}"
add_or_replace_header(msg, "List-Unsubscribe",
f"<{unsubscribe_link}>")
add_or_replace_header(msg, "List-Unsubscribe-Post",
"List-Unsubscribe=One-Click")
add_dkim_signature(msg, EMAIL_DOMAIN)
LOG.d(
"Forward mail from %s to %s, mail_options %s, rcpt_options %s ",
website_email,
user_email,
envelope.mail_options,
envelope.rcpt_options,
)
# smtp.send_message has UnicodeEncodeErroremail issue
# encode message raw directly instead
msg_raw = msg.as_string().encode()
smtp.sendmail(
forward_email.reply_email,
user_email,
msg_raw,
envelope.mail_options,
envelope.rcpt_options,
)
else:
LOG.d("%s is disabled, do not forward", gen_email)
forward_log.blocked = True
db.session.commit()
return "250 Message accepted for delivery"
def handle_reply(envelope, smtp: SMTP, msg: Message,
rcpt_to: str) -> (bool, str):
"""
return whether an email has been delivered and
the smtp status ("250 Message accepted", "550 Non-existent email address", etc)
"""
reply_email = rcpt_to.lower().strip()
# reply_email must end with EMAIL_DOMAIN
if not reply_email.endswith(EMAIL_DOMAIN):
LOG.warning(f"Reply email {reply_email} has wrong domain")
return False, "550 SL E2"
contact = Contact.get_by(reply_email=reply_email)
if not contact:
LOG.warning(f"No such forward-email with {reply_email} as reply-email")
return False, "550 SL E4 Email not exist"
alias = contact.alias
address: str = contact.alias.email
alias_domain = address[address.find("@") + 1:]
# alias must end with one of the ALIAS_DOMAINS or custom-domain
if not email_belongs_to_alias_domains(alias.email):
if not CustomDomain.get_by(domain=alias_domain):
return False, "550 SL E5"
user = alias.user
mail_from = envelope.mail_from.lower().strip()
# bounce email initiated by Postfix
# can happen in case emails cannot be delivered to user-email
# in this case Postfix will try to send a bounce report to original sender, which is
# the "reply email"
if mail_from == "<>":
LOG.warning(
"Bounce when sending to alias %s from %s, user %s",
alias,
contact,
user,
)
handle_bounce(contact, alias, msg, user)
return False, "550 SL E6"
mailbox = Mailbox.get_by(email=mail_from, user_id=user.id)
if not mailbox or mailbox not in alias.mailboxes:
# only mailbox can send email to the reply-email
handle_unknown_mailbox(envelope, msg, reply_email, user, alias)
return False, "550 SL E7"
if ENFORCE_SPF and mailbox.force_spf:
ip = msg[_IP_HEADER]
if not spf_pass(ip, envelope, mailbox, user, alias,
contact.website_email, msg):
# cannot use 4** here as sender will retry. 5** because that generates bounce report
return True, "250 SL E11"
delete_header(msg, _IP_HEADER)
delete_header(msg, "DKIM-Signature")
delete_header(msg, "Received")
# make the email comes from alias
from_header = alias.email
# add alias name from alias
if alias.name:
LOG.d("Put alias name in from header")
from_header = formataddr((alias.name, alias.email))
elif alias.custom_domain:
LOG.d("Put domain default alias name in from header")
# add alias name from domain
if alias.custom_domain.name:
from_header = formataddr((alias.custom_domain.name, alias.email))
add_or_replace_header(msg, "From", from_header)
# some email providers like ProtonMail adds automatically the Reply-To field
# make sure to delete it
delete_header(msg, "Reply-To")
# remove sender header if present as this could reveal user real email
delete_header(msg, "Sender")
delete_header(msg, "X-Sender")
replace_header_when_reply(msg, alias, "To")
replace_header_when_reply(msg, alias, "Cc")
# Received-SPF is injected by postfix-policyd-spf-python can reveal user original email
delete_header(msg, "Received-SPF")
LOG.d(
"send email from %s to %s, mail_options:%s,rcpt_options:%s",
alias.email,
contact.website_email,
envelope.mail_options,
envelope.rcpt_options,
)
# replace "*****@*****.**" by the contact email in the email body
# as this is usually included when replying
if user.replace_reverse_alias:
if msg.is_multipart():
for part in msg.walk():
if part.get_content_maintype() != "text":
continue
part = replace_str_in_msg(part, reply_email,
contact.website_email)
else:
msg = replace_str_in_msg(msg, reply_email, contact.website_email)
if alias_domain in ALIAS_DOMAINS:
add_dkim_signature(msg, alias_domain)
# add DKIM-Signature for custom-domain alias
else:
