5 # Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3358
7 # This implementation uses either curl or Python (3 or 2.7).
8 # (See also the "mail" notify hook, which supports other ways to send mail.)
10 # SMTP_FROM="from@example.com" # required
11 # SMTP_TO="to@example.com" # required
12 # SMTP_HOST="smtp.example.com" # required
13 # SMTP_PORT="25" # defaults to 25, 465 or 587 depending on SMTP_SECURE
14 # SMTP_SECURE="tls" # one of "none", "ssl" (implicit TLS, TLS Wrapper), "tls" (explicit TLS, STARTTLS)
15 # SMTP_USERNAME="" # set if SMTP server requires login
16 # SMTP_PASSWORD="" # set if SMTP server requires login
17 # SMTP_TIMEOUT="30" # seconds for SMTP operations to timeout
18 # SMTP_BIN="/path/to/python_or_curl" # default finds first of python3, python2.7, python, pypy3, pypy, curl on PATH
20 SMTP_SECURE_DEFAULT
="tls"
21 SMTP_TIMEOUT_DEFAULT
="30"
23 # subject content statuscode
27 # UNUSED: _statusCode="$3" # 0: success, 1: error 2($RENEW_SKIP): skipped
29 # Load and validate config:
30 SMTP_BIN
="$(_readaccountconf_mutable_default SMTP_BIN)"
31 if [ -n "$SMTP_BIN" ] && ! _exists
"$SMTP_BIN"; then
32 _err
"SMTP_BIN '$SMTP_BIN' does not exist."
35 if [ -z "$SMTP_BIN" ]; then
36 # Look for a command that can communicate with an SMTP server.
37 # (Please don't add sendmail, ssmtp, mutt, mail, or msmtp here.
38 # Those are already handled by the "mail" notify hook.)
39 for cmd
in python3 python2.7 python pypy3 pypy curl
; do
40 if _exists
"$cmd"; then
45 if [ -z "$SMTP_BIN" ]; then
46 _err
"The smtp notify-hook requires curl or Python, but can't find any."
47 _err
'If you have one of them, define SMTP_BIN="/path/to/curl_or_python".'
48 _err
'Otherwise, see if you can use the "mail" notify-hook instead.'
52 _debug SMTP_BIN
"$SMTP_BIN"
53 _saveaccountconf_mutable_default SMTP_BIN
"$SMTP_BIN"
55 SMTP_FROM
="$(_readaccountconf_mutable_default SMTP_FROM)"
56 SMTP_FROM
="$(_clean_email_header "$SMTP_FROM")"
57 if [ -z "$SMTP_FROM" ]; then
58 _err
"You must define SMTP_FROM as the sender email address."
61 if _email_has_display_name
"$SMTP_FROM"; then
62 _err
"SMTP_FROM must be only a simple email address (sender@example.com)."
63 _err
"Change your SMTP_FROM='$SMTP_FROM' to remove the display name."
66 _debug SMTP_FROM
"$SMTP_FROM"
67 _saveaccountconf_mutable_default SMTP_FROM
"$SMTP_FROM"
69 SMTP_TO
="$(_readaccountconf_mutable_default SMTP_TO)"
70 SMTP_TO
="$(_clean_email_header "$SMTP_TO")"
71 if [ -z "$SMTP_TO" ]; then
72 _err
"You must define SMTP_TO as the recipient email address(es)."
75 if _email_has_display_name
"$SMTP_TO"; then
76 _err
"SMTP_TO must be only simple email addresses (to@example.com,to2@example.com)."
77 _err
"Change your SMTP_TO='$SMTP_TO' to remove the display name(s)."
80 _debug SMTP_TO
"$SMTP_TO"
81 _saveaccountconf_mutable_default SMTP_TO
"$SMTP_TO"
83 SMTP_HOST
="$(_readaccountconf_mutable_default SMTP_HOST)"
84 if [ -z "$SMTP_HOST" ]; then
85 _err
"You must define SMTP_HOST as the SMTP server hostname."
88 _debug SMTP_HOST
"$SMTP_HOST"
89 _saveaccountconf_mutable_default SMTP_HOST
"$SMTP_HOST"
91 SMTP_SECURE
="$(_readaccountconf_mutable_default SMTP_SECURE "$SMTP_SECURE_DEFAULT")"
92 case "$SMTP_SECURE" in
93 "none") smtp_port_default
="25" ;;
94 "ssl") smtp_port_default
="465" ;;
95 "tls") smtp_port_default
="587" ;;
97 _err
"Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'."
101 _debug SMTP_SECURE
"$SMTP_SECURE"
102 _saveaccountconf_mutable_default SMTP_SECURE
"$SMTP_SECURE" "$SMTP_SECURE_DEFAULT"
104 SMTP_PORT
="$(_readaccountconf_mutable_default SMTP_PORT "$smtp_port_default")"
107 _err
"Invalid SMTP_PORT='$SMTP_PORT'. It must be a port number."
