diff --git a/app/controllers/webhooks_controller.rb b/app/controllers/webhooks_controller.rb
new file mode 100644
index 00000000000..f1278612773
--- /dev/null
+++ b/app/controllers/webhooks_controller.rb
@@ -0,0 +1,77 @@
+require "openssl"
+
+class WebhooksController < ActionController::Base
+
+ def mailgun
+ # can't verify data without an API key
+ return mailgun_failure if SiteSetting.mailgun_api_key.blank?
+
+ # token is a random string of 50 characters
+ token = params.delete("token")
+ return mailgun_failure if token.blank? || token.size != 50
+
+ # prevent replay attack
+ key = "mailgun_token_#{token}"
+ return mailgun_failure unless $redis.setnx(key, 1)
+ $redis.expire(key, 8.hours)
+
+ # ensure timestamp isn't too far from current time
+ timestamp = params.delete("timestamp")
+ return mailgun_failure if (Time.at(timestamp.to_i) - Time.now).abs > 1.hour.to_i
+
+ # check the signature
+ return mailgun_failure unless mailgun_verify(timestamp, token, params["signature"])
+
+ handled = false
+ event = params.delete("event")
+
+ # only handle soft bounces, because hard bounces are also handled
+ # by the "dropped" event and we don't want to increase bounce score twice
+ # for the same message
+ if event == "bounced".freeze && params["error"]["4."]
+ handled = mailgun_process(params, Email::Receiver::SOFT_BOUNCE_SCORE)
+ elsif event == "dropped".freeze
+ handled = mailgun_process(params, Email::Receiver::HARD_BOUNCE_SCORE)
+ end
+
+ handled ? mailgun_success : mailgun_failure
+ end
+
+ private
+
+ def mailgun_failure
+ render nothing: true, status: 406
+ end
+
+ def mailgun_success
+ render nothing: true, status: 200
+ end
+
+ def mailgun_verify(timestamp, token, signature)
+ digest = OpenSSL::Digest::SHA256.new
+ data = "#{timestamp}#{token}"
+ signature == OpenSSL::HMAC.hexdigest(digest, SiteSetting.mailgun_api_key, data)
+ end
+
+ def mailgun_process(params, bounce_score)
+ return false if params["message-headers"].blank?
+
+ return_path_header = params["message-headers"].first { |h| h[0] == "Return-Path".freeze }
+ return false if return_path_header.blank?
+
+ return_path = return_path_header[1]
+ return false if return_path.blank?
+
+ bounce_key = return_path[/\+verp-(\h{32})@/, 1]
+ return false if bounce_key.blank?
+
+ email_log = EmailLog.find_by(bounce_key: bounce_key)
+ return false if email_log.nil?
+
+ email_log.update_columns(bounced: true)
+ Email::Receiver.update_bounce_score(email_log.user.email, bounce_score)
+
+ true
+ end
+
+end
diff --git a/app/models/admin_dashboard_data.rb b/app/models/admin_dashboard_data.rb
index b5ca6de7550..66a31f88752 100644
--- a/app/models/admin_dashboard_data.rb
+++ b/app/models/admin_dashboard_data.rb
@@ -266,4 +266,11 @@ class AdminDashboardData
I18n.t('dashboard.email_polling_errored_recently', count: errors) if errors > 0
end
+ def missing_mailgun_api_key
+ return unless SiteSetting.reply_by_email_enabled
+ return unless ActionMailer::Base.smtp_settings[:address]["smtp.mailgun.org"]
+ return unless SiteSetting.mailgun_api_key.blank?
+ I18n.t('dashboard.missing_mailgun_api_key')
+ end
+
end
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index ff4ca0f808a..11da9082f27 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -798,6 +798,7 @@ en:
email_polling_errored_recently:
one: "Email polling has generated an error in the past 24 hours. Look at the logs for more details."
other: "Email polling has generated %{count} errors in the past 24 hours. Look at the logs for more details."
+ missing_mailgun_api_key: "The server is configured to send emails via mailgun but you haven't provided an API key used the verify the webhook messages."
bad_favicon_url: "The favicon is failing to load. Check your favicon_url setting in Site Settings."
poll_pop3_timeout: "Connection to the POP3 server is timing out. Incoming email could not be retrieved. Please check your POP3 settings and service provider."
poll_pop3_auth_error: "Connection to the POP3 server is failing with an authentication error. Please check your POP3 settings."