custom_domain: CustomDomain = CustomDomain.get_by(domain=alias_domain)
if custom_domain.dkim_verified:
add_dkim_signature(msg, alias_domain)
# create PGP email if needed
if contact.pgp_finger_print and user.is_premium():
LOG.d("Encrypt message for contact %s", contact)
try:
msg = prepare_pgp_message(msg, contact.pgp_finger_print)
except PGPException:
LOG.exception("Cannot encrypt message %s -> %s. %s %s", alias,
contact, mailbox, user)
# so the client can retry later
return False, "421 SL E13 Retry later"
try:
smtp.sendmail(
alias.email,
contact.website_email,
msg.as_bytes(),
envelope.mail_options,
envelope.rcpt_options,
)
except Exception:
LOG.exception("Cannot send email from %s to %s", alias, contact)
send_email(
mailbox.email,
f"Email cannot be sent to {contact.email} from {alias.email}",
render(
"transactional/reply-error.txt",
user=user,
alias=alias,
contact=contact,
contact_domain=get_email_domain_part(contact.email),
),
render(
"transactional/reply-error.html",
user=user,
alias=alias,
contact=contact,
contact_domain=get_email_domain_part(contact.email),
),
)
else:
EmailLog.create(contact_id=contact.id,
is_reply=True,
user_id=contact.user_id)
db.session.commit()
return True, "250 Message accepted for delivery"
def setting():
form = SettingForm()
promo_form = PromoCodeForm()
email_change = EmailChange.get_by(user_id=current_user.id)
if email_change:
pending_email = email_change.new_email
else:
pending_email = None
if request.method == "POST":
if request.form.get("form-name") == "update-profile":
if form.validate():
profile_updated = False
# update user info
if form.name.data != current_user.name:
current_user.name = form.name.data
db.session.commit()
profile_updated = True
if form.profile_picture.data:
file_path = random_string(30)
file = File.create(path=file_path)
s3.upload_from_bytesio(
file_path, BytesIO(form.profile_picture.data.read())
)
db.session.flush()
LOG.d("upload file %s to s3", file)
current_user.profile_picture_id = file.id
db.session.commit()
profile_updated = True
if profile_updated:
flash(f"Your profile has been updated", "success")
if (
form.email.data
and form.email.data != current_user.email
and not pending_email
):
new_email = form.email.data
# check if this email is not used by other user, or as alias
if (
User.get_by(email=new_email)
or GenEmail.get_by(email=new_email)
or DeletedAlias.get_by(email=new_email)
):
flash(f"Email {new_email} already used", "error")
elif email_belongs_to_alias_domains(new_email):
flash(
"You cannot use alias as your personal inbox. Nice try though 😉",
"error",
)
else:
email_change = EmailChange.create(
user_id=current_user.id,
code=random_string(
60
), # todo: make sure the code is unique
new_email=new_email,
)
db.session.commit()
send_change_email_confirmation(current_user, email_change)
flash(
"A confirmation email is on the way, please check your inbox",
"success",
)
elif request.form.get("form-name") == "change-password":
send_reset_password_email(current_user)
elif request.form.get("form-name") == "notification-preference":
choose = request.form.get("notification")
if choose == "on":
current_user.notification = True
else:
current_user.notification = False
db.session.commit()
flash("Your notification preference has been updated", "success")
elif request.form.get("form-name") == "delete-account":
User.delete(current_user.id)
db.session.commit()
flash("Your account has been deleted", "success")
logout_user()
return redirect(url_for("auth.register"))
elif request.form.get("form-name") == "change-alias-generator":
scheme = int(request.form.get("alias-generator-scheme"))
if AliasGeneratorEnum.has_value(scheme):
current_user.alias_generator = scheme
db.session.commit()
flash("Your preference has been updated", "success")
elif request.form.get("form-name") == "export-data":
data = {
"email": current_user.email,
"name": current_user.name,
"aliases": [],
"apps": [],
"custom_domains": [],
}
for alias in GenEmail.filter_by(
user_id=current_user.id
).all(): # type: GenEmail
data["aliases"].append(dict(email=alias.email, enabled=alias.enabled))
for custom_domain in CustomDomain.filter_by(user_id=current_user.id).all():
data["custom_domains"].append(custom_domain.domain)
for app in Client.filter_by(user_id=current_user.id): # type: Client
