aknuth/email-amazon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: aknuth:main
Branches Tags
aknuth:main aknuth:contabo
..
compare: aknuth:b2dfb76a7ef8e16d6e0a7e5289bc90dc9662fa38
Branches Tags
aknuth:contabo aknuth:main

15 Commits
main ... b2dfb76a7e

Author SHA1 Message Date
Andreas Knuth
b2dfb76a7e check 2026-04-20 17:35:36 -05:00
Andreas Knuth
6312d0f563 fix autoconfig 2026-04-19 19:34:38 -05:00
Andreas Knuth
d959b5ec86 use $DOMAIN_NAME instead of $DOMAIN 2026-04-19 18:42:00 -05:00
Andreas Knuth
4b6db1e23d dynamic hostname 2026-04-19 16:29:44 -05:00
Andreas Knuth
e6a81e6d8d fix 2026-04-19 14:45:10 -05:00
Andreas Knuth
faa8d9cc57 mail-betwork 2026-04-19 14:37:51 -05:00
Andreas Knuth
a93f44600c bind port 25 to localhost 2026-04-18 13:16:50 -05:00
Andreas Knuth
ae75afc69a Merge branch 'contabo' of git.bizmatch.net:aknuth/email-amazon into contabo 2026-04-17 14:59:50 -05:00
Andreas Knuth
95baab8e06 update dynamic LoginName 2026-04-17 14:59:43 -05:00
Andreas Knuth
947740232c logo 2026-04-15 23:12:23 -05:00
Andreas Knuth
081a0fad4b fix 2026-04-15 14:28:28 -05:00
Andreas Knuth
1e1265ef1b batch imapsync 2026-04-15 13:49:31 -05:00
Andreas Knuth
9862689c0c no markAsBlocked, 2026-04-12 20:43:37 -05:00
Andreas Knuth
bed6c2a398 fix 2026-04-03 17:03:14 -05:00
Andreas Knuth
27c2be664a standby mode, sns or sqs 2026-04-03 16:54:51 -05:00
14 changed files with 433 additions and 133 deletions
Expand all files Collapse all files

58
DMS/batch_imapsync.sh Normal file
View File

@@ -0,0 +1,58 @@
#!/bin/bash
# batch_imapsync.sh - Führt IMAP-Sync für alle User im Hintergrund aus
# Format der CSV: email@domain.com,SecretPassword123
HOST1=$1
HOST2=$2
CSV_FILE=$3
if [ -z "$HOST1" ] || [ -z "$HOST2" ] || [ -z "$CSV_FILE" ]; then
echo "Usage: $0 <source-host> <target-host> <users.csv>"
echo "Beispiel: $0 secure.emailsrvr.com 147.93.132.244 stxmaterials.csv"
exit 1
fi
# ======================================================================
# Die eigentliche Sync-Funktion (wird in den Hintergrund geschickt)
# ======================================================================
run_sync_jobs() {
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
LOG_DIR="sync_logs_$TIMESTAMP"
mkdir -p "$LOG_DIR"
echo "Beginne Sync-Lauf am $(date)" > "batch_master_${TIMESTAMP}.log"
while IFS=, read -r email password; do
email=$(echo "$email" | tr -d '\r' | xargs)
password=$(echo "$password" | tr -d '\r' | xargs)
[ -z "$email" ] && continue
LOGFILE="$LOG_DIR/imapsync_${email}.log"
echo "[$(date)] Syncing $email -> $LOGFILE" >> "batch_master_${TIMESTAMP}.log"
# Führe Docker imapsync für den aktuellen User aus
docker run --rm gilleslamiral/imapsync imapsync \
--host1 "$HOST1" --user1 "$email" --password1 "$password" --ssl1 \
--host2 "$HOST2" --user2 "$email" --password2 "$password" --ssl2 \
--automap > "$LOGFILE" 2>&1 < /dev/null
done < "$CSV_FILE"
echo "Alle Sync-Jobs beendet am $(date)" >> "batch_master_${TIMESTAMP}.log"
}
# ======================================================================
# Skript-Start: Entkopplung vom Terminal
# ======================================================================
echo "🚀 Starte Batch-IMAP-Sync im Hintergrund..."
# Rufe die Funktion auf, leite alle restlichen Ausgaben ins Nichts und schicke sie in den Hintergrund (&)
run_sync_jobs </dev/null >/dev/null 2>&1 &
echo "✅ Der Job läuft jetzt autark im Hintergrund (sequenziell)."
echo "Du kannst das SSH-Terminal jetzt bedenkenlos schließen!"
echo "Überwache den Gesamtfortschritt mit:"
echo " tail -f batch_master_*.log"
echo "Oder die Details eines einzelnen Postfachs mit:"
echo " tail -f sync_logs_*/imapsync_<email>.log"

