Possibility to disable the TLS verify for sending mails.

pull/159/merge
Fabrizio Steiner 7 years ago
parent 714e30f532
commit 5463256aa2

@ -199,3 +199,8 @@
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
Watchtower contains code that is licensed under a BSD-license:
- Copyright (c) 2009 The Go Authors. All rights reserved.
For details see https://golang.org/LICENSE

@ -195,6 +195,7 @@ To receive notifications by email, the following command-line options, or their
* `--notification-email-from` (env. `WATCHTOWER_NOTIFICATION_EMAIL_FROM`): The e-mail address from which notifications will be sent. * `--notification-email-from` (env. `WATCHTOWER_NOTIFICATION_EMAIL_FROM`): The e-mail address from which notifications will be sent.
* `--notification-email-to` (env. `WATCHTOWER_NOTIFICATION_EMAIL_TO`): The e-mail address to which notifications will be sent. * `--notification-email-to` (env. `WATCHTOWER_NOTIFICATION_EMAIL_TO`): The e-mail address to which notifications will be sent.
* `--notification-email-server` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER`): The SMTP server to send e-mails through. * `--notification-email-server` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER`): The SMTP server to send e-mails through.
* `--notification-email-server-tls-skip-verify` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_TLS_SKIP_VERIFY`): Do not verify the TLS certificate of the mail server. This should be used only for testing.
* `--notification-email-server-port` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT`): The port used to connect to the SMTP server to send e-mails through. Defaults to `25`. * `--notification-email-server-port` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT`): The port used to connect to the SMTP server to send e-mails through. Defaults to `25`.
* `--notification-email-server-user` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER`): The username to authenticate with the SMTP server with. * `--notification-email-server-user` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER`): The username to authenticate with the SMTP server with.
* `--notification-email-server-password` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD`): The password to authenticate with the SMTP server with. * `--notification-email-server-password` (env. `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD`): The password to authenticate with the SMTP server with.

@ -117,6 +117,15 @@ func main() {
Value: 25, Value: 25,
EnvVar: "WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT", EnvVar: "WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT",
}, },
cli.BoolFlag{
Name: "notification-email-server-tls-skip-verify",
Usage: "Controls whether watchtower verifies the SMTP server's certificate chain and host name. " +
"If set, TLS accepts any certificate " +
"presented by the server and any host name in that certificate. " +
"In this mode, TLS is susceptible to man-in-the-middle attacks. " +
"This should be used only for testing.",
EnvVar: "WATCHTOWER_NOTIFICATION_EMAIL_SERVER_TLS_SKIP_VERIFY",
},
cli.StringFlag{ cli.StringFlag{
Name: "notification-email-server-user", Name: "notification-email-server-user",
Usage: "SMTP server user for sending notifications", Usage: "SMTP server user for sending notifications",
@ -180,7 +189,7 @@ func start(c *cli.Context) error {
scheduleSpec, scheduleSpec,
func() { func() {
select { select {
case v := <- tryLockSem: case v := <-tryLockSem:
defer func() { tryLockSem <- v }() defer func() { tryLockSem <- v }()
notifier.StartNotification() notifier.StartNotification()
if err := actions.Update(client, names, cleanup, noRestart); err != nil { if err := actions.Update(client, names, cleanup, noRestart); err != nil {

@ -26,6 +26,7 @@ type emailTypeNotifier struct {
From, To string From, To string
Server, User, Password string Server, User, Password string
Port int Port int
tlsSkipVerify bool
entries []*log.Entry entries []*log.Entry
} }
@ -37,6 +38,7 @@ func newEmailNotifier(c *cli.Context) typeNotifier {
User: c.GlobalString("notification-email-server-user"), User: c.GlobalString("notification-email-server-user"),
Password: c.GlobalString("notification-email-server-password"), Password: c.GlobalString("notification-email-server-password"),
Port: c.GlobalInt("notification-email-server-port"), Port: c.GlobalInt("notification-email-server-port"),
tlsSkipVerify: c.GlobalBool("notification-email-server-tls-skip-verify"),
} }
log.AddHook(n) log.AddHook(n)
@ -80,7 +82,7 @@ func (e *emailTypeNotifier) sendEntries(entries []*log.Entry) {
msg := e.buildMessage(entries) msg := e.buildMessage(entries)
go func() { go func() {
auth := smtp.PlainAuth("", e.User, e.Password, e.Server) auth := smtp.PlainAuth("", e.User, e.Password, e.Server)
err := smtp.SendMail(e.Server+":"+strconv.Itoa(e.Port), auth, e.From, []string{e.To}, msg) err := SendMail(e.Server+":"+strconv.Itoa(e.Port), e.tlsSkipVerify, auth, e.From, []string{e.To}, msg)
if err != nil { if err != nil {
// Use fmt so it doesn't trigger another email. // Use fmt so it doesn't trigger another email.
fmt.Println("Failed to send notification email: ", err) fmt.Println("Failed to send notification email: ", err)

@ -0,0 +1,76 @@
// Copyright 2010 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license.
package notifications
import (
"crypto/tls"
"net"
"net/smtp"
)
// SendMail connects to the server at addr, switches to TLS if
// possible, authenticates with the optional mechanism a if possible,
// and then sends an email from address from, to addresses to, with
// message msg.
// The addr must include a port, as in "mail.example.com:smtp".
//
// The addresses in the to parameter are the SMTP RCPT addresses.
//
// The msg parameter should be an RFC 822-style email with headers
// first, a blank line, and then the message body. The lines of msg
// should be CRLF terminated. The msg headers should usually include
// fields such as "From", "To", "Subject", and "Cc". Sending "Bcc"
// messages is accomplished by including an email address in the to
// parameter but not including it in the msg headers.
//
// The SendMail function and the net/smtp package are low-level
// mechanisms and provide no support for DKIM signing, MIME
// attachments (see the mime/multipart package), or other mail
// functionality. Higher-level packages exist outside of the standard
// library.
func SendMail(addr string, insecureSkipVerify bool, a smtp.Auth, from string, to []string, msg []byte) error {
c, err := smtp.Dial(addr)
if err != nil {
return err
}
defer c.Close()
if err = c.Hello("localHost"); err != nil {
return err
}
if ok, _ := c.Extension("STARTTLS"); ok {
serverName, _, _ := net.SplitHostPort(addr)
config := &tls.Config{ServerName: serverName, InsecureSkipVerify: insecureSkipVerify}
if err = c.StartTLS(config); err != nil {
return err
}
}
if a != nil {
if ok, _ := c.Extension("AUTH"); ok {
if err = c.Auth(a); err != nil {
return err
}
}
}
if err = c.Mail(from); err != nil {
return err
}
for _, addr := range to {
if err = c.Rcpt(addr); err != nil {
return err
}
}
w, err := c.Data()
if err != nil {
return err
}
_, err = w.Write(msg)
if err != nil {
return err
}
err = w.Close()
if err != nil {
return err
}
return c.Quit()
}
Loading…
Cancel
Save