+++ /dev/null
-#!/usr/bin/env python3
-# vim:sw=4 ts=4 et:
-
-import email
-import smtplib
-import ssl
-import socket
-import sys
-import os
-
-try:
- from xtermcolor import colorize
- COLOR_ERROR = 0xff0000
- COLOR_WARN = 0xffff00
- COLOR_GOOD = 0x00ff00
- def print_error(val="", *args, **kwargs):
- return print(colorize(val, COLOR_ERROR), *args, **kwargs)
- def print_warn(val="", *args, **kwargs):
- return print(colorize(val, COLOR_WARN), *args, **kwargs)
- def print_good(val="", *args, **kwargs):
- return print(colorize(val, COLOR_GOOD), *args, **kwargs)
-except ImportError:
- print("Install the python3-xtermcolor package for coloured output")
- print_error = print
- print_warn = print
- print_good = print
-
-try:
- import yaml
-except ImportError:
- print_error("ERROR: python yaml module not installed - run the following and try again:", file=sys.stderr)
- print("sudo apt-get install python3-yaml", file=sys.stderr)
- sys.exit(1)
-
-def do_tls(conn, sslv):
- # Possible values of smtp_sslv: none|peer|client_once|fail_if_no_peer_cert
- try:
- # Creating a context with the purpose of server authentication implies verifying the certificate
- if not hasattr(ssl,'create_default_context'):
- # ssl.create_default_context is in Python 3.4+
- print_warn('WARNING: cannot attempt verification of server certificate:')
- print_warn(' (need Python 3.4+ to attempt verification)')
- # Damn you, openssl. Why don't you support IPv6?
- if conn.sock.family == socket.AF_INET:
- print_warn(' You can verify the certificate manually by running:')
- print_warn(' echo quit | openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt \\')
- print_warn(' -starttls smtp -connect {}:{}'.format(*conn.sock.getpeername()[0:2]))
- return conn.starttls()
- sslcontext=ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)
- # The None below looks like might be a typo but it's not - it represents the ActiveRecord default (to verify)
- if sslv in (None, 'peer', 'client_once', 'fail_if_no_peer_cert'):
- # defaults are good
- conn.starttls(context=sslcontext)
- elif sslv in ('none',):
- # disable cert checking
- sslcontext.check_hostname = False
- sslcontext.verify_mode = ssl.CERT_NONE
- conn.starttls(context=sslcontext)
- else:
- raise ValueError('invalid value for DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: {}'.format(sslv))
- except smtplib.SMTPException as e:
- if (sslv is None) and ('STARTTLS extension not supported by server' in e.args[0]):
- print_warn("unable to establish TLS, continuing: {}".format(e.args[0]))
- else:
- raise
-
-### Start of execution ###
-cfgfile = sys.argv[1]
-try:
- destemail = sys.argv[2]
-except IndexError:
- destemail = input('Enter your email address: ')
-srcemail = 'nobody+launcher-mailtest@discourse.org'
-
-# Read in the container yaml and grab the env section
-cfgdata = yaml.safe_load(open(cfgfile).read())
-envdata = cfgdata['env']
-
-# Here are the variables we'll test
-smtp_addr = envdata.get('DISCOURSE_SMTP_ADDRESS')
-smtp_port = envdata.get('DISCOURSE_SMTP_PORT')
-smtp_user = envdata.get('DISCOURSE_SMTP_USER_NAME')
-smtp_pass = envdata.get('DISCOURSE_SMTP_PASSWORD')
-smtp_sslv = envdata.get('DISCOURSE_SMTP_OPENSSL_VERIFY_MODE')
-
-# Yoink out the settings from the file - we'll print them and put them in the email
-testinfo = 'DISCOURSE_SMTP_ settings:\n'
-for k,v in filter(lambda x: x[0].startswith('DISCOURSE_SMTP_'), envdata.items()):
- if 'PASSWORD' in k:
- v = '(hidden)'
- testinfo += ' {} = {}\n'.format(k,v)
-print(testinfo)
-
-# Ensure at least smtp-addr is specified - everything else is optional
-if smtp_addr is None:
- print_error("ERROR: DISCOURSE_SMTP_ADDRESS not specified", file=sys.stderr)
- sys.exit(1)
-
-if (smtp_user is None and smtp_pass is not None) or (smtp_user is not None and smtp_pass is None):
- print_error("ERROR: both username and password must be specified for auth", file=sys.stderr)
- sys.exit(1)
-
-# Do we have a known good set of parameters?
