333 lines
10 KiB
Bash
333 lines
10 KiB
Bash
#!/usr/bin/env sh
|
|
|
|
# support smtp
|
|
|
|
# Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3358
|
|
|
|
# This implementation uses either curl or Python (3 or 2.7).
|
|
# (See also the "mail" notify hook, which supports other ways to send mail.)
|
|
|
|
# SMTP_FROM="from@example.com" # required
|
|
# SMTP_TO="to@example.com" # required
|
|
# SMTP_HOST="smtp.example.com" # required
|
|
# SMTP_PORT="25" # defaults to 25, 465 or 587 depending on SMTP_SECURE
|
|
# SMTP_SECURE="none" # one of "none", "ssl" (implicit TLS, TLS Wrapper), "tls" (explicit TLS, STARTTLS)
|
|
# SMTP_USERNAME="" # set if SMTP server requires login
|
|
# SMTP_PASSWORD="" # set if SMTP server requires login
|
|
# SMTP_TIMEOUT="30" # seconds for SMTP operations to timeout
|
|
# SMTP_BIN="/path/to/curl_or_python" # default finds first of curl, python3, or python on PATH
|
|
|
|
# subject content statuscode
|
|
smtp_send() {
|
|
_SMTP_SUBJECT="$1"
|
|
_SMTP_CONTENT="$2"
|
|
# UNUSED: _statusCode="$3" # 0: success, 1: error 2($RENEW_SKIP): skipped
|
|
|
|
# Load config:
|
|
SMTP_FROM="${SMTP_FROM:-$(_readaccountconf_mutable SMTP_FROM)}"
|
|
SMTP_TO="${SMTP_TO:-$(_readaccountconf_mutable SMTP_TO)}"
|
|
SMTP_HOST="${SMTP_HOST:-$(_readaccountconf_mutable SMTP_HOST)}"
|
|
SMTP_PORT="${SMTP_PORT:-$(_readaccountconf_mutable SMTP_PORT)}"
|
|
SMTP_SECURE="${SMTP_SECURE:-$(_readaccountconf_mutable SMTP_SECURE)}"
|
|
SMTP_USERNAME="${SMTP_USERNAME:-$(_readaccountconf_mutable SMTP_USERNAME)}"
|
|
SMTP_PASSWORD="${SMTP_PASSWORD:-$(_readaccountconf_mutable SMTP_PASSWORD)}"
|
|
SMTP_TIMEOUT="${SMTP_TIMEOUT:-$(_readaccountconf_mutable SMTP_TIMEOUT)}"
|
|
SMTP_BIN="${SMTP_BIN:-$(_readaccountconf_mutable SMTP_BIN)}"
|
|
|
|
_debug "SMTP_FROM" "$SMTP_FROM"
|
|
_debug "SMTP_TO" "$SMTP_TO"
|
|
_debug "SMTP_HOST" "$SMTP_HOST"
|
|
_debug "SMTP_PORT" "$SMTP_PORT"
|
|
_debug "SMTP_SECURE" "$SMTP_SECURE"
|
|
_debug "SMTP_USERNAME" "$SMTP_USERNAME"
|
|
_secure_debug "SMTP_PASSWORD" "$SMTP_PASSWORD"
|
|
_debug "SMTP_TIMEOUT" "$SMTP_TIMEOUT"
|
|
_debug "SMTP_BIN" "$SMTP_BIN"
|
|
|
|
_debug "_SMTP_SUBJECT" "$_SMTP_SUBJECT"
|
|
_debug "_SMTP_CONTENT" "$_SMTP_CONTENT"
|
|
|
|
# Validate config and apply defaults:
|
|
# _SMTP_* variables are the resolved (with defaults) versions of SMTP_*.
|
|
# (The _SMTP_* versions will not be stored in account conf.)
|
|
|
|
if [ -n "$SMTP_BIN" ] && ! _exists "$SMTP_BIN"; then
|
|
_err "SMTP_BIN '$SMTP_BIN' does not exist."
