omg-actionmailbox 8.0.0.alpha3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 3307d66e86a3f234f8a78670e084f349682c7efe4a5369ae1ac7aa5d01e909f4
+  data.tar.gz: 491b9a8c79629ce16c53f6eba972a3908058c99cd171230117d695cd5966643b
+SHA512:
+  metadata.gz: 7c046baec3be3518d67009f5af88fdcce3225737a0ac39b5b22f44011b47c9626c96265c304fa78040607d23f6ec22292aa5b1e8dbe412e0556841274b2b2a57
+  data.tar.gz: 67990495e87c0d25d569df71ebc0b8ae6322cbf7aa37ed2b51f2edfc1c1025ad479ccc7578a8304c6c8573412d0b5440f1ff319f1251a0a75a65c1b09411149a

data/CHANGELOG.md

@@ -0,0 +1,2 @@
+
+Please check [7-2-stable](https://github.com/rails/rails/blob/7-2-stable/actionmailbox/CHANGELOG.md) for previous changes.

data/MIT-LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 37signals LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,13 @@
+# Action Mailbox
+
+Action Mailbox routes incoming emails to controller-like mailboxes for processing in \Rails. It ships with ingresses for Mailgun, Mandrill, Postmark, and SendGrid. You can also handle inbound mails directly via the built-in Exim, Postfix, and Qmail ingresses.
+
+The inbound emails are turned into `InboundEmail` records using Active Record and feature lifecycle tracking, storage of the original email on cloud storage via Active Storage, and responsible data handling with on-by-default incineration.
+
+These inbound emails are routed asynchronously using Active Job to one or several dedicated mailboxes, which are capable of interacting directly with the rest of your domain model.
+
+You can read more about Action Mailbox in the [Action Mailbox Basics](https://guides.rubyonrails.org/action_mailbox_basics.html) guide.
+
+## License
+
+Action Mailbox is released under the [MIT License](https://opensource.org/licenses/MIT).

data/app/controllers/action_mailbox/base_controller.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module ActionMailbox
+  # The base class for all Action Mailbox ingress controllers.
+  class BaseController < ActionController::Base
+    skip_forgery_protection
+
+    before_action :ensure_configured
+
+    private
+      def ensure_configured
+        unless ActionMailbox.ingress == ingress_name
+          head :not_found
+        end
+      end
+
+      def ingress_name
+        self.class.name.remove(/\AActionMailbox::Ingresses::/, /::InboundEmailsController\z/).underscore.to_sym
+      end
+
+
+      def authenticate_by_password
+        if password.present?
+          http_basic_authenticate_or_request_with name: "actionmailbox", password: password, realm: "Action Mailbox"
+        else
+          raise ArgumentError, "Missing required ingress credentials"
+        end
+      end
+
+      def password
+        Rails.application.credentials.dig(:action_mailbox, :ingress_password) || ENV["RAILS_INBOUND_EMAIL_PASSWORD"]
+      end
+  end
+end