-known_good_settings = {
- ('smtp.mandrillapp.com', 587): 'Mandrill',
-}
-try:
- print_good('You are correctly configured to use: {}'.format(known_good_settings[smtp_addr,smtp_port]))
-except KeyError:
- pass
-
-# Try and ensure the test is valid
-if destemail.split('@',1)[1] in smtp_addr:
- print_warn('WARNING: {} may be allowed to relay mail to {}, this may not be a valid test!'.format(smtp_addr, destemail))
-
-# Outbound port smtp?
-if smtp_port == 25 or smtp_port is None:
- print_warn('WARNING: many networks block outbound port 25 - consider an alternative (587?)')
-
-# Outbound port smtps?
-if smtp_port == 465:
- print_warn("WARNING: I can't yet handle testing port 465.")
- print_warn(" It's probably wrong though - most servers use 587 or 25 for submission.")
-
-# Outbound port submission?
-if smtp_port == 587:
- if smtp_user is None:
- print_warn('WARNING: trying to use the submission (587) port without authenticating will probably fail')
-
-# Build the message and send!
-msg = email.message.Message()
-msg.add_header('From', 'nobody+launcher-mailtest@discourse.org')
-msg.add_header('To', destemail)
-msg.add_header('Subject', 'discourse launcher mailtest for {}'.format(os.path.basename(cfgfile)))
-msg.set_payload(testinfo)
-
-try:
- smtp = smtplib.SMTP(smtp_addr, smtp_port, timeout=5)
- #smtp.debuglevel=1
- do_tls(smtp,smtp_sslv)
- if smtp_user:
- smtp.login(smtp_user, smtp_pass)
- result = smtp.sendmail('nobody+launcher-mailtest@discourse.org', destemail, msg.as_string())
-except socket.gaierror as e:
- print_error("ERROR: {}".format(e.args[-1]), file=sys.stderr)
- print(" Ensure that the host '{}' exists".format(smtp_addr), file=sys.stderr)
- sys.exit(1)
-except socket.timeout as e:
- print_error("ERROR: {}".format(e.args[-1]), file=sys.stderr)
- print(" Ensure that the host '{}' is up and port {} is reachable".format(smtp_addr, smtp_port), file=sys.stderr)
- print(" If your settings are known-good, ensure outbound port {} is not blocked".format(smtp_port), file=sys.stderr)
- sys.exit(1)
-except smtplib.SMTPConnectError as e:
- print_error("ERROR: {}".format(e.args[-1]), file=sys.stderr)
- print(" Ensure that the host '{}' is up and port {} is reachable".format(smtp_addr, smtp_port), file=sys.stderr)
- sys.exit(1)
-except ssl.SSLError as e:
- print_error("ERROR: unable to establish TLS: {}".format(e.args[-1]), file=sys.stderr)
- if 'certificate verify failed' in e.args[-1]:
- print(" Fix the host certificate or disable validation".format(smtp_addr), file=sys.stderr)
- sys.exit(1)
-except smtplib.SMTPRecipientsRefused as e:
- print_error("ERROR: {}".format(e.args[-1].popitem()[1][1].decode()), file=sys.stderr)
- print(" You must provide a username/password to send to this host", file=sys.stderr)
- sys.exit(1)
-except smtplib.SMTPAuthenticationError as e:
- print_error("ERROR: {}".format(e.args[-1].decode()), file=sys.stderr)
- print(" Check to ensure your username and password are correct", file=sys.stderr)
- sys.exit(1)
-except smtplib.SMTPException as e:
- print_error("ERROR: {}".format(e.args[-1]), file=sys.stderr)
- if 'SMTP AUTH extension not supported by server' in e.args[0]:
- print(" Authorization is not available - you may need to use TLS", file=sys.stderr)
- sys.exit(1)
-except ValueError as e:
- print_error("ERROR: {}".format(e.args[-1]), file=sys.stderr)
- sys.exit(1)
-
-print_good("Success!")
projects / discourse_docker.git / commitdiff