|
|
return 1
|
|
fi
|
|
_SMTP_BIN="$SMTP_BIN"
|
|
if [ -z "$_SMTP_BIN" ]; then
|
|
# Look for a command that can communicate with an SMTP server.
|
|
# (Please don't add sendmail, ssmtp, mutt, mail, or msmtp here.
|
|
# Those are already handled by the "mail" notify hook.)
|
|
for cmd in curl python3 python2.7 python pypy3 pypy; do
|
|
if _exists "$cmd"; then
|
|
_SMTP_BIN="$cmd"
|
|
break
|
|
fi
|
|
done
|
|
if [ -z "$_SMTP_BIN" ]; then
|
|
_err "The smtp notify-hook requires curl or Python, but can't find any."
|
|
_err 'If you have one of them, define SMTP_BIN="/path/to/curl_or_python".'
|
|
_err 'Otherwise, see if you can use the "mail" notify-hook instead.'
|
|
return 1
|
|
fi
|
|
_debug "_SMTP_BIN" "$_SMTP_BIN"
|
|
fi
|
|
|
|
if [ -z "$SMTP_FROM" ]; then
|
|
_err "You must define SMTP_FROM as the sender email address."
|
|
return 1
|
|
fi
|
|
_SMTP_FROM="$SMTP_FROM"
|
|
|
|
if [ -z "$SMTP_TO" ]; then
|
|
_err "You must define SMTP_TO as the recipient email address."
|
|
return 1
|
|
fi
|
|
_SMTP_TO="$SMTP_TO"
|
|
|
|
if [ -z "$SMTP_HOST" ]; then
|
|
_err "You must define SMTP_HOST as the SMTP server hostname."
|
|
return 1
|
|
fi
|
|
_SMTP_HOST="$SMTP_HOST"
|
|
|
|
_SMTP_SECURE="${SMTP_SECURE:-none}"
|
|
case "$_SMTP_SECURE" in
|
|
"none") smtp_default_port="25" ;;
|
|
"ssl") smtp_default_port="465" ;;
|
|
"tls") smtp_default_port="587" ;;
|
|
*)
|
|
_err "Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'."
|
|
return 1
|
|
;;
|
|
esac
|
|
|
|
_SMTP_PORT="${SMTP_PORT:-$smtp_default_port}"
|
|
if [ -z "$SMTP_PORT" ]; then
|
|
_debug "_SMTP_PORT" "$_SMTP_PORT"
|
|
fi
|
|
|
|
_SMTP_USERNAME="$SMTP_USERNAME"
|
|
_SMTP_PASSWORD="$SMTP_PASSWORD"
|
|
_SMTP_TIMEOUT="${SMTP_TIMEOUT:-30}"
|
|
|
|
# Run with --debug 2 (or above) to echo the transcript of the SMTP session.
|
|
# Careful: this may include SMTP_PASSWORD in plaintext!
|
|
if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then
|
|
_SMTP_SHOW_TRANSCRIPT="True"
|
|
else
|
|
_SMTP_SHOW_TRANSCRIPT=""
|
|
fi
|
|
|
|
# Send the message:
|
|
case "$(basename "$_SMTP_BIN")" in
|
|
curl) _smtp_send=_smtp_send_curl ;;
|
|
py*) _smtp_send=_smtp_send_python ;;
|
|
*)
|
|
_err "Can't figure out how to invoke $_SMTP_BIN."
|
|
_err "Check your SMTP_BIN setting."
|
|
return 1
|
|
;;
|
|
esac
|
|
|
|
if ! smtp_output="$($_smtp_send)"; then
|
|
_err "Error sending message with $_SMTP_BIN."
|
|
if [ -n "$smtp_output" ]; then
|
|
_err "$smtp_output"
|
|
fi
|
|
return 1
|
|
fi
|
|
|
|
# Save config only if send was successful:
|
|
_saveaccountconf_mutable SMTP_BIN "$SMTP_BIN"
|
|
_saveaccountconf_mutable SMTP_FROM "$SMTP_FROM"
|
|
_saveaccountconf_mutable SMTP_TO "$SMTP_TO"
|
|
_saveaccountconf_mutable SMTP_HOST "$SMTP_HOST"
|
|
_saveaccountconf_mutable SMTP_PORT "$SMTP_PORT"
|
|
_saveaccountconf_mutable SMTP_SECURE "$SMTP_SECURE"
|
|
_saveaccountconf_mutable SMTP_USERNAME "$SMTP_USERNAME"
|
|
_saveaccountconf_mutable SMTP_PASSWORD "$SMTP_PASSWORD"
|
|
_saveaccountconf_mutable SMTP_TIMEOUT "$SMTP_TIMEOUT"