16
DMS/docker-compose.yml
View File

@@ -9,10 +9,10 @@ services:
# Node-spezifischer Hostname - A-Record zeigt auf DIESEN Server. # Node-spezifischer Hostname - A-Record zeigt auf DIESEN Server.
# email-srvr.com selbst zeigt auf einen anderen Server und wird hier NICHT verwendet. # email-srvr.com selbst zeigt auf einen anderen Server und wird hier NICHT verwendet.
hostname: node1.email-srvr.com hostname: ${NODE_HOSTNAME}
ports: ports:
- "25:25" - "127.0.0.1:25:25"
- "587:587" - "587:587"
- "465:465" - "465:465"
- "143:143" - "143:143"
@@ -61,8 +61,8 @@ services:
# Kundendomain-SNI wird über postfix-main.cf + dovecot-sni.cf gesteuert. # Kundendomain-SNI wird über postfix-main.cf + dovecot-sni.cf gesteuert.
# ------------------------------------------------------- # -------------------------------------------------------
- SSL_TYPE=manual - SSL_TYPE=manual
- SSL_CERT_PATH=/etc/mail/certs/node1.email-srvr.com/node1.email-srvr.com.crt - SSL_CERT_PATH=/etc/mail/certs/${NODE_HOSTNAME}/${NODE_HOSTNAME}.crt
- SSL_KEY_PATH=/etc/mail/certs/node1.email-srvr.com/node1.email-srvr.com.key - SSL_KEY_PATH=/etc/mail/certs/${NODE_HOSTNAME}/${NODE_HOSTNAME}.key
# SPAM / Rspamd # SPAM / Rspamd
- ENABLE_OPENDKIM=1 - ENABLE_OPENDKIM=1
@@ -107,7 +107,7 @@ services:
# Postfix # Postfix
# POSTFIX_OVERRIDE_HOSTNAME: Was Postfix im EHLO/HELO Banner sendet. # POSTFIX_OVERRIDE_HOSTNAME: Was Postfix im EHLO/HELO Banner sendet.
# node1.email-srvr.com passt zum TLS-Cert und ist der echte Hostname. # node1.email-srvr.com passt zum TLS-Cert und ist der echte Hostname.
- POSTFIX_OVERRIDE_HOSTNAME=node1.email-srvr.com - POSTFIX_OVERRIDE_HOSTNAME=${NODE_HOSTNAME}
- POSTFIX_MYNETWORKS=172.16.0.0/12 172.17.0.0/12 172.18.0.0/12 [::1]/128 [fe80::]/64 - POSTFIX_MYNETWORKS=172.16.0.0/12 172.17.0.0/12 172.18.0.0/12 [::1]/128 [fe80::]/64
- POSTFIX_MAILBOX_SIZE_LIMIT=0 - POSTFIX_MAILBOX_SIZE_LIMIT=0
- POSTFIX_MESSAGE_SIZE_LIMIT=0 - POSTFIX_MESSAGE_SIZE_LIMIT=0
@@ -120,7 +120,7 @@ services:
mail_network: mail_network:
aliases: aliases:
- mailserver - mailserver
- node1.email-srvr.com - ${NODE_HOSTNAME}
roundcube: roundcube:
image: roundcube/roundcubemail:latest image: roundcube/roundcubemail:latest
@@ -136,10 +136,10 @@ services:
- ROUNDCUBEMAIL_DB_USER=roundcube - ROUNDCUBEMAIL_DB_USER=roundcube
- ROUNDCUBEMAIL_DB_PASSWORD=${ROUNDCUBE_DB_PASSWORD} - ROUNDCUBEMAIL_DB_PASSWORD=${ROUNDCUBE_DB_PASSWORD}
# Roundcube verbindet intern über den Docker-Alias # Roundcube verbindet intern über den Docker-Alias
- ROUNDCUBEMAIL_DEFAULT_HOST=ssl://node1.email-srvr.com - ROUNDCUBEMAIL_DEFAULT_HOST=ssl://${NODE_HOSTNAME}
- ROUNDCUBEMAIL_DEFAULT_PORT=993 - ROUNDCUBEMAIL_DEFAULT_PORT=993
# Interner Traffic ohne TLS # Interner Traffic ohne TLS
- ROUNDCUBEMAIL_SMTP_SERVER=ssl://node1.email-srvr.com - ROUNDCUBEMAIL_SMTP_SERVER=ssl://${NODE_HOSTNAME}
- ROUNDCUBEMAIL_SMTP_PORT=465 - ROUNDCUBEMAIL_SMTP_PORT=465
# WICHTIG: Variablen LEER lassen, damit Roundcube keine Authentifizierung versucht! # WICHTIG: Variablen LEER lassen, damit Roundcube keine Authentifizierung versucht!

