18 "github.com/prometheus/client_golang/prometheus"

19 "github.com/prometheus/client_golang/prometheus/promauto"

41 Buckets: []float64{0.01, 0.05, 0.1, 0.5, 1, 5, 10, 20, 30},

49 []string{"code"}, // Known http status codes (e.g. "404"), or "<major>xx" for unknown http status codes, or "error".

53// Hook is a webhook call about a delivery. We'll try delivering with backoff until we succeed or fail.

56 QueueMsgID int64 `bstore:"index"` // Original queue Msg/MsgRetired ID. Zero for hooks for incoming messages.

57 FromID string // As generated by us and returned in webapi call. Can be empty, for incoming messages to our base address.

58 MessageID string // Of outgoing or incoming messages. Includes <>.

59 Subject string // Subject of original outgoing message, or of incoming message.

60 Extra map[string]string // From submitted message.

63 URL string `bstore:"nonzero"` // Taken from config when webhook is scheduled.

64 Authorization string // Optional value for authorization header to include in HTTP request.

66 OutgoingEvent string // Empty string if not outgoing.

69 Submitted time.Time `bstore:"default now,index"`

71 NextAttempt time.Time `bstore:"nonzero,index"` // Index for fast scheduling.

75// HookResult is the result of a single attempt to deliver a webhook.

81 Code int // eg 200, 404, 500. 2xx implies success.

83 Response string // Max 512 bytes of HTTP response body.

86// for logging queueing or starting delivery of a hook.

105// LastResult returns the last result entry, or an empty result.

113// Retired returns a HookRetired for a Hook, for insertion into the database.

114func (h Hook) Retired(success bool, lastActivity, keepUntil time.Time) HookRetired {

137// HookRetired is a Hook that was delivered/failed/canceled and kept according

141 QueueMsgID int64 // Original queue Msg or MsgRetired ID. Zero for hooks for incoming messages.

142 FromID string // As generated by us and returned in webapi call. Can be empty, for incoming messages to our base address.

143 MessageID string // Of outgoing or incoming messages. Includes <>.

144 Subject string // Subject of original outgoing message, or of incoming message.

145 Extra map[string]string // From submitted message.

147 Account string `bstore:"nonzero,index Account+LastActivity"`

148 URL string `bstore:"nonzero"` // Taken from config at start of each attempt.

149 Authorization bool // Whether request had authorization without keeping it around.

155 SupersededByID int64 // If not 0, a Hook.ID that superseded this one and Done will be true.

164// LastResult returns the last result entry, or an empty result.

165func (h HookRetired) LastResult() HookResult {

178 log.Error("unhandled panic while cleaning up retired webhooks", slog.Any("x", x))

199 n, err := bstore.QueryDB[HookRetired](mox.Shutdown, DB).FilterLess("KeepUntil", time.Now()).Delete()

200 log.Check(err, "removing old retired webhooks")

202 log.Debug("cleaned up retired webhooks", slog.Int("count", n))

206func hookRetiredKeep(account string) time.Duration {

215// HookFilter filters messages to list or operate on. Used by admin web interface

218// Only non-empty/non-zero values are applied to the filter. Leaving all fields

224 Submitted string // Whether submitted before/after a time relative to now. ">$duration" or "<$duration", also with "now" for duration.

225 NextAttempt string // ">$duration" or "<$duration", also with "now" for duration.

229func (f HookFilter) apply(q *bstore.Query[Hook]) error {

233 applyTime := func(field string, s string) error {

239 return fmt.Errorf(`must start with "<" for less or ">" for greater than a duration ago`)

245 } else if d, err := time.ParseDuration(s); err != nil {

246 return fmt.Errorf("parsing duration %q: %v", orig, err)

258 if err := applyTime("Submitted", f.Submitted); err != nil {

259 return fmt.Errorf("applying filter for submitted: %v", err)

263 if err := applyTime("NextAttempt", f.NextAttempt); err != nil {

264 return fmt.Errorf("applying filter for next attempt: %v", err)

274 q.FilterNonzero(Hook{OutgoingEvent: f.Event})

284 Field string // "Queued" or "NextAttempt"/"".

285 LastID int64 // If > 0, we return objects beyond this, less/greater depending on Asc.

286 Last any // Value of Field for last object. Must be set iff LastID is set.

290func (s HookSort) apply(q *bstore.Query[Hook]) error {

297 return fmt.Errorf("unknown sort order field %q", s.Field)

303 return fmt.Errorf("last should be string with time, not %T %q", s.Last, s.Last)

305 last, err := time.Parse(time.RFC3339Nano, ls)

310 return fmt.Errorf("parsing last %q as time: %v", s.Last, err)

315 fieldEqual = func(h Hook) bool { return h.NextAttempt.Equal(last) }

317 fieldEqual = func(h Hook) bool { return h.Submitted.Equal(last) }

339// HookQueueSize returns the number of webhooks in the queue.