data["apps"].append(
dict(name=app.name, home_url=app.home_url, published=app.published)
)
return Response(
json.dumps(data),
mimetype="text/json",
headers={"Content-Disposition": "attachment;filename=data.json"},
)
return redirect(url_for("dashboard.setting"))
return render_template(
"dashboard/setting.html",
form=form,
PlanEnum=PlanEnum,
promo_form=promo_form,
pending_email=pending_email,
AliasGeneratorEnum=AliasGeneratorEnum,
)
def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> str:
reply_email = rcpt_to.lower()
# reply_email must end with EMAIL_DOMAIN
if not reply_email.endswith(EMAIL_DOMAIN):
LOG.warning(f"Reply email {reply_email} has wrong domain")
return "550 wrong reply email"
forward_email = ForwardEmail.get_by(reply_email=reply_email)
if not forward_email:
LOG.warning(f"No such forward-email with {reply_email} as reply-email")
return "550 wrong reply email"
alias: str = forward_email.gen_email.email
alias_domain = alias[alias.find("@") + 1 :]
# alias must end with one of the ALIAS_DOMAINS or custom-domain
if not email_belongs_to_alias_domains(alias):
if not CustomDomain.get_by(domain=alias_domain):
return "550 alias unknown by SimpleLogin"
gen_email = forward_email.gen_email
user = gen_email.user
mailbox_email = gen_email.mailbox_email()
# bounce email initiated by Postfix
# can happen in case emails cannot be delivered to user-email
# in this case Postfix will try to send a bounce report to original sender, which is
# the "reply email"
if envelope.mail_from == "<>":
LOG.error("Bounce when sending to alias %s, user %s", alias, gen_email.user)
handle_bounce(
alias, envelope, forward_email, gen_email, msg, smtp, user, mailbox_email
)
return "550 ignored"
# only mailbox can send email to the reply-email
if envelope.mail_from.lower() != mailbox_email.lower():
LOG.warning(
f"Reply email can only be used by user email. Actual mail_from: %s. msg from header: %s, User email %s. reply_email %s",
envelope.mail_from,
msg["From"],
mailbox_email,
reply_email,
)
user = gen_email.user
send_email(
mailbox_email,
f"Reply from your alias {alias} only works from your mailbox",
render(
"transactional/reply-must-use-personal-email.txt",
name=user.name,
alias=alias,
sender=envelope.mail_from,
mailbox_email=mailbox_email,
),
render(
"transactional/reply-must-use-personal-email.html",
name=user.name,
alias=alias,
sender=envelope.mail_from,
mailbox_email=mailbox_email,
),
)
# Notify sender that they cannot send emails to this address
send_email(
envelope.mail_from,
f"Your email ({envelope.mail_from}) is not allowed to send emails to {reply_email}",
render(
"transactional/send-from-alias-from-unknown-sender.txt",
sender=envelope.mail_from,
reply_email=reply_email,
),
"",
)
return "550 ignored"
delete_header(msg, "DKIM-Signature")
# the email comes from alias
add_or_replace_header(msg, "From", alias)
# some email providers like ProtonMail adds automatically the Reply-To field
# make sure to delete it
delete_header(msg, "Reply-To")
# remove sender header if present as this could reveal user real email
delete_header(msg, "Sender")
add_or_replace_header(msg, "To", forward_email.website_email)
# add List-Unsubscribe header
unsubscribe_link = f"{URL}/dashboard/unsubscribe/{forward_email.gen_email_id}"
add_or_replace_header(msg, "List-Unsubscribe", f"<{unsubscribe_link}>")
add_or_replace_header(msg, "List-Unsubscribe-Post", "List-Unsubscribe=One-Click")
# Received-SPF is injected by postfix-policyd-spf-python can reveal user original email
delete_header(msg, "Received-SPF")
LOG.d(
"send email from %s to %s, mail_options:%s,rcpt_options:%s",
alias,
forward_email.website_email,
envelope.mail_options,
envelope.rcpt_options,
)
if alias_domain in ALIAS_DOMAINS:
add_dkim_signature(msg, alias_domain)
# add DKIM-Signature for custom-domain alias
else:
custom_domain: CustomDomain = CustomDomain.get_by(domain=alias_domain)
if custom_domain.dkim_verified:
add_dkim_signature(msg, alias_domain)
msg_raw = msg.as_string().encode()
smtp.sendmail(
alias,
forward_email.website_email,
msg_raw,
envelope.mail_options,
envelope.rcpt_options,
)
ForwardEmailLog.create(forward_id=forward_email.id, is_reply=True)
db.session.commit()
return "250 Message accepted for delivery"