90
basic_setup/check_logins.py Normal file
View File

@@ -0,0 +1,90 @@
#!/usr/bin/env python3
import csv
import imaplib
import sys
import time
# Konfiguration
IMAP_SERVER = "secure.emailsrvr.com"
IMAP_PORT = 993
DELAY_SECONDS = 1 # Kurze Pause, um Rate-Limiting oder Fail2Ban zu vermeiden
def check_imap_login(email, password):
try:
# Verbindung zum IMAP-Server via SSL herstellen
mail = imaplib.IMAP4_SSL(IMAP_SERVER, IMAP_PORT)
mail.login(email, password)
mail.logout()
return True
except imaplib.IMAP4.error:
# Login fehlgeschlagen (falsches Passwort/User)
return False
except Exception as e:
print(f" [!] Netzwerk- oder Serverfehler bei {email}: {e}")
return False
def main(csv_filepath):
erfolgreich = []
fehlgeschlagen = []
uebersprungen = []
try:
with open(csv_filepath, mode='r', encoding='utf-8') as f:
# Nutze csv.reader für sauberes Parsing der Kommas
reader = csv.reader(f)
for row_num, row in enumerate(reader, start=1):
if not row:
continue
email = row[0].strip()
# Prüfen, ob ein zweites Feld (Passwort) existiert und nicht leer ist
password = row[1].strip() if len(row) > 1 else ""
if not password:
print(f"[{row_num}] Überspringe {email} (Kein Passwort)")
uebersprungen.append(email)
continue
print(f"[{row_num}] Prüfe {email}... ", end="", flush=True)
if check_imap_login(email, password):
print("OK")
erfolgreich.append(email)
else:
print("FEHLGESCHLAGEN")
fehlgeschlagen.append(email)
# Kurze Pause einlegen, um den Mailserver nicht zu fluten
time.sleep(DELAY_SECONDS)
except FileNotFoundError:
print(f"\nFehler: Die Datei '{csv_filepath}' wurde nicht gefunden.")
sys.exit(1)
except Exception as e:
print(f"\nEin unerwarteter Fehler ist aufgetreten: {e}")
sys.exit(1)
# Ausgabe der Zusammenfassung
print("\n" + "="*40)
print("ZUSAMMENFASSUNG DER PRÜFUNG")
print("="*40)
print(f"\nErfolgreich ({len(erfolgreich)}):")
for e in erfolgreich:
print(f" - {e}")
print(f"\nFehlgeschlagen ({len(fehlgeschlagen)}):")
for e in fehlgeschlagen:
print(f" - {e}")
print(f"\nÜbersprungen (kein Passwort) ({len(uebersprungen)}):")
for e in uebersprungen:
print(f" - {e}")
if __name__ == "__main__":
if len(sys.argv) != 2:
print("Verwendung: ./check_logins.py <pfad_zur_datei.csv>")
sys.exit(1)
csv_file = sys.argv[1]
main(csv_file)

14
basic_setup/create-queue.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# create-queue.sh (v2 — mit SNS Fan-Out + Standby Queue) # create-queue.sh (v2 — mit SNS Fan-Out + Standby Queue)
# Usage: DOMAIN=andreasknuth.de ./create-queue.sh # Usage: DOMAIN_NAME=andreasknuth.de ./create-queue.sh
# #
# Erstellt pro Domain: # Erstellt pro Domain:
# - Primary Queue + DLQ (wie bisher, für Contabo) # - Primary Queue + DLQ (wie bisher, für Contabo)
@@ -12,13 +12,13 @@ set -e
AWS_REGION="us-east-2" AWS_REGION="us-east-2"
if [ -z "$DOMAIN" ]; then if [ -z "$DOMAIN_NAME" ]; then
echo "Error: DOMAIN environment variable not set" echo "Error: DOMAIN_NAME environment variable not set"
echo "Usage: DOMAIN=andreasknuth.de $0" echo "Usage: DOMAIN_NAME=andreasknuth.de $0"
exit 1 exit 1
fi fi
DOMAIN_SLUG="${DOMAIN//./-}" DOMAIN_SLUG="${DOMAIN_NAME//./-}"
QUEUE_NAME="${DOMAIN_SLUG}-queue" QUEUE_NAME="${DOMAIN_SLUG}-queue"
DLQ_NAME="${QUEUE_NAME}-dlq" DLQ_NAME="${QUEUE_NAME}-dlq"
STANDBY_QUEUE_NAME="${DOMAIN_SLUG}-standby-queue" STANDBY_QUEUE_NAME="${DOMAIN_SLUG}-standby-queue"
@@ -31,7 +31,7 @@ echo "========================================"
echo "Creating SQS + SNS for Email Delivery" echo "Creating SQS + SNS for Email Delivery"
echo "========================================" echo "========================================"
echo "" echo ""
echo "📧 Domain: $DOMAIN" echo "📧 Domain: $DOMAIN_NAME"
echo " Region: $AWS_REGION" echo " Region: $AWS_REGION"
echo " Account: $ACCOUNT_ID" echo " Account: $ACCOUNT_ID"
echo "" echo ""
@@ -184,7 +184,7 @@ echo ""
# Zusammenfassung # Zusammenfassung
# ============================================================ # ============================================================
echo "========================================" echo "========================================"
echo "✅ Setup complete for $DOMAIN" echo "✅ Setup complete for $DOMAIN_NAME"
echo "========================================" echo "========================================"
echo "" echo ""
echo "Primary (Contabo):" echo "Primary (Contabo):"