data/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb

@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+
+module ActionMailbox
+  # Ingests inbound emails from Mailgun. Requires the following parameters:
+  #
+  # - +body-mime+: The full RFC 822 message
+  # - +timestamp+: The current time according to Mailgun as the number of seconds passed since the UNIX epoch
+  # - +token+: A randomly-generated, 50-character string
+  # - +signature+: A hexadecimal HMAC-SHA256 of the timestamp concatenated with the token, generated using the Mailgun Signing key
+  #
+  # Authenticates requests by validating their signatures.
+  #
+  # Returns:
+  #
+  # - <tt>204 No Content</tt> if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox
+  # - <tt>401 Unauthorized</tt> if the request's signature could not be validated, or if its timestamp is more than 2 minutes old
+  # - <tt>404 Not Found</tt> if Action Mailbox is not configured to accept inbound emails from Mailgun
+  # - <tt>422 Unprocessable Entity</tt> if the request is missing required parameters
+  # - <tt>500 Server Error</tt> if the Mailgun Signing key is missing, or one of the Active Record database,
+  #   the Active Storage service, or the Active Job backend is misconfigured or unavailable
+  #
+  # == Usage
+  #
+  # 1. Give Action Mailbox your Mailgun Signing key (which you can find under Settings -> Security & Users -> API security in Mailgun)
+  #    so it can authenticate requests to the Mailgun ingress.
+  #
+  #    Use <tt>bin/rails credentials:edit</tt> to add your Signing key to your application's encrypted credentials under
+  #    +action_mailbox.mailgun_signing_key+, where Action Mailbox will automatically find it:
+  #
+  #        action_mailbox:
+  #          mailgun_signing_key: ...
+  #
+  #    Alternatively, provide your Signing key in the +MAILGUN_INGRESS_SIGNING_KEY+ environment variable.
+  #
+  # 2. Tell Action Mailbox to accept emails from Mailgun:
+  #
+  #        # config/environments/production.rb
+  #        config.action_mailbox.ingress = :mailgun
+  #
+  # 3. {Configure Mailgun}[https://documentation.mailgun.com/en/latest/user_manual.html#receiving-forwarding-and-storing-messages]
+  #    to forward inbound emails to +/rails/action_mailbox/mailgun/inbound_emails/mime+.
+  #
+  #    If your application lived at <tt>https://example.com</tt>, you would specify the fully-qualified URL
+  #    <tt>https://example.com/rails/action_mailbox/mailgun/inbound_emails/mime</tt>.
+  class Ingresses::Mailgun::InboundEmailsController < ActionMailbox::BaseController
+    before_action :authenticate
+    param_encoding :create, "body-mime", Encoding::ASCII_8BIT
+
+    def create
+      ActionMailbox::InboundEmail.create_and_extract_message_id! mail
+    end
+
+    private
+      def mail
+        params.require("body-mime").tap do |raw_email|
+          raw_email.prepend("X-Original-To: ", params.require(:recipient), "\n") if params.key?(:recipient)
+        end
+      end
+
+      def authenticate
+        head :unauthorized unless authenticated?
+      end
+
+      def authenticated?
+        if key.present?
+          Authenticator.new(
+            key:       key,
+            timestamp: params.require(:timestamp),
+            token:     params.require(:token),
+            signature: params.require(:signature)
+          ).authenticated?
+        else
+          raise ArgumentError, <<~MESSAGE.squish
+            Missing required Mailgun Signing key. Set action_mailbox.mailgun_signing_key in your application's
+            encrypted credentials or provide the MAILGUN_INGRESS_SIGNING_KEY environment variable.
+          MESSAGE
+        end
+      end
+
+      def key
+        Rails.application.credentials.dig(:action_mailbox, :mailgun_signing_key) || ENV["MAILGUN_INGRESS_SIGNING_KEY"]
+      end
+
+      class Authenticator
+        attr_reader :key, :timestamp, :token, :signature
+
+        def initialize(key:, timestamp:, token:, signature:)
+          @key, @timestamp, @token, @signature = key, Integer(timestamp), token, signature
+        end
+
+        def authenticated?
+          signed? && recent?
+        end
+
+        private
+          def signed?
+            ActiveSupport::SecurityUtils.secure_compare signature, expected_signature
+          end
+
+          # Allow for 2 minutes of drift between Mailgun time and local server time.
+          def recent?
+            Time.at(timestamp) >= 2.minutes.ago
+          end
+
+          def expected_signature
+            OpenSSL::HMAC.hexdigest OpenSSL::Digest::SHA256.new, key, "#{timestamp}#{token}"
+          end
+      end
+  end
+end