340func HookQueueSize(ctx context.Context) (int, error) {

344// HookList returns webhooks according to filter and sort.

345func HookList(ctx context.Context, filter HookFilter, sort HookSort) ([]Hook, error) {

356// HookRetiredFilter filters messages to list or operate on. Used by admin web interface

359// Only non-empty/non-zero values are applied to the filter. Leaving all fields

365 Submitted string // Whether submitted before/after a time relative to now. ">$duration" or "<$duration", also with "now" for duration.

366 LastActivity string // ">$duration" or "<$duration", also with "now" for duration.

370func (f HookRetiredFilter) apply(q *bstore.Query[HookRetired]) error {

374 applyTime := func(field string, s string) error {

380 return fmt.Errorf(`must start with "<" for before or ">" for after a duration`)

386 } else if d, err := time.ParseDuration(s); err != nil {

387 return fmt.Errorf("parsing duration %q: %v", orig, err)

399 if err := applyTime("Submitted", f.Submitted); err != nil {

400 return fmt.Errorf("applying filter for submitted: %v", err)

404 if err := applyTime("LastActivity", f.LastActivity); err != nil {

405 return fmt.Errorf("applying filter for last activity: %v", err)

409 q.FilterNonzero(HookRetired{Account: f.Account})

413 q.FilterNonzero(HookRetired{IsIncoming: true})

415 q.FilterNonzero(HookRetired{OutgoingEvent: f.Event})

425 Field string // "Queued" or "LastActivity"/"".

426 LastID int64 // If > 0, we return objects beyond this, less/greater depending on Asc.

427 Last any // Value of Field for last object. Must be set iff LastID is set.

431func (s HookRetiredSort) apply(q *bstore.Query[HookRetired]) error {

438 return fmt.Errorf("unknown sort order field %q", s.Field)

444 return fmt.Errorf("last should be string with time, not %T %q", s.Last, s.Last)

446 last, err := time.Parse(time.RFC3339Nano, ls)

451 return fmt.Errorf("parsing last %q as time: %v", s.Last, err)

456 fieldEqual = func(hr HookRetired) bool { return hr.LastActivity.Equal(last) }

458 fieldEqual = func(hr HookRetired) bool { return hr.Submitted.Equal(last) }

480// HookRetiredList returns retired webhooks according to filter and sort.

481func HookRetiredList(ctx context.Context, filter HookRetiredFilter, sort HookRetiredSort) ([]HookRetired, error) {

492// HookNextAttemptAdd adds a duration to the NextAttempt for all matching messages, and

494func HookNextAttemptAdd(ctx context.Context, filter HookFilter, d time.Duration) (affected int, err error) {

495 err = DB.Write(ctx, func(tx *bstore.Tx) error {

502 return fmt.Errorf("listing matching hooks: %v", err)

520// HookNextAttemptSet sets NextAttempt for all matching messages to a new absolute

522func HookNextAttemptSet(ctx context.Context, filter HookFilter, t time.Time) (affected int, err error) {

527 n, err := q.UpdateNonzero(Hook{NextAttempt: t})

529 return 0, fmt.Errorf("selecting and updating hooks in queue: %v", err)

535// HookCancel prevents more delivery attempts of the hook, moving it to the

537func HookCancel(ctx context.Context, log mlog.Log, filter HookFilter) (affected int, err error) {

539 err = DB.Write(ctx, func(tx *bstore.Tx) error {

547 return fmt.Errorf("selecting and deleting hooks from queue: %v", err)

559 hr.Results = append(hr.Results, HookResult{Start: now, Error: "canceled by admin"})

561 return fmt.Errorf("inserting retired hook: %v", err)

579func hookCompose(m Msg, url, authz string, event webhook.OutgoingEvent, suppressing bool, code int, secodeOpt string) (Hook, error) {

584 lastError = m.Results[len(m.Results)-1].Error

588 ecode = fmt.Sprintf("%d.%s", code/100, secodeOpt)

608 return Hook{}, fmt.Errorf("marshal webhook payload: %v", err)

629// Incoming processes a message delivered over SMTP for webhooks. If the message is

630// a DSN, a webhook for outgoing deliveries may be scheduled (if configured).