113
basic_setup/ses_sns_shim_global.py
View File

@@ -8,24 +8,38 @@ from botocore.exceptions import ClientError
import time import time
import random import random
# Logging konfigurieren
logger = logging.getLogger() logger = logging.getLogger()
logger.setLevel(logging.INFO) logger.setLevel(logging.INFO)
sqs = boto3.client('sqs') sqs = boto3.client('sqs')
sns = boto3.client('sns')
sts_account_id = None
# Retry-Konfiguration
MAX_RETRIES = 3 MAX_RETRIES = 3
BASE_BACKOFF = 1 # Sekunden BASE_BACKOFF = 1
def exponential_backoff(attempt): def exponential_backoff(attempt):
"""Exponential Backoff mit Jitter"""
return BASE_BACKOFF * (2 ** attempt) + random.uniform(0, 1) return BASE_BACKOFF * (2 ** attempt) + random.uniform(0, 1)
def get_account_id():
global sts_account_id
if sts_account_id is None:
sts_account_id = boto3.client('sts').get_caller_identity()['Account']
return sts_account_id
def get_topic_arn(domain):
"""
Generiert Topic-ARN aus Domain.
Konvention: domain.tld -> domain-tld-topic
"""
topic_name = domain.replace('.', '-') + '-topic'
region = os.environ.get('AWS_REGION', 'us-east-2')
account_id = get_account_id()
return f"arn:aws:sns:{region}:{account_id}:{topic_name}"
def get_queue_url(domain): def get_queue_url(domain):
""" """
Generiert Queue-Namen aus Domain und holt URL. Fallback: Direkter SQS-Send für Domains ohne SNS-Topic.
Konvention: domain.tld -> domain-tld-queue
""" """
queue_name = domain.replace('.', '-') + '-queue' queue_name = domain.replace('.', '-') + '-queue'
try: try:
@@ -38,11 +52,53 @@ def get_queue_url(domain):
else: else:
raise raise
def publish_to_sns(topic_arn, message_body, msg_id):
attempt = 0
while attempt < MAX_RETRIES:
try:
sns.publish(
TopicArn=topic_arn,
Message=message_body
)
logger.info(f"✅ Published {msg_id} to SNS: {topic_arn}")
return True
except ClientError as e:
error_code = e.response['Error']['Code']
# Fallback auf SQS bei Topic-nicht-gefunden ODER fehlender Berechtigung
if error_code in ('NotFound', 'NotFoundException', 'AuthorizationError'):
logger.info(f" SNS unavailable for {topic_arn} ({error_code}) — falling back to SQS")
return False
attempt += 1
logger.warning(f"Retry {attempt}/{MAX_RETRIES} SNS: {error_code}")
if attempt == MAX_RETRIES:
raise
time.sleep(exponential_backoff(attempt))
return False
def send_to_sqs(queue_url, message_body, msg_id):
"""Fallback: Direkter SQS-Send (wie bisher)."""
attempt = 0
while attempt < MAX_RETRIES:
try:
sqs.send_message(
QueueUrl=queue_url,
MessageBody=message_body
)
logger.info(f"✅ Sent {msg_id} to SQS: {queue_url}")
return
except ClientError as e:
attempt += 1
error_code = e.response['Error']['Code']
logger.warning(f"Retry {attempt}/{MAX_RETRIES} SQS: {error_code}")
if attempt == MAX_RETRIES:
raise
time.sleep(exponential_backoff(attempt))
def lambda_handler(event, context): def lambda_handler(event, context):
""" """
Nimmt SES Event entgegen, extrahiert Domain dynamisch, Nimmt SES Event entgegen, extrahiert Domain dynamisch.
verpackt Metadaten als 'Fake SNS' und sendet an die domain-spezifische SQS. Strategie: SNS Publish (Fan-Out an Primary + Standby Queue).
Mit integrierter Retry-Logik für SQS-Send. Fallback: Direkter SQS-Send falls kein SNS-Topic existiert.
""" """
try: try:
records = event.get('Records', []) records = event.get('Records', [])
@@ -51,13 +107,12 @@ def lambda_handler(event, context):
for record in records: for record in records:
ses_data = record.get('ses', {}) ses_data = record.get('ses', {})
if not ses_data: if not ses_data:
logger.warning(f"Invalid SES event: Missing 'ses' in record: {record}") logger.warning(f"Invalid SES event: Missing 'ses' in record")
continue continue
mail = ses_data.get('mail', {}) mail = ses_data.get('mail', {})
receipt = ses_data.get('receipt', {}) receipt = ses_data.get('receipt', {})
# Domain extrahieren (aus erstem Recipient)
recipients = receipt.get('recipients', []) or mail.get('destination', []) recipients = receipt.get('recipients', []) or mail.get('destination', [])
if not recipients: if not recipients:
logger.warning("No recipients in event - skipping") logger.warning("No recipients in event - skipping")
@@ -69,23 +124,19 @@ def lambda_handler(event, context):
logger.error("Could not extract domain from recipient") logger.error("Could not extract domain from recipient")
continue continue
# Wichtige Metadaten loggen
msg_id = mail.get('messageId', 'unknown') msg_id = mail.get('messageId', 'unknown')
source = mail.get('source', 'unknown') source = mail.get('source', 'unknown')
logger.info(f"Processing Message-ID: {msg_id} for domain: {domain}") logger.info(f"Processing Message-ID: {msg_id} for domain: {domain}")
logger.info(f" From: {source}") logger.info(f" From: {source}")
logger.info(f" To: {recipients}") logger.info(f" To: {recipients}")
# SES JSON als String serialisieren
ses_json_string = json.dumps(ses_data) ses_json_string = json.dumps(ses_data)
# Payload Größe loggen und checken (Safeguard)
payload_size = len(ses_json_string.encode('utf-8')) payload_size = len(ses_json_string.encode('utf-8'))
logger.info(f" Metadata Payload Size: {payload_size} bytes") logger.info(f" Metadata Payload Size: {payload_size} bytes")
if payload_size > 200000: # Arbitrary Limit < SQS 256KB if payload_size > 200000:
raise ValueError("Payload too large for SQS") raise ValueError("Payload too large")
# Fake SNS Payload
fake_sns_payload = { fake_sns_payload = {
"Type": "Notification", "Type": "Notification",
"MessageId": str(uuid.uuid4()), "MessageId": str(uuid.uuid4()),
@@ -95,26 +146,16 @@ def lambda_handler(event, context):
"Timestamp": datetime.utcnow().isoformat() + "Z" "Timestamp": datetime.utcnow().isoformat() + "Z"
} }
# Queue URL dynamisch holen message_body = json.dumps(fake_sns_payload)
queue_url = get_queue_url(domain)
# SQS Send mit Retries # Strategie: SNS zuerst, SQS als Fallback
attempt = 0 topic_arn = get_topic_arn(domain)
while attempt < MAX_RETRIES: sns_success = publish_to_sns(topic_arn, message_body, msg_id)
try:
sqs.send_message( if not sns_success:
QueueUrl=queue_url, # Kein SNS-Topic für diese Domain → direkt in SQS (wie bisher)
MessageBody=json.dumps(fake_sns_payload) queue_url = get_queue_url(domain)
) send_to_sqs(queue_url, message_body, msg_id)
logger.info(f"✅ Successfully forwarded {msg_id} to SQS: {queue_url}")
break
except ClientError as e:
attempt += 1
error_code = e.response['Error']['Code']
logger.warning(f"Retry {attempt}/{MAX_RETRIES} for SQS send: {error_code} - {str(e)}")
if attempt == MAX_RETRIES:
raise
time.sleep(exponential_backoff(attempt))
return {'status': 'ok'} return {'status': 'ok'}