data/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+module ActionMailbox
+  # Ingests inbound emails from Mandrill.
+  #
+  # Requires a +mandrill_events+ parameter containing a JSON array of Mandrill inbound email event objects.
+  # Each event is expected to have a +msg+ object containing a full RFC 822 message in its +raw_msg+ property.
+  #
+  # Returns:
+  #
+  # - <tt>204 No Content</tt> if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox
+  # - <tt>401 Unauthorized</tt> if the request's signature could not be validated
+  # - <tt>404 Not Found</tt> if Action Mailbox is not configured to accept inbound emails from Mandrill
+  # - <tt>422 Unprocessable Entity</tt> if the request is missing required parameters
+  # - <tt>500 Server Error</tt> if the Mandrill API key is missing, or one of the Active Record database,
+  #   the Active Storage service, or the Active Job backend is misconfigured or unavailable
+  class Ingresses::Mandrill::InboundEmailsController < ActionMailbox::BaseController
+    before_action :authenticate, except: :health_check
+
+    def create
+      raw_emails.each { |raw_email| ActionMailbox::InboundEmail.create_and_extract_message_id! raw_email }
+      head :ok
+    rescue JSON::ParserError => error
+      logger.error error.message
+      head :unprocessable_entity
+    end
+
+    def health_check
+      head :ok
+    end
+
+    private
+      def raw_emails
+        events.select { |event| event["event"] == "inbound" }.collect { |event| event.dig("msg", "raw_msg") }
+      end
+
+      def events
+        JSON.parse params.require(:mandrill_events)
+      end
+
+
+      def authenticate
+        head :unauthorized unless authenticated?
+      end
+
+      def authenticated?
+        if key.present?
+          Authenticator.new(request, key).authenticated?
+        else
+          raise ArgumentError, <<~MESSAGE.squish
+            Missing required Mandrill API key. Set action_mailbox.mandrill_api_key in your application's
+            encrypted credentials or provide the MANDRILL_INGRESS_API_KEY environment variable.
+          MESSAGE
+        end
+      end
+
+      def key
+        Rails.application.credentials.dig(:action_mailbox, :mandrill_api_key) || ENV["MANDRILL_INGRESS_API_KEY"]
+      end
+
+      class Authenticator
+        attr_reader :request, :key
+
+        def initialize(request, key)
+          @request, @key = request, key
+        end
+
+        def authenticated?
+          ActiveSupport::SecurityUtils.secure_compare given_signature, expected_signature
+        end
+
+        private
+          def given_signature
+            request.headers["X-Mandrill-Signature"]
+          end
+
+          def expected_signature
+            Base64.strict_encode64 OpenSSL::HMAC.digest(OpenSSL::Digest::SHA1.new, key, message)
+          end
+
+          def message
+            request.url + request.POST.sort.flatten.join
+          end
+      end
+  end
+end

data/app/controllers/action_mailbox/ingresses/postmark/inbound_emails_controller.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+module ActionMailbox
+  # Ingests inbound emails from Postmark. Requires a +RawEmail+ parameter containing a full RFC 822 message.
+  #
+  # Authenticates requests using HTTP basic access authentication. The username is always +actionmailbox+, and the
+  # password is read from the application's encrypted credentials or an environment variable. See the Usage section below.
+  #
+  # Note that basic authentication is insecure over unencrypted HTTP. An attacker that intercepts cleartext requests to
+  # the Postmark ingress can learn its password. You should only use the Postmark ingress over HTTPS.
+  #
+  # Returns:
+  #
+  # - <tt>204 No Content</tt> if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox
+  # - <tt>401 Unauthorized</tt> if the request's signature could not be validated
+  # - <tt>404 Not Found</tt> if Action Mailbox is not configured to accept inbound emails from Postmark
+  # - <tt>422 Unprocessable Entity</tt> if the request is missing the required +RawEmail+ parameter
+  # - <tt>500 Server Error</tt> if the ingress password is not configured, or if one of the Active Record database,
+  #   the Active Storage service, or the Active Job backend is misconfigured or unavailable
+  #
+  # == Usage
+  #
+  # 1. Tell Action Mailbox to accept emails from Postmark:
+  #
+  #        # config/environments/production.rb
+  #        config.action_mailbox.ingress = :postmark
+  #
+  # 2. Generate a strong password that Action Mailbox can use to authenticate requests to the Postmark ingress.
+  #
+  #    Use <tt>bin/rails credentials:edit</tt> to add the password to your application's encrypted credentials under
+  #    +action_mailbox.ingress_password+, where Action Mailbox will automatically find it:
+  #
+  #        action_mailbox:
+  #          ingress_password: ...
+  #
+  #    Alternatively, provide the password in the +RAILS_INBOUND_EMAIL_PASSWORD+ environment variable.
+  #
+  # 3. {Configure Postmark}[https://postmarkapp.com/manual#configure-your-inbound-webhook-url] to forward inbound emails
+  #    to +/rails/action_mailbox/postmark/inbound_emails+ with the username +actionmailbox+ and the password you
+  #    previously generated. If your application lived at <tt>https://example.com</tt>, you would configure your
+  #    Postmark inbound webhook with the following fully-qualified URL:
+  #
+  #        https://actionmailbox:PASSWORD@example.com/rails/action_mailbox/postmark/inbound_emails
+  #
+  #    *NOTE:* When configuring your Postmark inbound webhook, be sure to check the box labeled *"Include raw email
+  #    content in JSON payload"*. Action Mailbox needs the raw email content to work.
+  class Ingresses::Postmark::InboundEmailsController < ActionMailbox::BaseController
+    before_action :authenticate_by_password
+    param_encoding :create, "RawEmail", Encoding::ASCII_8BIT
+
+    def create
+      ActionMailbox::InboundEmail.create_and_extract_message_id! mail
+    rescue ActionController::ParameterMissing => error
+      logger.error <<~MESSAGE
+        #{error.message}
+
+        When configuring your Postmark inbound webhook, be sure to check the box
+        labeled "Include raw email content in JSON payload".
+      MESSAGE
+      head :unprocessable_entity
+    end
+
+    private
+      def mail
+        params.require("RawEmail").tap do |raw_email|
+          raw_email.prepend("X-Original-To: ", params.require("OriginalRecipient"), "\n") if params.key?("OriginalRecipient")
+        end
+      end
+  end
+end

