notify/smtp.sh

   1 #!/usr/bin/env sh
   2
   3 # support smtp
   4
   5 # Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3358
   6
   7 # This implementation uses either curl or Python (3 or 2.7).
   8 # (See also the "mail" notify hook, which supports other ways to send mail.)
   9
  10 # SMTP_FROM="from@example.com"  # required
  11 # SMTP_TO="to@example.com"  # required
  12 # SMTP_HOST="smtp.example.com"  # required
  13 # SMTP_PORT="25"  # defaults to 25, 465 or 587 depending on SMTP_SECURE
  14 # SMTP_SECURE="none"  # one of "none", "ssl" (implicit TLS, TLS Wrapper), "tls" (explicit TLS, STARTTLS)
  15 # SMTP_USERNAME=""  # set if SMTP server requires login
  16 # SMTP_PASSWORD=""  # set if SMTP server requires login
  17 # SMTP_TIMEOUT="30"  # seconds for SMTP operations to timeout
  18 # SMTP_BIN="/path/to/curl_or_python"  # default finds first of curl, python3, or python on PATH
  19
  20 # subject content statuscode
  21 smtp_send() {
  22   _SMTP_SUBJECT="$1"
  23   _SMTP_CONTENT="$2"
  24   # UNUSED: _statusCode="$3" # 0: success, 1: error 2($RENEW_SKIP): skipped
  25
  26   # Load config:
  27   SMTP_FROM="${SMTP_FROM:-$(_readaccountconf_mutable SMTP_FROM)}"
  28   SMTP_TO="${SMTP_TO:-$(_readaccountconf_mutable SMTP_TO)}"
  29   SMTP_HOST="${SMTP_HOST:-$(_readaccountconf_mutable SMTP_HOST)}"
  30   SMTP_PORT="${SMTP_PORT:-$(_readaccountconf_mutable SMTP_PORT)}"
  31   SMTP_SECURE="${SMTP_SECURE:-$(_readaccountconf_mutable SMTP_SECURE)}"
  32   SMTP_USERNAME="${SMTP_USERNAME:-$(_readaccountconf_mutable SMTP_USERNAME)}"
  33   SMTP_PASSWORD="${SMTP_PASSWORD:-$(_readaccountconf_mutable SMTP_PASSWORD)}"
  34   SMTP_TIMEOUT="${SMTP_TIMEOUT:-$(_readaccountconf_mutable SMTP_TIMEOUT)}"
  35   SMTP_BIN="${SMTP_BIN:-$(_readaccountconf_mutable SMTP_BIN)}"
  36
  37   _debug "SMTP_FROM" "$SMTP_FROM"
  38   _debug "SMTP_TO" "$SMTP_TO"
  39   _debug "SMTP_HOST" "$SMTP_HOST"
  40   _debug "SMTP_PORT" "$SMTP_PORT"
  41   _debug "SMTP_SECURE" "$SMTP_SECURE"
  42   _debug "SMTP_USERNAME" "$SMTP_USERNAME"
  43   _secure_debug "SMTP_PASSWORD" "$SMTP_PASSWORD"
  44   _debug "SMTP_TIMEOUT" "$SMTP_TIMEOUT"
  45   _debug "SMTP_BIN" "$SMTP_BIN"
  46
  47   _debug "_SMTP_SUBJECT" "$_SMTP_SUBJECT"
  48   _debug "_SMTP_CONTENT" "$_SMTP_CONTENT"
  49
  50   # Validate config and apply defaults:
  51   # _SMTP_* variables are the resolved (with defaults) versions of SMTP_*.
  52   # (The _SMTP_* versions will not be stored in account conf.)
  53
  54   if [ -n "$SMTP_BIN" ] && ! _exists "$SMTP_BIN"; then
  55     _err "SMTP_BIN '$SMTP_BIN' does not exist."
  56     return 1
  57   fi
  58   _SMTP_BIN="$SMTP_BIN"
  59   if [ -z "$_SMTP_BIN" ]; then
  60     # Look for a command that can communicate with an SMTP server.