11
caddy/Dockerfile.caddy
View File

@@ -7,7 +7,16 @@ RUN xcaddy build ${CADDY_VERSION} \
--with github.com/caddy-dns/cloudflare \ --with github.com/caddy-dns/cloudflare \
--with github.com/caddyserver/replace-response --with github.com/caddyserver/replace-response
# Autodiscover Handler in Go bauen (Go ist im Builder-Image bereits verfügbar)
COPY autodiscover-handler.go /src/autodiscover-handler.go
WORKDIR /src
RUN CGO_ENABLED=0 go build -ldflags="-s -w" -o /usr/bin/autodiscover-handler autodiscover-handler.go
FROM caddy:${CADDY_VERSION} FROM caddy:${CADDY_VERSION}
COPY --from=builder /usr/bin/caddy /usr/bin/caddy COPY --from=builder /usr/bin/caddy /usr/bin/caddy
RUN mkdir -p /var/log/caddy COPY --from=builder /usr/bin/autodiscover-handler /usr/local/bin/autodiscover-handler
COPY start.sh /usr/local/bin/start.sh
RUN chmod +x /usr/local/bin/start.sh /usr/local/bin/autodiscover-handler \
&& mkdir -p /var/log/caddy
CMD ["/usr/local/bin/start.sh"]

