From d2145608089777cd27175763cf9f71ca2a3159f5 Mon Sep 17 00:00:00 2001 From: Mark Sapiro <mark@msapiro.net> Date: Fri, 6 May 2016 14:44:28 -0700 Subject: Implement SASL and STARTTLS in SMTPDirect.py. --- Mailman/Defaults.py.in | 16 ++++++++++++++++ Mailman/Handlers/SMTPDirect.py | 30 ++++++++++++++++++++++++++++++ NEWS | 5 +++++ 3 files changed, 51 insertions(+) diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in index a71875ac..3569cc07 100755 --- a/Mailman/Defaults.py.in +++ b/Mailman/Defaults.py.in @@ -562,6 +562,22 @@ SMTPPORT = 0 # default from smtplib # when DELIVERY_MODULE is 'Sendmail'. SENDMAIL_CMD = '/usr/lib/sendmail' +# SMTP authentication for DELIVERY_MODULE = 'SMTPDirect'. To enable SASL +# authentication for SMTPDirect, set SMTP_AUTH = Yes and provide appropriate +# settings for SMTP_USER and SMTP_PASSWD. +SMTP_AUTH = No +SMTP_USER = '' +SMTP_PASSWD = '' + +# If using SASL authentication (SMTP_AUTH = Yes), set the following to Yes +# to also use TLS. This has no effect if SMTP_AUTH = No. +SMTP_USE_TLS = No + +# When using TLS the following should be set to the hostname that should be +# used in order to identify Mailman to the SMTP server. By default, it +# uses DEFAULT_URL_HOST. Normally, you should not change this. +SMTP_HELO_HOST = DEFAULT_URL_HOST + # Set these variables if you need to authenticate to your NNTP server for # Usenet posting or reading. If no authentication is necessary, specify None # for both variables. diff --git a/Mailman/Handlers/SMTPDirect.py b/Mailman/Handlers/SMTPDirect.py index 32b03423..3b489c2f 100644 --- a/Mailman/Handlers/SMTPDirect.py +++ b/Mailman/Handlers/SMTPDirect.py @@ -63,6 +63,36 @@ class Connection: self.__conn = smtplib.SMTP() self.__conn.set_debuglevel(mm_cfg.SMTPLIB_DEBUG_LEVEL) self.__conn.connect(mm_cfg.SMTPHOST, mm_cfg.SMTPPORT) + if mm_cfg.SMTP_AUTH: + if mm_cfg.SMTP_USE_TLS: + try: + self.__conn.starttls() + except SMTPException, e: + syslog('smtp-failure', 'SMTP TLS error: %s', e) + self.quit() + raise + try: + self.__conn.ehlo(mm_cfg.SMTP_HELO_HOST) + except SMTPException, e: + syslog('smtp-failure', 'SMTP EHLO error: %s', e) + self.quit() + raise + try: + self.__conn.login(mm_cfg.SMTP_USER, mm_cfg.SMTP_PASSWD) + except smtplib.SMTPHeloError, e: + syslog('smtp-failure', 'SMTP HELO error: %s', e) + self.quit() + raise + except smtplib.SMTPAuthenticationError, e: + syslog('smtp-failure', 'SMTP AUTH error: %s', e) + self.quit() + raise + except smtplib.SMTPException, e: + syslog('smtp-failure', + 'SMTP - no suitable authentication method found: %s', e) + self.quit() + raise + self.__numsessions = mm_cfg.SMTP_MAX_SESSIONS_PER_CONNECTION def sendmail(self, envsender, recips, msgtext): diff --git a/NEWS b/NEWS index e9939cde..c6660b9f 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,11 @@ Here is a history of user visible changes to Mailman. New Features + - SMTPDirect.py can now do SASL authentication and STARTTLS security when + connecting to the outgoiung MTA. Associated with this are new + Defaults.py/mm_cfg.py settings SMTP_AUTH, SMTP_USER, SMTP_PASSWD and + SMTP_USE_TLS. (LP: #558281) + - There is a new Defaults.py/mm_cfg.py setting SMTPLIB_DEBUG_LEVEL which can be set to 1 to enable verbose smtplib debugging to Mailman's error log to help with debugging 'low level smtp failures'. (LP: # 1573074) -- cgit v1.2.3