data/app/controllers/action_mailbox/ingresses/relay/inbound_emails_controller.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module ActionMailbox
+  # Ingests inbound emails relayed from an SMTP server.
+  #
+  # Authenticates requests using HTTP basic access authentication. The username is always +actionmailbox+, and the
+  # password is read from the application's encrypted credentials or an environment variable. See the Usage section below.
+  #
+  # Note that basic authentication is insecure over unencrypted HTTP. An attacker that intercepts cleartext requests to
+  # the ingress can learn its password. You should only use this ingress over HTTPS.
+  #
+  # Returns:
+  #
+  # - <tt>204 No Content</tt> if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox
+  # - <tt>401 Unauthorized</tt> if the request could not be authenticated
+  # - <tt>404 Not Found</tt> if Action Mailbox is not configured to accept inbound emails relayed from an SMTP server
+  # - <tt>415 Unsupported Media Type</tt> if the request does not contain an RFC 822 message
+  # - <tt>500 Server Error</tt> if the ingress password is not configured, or if one of the Active Record database,
+  #   the Active Storage service, or the Active Job backend is misconfigured or unavailable
+  #
+  # == Usage
+  #
+  # 1. Tell Action Mailbox to accept emails from an SMTP relay:
+  #
+  #        # config/environments/production.rb
+  #        config.action_mailbox.ingress = :relay
+  #
+  # 2. Generate a strong password that Action Mailbox can use to authenticate requests to the ingress.
+  #
+  #    Use <tt>bin/rails credentials:edit</tt> to add the password to your application's encrypted credentials under
+  #    +action_mailbox.ingress_password+, where Action Mailbox will automatically find it:
+  #
+  #        action_mailbox:
+  #          ingress_password: ...
+  #
+  #    Alternatively, provide the password in the +RAILS_INBOUND_EMAIL_PASSWORD+ environment variable.
+  #
+  # 3. Configure your SMTP server to pipe inbound emails to the appropriate ingress command, providing the +URL+ of the
+  #    relay ingress and the +INGRESS_PASSWORD+ you previously generated.
+  #
+  #    If your application lives at <tt>https://example.com</tt>, you would configure the Postfix SMTP server to pipe
+  #    inbound emails to the following command:
+  #
+  #        $ bin/rails action_mailbox:ingress:postfix URL=https://example.com/rails/action_mailbox/postfix/inbound_emails INGRESS_PASSWORD=...
+  #
+  #    Built-in ingress commands are available for these popular SMTP servers:
+  #
+  #    - Exim (<tt>bin/rails action_mailbox:ingress:exim</tt>)
+  #    - Postfix (<tt>bin/rails action_mailbox:ingress:postfix</tt>)
+  #    - Qmail (<tt>bin/rails action_mailbox:ingress:qmail</tt>)
+  class Ingresses::Relay::InboundEmailsController < ActionMailbox::BaseController
+    before_action :authenticate_by_password, :require_valid_rfc822_message
+
+    def create
+      if request.body
+        ActionMailbox::InboundEmail.create_and_extract_message_id! request.body.read
+      else
+        head :unprocessable_entity
+      end
+    end
+
+    private
+      def require_valid_rfc822_message
+        unless request.media_type == "message/rfc822"
+          head :unsupported_media_type
+        end
+      end
+  end
+end