109
caddy/autodiscover-handler.go Normal file
View File

@@ -0,0 +1,109 @@
package main
import (
"fmt"
"io"
"log"
"net/http"
"regexp"
"strings"
)
const port = "8280"
var emailRegex = regexp.MustCompile(`(?i)<EMailAddress>([^<]+)</EMailAddress>`)
func main() {
http.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
fmt.Fprint(w, "OK")
})
http.HandleFunc("/autodiscover/autodiscover.xml", handleAutodiscover)
// Outlook sendet manchmal mit Großbuchstaben
http.HandleFunc("/Autodiscover/Autodiscover.xml", handleAutodiscover)
http.HandleFunc("/AutoDiscover/AutoDiscover.xml", handleAutodiscover)
log.Printf("[autodiscover] Listening on port %s", port)
if err := http.ListenAndServe(":"+port, nil); err != nil {
log.Fatal(err)
}
}
func handleAutodiscover(w http.ResponseWriter, r *http.Request) {
var email string
if r.Method == http.MethodPost {
body, err := io.ReadAll(r.Body)
if err == nil {
if match := emailRegex.FindStringSubmatch(string(body)); len(match) > 1 {
email = strings.TrimSpace(match[1])
}
}
r.Body.Close()
}
var domain string
if email != "" {
parts := strings.SplitN(email, "@", 2)
if len(parts) == 2 {
domain = parts[1]
}
}
if domain == "" {
domain = extractDomainFromHost(r.Host)
}
log.Printf("[autodiscover] %s from %s - email=%q domain=%s", r.Method, r.RemoteAddr, email, domain)
w.Header().Set("Content-Type", "application/xml")
w.WriteHeader(http.StatusOK)
fmt.Fprint(w, buildResponse(domain, email))
}
func extractDomainFromHost(host string) string {
// Strip port
if idx := strings.Index(host, ":"); idx >= 0 {
host = host[:idx]
}
parts := strings.Split(host, ".")
if len(parts) >= 3 && strings.EqualFold(parts[0], "autodiscover") {
return strings.Join(parts[1:], ".")
}
if len(parts) >= 2 {
return strings.Join(parts[len(parts)-2:], ".")
}
return host
}
func buildResponse(domain, loginName string) string {
return fmt.Sprintf(`<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>IMAP</Type>
<Server>imap.%s</Server>
<Port>993</Port>
<DomainRequired>off</DomainRequired>
<LoginName>%s</LoginName>
<SPA>off</SPA>
<SSL>on</SSL>
<AuthRequired>on</AuthRequired>
</Protocol>
<Protocol>
<Type>SMTP</Type>
<Server>smtp.%s</Server>
<Port>465</Port>
<DomainRequired>off</DomainRequired>
<LoginName>%s</LoginName>
<SPA>off</SPA>
<SSL>on</SSL>
<AuthRequired>on</AuthRequired>
</Protocol>
</Account>
</Response>
</Autodiscover>`, domain, loginName, domain, loginName)
}

2
caddy/email-setup/setup.html
View File

@@ -35,7 +35,7 @@
<body> <body>
<div class="card"> <div class="card">
<img src="/logo.png" alt="Logo" class="logo"> <img src="/email-setup/logo.png" alt="Logo" class="logo">
<div id="input-section"> <div id="input-section">
<h1>Email Setup</h1> <h1>Email Setup</h1>

8
caddy/start.sh Normal file
View File

@@ -0,0 +1,8 @@
#!/bin/sh
set -e
# Autodiscover handler im Hintergrund starten
/usr/local/bin/autodiscover-handler &
# Caddy im Vordergrund
exec caddy run --config /etc/caddy/Caddyfile --adapter caddyfile