|
|
|
|
return 0
|
|
}
|
|
|
|
# Send the message via curl using _SMTP_* variables
|
|
_smtp_send_curl() {
|
|
# curl passes --mail-from and --mail-rcpt directly to the SMTP protocol without
|
|
# additional parsing, and SMTP requires addr-spec only (no display names).
|
|
# In the future, maybe try to parse the addr-spec out for curl args (non-trivial).
|
|
if _email_has_display_name "$_SMTP_FROM"; then
|
|
_err "curl smtp only allows a simple email address in SMTP_FROM."
|
|
_err "Change your SMTP_FROM='$SMTP_FROM' to remove the display name."
|
|
return 1
|
|
fi
|
|
if _email_has_display_name "$_SMTP_TO"; then
|
|
_err "curl smtp only allows simple email addresses in SMTP_TO."
|
|
_err "Change your SMTP_TO='$SMTP_TO' to remove the display name(s)."
|
|
return 1
|
|
fi
|
|
|
|
# Build curl args in $@
|
|
|
|
case "$_SMTP_SECURE" in
|
|
none)
|
|
set -- --url "smtp://${_SMTP_HOST}:${_SMTP_PORT}"
|
|
;;
|
|
ssl)
|
|
set -- --url "smtps://${_SMTP_HOST}:${_SMTP_PORT}"
|
|
;;
|
|
tls)
|
|
set -- --url "smtp://${_SMTP_HOST}:${_SMTP_PORT}" --ssl-reqd
|
|
;;
|
|
*)
|
|
# This will only occur if someone adds a new SMTP_SECURE option above
|
|
# without updating this code for it.
|
|
_err "Unhandled _SMTP_SECURE='$_SMTP_SECURE' in _smtp_send_curl"
|
|
_err "Please re-run with --debug and report a bug."
|
|
return 1
|
|
;;
|
|
esac
|
|
|
|
set -- "$@" \
|
|
--upload-file - \
|
|
--mail-from "$_SMTP_FROM" \
|
|
--max-time "$_SMTP_TIMEOUT"
|
|
|
|
# Burst comma-separated $_SMTP_TO into individual --mail-rcpt args.
|
|
_to="${_SMTP_TO},"
|
|
while [ -n "$_to" ]; do
|
|
_rcpt="${_to%%,*}"
|
|
_to="${_to#*,}"
|
|
set -- "$@" --mail-rcpt "$_rcpt"
|
|
done
|
|
|
|
_smtp_login="${_SMTP_USERNAME}:${_SMTP_PASSWORD}"
|
|
if [ "$_smtp_login" != ":" ]; then
|
|
set -- "$@" --user "$_smtp_login"
|
|
fi
|
|
|
|
if [ "$_SMTP_SHOW_TRANSCRIPT" = "True" ]; then
|
|
set -- "$@" --verbose
|
|
else
|
|
set -- "$@" --silent --show-error
|
|
fi
|
|
|
|
raw_message="$(_smtp_raw_message)"
|
|
|
|
_debug2 "curl command:" "$_SMTP_BIN" "$*"
|
|
_debug2 "raw_message:\n$raw_message"
|
|
|
|
echo "$raw_message" | "$_SMTP_BIN" "$@"
|
|
}
|
|
|
|
# Output an RFC-822 / RFC-5322 email message using _SMTP_* variables
|
|
_smtp_raw_message() {
|
|
echo "From: $_SMTP_FROM"
|
|
echo "To: $_SMTP_TO"
|
|
echo "Subject: $(_mime_encoded_word "$_SMTP_SUBJECT")"
|
|
if _exists date; then
|
|
echo "Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')"
|
|
fi
|
|
echo "Content-Type: text/plain; charset=utf-8"
|
|
echo "X-Mailer: acme.sh --notify-hook smtp"
|
|
echo
|
|
echo "$_SMTP_CONTENT"
|
|
}
|
|
|
|
# Convert text to RFC-2047 MIME "encoded word" format if it contains non-ASCII chars
|
|
# text
|
|
_mime_encoded_word() {
|
|
_text="$1"
|
|
# (regex character ranges like [a-z] can be locale-dependent; enumerate ASCII chars to avoid that)
|
