-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add email.tlsname config option #17849
Conversation
The existing `email.smtp_host` config option is used for two distinct purposes: it is resolved into the IP address to connect to, and used to (request via SNI and) validate the server's certificate if TLS is enabled. This new option allows specifying a different name for the second purpose. This is especially helpful, if `email.smtp_host` isn't a global FQDN, but something that resolves only locally (e.g. "localhost" to connect through the loopback interface, or some other internally routed name), that one cannot get a valid certificate for.
9cc3545
to
685f746
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems reasonable on face value.
Have you tested to make sure this works?
I did test it in one configuration ( The I did not touch the branch for Twisted < v21. Should I try to implement this for old Twisted versions as well? That would basically entail backporting the |
synapse/handlers/send_email.py
Outdated
@@ -117,10 +122,10 @@ def build_sender_factory(**kwargs: Any) -> ESMTPSenderFactory: | |||
else: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did not touch the branch for Twisted < v21. Should I try to implement this for old Twisted versions as well? That would basically entail backporting the
hostname
parameter introduced in Twisted v21 into our_NoTLSESMTPSender
class, where that class would also need to close over thetlsname
parameter, as it's value isn't provided through the v21ESTMPSenderFactory
. I don't have a system with old Twisted readily available to test that such an implementation.
Or maybe just log an error and refuse to send mail if Twisted < v21 andtlsname != smtphost
?
Thanks for bringing this up!
If we're not going to support this option for Twisted < v21, it would be ideal fail early and not start up at all (error when parsing the config). Along with updating the documentation to state the version requirement. But I'm not sure of another spot where we make a similar constraint. Perhaps it's important that we support Twisted < v21 but I don't have that context.
I also don't have a sense for how big or complex the hostname
backport would be but seems like it's do-able to you.
I don't have a system with old Twisted readily available to test that such an implementation.
It looks like the trial-olddeps
CI job uses the minimum versions from our pyproject.toml
which will be Twisted 18.9.0. So as long as we have some tests for this new functionality in tests/handlers/test_send_email.py
, we should be covered.
I can run the CI when you want but should be also possible emulate the same thing that the CI job is doing to test it locally as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should now also work with Twisted < v21. I also added a check to the tests that we pass the tlsname
to Twisted, and successfully ran that with both old and new Twisted. I did not verify that old Twisted actually does with this parameter what we want it to do, but it is at least documented as such. (With new Twisted I mentioned before I tested it with an actual SMTP server. I did repeat that test for the happy path, a cert with commonname = tlsname
≠ smtp_host
is still being accepted.)
I also was not able to reproduce the sytest failure for commit 685f746 locally ($ podman run --rm -it -v "$PWD":/src:ro -v "$PWD"/logs\:/logs -e POSTGRES=1 -e MULTI_POSTGRES=1 -e WORKERS=1 -e REDIS=1 docker.io/matrixdotorg/sytest-synapse:focal
completes with run-tests PASSED
). The failures also appear to affect parts I didn't really touch. If you nonetheless think it's related to my changes, I can try looking into it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the diligence @cynhr!
The CI is all green ✅ and the previous failure was probably just a flakey test (unfortunately).
Old twisted versions' ESMTPSenderFactory doesn't support the `hostname` parameter used to implement the email.tlsname configuration option (and also the email.enable_tls option). This backports that parameter by extending ESMTPSenderFactory when twisted is old. Were shadowing the attribute `ESMTPSenderFactory.protocol` with the method `_BackportESMTPSenderFactory.protocol` here, that is on purpose. That attribute usually contains the `ESMTPSender` class. It is used by `ESMTPSenderFactory.buildProtocol` as a Callable to instantiate an `ESMTPSender`. By providing this Callable as a method, the previously set `_BackportESMTPSenderFactory.__hostname` can be provided to the newly instantiated `_BackportESMTPSender`. Note the `# type: ignore` annotation required to pass the mypy type checker. Mypy assigns the type `Type[ESMTPSender]` to `ESMTPSenderFactory.protocol`, which is valid (twisted does assign a `Type[ESMTPSender]`), but AFAICT it is only ever used to instantiate values of that type, i.e. as a `Callable[[...], ESMTPSender]`, so overriding it with a method with that signature should be fine. It is a public attribute though, so technically it could be accessed somewhere else, actually requiring a `Type[ESMTPSender]`. But we do need to get the `hostname` parameter to our `_BackportESMTPSender` somehow, and this seems neater compared to the two alternatives I considered: * Override `ESMTPSenderFactory.buildProtocol` instead of `ESMTPSenderFactory.protocol`. That would require copying the entire body of `ESMTPSenderFactory.buildProtocol` into `_BackportESMTPSenderFactory.buildProtocol`, most of which isn't related to the change we're trying to implement. That just seems unnecessarily brittle (e.g. maybe different old twisted versions could have different versions `buildProtocol` (I didn't check), picking one of them could lead to an inconsistent object). * Set `self.protocol` in `_BackportESMTPSenderFactory.__init__` to a class defined within `_BackportESMTPSenderFactory.__init__`, such that it can close over the `hostname` parameter---i.e. each instantiation of the `_BackportESMTPSenderFactory` would define a new class extending `ESMTPSender` specific to that instantiation's `hostname` parameter. That's a nice (functional-style) solution, but I think the solution implemented here might feel more natural to the average python programmer. This effectively retrofits modern twisted's [1] `hostname` parameter to old twisted's [2] classes. [1]: https://github.com/twisted/twisted/blob/twisted-24.11.0/src/twisted/mail/smtp.py#L1992 [2]: https://github.com/twisted/twisted/blob/twisted-21.2.0/src/twisted/mail/smtp.py#L2005
b8c3ad7
to
beeddf2
Compare
Ensure the email.tlsname parameter ends up in the `ClientTLSOptions._hostname` attribute, which is documented as "The hostname to verify".