111 _debug SMTP_PORT
"$SMTP_PORT"
112 _saveaccountconf_mutable_default SMTP_PORT
"$SMTP_PORT" "$smtp_port_default"
114 SMTP_USERNAME
="$(_readaccountconf_mutable_default SMTP_USERNAME)"
115 _debug SMTP_USERNAME
"$SMTP_USERNAME"
116 _saveaccountconf_mutable_default SMTP_USERNAME
"$SMTP_USERNAME"
118 SMTP_PASSWORD
="$(_readaccountconf_mutable_default SMTP_PASSWORD)"
119 _secure_debug SMTP_PASSWORD
"$SMTP_PASSWORD"
120 _saveaccountconf_mutable_default SMTP_PASSWORD
"$SMTP_PASSWORD"
122 SMTP_TIMEOUT
="$(_readaccountconf_mutable_default SMTP_TIMEOUT "$SMTP_TIMEOUT_DEFAULT")"
123 _debug SMTP_TIMEOUT
"$SMTP_TIMEOUT"
124 _saveaccountconf_mutable_default SMTP_TIMEOUT
"$SMTP_TIMEOUT" "$SMTP_TIMEOUT_DEFAULT"
126 SMTP_X_MAILER
="$(_clean_email_header "$PROJECT_NAME $VER --notify-hook smtp
")"
128 # Run with --debug 2 (or above) to echo the transcript of the SMTP session.
129 # Careful: this may include SMTP_PASSWORD in plaintext!
130 if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then
131 SMTP_SHOW_TRANSCRIPT
="True"
133 SMTP_SHOW_TRANSCRIPT
=""
136 SMTP_SUBJECT
=$
(_clean_email_header
"$SMTP_SUBJECT")
137 _debug SMTP_SUBJECT
"$SMTP_SUBJECT"
138 _debug SMTP_CONTENT
"$SMTP_CONTENT"
141 case "$(basename "$SMTP_BIN")" in
142 curl
) _smtp_send
=_smtp_send_curl
;;
143 py
*) _smtp_send
=_smtp_send_python
;;
145 _err
"Can't figure out how to invoke '$SMTP_BIN'."
146 _err
"Check your SMTP_BIN setting."
151 if ! smtp_output
="$($_smtp_send)"; then
152 _err
"Error sending message with $SMTP_BIN."
153 if [ -n "$smtp_output" ]; then
162 # Strip CR and NL from text to prevent MIME header injection
164 _clean_email_header
() {
165 printf "%s" "$(echo "$1" | tr -d "\r\n")"
168 # Simple check for display name in an email address (< > or ")
170 _email_has_display_name
() {
172 echo "$_email" |
grep -q -E '^.*[<>"]'
179 # Send the message via curl using SMTP_* variables
181 # Build curl args in $@
182 case "$SMTP_SECURE" in
184 set -- --url "smtp://${SMTP_HOST}:${SMTP_PORT}"
187 set -- --url "smtps://${SMTP_HOST}:${SMTP_PORT}"
190 set -- --url "smtp://${SMTP_HOST}:${SMTP_PORT}" --ssl-reqd
193 # This will only occur if someone adds a new SMTP_SECURE option above
194 # without updating this code for it.
195 _err
"Unhandled SMTP_SECURE='$SMTP_SECURE' in _smtp_send_curl"
196 _err
"Please re-run with --debug and report a bug."
203 --mail-from "$SMTP_FROM" \
204 --max-time "$SMTP_TIMEOUT"
206 # Burst comma-separated $SMTP_TO into individual --mail-rcpt args.
208 while [ -n "$_to" ]; do
211 set -- "$@" --mail-rcpt "$_rcpt"
214 _smtp_login
="${SMTP_USERNAME}:${SMTP_PASSWORD}"
215 if [ "$_smtp_login" != ":" ]; then
216 set -- "$@" --user "$_smtp_login"
219 if [ "$SMTP_SHOW_TRANSCRIPT" = "True" ]; then
220 set -- "$@" --verbose
222 set -- "$@" --silent --show-error
225 raw_message
="$(_smtp_raw_message)"
227 _debug2
"curl command:" "$SMTP_BIN" "$*"
228 _debug2
"raw_message:\n$raw_message"
230 echo "$raw_message" |
"$SMTP_BIN" "$@"
233 # Output an RFC-822 / RFC-5322 email message using SMTP_* variables.
234 # (This assumes variables have already been cleaned for use in email headers.)