data/app/controllers/action_mailbox/ingresses/sendgrid/inbound_emails_controller.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module ActionMailbox
+  # Ingests inbound emails from SendGrid. Requires an +email+ parameter containing a full RFC 822 message.
+  #
+  # Authenticates requests using HTTP basic access authentication. The username is always +actionmailbox+, and the
+  # password is read from the application's encrypted credentials or an environment variable. See the Usage section below.
+  #
+  # Note that basic authentication is insecure over unencrypted HTTP. An attacker that intercepts cleartext requests to
+  # the SendGrid ingress can learn its password. You should only use the SendGrid ingress over HTTPS.
+  #
+  # Returns:
+  #
+  # - <tt>204 No Content</tt> if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox
+  # - <tt>401 Unauthorized</tt> if the request's signature could not be validated
+  # - <tt>404 Not Found</tt> if Action Mailbox is not configured to accept inbound emails from SendGrid
+  # - <tt>422 Unprocessable Entity</tt> if the request is missing the required +email+ parameter
+  # - <tt>500 Server Error</tt> if the ingress password is not configured, or if one of the Active Record database,
+  #   the Active Storage service, or the Active Job backend is misconfigured or unavailable
+  #
+  # == Usage
+  #
+  # 1. Tell Action Mailbox to accept emails from SendGrid:
+  #
+  #        # config/environments/production.rb
+  #        config.action_mailbox.ingress = :sendgrid
+  #
+  # 2. Generate a strong password that Action Mailbox can use to authenticate requests to the SendGrid ingress.
+  #
+  #    Use <tt>bin/rails credentials:edit</tt> to add the password to your application's encrypted credentials under
+  #    +action_mailbox.ingress_password+, where Action Mailbox will automatically find it:
+  #
+  #        action_mailbox:
+  #          ingress_password: ...
+  #
+  #    Alternatively, provide the password in the +RAILS_INBOUND_EMAIL_PASSWORD+ environment variable.
+  #
+  # 3. {Configure SendGrid Inbound Parse}[https://sendgrid.com/docs/for-developers/parsing-email/setting-up-the-inbound-parse-webhook/]
+  #    to forward inbound emails to +/rails/action_mailbox/sendgrid/inbound_emails+ with the username +actionmailbox+ and
+  #    the password you previously generated. If your application lived at <tt>https://example.com</tt>, you would
+  #    configure SendGrid with the following fully-qualified URL:
+  #
+  #        https://actionmailbox:PASSWORD@example.com/rails/action_mailbox/sendgrid/inbound_emails
+  #
+  #    *NOTE:* When configuring your SendGrid Inbound Parse webhook, be sure to check the box labeled *"Post the raw,
+  #    full MIME message."* Action Mailbox needs the raw MIME message to work.
+  class Ingresses::Sendgrid::InboundEmailsController < ActionMailbox::BaseController
+    before_action :authenticate_by_password
+    param_encoding :create, :email, Encoding::ASCII_8BIT
+
+    def create
+      ActionMailbox::InboundEmail.create_and_extract_message_id! mail
+    rescue JSON::ParserError => error
+      logger.error error.message
+      head :unprocessable_entity
+    end
+
+    private
+      def mail
+        params.require(:email).tap do |raw_email|
+          envelope["to"].each { |to| raw_email.prepend("X-Original-To: ", to, "\n") } if params.key?(:envelope)
+        end
+      end
+
+      def envelope
+        JSON.parse(params.require(:envelope))
+      end
+  end
+end

data/app/controllers/rails/conductor/action_mailbox/inbound_emails/sources_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+# :enddoc:
+
+module Rails
+  class Conductor::ActionMailbox::InboundEmails::SourcesController < Rails::Conductor::BaseController # :nodoc:
+    def new
+    end
+
+    def create
+      inbound_email = ActionMailbox::InboundEmail.create_and_extract_message_id! params[:source]
+      redirect_to main_app.rails_conductor_inbound_email_url(inbound_email)
+    end
+  end
+end

data/app/controllers/rails/conductor/action_mailbox/inbound_emails_controller.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+# :enddoc:
+
+module Rails
+  class Conductor::ActionMailbox::InboundEmailsController < Rails::Conductor::BaseController
+    def index
+      @inbound_emails = ActionMailbox::InboundEmail.order(created_at: :desc)
+    end
+
+    def new
+    end
+
+    def show
+      @inbound_email = ActionMailbox::InboundEmail.find(params[:id])
+    end
+
+    def create
+      inbound_email = create_inbound_email(new_mail)
+      redirect_to main_app.rails_conductor_inbound_email_url(inbound_email)
+    end
+
+    private
+      def new_mail
+        Mail.new(mail_params.except(:attachments).to_h).tap do |mail|
+          mail[:bcc]&.include_in_headers = true
+          mail_params[:attachments]&.select(&:present?)&.each do |attachment|
+            mail.add_file(filename: attachment.original_filename, content: attachment.read)
+          end
+        end
+      end
+
+      def mail_params
+        params.expect(mail: [:from, :to, :cc, :bcc, :x_original_to, :in_reply_to, :subject, :body, attachments: []])
+      end
+
+      def create_inbound_email(mail)
+        ActionMailbox::InboundEmail.create_and_extract_message_id!(mail.to_s)
+      end
+  end
+end