Please note that this version of Synapse drops support for PostgreSQL 11 and 12. The minimum version of PostgreSQL supported is now version 13. No significant changes since 1.122.0rc1. - Remove support for PostgreSQL 11 and 12. Contributed by @clokep. ([\#18034](element-hq/synapse#18034)) - Added the `email.tlsname` config option. This allows specifying the domain name used to validate the SMTP server's TLS certificate separately from the `email.smtp_host` to connect to. ([\#17849](element-hq/synapse#17849)) - Module developers will have access to the user ID of the requester when adding `check_username_for_spam` callbacks to `spam_checker_module_callbacks`. Contributed by [email protected]. ([\#17916](element-hq/synapse#17916)) - Add endpoints to the Admin API to fetch the number of invites the provided user has sent after a given timestamp, fetch the number of rooms the provided user has joined after a given timestamp, and get report IDs of event reports against a provided user (i.e. where the user was the sender of the reported event). ([\#17948](element-hq/synapse#17948)) - Support stable account suspension from [MSC3823](matrix-org/matrix-spec-proposals#3823). ([\#17964](element-hq/synapse#17964)) - Add `macaroon_secret_key_path` config option. ([\#17983](element-hq/synapse#17983)) - Fix bug when rejecting withdrew invite with a `third_party_rules` module, where the invite would be stuck for the client. ([\#17930](element-hq/synapse#17930)) - Properly purge state groups tables when purging a room with the Admin API. ([\#18024](element-hq/synapse#18024)) - Fix a bug preventing the admin redaction endpoint from working on messages from remote users. ([\#18029](element-hq/synapse#18029), [\#18043](element-hq/synapse#18043)) - Update `synapse.app.generic_worker` documentation to only recommend `GET` requests for stream writer routes by default, unless the worker is also configured as a stream writer. Contributed by @evoL. ([\#17954](element-hq/synapse#17954)) - Add documentation for the previously-undocumented `last_seen_ts` query parameter to the query user Admin API. ([\#17976](element-hq/synapse#17976)) - Improve documentation for the `TaskScheduler` class. ([\#17992](element-hq/synapse#17992)) - Fix example in reverse proxy docs to include server port. ([\#17994](element-hq/synapse#17994)) - Update Alpine Linux Synapse Package Maintainer within the installation instructions. ([\#17846](element-hq/synapse#17846)) - Add `RoomID` & `EventID` rust types. ([\#17996](element-hq/synapse#17996)) - Fix various type errors across the codebase. ([\#17998](element-hq/synapse#17998)) - Disable DB statement timeout when doing a room purge since it can be quite long. ([\#18017](element-hq/synapse#18017)) - Remove some remaining uses of `twisted.internet.defer.returnValue`. Contributed by Colin Watson. ([\#18020](element-hq/synapse#18020)) - Refactor `get_profile` to no longer include fields with a value of `None`. ([\#18063](element-hq/synapse#18063)) * Bump anyhow from 1.0.93 to 1.0.95. ([\#18012](element-hq/synapse#18012), [\#18045](element-hq/synapse#18045)) * Bump authlib from 1.3.2 to 1.4.0. ([\#18048](element-hq/synapse#18048)) * Bump dawidd6/action-download-artifact from 6 to 7. ([\#17981](element-hq/synapse#17981)) * Bump http from 1.1.0 to 1.2.0. ([\#18013](element-hq/synapse#18013)) - Bump mypy from 1.11.2 to 1.12.1. ([\#17999](element-hq/synapse#17999)) * Bump mypy-zope from 1.0.8 to 1.0.9. ([\#18047](element-hq/synapse#18047)) * Bump pillow from 10.4.0 to 11.0.0. ([\#18015](element-hq/synapse#18015)) * Bump pydantic from 2.9.2 to 2.10.3. ([\#18014](element-hq/synapse#18014)) * Bump pyicu from 2.13.1 to 2.14. ([\#18060](element-hq/synapse#18060)) * Bump pyo3 from 0.23.2 to 0.23.3. ([\#18001](element-hq/synapse#18001)) * Bump python-multipart from 0.0.16 to 0.0.18. ([\#17985](element-hq/synapse#17985)) * Bump sentry-sdk from 2.17.0 to 2.19.2. ([\#18061](element-hq/synapse#18061)) * Bump serde from 1.0.215 to 1.0.217. ([\#18031](element-hq/synapse#18031), [\#18059](element-hq/synapse#18059)) * Bump serde_json from 1.0.133 to 1.0.134. ([\#18044](element-hq/synapse#18044)) * Bump twine from 5.1.1 to 6.0.1. ([\#18049](element-hq/synapse#18049)) **Changelogs for older versions can be found [here](docs/changelogs/).**
The existing
email.smtp_host
config option is used for two distinct purposes: it is resolved into the IP address to connect to, and used to (request via SNI and) validate the server's certificate if TLS is enabled. This new option allows specifying a different name for the second purpose.This is especially helpful, if
email.smtp_host
isn't a global FQDN, but something that resolves only locally (e.g. "localhost" to connect through the loopback interface, or some other internally routed name), that one cannot get a valid certificate for.Alternatives would of course be to specify a global FQDN as
email.smtp_host
, or to disable TLS entirely, both of which might be undesirable, depending on the SMTP server configuration.Pull Request Checklist
EventStore
toEventWorkerStore
.".code blocks
.(run the linters)