35
caddy/update-caddy-certs.sh
View File

@@ -78,36 +78,7 @@ OUTPUT="${OUTPUT}(email_settings) {\n"
# --- 1. Outlook Classic Autodiscover (POST + GET XML) --- # --- 1. Outlook Classic Autodiscover (POST + GET XML) ---
OUTPUT="${OUTPUT} # Outlook Autodiscover (XML) - POST und GET\n" OUTPUT="${OUTPUT} # Outlook Autodiscover (XML) - POST und GET\n"
OUTPUT="${OUTPUT} route /autodiscover/autodiscover.xml {\n" OUTPUT="${OUTPUT} route /autodiscover/autodiscover.xml {\n"
OUTPUT="${OUTPUT} header Content-Type \"application/xml\"\n" OUTPUT="${OUTPUT} reverse_proxy localhost:8280\n"
OUTPUT="${OUTPUT} respond \`<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"
OUTPUT="${OUTPUT}<Autodiscover xmlns=\"http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006\">\n"
OUTPUT="${OUTPUT} <Response xmlns=\"http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a\">\n"
OUTPUT="${OUTPUT} <Account>\n"
OUTPUT="${OUTPUT} <AccountType>email</AccountType>\n"
OUTPUT="${OUTPUT} <Action>settings</Action>\n"
OUTPUT="${OUTPUT} <Protocol>\n"
OUTPUT="${OUTPUT} <Type>IMAP</Type>\n"
OUTPUT="${OUTPUT} <Server>imap.{labels.1}.{labels.0}</Server>\n"
OUTPUT="${OUTPUT} <Port>993</Port>\n"
OUTPUT="${OUTPUT} <DomainRequired>off</DomainRequired>\n"
OUTPUT="${OUTPUT} <LoginName></LoginName>\n"
OUTPUT="${OUTPUT} <SPA>off</SPA>\n"
OUTPUT="${OUTPUT} <SSL>on</SSL>\n"
OUTPUT="${OUTPUT} <AuthRequired>on</AuthRequired>\n"
OUTPUT="${OUTPUT} </Protocol>\n"
OUTPUT="${OUTPUT} <Protocol>\n"
OUTPUT="${OUTPUT} <Type>SMTP</Type>\n"
OUTPUT="${OUTPUT} <Server>smtp.{labels.1}.{labels.0}</Server>\n"
OUTPUT="${OUTPUT} <Port>465</Port>\n"
OUTPUT="${OUTPUT} <DomainRequired>off</DomainRequired>\n"
OUTPUT="${OUTPUT} <LoginName></LoginName>\n"
OUTPUT="${OUTPUT} <SPA>off</SPA>\n"
OUTPUT="${OUTPUT} <SSL>on</SSL>\n"
OUTPUT="${OUTPUT} <AuthRequired>on</AuthRequired>\n"
OUTPUT="${OUTPUT} </Protocol>\n"
OUTPUT="${OUTPUT} </Account>\n"
OUTPUT="${OUTPUT} </Response>\n"
OUTPUT="${OUTPUT}</Autodiscover>\` 200\n"
OUTPUT="${OUTPUT} }\n" OUTPUT="${OUTPUT} }\n"
OUTPUT="${OUTPUT}\n" OUTPUT="${OUTPUT}\n"
@@ -135,14 +106,14 @@ OUTPUT="${OUTPUT} <hostname>imap.{labels.1}.{labels.0}</hostname>\n"
OUTPUT="${OUTPUT} <port>993</port>\n" OUTPUT="${OUTPUT} <port>993</port>\n"
OUTPUT="${OUTPUT} <socketType>SSL</socketType>\n" OUTPUT="${OUTPUT} <socketType>SSL</socketType>\n"
OUTPUT="${OUTPUT} <authentication>password-cleartext</authentication>\n" OUTPUT="${OUTPUT} <authentication>password-cleartext</authentication>\n"
OUTPUT="${OUTPUT} <username>%%EMAILADDRESS%%</username>\n" OUTPUT="${OUTPUT} <username>%EMAILADDRESS%</username>\n"
OUTPUT="${OUTPUT} </incomingServer>\n" OUTPUT="${OUTPUT} </incomingServer>\n"
OUTPUT="${OUTPUT} <outgoingServer type=\"smtp\">\n" OUTPUT="${OUTPUT} <outgoingServer type=\"smtp\">\n"
OUTPUT="${OUTPUT} <hostname>smtp.{labels.1}.{labels.0}</hostname>\n" OUTPUT="${OUTPUT} <hostname>smtp.{labels.1}.{labels.0}</hostname>\n"
OUTPUT="${OUTPUT} <port>465</port>\n" OUTPUT="${OUTPUT} <port>465</port>\n"
OUTPUT="${OUTPUT} <socketType>SSL</socketType>\n" OUTPUT="${OUTPUT} <socketType>SSL</socketType>\n"
OUTPUT="${OUTPUT} <authentication>password-cleartext</authentication>\n" OUTPUT="${OUTPUT} <authentication>password-cleartext</authentication>\n"
OUTPUT="${OUTPUT} <username>%%EMAILADDRESS%%</username>\n" OUTPUT="${OUTPUT} <username>%EMAILADDRESS%</username>\n"
OUTPUT="${OUTPUT} </outgoingServer>\n" OUTPUT="${OUTPUT} </outgoingServer>\n"
OUTPUT="${OUTPUT} </emailProvider>\n" OUTPUT="${OUTPUT} </emailProvider>\n"
OUTPUT="${OUTPUT}</clientConfig>\` 200\n" OUTPUT="${OUTPUT}</clientConfig>\` 200\n"