|
_ascii='] $`"'"[!#%&'()*+,./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ~^_abcdefghijklmnopqrstuvwxyz{|}~-"
|
|
if expr "$_text" : "^.*[^$_ascii]" >/dev/null; then
|
|
# At least one non-ASCII char; convert entire thing to encoded word
|
|
printf "%s" "=?UTF-8?B?$(printf "%s" "$_text" | _base64)?="
|
|
else
|
|
# Just printable ASCII, no conversion needed
|
|
printf "%s" "$_text"
|
|
fi
|
|
}
|
|
|
|
# Simple check for display name in an email address (< > or ")
|
|
# email
|
|
_email_has_display_name() {
|
|
_email="$1"
|
|
expr "$_email" : '^.*[<>"]' > /dev/null
|
|
}
|
|
|
|
|
|
# Send the message via Python using _SMTP_* variables
|
|
_smtp_send_python() {
|
|
_debug "Python version" "$("$_SMTP_BIN" --version 2>&1)"
|
|
|
|
# language=Python
|
|
"$_SMTP_BIN" <<EOF
|
|
# This code is meant to work with either Python 2.7.x or Python 3.4+.
|
|
try:
|
|
try:
|
|
from email.message import EmailMessage
|
|
except ImportError:
|
|
from email.mime.text import MIMEText as EmailMessage # Python 2
|
|
from smtplib import SMTP, SMTP_SSL, SMTPException
|
|
from socket import error as SocketError
|
|
except ImportError as err:
|
|
print("A required Python standard package is missing. This system may have"
|
|
" a reduced version of Python unsuitable for sending mail: %s" % err)
|
|
exit(1)
|
|
|
|
show_transcript = """$_SMTP_SHOW_TRANSCRIPT""" == "True"
|
|
|
|
smtp_host = """$_SMTP_HOST"""
|
|
smtp_port = int("""$_SMTP_PORT""")
|
|
smtp_secure = """$_SMTP_SECURE"""
|
|
username = """$_SMTP_USERNAME"""
|
|
password = """$_SMTP_PASSWORD"""
|
|
timeout=int("""$_SMTP_TIMEOUT""") # seconds
|
|
|
|
from_email="""$_SMTP_FROM"""
|
|
to_emails="""$_SMTP_TO""" # can be comma-separated
|
|
subject="""$_SMTP_SUBJECT"""
|
|
content="""$_SMTP_CONTENT"""
|
|
|
|
try:
|
|
msg = EmailMessage()
|
|
msg.set_content(content)
|
|
except (AttributeError, TypeError):
|
|
# Python 2 MIMEText
|
|
msg = EmailMessage(content)
|
|
msg["Subject"] = subject
|
|
msg["From"] = from_email
|
|
msg["To"] = to_emails
|
|
|
|
smtp = None
|
|
try:
|
|
if smtp_secure == "ssl":
|
|
smtp = SMTP_SSL(smtp_host, smtp_port, timeout=timeout)
|
|
else:
|
|
smtp = SMTP(smtp_host, smtp_port, timeout=timeout)
|
|
smtp.set_debuglevel(show_transcript)
|
|
if smtp_secure == "tls":
|
|
smtp.starttls()
|
|
if username or password:
|
|
smtp.login(username, password)
|
|
smtp.sendmail(msg["From"], msg["To"].split(","), msg.as_string())
|
|
|
|
except SMTPException as err:
|
|
# Output just the error (skip the Python stack trace) for SMTP errors
|
|
print("Error sending: %r" % err)
|
|
exit(1)
|
|
|
|
except SocketError as err:
|
|
print("Error connecting to %s:%d: %r" % (smtp_host, smtp_port, err))
|
|
exit(1)
|
|
|
|
finally:
|
|
if smtp is not None:
|
|
smtp.quit()
|
|
EOF
|
|
}
|