Use the STARTTLS command to upgrade SMTP connections where possible.

Adds the option `email_smtp_force_tls` which will cause `send_email` to error
if it is unable to use the `STARTTLS` command (e.g. where the user knows the
SMTPd supports `STARTTLS` and wishes to protect themselves against a downgrade
attack)

Setting both `email_smtp_user_ssl` and `email_smtp_force_tls` may result in
undefined behaviour if the SMTPd has not been correctly configured.

TODO: Unit tests?
TODO: Documentation?

1 files changed, 11 insertions, 0 deletions

diff --git a/mediagoblin/tools/mail.py b/mediagoblin/tools/mail.py
index 0fabc5a9..889a4420 100644
--- a/mediagoblin/tools/mail.py
+++ b/mediagoblin/tools/mail.py
@@ -14,7 +14,9 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import six
 import smtplib
+import sys
 from email.MIMEText import MIMEText
 from mediagoblin import mg_globals, messages
 from mediagoblin.tools import common
@@ -64,6 +66,8 @@ class FakeMhost(object):
              'to': to_addrs,
              'message': message})
 
+    def starttls(self):
+        raise smtplib.SMTPException("No STARTTLS here")
 
 def _clear_test_inboxes():
     global EMAIL_TEST_INBOX
@@ -103,6 +107,13 @@ def send_email(from_addr, to_addrs, subject, message_body):
         if not mg_globals.app_config['email_smtp_host']:  # e.g. host = ''
             mhost.connect()  # We SMTP.connect explicitly
 
+        try:
+            mhost.starttls()
+        except smtplib.SMTPException:
+            # Only raise an exception if we're forced to
+            if mg_globals.app_config['email_smtp_force_tls']:
+                six.reraise(*sys.exc_info())
+
     if ((not common.TESTS_ENABLED)
         and (mg_globals.app_config['email_smtp_user']
              or mg_globals.app_config['email_smtp_pass'])):