10
email-worker-nodejs/docker-compose.yml
View File

@@ -10,12 +10,14 @@ services:
ports: ports:
- "9000:8000" # Prometheus metrics (Host:Container) - "9000:8000" # Prometheus metrics (Host:Container)
- "9090:8080" # Health check (Host:Container) - "9090:8080" # Health check (Host:Container)
# Connect to DMS on the host or Docker network
extra_hosts:
- "host.docker.internal:host-gateway"
environment: environment:
- SMTP_HOST=host.docker.internal - SMTP_HOST=mailserver
- SMTP_PORT=25 - SMTP_PORT=25
networks:
- mail_network
volumes: volumes:
worker-logs: worker-logs:
networks:
mail_network:
external: true

5
email-worker-nodejs/src/config.ts
View File

@@ -48,6 +48,9 @@ export const config = {
// Monitoring // Monitoring
metricsPort: parseInt(process.env.METRICS_PORT ?? '8000', 10), metricsPort: parseInt(process.env.METRICS_PORT ?? '8000', 10),
healthPort: parseInt(process.env.HEALTH_PORT ?? '8080', 10), healthPort: parseInt(process.env.HEALTH_PORT ?? '8080', 10),
queueSuffix: process.env.QUEUE_SUFFIX ?? '-queue',
standbyMode: (process.env.STANDBY_MODE ?? 'false').toLowerCase() === 'true',
} as const; } as const;
export type Config = typeof config; export type Config = typeof config;
@@ -106,7 +109,7 @@ export function isInternalAddress(email: string): boolean {
/** Convert domain to SQS queue name: bizmatch.net → bizmatch-net-queue */ /** Convert domain to SQS queue name: bizmatch.net → bizmatch-net-queue */
export function domainToQueueName(domain: string): string { export function domainToQueueName(domain: string): string {
return domain.replace(/\./g, '-') + '-queue'; return domain.replace(/\./g, '-') + config.queueSuffix;
} }
/** Convert domain to S3 bucket name: bizmatch.net → bizmatch-net-emails */ /** Convert domain to S3 bucket name: bizmatch.net → bizmatch-net-emails */

3
email-worker-nodejs/src/email/rules-processor.ts
View File

@@ -36,6 +36,9 @@ export class RulesProcessor {
workerName: string, workerName: string,
metricsCallback?: MetricsCallback, metricsCallback?: MetricsCallback,
): Promise<boolean> { ): Promise<boolean> {
if (config.standbyMode) {
return false;
}
const rule = await this.dynamodb.getEmailRules(recipient.toLowerCase()); const rule = await this.dynamodb.getEmailRules(recipient.toLowerCase());
if (!rule) return false; if (!rule) return false;

10
email-worker-nodejs/src/worker/message-processor.ts
View File

@@ -26,7 +26,7 @@ import { BlocklistChecker } from '../email/blocklist.js';
import { BounceHandler } from '../email/bounce-handler.js'; import { BounceHandler } from '../email/bounce-handler.js';
import { parseEmail, isProcessedByWorker } from '../email/parser.js'; import { parseEmail, isProcessedByWorker } from '../email/parser.js';
import { RulesProcessor } from '../email/rules-processor.js'; import { RulesProcessor } from '../email/rules-processor.js';
import { config } from '../config.js';
// --------------------------------------------------------------------------- // ---------------------------------------------------------------------------
// Processor // Processor
// --------------------------------------------------------------------------- // ---------------------------------------------------------------------------
@@ -258,7 +258,8 @@ export class MessageProcessor {
if (totalHandled === recipients.length) { if (totalHandled === recipients.length) {
if (blockedRecipients.length === recipients.length) { if (blockedRecipients.length === recipients.length) {
// All blocked // All blocked — im Standby kein S3 anfassen
if (!config.standbyMode) {
try { try {
await this.s3.markAsBlocked( await this.s3.markAsBlocked(
domain, domain,
@@ -272,14 +273,18 @@ export class MessageProcessor {
log(`⚠ Failed to handle blocked email: ${err.message ?? err}`, 'ERROR', workerName); log(`⚠ Failed to handle blocked email: ${err.message ?? err}`, 'ERROR', workerName);
return false; return false;
} }
}
} else if (successful.length > 0) { } else if (successful.length > 0) {
if (!config.standbyMode) {
await this.s3.markAsProcessed( await this.s3.markAsProcessed(
domain, domain,
messageId, messageId,
workerName, workerName,
failedPermanent.length > 0 ? failedPermanent : undefined, failedPermanent.length > 0 ? failedPermanent : undefined,
); );
}
} else if (failedPermanent.length > 0) { } else if (failedPermanent.length > 0) {
if (!config.standbyMode) {
await this.s3.markAsAllInvalid( await this.s3.markAsAllInvalid(
domain, domain,
messageId, messageId,
@@ -287,6 +292,7 @@ export class MessageProcessor {
workerName, workerName,
); );
} }
}
// Summary // Summary
const parts: string[] = []; const parts: string[] = [];