631// Otherwise, a webhook for incoming deliveries may be scheduled.

632func Incoming(ctx context.Context, log mlog.Log, acc *store.Account, messageID string, m store.Message, part message.Part, mailboxName string) error {

642 // todo future: if there is no fromid in our rcpt address, but this is a 3-part dsn with headers that includes message-id, try matching based on that.

643 // todo future: once we implement the SMTP DSN extension, use ENVID when sending (if destination implements it), and start looking for Original-Envelope-ID in the DSN.

645 // If this is a DSN for a message we sent, don't deliver a hook for incoming

650 log.Debugx("parsing recipient domain in incoming message", err)

653 if domconf.LocalpartCatchallSeparator != "" {

654 t := strings.SplitN(string(m.RcptToLocalpart), domconf.LocalpartCatchallSeparator, 2)

664 err := DB.Write(ctx, func(tx *bstore.Tx) (rerr error) {

665 mr, err := bstore.QueryTx[MsgRetired](tx).FilterNonzero(MsgRetired{FromID: fromID}).Get()

667 log.Debug("no original message found for fromid", slog.String("fromid", fromID))

670 return fmt.Errorf("looking up original message for fromid: %v", err)

676 log = log.With(slog.String("fromid", fromID))

677 log.Debug("processing incoming message about previous delivery for webhooks")

681 mr.Results = append(mr.Results, MsgResult{Start: now, Error: "incoming message"})

682 result := &mr.Results[len(mr.Results)-1] // Updated below.

693 ecode = fmt.Sprintf("%d.%s", code/100, secode)

710 rerr = fmt.Errorf("updating retired message after processing: %v", err)

716 if !(part.MediaType == "MULTIPART" && part.MediaSubType == "REPORT" && len(part.Parts) >= 2 && part.Parts[1].MediaType == "MESSAGE" && (part.Parts[1].MediaSubType == "DELIVERY-STATUS" || part.Parts[1].MediaSubType == "GLOBAL-DELIVERY-STATUS")) {

717 // Some kind of delivery-related event, but we don't recognize it.

722 dsnutf8 := part.Parts[1].MediaSubType == "GLOBAL-DELIVERY-STATUS"

723 dsnmsg, err := dsn.Decode(part.Parts[1].ReaderUTF8OrBinary(), dsnutf8)

725 log.Infox("parsing dsn message for webhook", err)

726 result.Error = fmt.Sprintf("parsing incoming dsn: %v", err)

729 log.Info("dsn message for webhook does not have exactly one dsn recipient", slog.Int("nrecipients", len(dsnmsg.Recipients)))

730 result.Error = fmt.Sprintf("incoming dsn has %d recipients, expecting 1", len(dsnmsg.Recipients))

737 code, secode = parseSMTPCodes(dsnrcpt.DiagnosticCodeSMTP)

743 } else if strings.HasPrefix(dsnrcpt.Status, "5.") {

750 log.Debug("incoming dsn message", slog.String("action", string(dsnrcpt.Action)), slog.Int("dsncode", code), slog.String("dsnsecode", secode))

765 suppressedMsgIDs, err = suppressionProcess(log, tx, sc)

767 return fmt.Errorf("processing dsn for suppression list: %v", err)

770 log.Debug("no code/secode in dsn for failed delivery", slog.Int64("msgid", mr.ID))

773 case dsn.Delayed, dsn.Delivered, dsn.Relayed, dsn.Expanded:

774 outgoingEvent = webhook.OutgoingEvent(string(s))

778 log.Info("unrecognized dsn action", slog.String("action", string(dsnrcpt.Action)))

783 return fmt.Errorf("processing message based on fromid: %v", err)

796 authz = accConf.IncomingWebhook.Authorization

798 log.Debug("composing webhook for incoming message")

802 return fmt.Errorf("parsing part structure: %v", err)

808 rcptTo = m.RcptToLocalpart.String() + "@" + m.RcptToDomain

841 // todo: ideally, we would have this information available in parsed Part, not require parsing headers here.