data/app/controllers/rails/conductor/action_mailbox/incinerates_controller.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# :enddoc:
+
+module Rails
+  # Incinerating will destroy an email that is due and has already been processed.
+  class Conductor::ActionMailbox::IncineratesController < Rails::Conductor::BaseController
+    def create
+      ActionMailbox::InboundEmail.find(params[:inbound_email_id]).incinerate
+
+      redirect_to main_app.rails_conductor_inbound_emails_url
+    end
+  end
+end

data/app/controllers/rails/conductor/action_mailbox/reroutes_controller.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+# :enddoc:
+
+module Rails
+  # Rerouting will run routing and processing on an email that has already been, or attempted to be, processed.
+  class Conductor::ActionMailbox::ReroutesController < Rails::Conductor::BaseController
+    def create
+      inbound_email = ActionMailbox::InboundEmail.find(params[:inbound_email_id])
+      reroute inbound_email
+
+      redirect_to main_app.rails_conductor_inbound_email_url(inbound_email)
+    end
+
+    private
+      def reroute(inbound_email)
+        inbound_email.pending!
+        inbound_email.route_later
+      end
+  end
+end

data/app/controllers/rails/conductor/base_controller.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Rails
+  # TODO: Move this to Rails::Conductor gem
+  class Conductor::BaseController < ActionController::Base
+    layout "rails/conductor"
+    before_action :ensure_development_env
+
+    private
+      def ensure_development_env
+        head :forbidden unless Rails.env.development?
+      end
+  end
+end

data/app/jobs/action_mailbox/incineration_job.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module ActionMailbox
+  # You can configure when this +IncinerationJob+ will be run as a time-after-processing using the
+  # +config.action_mailbox.incinerate_after+ or +ActionMailbox.incinerate_after+ setting.
+  #
+  # Since this incineration is set for the future, it'll automatically ignore any <tt>InboundEmail</tt>s
+  # that have already been deleted and discard itself if so.
+  #
+  # You can disable incinerating processed emails by setting +config.action_mailbox.incinerate+ or
+  # +ActionMailbox.incinerate+ to +false+.
+  class IncinerationJob < ActiveJob::Base
+    queue_as { ActionMailbox.queues[:incineration] }
+
+    discard_on ActiveRecord::RecordNotFound
+
+    def self.schedule(inbound_email)
+      set(wait: ActionMailbox.incinerate_after).perform_later(inbound_email)
+    end
+
+    def perform(inbound_email)
+      inbound_email.incinerate
+    end
+  end
+end

data/app/jobs/action_mailbox/routing_job.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module ActionMailbox
+  # Routing a new InboundEmail is an asynchronous operation, which allows the ingress controllers to quickly
+  # accept new incoming emails without being burdened to hang while they're actually being processed.
+  class RoutingJob < ActiveJob::Base
+    queue_as { ActionMailbox.queues[:routing] }
+
+    def perform(inbound_email)
+      inbound_email.route
+    end
+  end
+end

data/app/models/action_mailbox/inbound_email/incineratable/incineration.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module ActionMailbox
+  # Command class for carrying out the actual incineration of the +InboundMail+ that's been scheduled
+  # for removal. Before the incineration – which really is just a call to +#destroy!+ – is run, we verify
+  # that it's both eligible (by virtue of having already been processed) and time to do so (that is,
+  # the +InboundEmail+ was processed after the +incinerate_after+ time).
+  class InboundEmail::Incineratable::Incineration
+    def initialize(inbound_email)
+      @inbound_email = inbound_email
+    end
+
+    def run
+      @inbound_email.destroy! if due? && processed?
+    end
+
+    private
+      def due?
+        @inbound_email.updated_at < ActionMailbox.incinerate_after.ago.end_of_day
+      end
+
+      def processed?
+        @inbound_email.processed?
+      end
+  end
+end