@@ -1185,6 +1186,7 @@ en:
block_auto_generated_emails: "Block incoming emails identified as being auto generated."
bounce_score_threshold: "Max score before we will stop emailing a user. Soft bounce adds 1, hard bounce adds 2, score reset 30 days after last bounce."
ignore_by_title: "Ignore incoming emails based on their title."
+ mailgun_api_key: "Mailgun API key used to verify webhook messages."
manual_polling_enabled: "Push emails using the API for email replies."
pop3_polling_enabled: "Poll via POP3 for email replies."
diff --git a/config/routes.rb b/config/routes.rb
index 21459fc9c3f..9a1675e2401 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -16,6 +16,8 @@ Discourse::Application.routes.draw do
match "/404", to: "exceptions#not_found", via: [:get, :post]
get "/404-body" => "exceptions#not_found_body"
+ post "webhooks/mailgun" => "webhooks#mailgun"
+
if Rails.env.development?
mount Sidekiq::Web => "/sidekiq"
mount Logster::Web => "/logs"
diff --git a/config/site_settings.yml b/config/site_settings.yml
index 828ddf1dde2..e3176161f8c 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -582,6 +582,9 @@ email:
ignore_by_title:
type: list
default: ''
+ mailgun_api_key:
+ default: ''
+ regex: '^pubkey-\h{32}$'
files:
diff --git a/lib/email/receiver.rb b/lib/email/receiver.rb
index d71cf8ca7da..af3245fde95 100644
--- a/lib/email/receiver.rb
+++ b/lib/email/receiver.rb
@@ -151,12 +151,12 @@ module Email
if @mail.error_status.present?
if @mail.error_status.start_with?("4.")
- update_bounce_score(email_log.user.email, SOFT_BOUNCE_SCORE)
+ Email::Receiver.update_bounce_score(email_log.user.email, SOFT_BOUNCE_SCORE)
elsif @mail.error_status.start_with?("5.")
- update_bounce_score(email_log.user.email, HARD_BOUNCE_SCORE)
+ Email::Receiver.update_bounce_score(email_log.user.email, HARD_BOUNCE_SCORE)
end
elsif is_auto_generated?
- update_bounce_score(email_log.user.email, HARD_BOUNCE_SCORE)
+ Email::Receiver.update_bounce_score(email_log.user.email, HARD_BOUNCE_SCORE)
end
end
end
@@ -168,7 +168,7 @@ module Email
@verp ||= all_destinations.select { |to| to[/\+verp-\h{32}@/] }.first
end
- def update_bounce_score(email, score)
+ def self.update_bounce_score(email, score)
# only update bounce score once per day
key = "bounce_score:#{email}:#{Date.today}"
diff --git a/spec/controllers/webhooks_controller_spec.rb b/spec/controllers/webhooks_controller_spec.rb
new file mode 100644
index 00000000000..662833b494b
--- /dev/null
+++ b/spec/controllers/webhooks_controller_spec.rb
@@ -0,0 +1,34 @@
+require "rails_helper"
+
+describe WebhooksController do
+
+ context "mailgun" do
+
+
+ it "works" do
+ SiteSetting.mailgun_api_key = "pubkey-8221462f0c915af3f6f2e2df7aa5a493"
+ token = "705a8ccd2ce932be8e98c221fe701c1b4a0afcb8bbd57726de"
+
+ user = Fabricate(:user, email: "em@il.com")
+ email_log = Fabricate(:email_log, user: user, bounce_key: SecureRandom.hex)
+ return_path = "foo+verp-#{email_log.bounce_key}@bar.com"
+
+ $redis.del("mailgun_token_#{token}")
+ $redis.del("bounce_score:#{user.email}:#{Date.today}")
+ WebhooksController.any_instance.expects(:mailgun_verify).returns(true)
+
+ post :mailgun, "token" => token,
+ "timestamp" => Time.now.to_i,
+ "event" => "dropped",
+ "message-headers" => [["Return-Path", return_path]]
+
+ expect(response).to be_success
+
+ email_log.reload
+ expect(email_log.bounced).to eq(true)
+ expect(email_log.user.user_stat.bounce_score).to eq(2)
+ end
+
+ end
+
+end