844 log.Debugx("parsing headers of incoming message", err, slog.Int64("msgid", m.ID))

846 refs, err := message.ReferencedIDs(h.Values("References"), nil)

848 log.Debugx("parsing references header", err, slog.Int64("msgid", m.ID))

858 // Check if message is automated. Empty SMTP MAIL FROM indicates this was some kind

859 // of service message. Several headers indicate out-of-office replies, messages

860 // from mailing or marketing lists. And the content-type can indicate a report

862 in.Meta.Automated = m.MailFrom == "" || isAutomated(h) || part.MediaType == "MULTIPART" && part.MediaSubType == "REPORT"

865 text, html, _, err := webops.ReadableParts(part, 1*1024*1024)

867 log.Debugx("looking for text and html content in message", err)

869 in.Text = strings.ReplaceAll(text, "\r\n", "\n")

870 in.HTML = strings.ReplaceAll(html, "\r\n", "\n")

875 } else if len(accConf.OutgoingWebhook.Events) == 0 || slices.Contains(accConf.OutgoingWebhook.Events, string(outgoingEvent)) {

877 authz = accConf.OutgoingWebhook.Authorization

879 log.Debug("not sending webhook, account not subscribed for event", slog.String("event", string(outgoingEvent)))

885 return fmt.Errorf("marshal webhook payload: %v", err)

902 err = DB.Write(ctx, func(tx *bstore.Tx) error {

903 if err := hookInsert(tx, &h, now, accConf.KeepRetiredWebhookPeriod); err != nil {

904 return fmt.Errorf("queueing webhook for incoming message: %v", err)

909 return fmt.Errorf("inserting webhook in database: %v", err)

911 log.Debug("queued webhook for incoming message", h.attrs()...)

916// PartStructure returns a webhook.Structure for a parsed message part.

917func PartStructure(log mlog.Log, p *message.Part) (webhook.Structure, error) {

918 parts := make([]webhook.Structure, len(p.Parts))

921 parts[i], err = PartStructure(log, &p.Parts[i])

922 if err != nil && !errors.Is(err, message.ErrParamEncoding) {

926 disp, filename, err := p.DispositionFilename()

927 if err != nil && errors.Is(err, message.ErrParamEncoding) {

928 log.Debugx("parsing disposition/filename", err)

933 ContentType: strings.ToLower(p.MediaType + "/" + p.MediaSubType),

941 // Replace nil map with empty map, for easier to use JSON.

948func isAutomated(h textproto.MIMEHeader) bool {

949 l := []string{"List-Id", "List-Unsubscribe", "List-Unsubscribe-Post", "Precedence"}

955 if s := strings.TrimSpace(h.Get("Auto-Submitted")); s != "" && !strings.EqualFold(s, "no") {

961func parseSMTPCodes(line string) (code int, secode string) {

970 if len(t) >= 2 && (strings.HasPrefix(t[1], "4.") || strings.HasPrefix(t[1], "5.")) {

976// Insert hook into database, but first retire any existing pending hook for

978func hookInsert(tx *bstore.Tx, h *Hook, now time.Time, accountKeepPeriod time.Duration) error {

986 // Find existing queued hook for previously msgid from queue. Can be at most one.

987 oh, err := bstore.QueryTx[Hook](tx).FilterNonzero(Hook{QueueMsgID: h.QueueMsgID}).FilterNotEqual("ID", h.ID).Get()

991 return fmt.Errorf("get existing webhook before inserting new hook for same queuemsgid %d", h.QueueMsgID)

995 // This hook may be in the process of being delivered. When delivered, we'll try to

996 // move it from Hook to HookRetired. But that will fail since Hook is already

997 // retired. We detect that situation and update the retired hook with the new

1000 hr := oh.Retired(false, now, now.Add(accountKeepPeriod))

1003 return fmt.Errorf("inserting superseded webhook as retired hook: %v", err)

1007 return fmt.Errorf("deleting superseded webhook: %v", err)

1012func addresses(al []message.Address) []webhook.NameAddress {

1059 if len(busyHookURLs) >= maxConcurrentHookDeliveries {

1064 timer.Reset(hookNextWork(mox.Shutdown, log, busyHookURLs))

1068func hookNextWork(ctx context.Context, log mlog.Log, busyURLs map[string]struct{}) time.Duration {

1083 log.Errorx("finding time for next webhook delivery attempt", err)

1089func hookLaunchWork(log mlog.Log, busyURLs map[string]struct{}) int {

1091 q.FilterLessEqual("NextAttempt", time.Now())

1112 log.Errorx("querying for work in webhook queue", err)

1129 hookIntervals = []time.Duration{M, 2 * M, 4 * M, 15 * M / 2, 15 * M, 30 * M, 1 * H, 2 * H, 4 * H, 8 * H, 16 * H}

1136 qlog.Debug("attempting to deliver webhook", h.attrs()...)