  61     # (Please don't add sendmail, ssmtp, mutt, mail, or msmtp here.
  62     # Those are already handled by the "mail" notify hook.)
  63     for cmd in curl python3 python2.7 python pypy3 pypy; do
  64       if _exists "$cmd"; then
  65         _SMTP_BIN="$cmd"
  66         break
  67       fi
  68     done
  69     if [ -z "$_SMTP_BIN" ]; then
  70       _err "The smtp notify-hook requires curl or Python, but can't find any."
  71       _err 'If you have one of them, define SMTP_BIN="/path/to/curl_or_python".'
  72       _err 'Otherwise, see if you can use the "mail" notify-hook instead.'
  73       return 1
  74     fi
  75     _debug "_SMTP_BIN" "$_SMTP_BIN"
  76   fi
  77
  78   if [ -z "$SMTP_FROM" ]; then
  79     _err "You must define SMTP_FROM as the sender email address."
  80     return 1
  81   fi
  82   _SMTP_FROM="$SMTP_FROM"
  83
  84   if [ -z "$SMTP_TO" ]; then
  85     _err "You must define SMTP_TO as the recipient email address."
  86     return 1
  87   fi
  88   _SMTP_TO="$SMTP_TO"
  89
  90   if [ -z "$SMTP_HOST" ]; then
  91     _err "You must define SMTP_HOST as the SMTP server hostname."
  92     return 1
  93   fi
  94   _SMTP_HOST="$SMTP_HOST"
  95
  96   _SMTP_SECURE="${SMTP_SECURE:-none}"
  97   case "$_SMTP_SECURE" in
  98   "none") smtp_default_port="25" ;;
  99   "ssl") smtp_default_port="465" ;;
 100   "tls") smtp_default_port="587" ;;
 101   *)
 102     _err "Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'."
 103     return 1
 104     ;;
 105   esac
 106
 107   _SMTP_PORT="${SMTP_PORT:-$smtp_default_port}"
 108   if [ -z "$SMTP_PORT" ]; then
 109     _debug "_SMTP_PORT" "$_SMTP_PORT"
 110   fi
 111
 112   _SMTP_USERNAME="$SMTP_USERNAME"
 113   _SMTP_PASSWORD="$SMTP_PASSWORD"
 114   _SMTP_TIMEOUT="${SMTP_TIMEOUT:-30}"
 115   _SMTP_X_MAILER="${PROJECT_NAME} ${VER} --notify-hook smtp"
 116
 117   # Run with --debug 2 (or above) to echo the transcript of the SMTP session.
 118   # Careful: this may include SMTP_PASSWORD in plaintext!
 119   if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then
 120     _SMTP_SHOW_TRANSCRIPT="True"
 121   else
 122     _SMTP_SHOW_TRANSCRIPT=""
 123   fi
 124
 125   # Send the message:
 126   case "$(basename "$_SMTP_BIN")" in
 127   curl) _smtp_send=_smtp_send_curl ;;
 128   py*) _smtp_send=_smtp_send_python ;;
 129   *)
 130     _err "Can't figure out how to invoke $_SMTP_BIN."
 131     _err "Check your SMTP_BIN setting."
 132     return 1
 133     ;;
 134   esac
 135
 136   if ! smtp_output="$($_smtp_send)"; then
 137     _err "Error sending message with $_SMTP_BIN."
 138     if [ -n "$smtp_output" ]; then
 139       _err "$smtp_output"
 140     fi
 141     return 1
 142   fi
 143
 144   # Save config only if send was successful:
 145   _saveaccountconf_mutable SMTP_BIN "$SMTP_BIN"
 146   _saveaccountconf_mutable SMTP_FROM "$SMTP_FROM"
 147   _saveaccountconf_mutable SMTP_TO "$SMTP_TO"
 148   _saveaccountconf_mutable SMTP_HOST "$SMTP_HOST"
 149   _saveaccountconf_mutable SMTP_PORT "$SMTP_PORT"
 150   _saveaccountconf_mutable SMTP_SECURE "$SMTP_SECURE"
 151   _saveaccountconf_mutable SMTP_USERNAME "$SMTP_USERNAME"
 152   _saveaccountconf_mutable SMTP_PASSWORD "$SMTP_PASSWORD"
 153   _saveaccountconf_mutable SMTP_TIMEOUT "$SMTP_TIMEOUT"
 154
 155   return 0
 156 }
 157
 158 # Send the message via curl using _SMTP_* variables
 159 _smtp_send_curl() {
 160   # curl passes --mail-from and --mail-rcpt directly to the SMTP protocol without
 161   # additional parsing, and SMTP requires addr-spec only (no display names).
 162   # In the future, maybe try to parse the addr-spec out for curl args (non-trivial).
 163   if _email_has_display_name "$_SMTP_FROM"; then
 164     _err "curl smtp only allows a simple email address in SMTP_FROM."
 165     _err "Change your SMTP_FROM='$SMTP_FROM' to remove the display name."
 166     return 1
 167   fi
 168   if _email_has_display_name "$_SMTP_TO"; then
 169     _err "curl smtp only allows simple email addresses in SMTP_TO."
 170     _err "Change your SMTP_TO='$SMTP_TO' to remove the display name(s)."
 171     return 1
 172   fi
 173
 174   # Build curl args in $@
 175
 176   case "$_SMTP_SECURE" in
 177   none)
 178     set -- --url "smtp://${_SMTP_HOST}:${_SMTP_PORT}"
 179     ;;
 180   ssl)
 181     set -- --url "smtps://${_SMTP_HOST}:${_SMTP_PORT}"
 182     ;;
 183   tls)
 184     set -- --url "smtp://${_SMTP_HOST}:${_SMTP_PORT}" --ssl-reqd
 185     ;;
 186   *)
 187     # This will only occur if someone adds a new SMTP_SECURE option above
 188     # without updating this code for it.
 189     _err "Unhandled _SMTP_SECURE='$_SMTP_SECURE' in _smtp_send_curl"
 190     _err "Please re-run with --debug and report a bug."
 191     return 1
 192     ;;
 193   esac
 194
 195   set -- "$@" \
 196     --upload-file - \
 197     --mail-from "$_SMTP_FROM" \
 198     --max-time "$_SMTP_TIMEOUT"
 199
 200   # Burst comma-separated $_SMTP_TO into individual --mail-rcpt args.
 201   _to="${_SMTP_TO},"
 202   while [ -n "$_to" ]; do
 203     _rcpt="${_to%%,*}"
 204     _to="${_to#*,}"
 205     set -- "$@" --mail-rcpt "$_rcpt"
 206   done
 207
 208   _smtp_login="${_SMTP_USERNAME}:${_SMTP_PASSWORD}"
 209   if [ "$_smtp_login" != ":" ]; then
 210     set -- "$@" --user "$_smtp_login"
 211   fi
 212
 213   if [ "$_SMTP_SHOW_TRANSCRIPT" = "True" ]; then
 214     set -- "$@" --verbose
 215   else
 216     set -- "$@" --silent --show-error
 217   fi
 218
 219   raw_message="$(_smtp_raw_message)"
 220
 221   _debug2 "curl command:" "$_SMTP_BIN" "$*"
 222   _debug2 "raw_message:\n$raw_message"
 223
 224   echo "$raw_message" | "$_SMTP_BIN" "$@"
 225 }
 226
 227 # Output an RFC-822 / RFC-5322 email message using _SMTP_* variables
 228 _smtp_raw_message() {
 229   echo "From: $_SMTP_FROM"
 230   echo "To: $_SMTP_TO"
 231   echo "Subject: $(_mime_encoded_word "$_SMTP_SUBJECT")"
 232   if _exists date; then
 233     echo "Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')"
 234   fi
 235   echo "Content-Type: text/plain; charset=utf-8"
 236   echo "X-Mailer: $_SMTP_X_MAILER"
 237   echo
 238   echo "$_SMTP_CONTENT"
 239 }
 240
 241 # Convert text to RFC-2047 MIME "encoded word" format if it contains non-ASCII chars
 242 # text
 243 _mime_encoded_word() {
 244   _text="$1"
 245   # (regex character ranges like [a-z] can be locale-dependent; enumerate ASCII chars to avoid that)
 246   _ascii='] $`"'"[!#%&'()*+,./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ~^_abcdefghijklmnopqrstuvwxyz{|}~-"
 247   if expr "$_text" : "^.*[^$_ascii]" >/dev/null; then
 248     # At least one non-ASCII char; convert entire thing to encoded word
 249     printf "%s" "=?UTF-8?B?$(printf "%s" "$_text" | _base64)?="
 250   else
 251     # Just printable ASCII, no conversion needed
 252     printf "%s" "$_text"
 253   fi
 254 }
 255
 256 # Simple check for display name in an email address (< > or ")
 257 # email
 258 _email_has_display_name() {
 259   _email="$1"
 260   expr "$_email" : '^.*[<>"]' >/dev/null
 261 }
 262
 263 # Send the message via Python using _SMTP_* variables
 264 _smtp_send_python() {
 265   _debug "Python version" "$("$_SMTP_BIN" --version 2>&1)"
 266
 267   # language=Python
 268   "$_SMTP_BIN" <<EOF
 269 # This code is meant to work with either Python 2.7.x or Python 3.4+.
 270 try:
 271     try:
 272         from email.message import EmailMessage
 273     except ImportError:
 274         from email.mime.text import MIMEText as EmailMessage  # Python 2
 275     from smtplib import SMTP, SMTP_SSL, SMTPException
 276     from socket import error as SocketError
 277 except ImportError as err:
 278     print("A required Python standard package is missing. This system may have"
 279           " a reduced version of Python unsuitable for sending mail: %s" % err)
 280     exit(1)
 281
 282 show_transcript = """$_SMTP_SHOW_TRANSCRIPT""" == "True"
 283
 284 smtp_host = """$_SMTP_HOST"""
 285 smtp_port = int("""$_SMTP_PORT""")
 286 smtp_secure = """$_SMTP_SECURE"""
 287 username = """$_SMTP_USERNAME"""
 288 password = """$_SMTP_PASSWORD"""
 289 timeout=int("""$_SMTP_TIMEOUT""")  # seconds
 290 x_mailer="""$_SMTP_X_MAILER"""
 291
 292 from_email="""$_SMTP_FROM"""
 293 to_emails="""$_SMTP_TO"""  # can be comma-separated
 294 subject="""$_SMTP_SUBJECT"""
 295 content="""$_SMTP_CONTENT"""
 296
 297 try:
 298     msg = EmailMessage()
 299     msg.set_content(content)
 300 except (AttributeError, TypeError):
 301     # Python 2 MIMEText
 302     msg = EmailMessage(content)
 303 msg["Subject"] = subject
 304 msg["From"] = from_email
 305 msg["To"] = to_emails
 306 msg["X-Mailer"] = x_mailer
 307
 308 smtp = None
 309 try:
 310     if smtp_secure == "ssl":
 311         smtp = SMTP_SSL(smtp_host, smtp_port, timeout=timeout)
 312     else:
 313         smtp = SMTP(smtp_host, smtp_port, timeout=timeout)
 314     smtp.set_debuglevel(show_transcript)
 315     if smtp_secure == "tls":
 316         smtp.starttls()
 317     if username or password:
 318         smtp.login(username, password)
 319     smtp.sendmail(msg["From"], msg["To"].split(","), msg.as_string())
 320
 321 except SMTPException as err:
 322     # Output just the error (skip the Python stack trace) for SMTP errors
 323     print("Error sending: %r" % err)
 324     exit(1)
 325
 326 except SocketError as err:
 327     print("Error connecting to %s:%d: %r" % (smtp_host, smtp_port, err))
 328     exit(1)
 329
 330 finally:
 331     if smtp is not None:
 332         smtp.quit()
 333 EOF
 334 }