235 _smtp_raw_message
() {
236 echo "From: $SMTP_FROM"
238 echo "Subject: $(_mime_encoded_word "$SMTP_SUBJECT")"
239 echo "Date: $(_rfc2822_date)"
240 echo "Content-Type: text/plain; charset=utf-8"
241 echo "X-Mailer: $SMTP_X_MAILER"
246 # Convert text to RFC-2047 MIME "encoded word" format if it contains non-ASCII chars
248 _mime_encoded_word
() {
250 # (regex character ranges like [a-z] can be locale-dependent; enumerate ASCII chars to avoid that)
251 _ascii
='] $`"'"[!#%&'()*+,./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ~^_abcdefghijklmnopqrstuvwxyz{|}~-"
252 if echo "$_text" |
grep -q -E "^.*[^$_ascii]"; then
253 # At least one non-ASCII char; convert entire thing to encoded word
254 printf "%s" "=?UTF-8?B?$(printf "%s
" "$_text" | _base64)?="
256 # Just printable ASCII, no conversion needed
261 # Output current date in RFC-2822 Section 3.3 format as required in email headers
262 # (e.g., "Mon, 15 Feb 2021 14:22:01 -0800")
265 # - this is deliberately not UTC, because it "SHOULD express local time" per spec
266 # - the spec requires weekday and month in the C locale (English), not localized
267 # - this date format specifier has been tested on Linux, Mac, Solaris and FreeBSD
268 _old_lc_time
="$LC_TIME"
270 date +'%a, %-d %b %Y %H:%M:%S %z'
271 LC_TIME
="$_old_lc_time"
275 ## Python smtp sending
278 # Send the message via Python using SMTP_* variables
279 _smtp_send_python
() {
280 _debug
"Python version" "$("$SMTP_BIN" --version 2>&1)"
284 # This code is meant to work with either Python 2.7.x or Python 3.4+.
287 from email.message import EmailMessage
288 from email.policy import default as email_policy_default
290 # Python 2 (or < 3.3)
291 from email.mime.text import MIMEText as EmailMessage
292 email_policy_default = None
293 from email.utils import formatdate as rfc2822_date
294 from smtplib import SMTP, SMTP_SSL, SMTPException
295 from socket import error as SocketError
296 except ImportError as err:
297 print("A required Python standard package is missing. This system may have"
298 " a reduced version of Python unsuitable for sending mail: %s" % err)
301 show_transcript = """$SMTP_SHOW_TRANSCRIPT""" == "True"
303 smtp_host = """$SMTP_HOST"""
304 smtp_port = int("""$SMTP_PORT""")
305 smtp_secure = """$SMTP_SECURE"""
306 username = """$SMTP_USERNAME"""
307 password = """$SMTP_PASSWORD"""
308 timeout=int("""$SMTP_TIMEOUT""") # seconds
309 x_mailer="""$SMTP_X_MAILER"""
311 from_email="""$SMTP_FROM"""
312 to_emails="""$SMTP_TO""" # can be comma-separated
313 subject="""$SMTP_SUBJECT"""
314 content="""$SMTP_CONTENT"""
317 msg = EmailMessage(policy=email_policy_default)
318 msg.set_content(content)
319 except (AttributeError, TypeError):
321 msg = EmailMessage(content)
322 msg["Subject"] = subject
323 msg["From"] = from_email
324 msg["To"] = to_emails
325 msg["Date"] = rfc2822_date(localtime=True)
326 msg["X-Mailer"] = x_mailer
330 if smtp_secure == "ssl":
331 smtp = SMTP_SSL(smtp_host, smtp_port, timeout=timeout)
333 smtp = SMTP(smtp_host, smtp_port, timeout=timeout)
334 smtp.set_debuglevel(show_transcript)
335 if smtp_secure == "tls":
337 if username or password:
338 smtp.login(username, password)
339 smtp.sendmail(msg["From"], msg["To"].split(","), msg.as_string())
341 except SMTPException as err:
342 # Output just the error (skip the Python stack trace) for SMTP errors
343 print("Error sending: %r" % err)
346 except SocketError as err:
347 print("Error connecting to %s:%d: %r" % (smtp_host, smtp_port, err))
360 #_readaccountconf_mutable_default name default_value
361 # Given a name like MY_CONF:
362 # - if MY_CONF is set and non-empty, output $MY_CONF
363 # - if MY_CONF is set _empty_, output $default_value
364 # (lets user `export MY_CONF=` to clear previous saved value
365 # and return to default, without user having to know default)
366 # - otherwise if _readaccountconf_mutable MY_CONF is non-empty, return that
367 # (value of SAVED_MY_CONF from account.conf)
368 # - otherwise output $default_value
369 _readaccountconf_mutable_default
() {
373 eval "_value=\"\$$_name\""
374 eval "_name_is_set=\"\${${_name}+true}\""
375 # ($_name_is_set is "true" if $$_name is set to anything, including empty)
376 if [ -z "${_value}" ] && [ "${_name_is_set:-}" != "true" ]; then
377 _value
="$(_readaccountconf_mutable "$_name")"
379 if [ -z "${_value}" ]; then
380 _value
="$_default_value"
382 printf "%s" "$_value"
385 #_saveaccountconf_mutable_default name value default_value base64encode
386 # Like _saveaccountconf_mutable, but if value is default_value
387 # then _clearaccountconf_mutable instead
388 _saveaccountconf_mutable_default
() {
394 if [ "$_value" != "$_default_value" ]; then
395 _saveaccountconf_mutable
"$_name" "$_value" "$_base64encode"
397 _clearaccountconf_mutable
"$_name"