1137 qlog = qlog.With(slog.Int64("webhookid", h.ID))

1144 qlog.Error("webhook deliver panic", slog.Any("panic", x))

1150 // todo: should we get a new webhook url from the config before attempting? would intervene with our "urls busy" approach. may not be worth it.

1152 // Set Attempts & NextAttempt early. In case of failures while processing, at least

1153 // we won't try again immediately. We do backoff at intervals:

1158 backoff = hookIntervals[len(hookIntervals)-1] * time.Duration(2)

1160 backoff += time.Duration(jitter.IntN(200)-100) * backoff / 10000

1164 h.Results = append(h.Results, HookResult{Start: now, URL: h.URL, Error: resultErrorDelivering})

1166 if err := DB.Update(mox.Shutdown, &h); err != nil {

1167 qlog.Errorx("storing webhook delivery attempt", err)

1171 hctx, cancel := context.WithTimeout(ctx, 60*time.Second)

1174 code, response, err := HookPost(hctx, qlog, h.ID, h.Attempts, h.URL, h.Authorization, h.Payload)

1183 if err != nil && h.Attempts <= len(hookIntervals) {

1184 // We'll try again later, so only update existing record.

1185 qlog.Debugx("webhook delivery failed, will try again later", err)

1186 xerr := DB.Write(context.Background(), func(tx *bstore.Tx) error {

1187 if err := tx.Update(&h); err == bstore.ErrAbsent {

1190 return fmt.Errorf("update webhook after retryable failure: %v", err)

1194 qlog.Check(xerr, "updating failed webhook delivery attempt in database", slog.String("deliveryerr", err.Error()))

1198 qlog.Debugx("webhook delivery completed", err, slog.Bool("success", result.Success))

1201 err = DB.Write(context.Background(), func(tx *bstore.Tx) error {

1202 if err := tx.Delete(&h); err == bstore.ErrAbsent {

1205 return fmt.Errorf("removing webhook from database: %v", err)

1209 hr := h.Retired(result.Success, t0, t0.Add(keep))

1211 return fmt.Errorf("inserting retired webhook in database: %v", err)

1216 qlog.Check(err, "moving delivered webhook from to retired hooks")

1219func updateRetiredHook(tx *bstore.Tx, h Hook, result *HookResult) error {

1220 // Hook is gone. It may have been superseded and moved to HookRetired while we were

1221 // delivering it. If so, add the result to the retired hook.

1224 return fmt.Errorf("result for webhook that was no longer in webhook queue or retired webhooks: %v", err)

1229 return fmt.Errorf("updating retired webhook after webhook was superseded during delivery: %v", err)

1234var hookClient = &http.Client{Transport: hookTransport()}

1237 t := http.DefaultTransport.(*http.Transport).Clone()

1238 // Limit resources consumed during idle periods, probably most of the time. But

1239 // during busy periods, we may use the few connections for many events.

1245func HookPost(ctx context.Context, log mlog.Log, hookID int64, attempt int, url, authz string, payload string) (code int, response string, err error) {

1246 req, err := http.NewRequestWithContext(ctx, "POST", url, strings.NewReader(payload))

1248 return 0, "", fmt.Errorf("new request: %v", err)

1250 req.Header.Set("User-Agent", fmt.Sprintf("mox/%s (webhook)", moxvar.Version))

1251 req.Header.Set("Content-Type", "application/json; charset=utf-8")

1252 req.Header.Set("X-Mox-Webhook-ID", fmt.Sprintf("%d", hookID))

1253 req.Header.Set("X-Mox-Webhook-Attempt", fmt.Sprintf("%d", attempt))

1259 metricHookRequest.Observe(float64(time.Since(t0)) / float64(time.Second))

1261 metricHookResult.WithLabelValues("error").Inc()

1263 return 0, "", fmt.Errorf("http transact: %v", err)

1267 // Use full http status code for known codes, and a generic "<major>xx" for others.

1268 result := fmt.Sprintf("%d", resp.StatusCode)

1270 result = fmt.Sprintf("%dxx", resp.StatusCode/100)

1272 metricHookResult.WithLabelValues(result).Inc()

1273 log.Debug("webhook http post result", slog.Int("statuscode", resp.StatusCode), slog.Duration("duration", time.Since(t0)))

1275 respbuf, _ := io.ReadAll(io.LimitReader(resp.Body, 512))

1277 err = fmt.Errorf("http status %q, expected 200 ok", resp.Status)

1279 return resp.StatusCode, string(respbuf), err