implement inbound email reports for roundup (#354)

* implement inbound email reports for roundup * roundup postfix: configurable REJECT messages * roundup postfix: correct virtual_domain_alias configuration
python · Apr 15, 2024 · 3a4c769 · 3a4c769
1 parent 5c0c9cd
commit 3a4c769
Show file tree

Hide file tree

Showing 5 changed files with 118 additions and 0 deletions.
diff --git a/pillar/base/bugs.sls b/pillar/base/bugs.sls
@@ -33,6 +33,8 @@ bugs:
             spambayes_ham_cutoff: "0.2"
             spambayes_spam_cutoff: "0.85"
             ciavc_server: "http://CIA.vc"
+      accept_email: False
+      email_reject_message: "This tracker is in read-only mode. Please use GitHub issues to open a ticket: https://github.com/python/cpython/issues"
     jython:
       source: https://github.com/psf/bpo-tracker-jython.git
       server_name: bugs.jython.org
@@ -56,6 +58,7 @@ bugs:
             spambayes_uri: "http://localhost:8001/sbrpc"
             spambayes_ham_cutoff: "0.2"
             spambayes_spam_cutoff: "0.85"
+      accept_email: False
     roundup:
       source: https://github.com/psf/bpo-tracker-roundup.git
       server_name: issues.roundup-tracker.org
@@ -77,6 +80,7 @@ bugs:
           nosy__email_sending: "multiple"
           extra_config: {}
       detector_config: {}
+      accept_email: True
   defaults:
       main__database: "db"
       main__template_engine: "zopetal"

diff --git a/salt/bugs/config/postfix/main.cf b/salt/bugs/config/postfix/main.cf
@@ -0,0 +1,52 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
+# fresh installs.
+compatibility_level = 3.6
+
+
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/lego/certificates/{{ grains['fqdn'] }}.crt
+smtpd_tls_key_file=/etc/lego/certificates/{{ grains['fqdn'] }}.key
+smtpd_tls_security_level=may
+
+smtp_tls_CApath=/etc/ssl/certs
+smtp_tls_security_level=may
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+myhostname = {{ grains['fqdn'] }}
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = $myhostname, localhost
+relayhost = 
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+inet_protocols = all
+
+virtual_alias_domains = {% for tracker, config in pillar["bugs"]["trackers"].items() %}{% set tracker_email_list = config["config"]["tracker__email"].split('@') %}{{ tracker_email_list[-1] }} {% endfor %}
+virtual_alias_maps = hash:/etc/postfix/virtual
+
+smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/reject_recipients
diff --git a/salt/bugs/config/postfix/reject_recipients b/salt/bugs/config/postfix/reject_recipients
@@ -0,0 +1,3 @@
+{% for tracker, config in pillar["bugs"]["trackers"].items() %}{% if not config.get("accept_email", False) %}
+{{ config["config"]["tracker__email"] }} REJECT {{ config.get("email_reject_message", "This tracker does not accept email submissions.") }}
+{%- endif %}{%- endfor %}
diff --git a/salt/bugs/config/postfix/virtual b/salt/bugs/config/postfix/virtual
@@ -0,0 +1,3 @@
+{% for tracker, config in pillar["bugs"]["trackers"].items() %}{% if config.get("accept_email", False) %}
+{{ config["config"]["tracker__email"] }}	roundup+{{ tracker }}
+{%- endif %}{%- endfor %}
diff --git a/salt/bugs/init.sls b/salt/bugs/init.sls
@@ -154,6 +154,62 @@ tracker-nginx-extras:
     - require:
       - pkg: nginx
 
+/etc/postfix/main.cf:
+  file.managed:
+    - source: salt://bugs/config/postfix/main.cf
+    - user: root
+    - group: root
+    - mode: "0644"
+    - template: jinja
+    - require:
+      - pkg: roundup-deps
+      - cmd: lego_bootstrap
+
+/etc/postfix/virtual:
+  file.managed:
+    - source: salt://bugs/config/postfix/virtual
+    - user: root
+    - group: root
+    - mode: "0644"
+    - template: jinja
+    - require:
+      - file: /etc/postfix/main.cf
+
+map-virtual:
+  cmd.run:
+    - name: postmap /etc/postfix/virtual
+    - onchanges:
+      - file: /etc/postfix/virtual
+
+/etc/postfix/reject_recipients:
+  file.managed:
+    - source: salt://bugs/config/postfix/reject_recipients
+    - user: root
+    - group: root
+    - mode: "0644"
+    - template: jinja
+    - require:
+      - file: /etc/postfix/main.cf
+
+map-reject_recipients:
+  cmd.run:
+    - name: postmap /etc/postfix/reject_recipients
+    - onchanges:
+      - file: /etc/postfix/reject_recipients
+
+postfix:
+  service.running:
+    - enable: True
+    - reload: True
+    - require:
+      - file: /etc/postfix/main.cf
+      - file: /etc/postfix/virtual
+      - file: /etc/postfix/reject_recipients
+    - watch_any:
+      - file: /etc/postfix/main.cf
+      - file: /etc/postfix/virtual
+      - file: /etc/postfix/reject_recipients
+
 {% for tracker, config in pillar["bugs"]["trackers"].items() %}
 tracker-{{ tracker }}-database:
   postgres_database.present: