From a9b8a44bfc868ad1c28fd174c8f2a8815517fa55 Mon Sep 17 00:00:00 2001 From: Scott Kitterman Date: Fri, 9 Mar 2018 21:53:58 -0500 Subject: [PATCH] Add support for MacroList option --- CHANGES | 1 + dkimpy_milter/__init__.py | 25 +++++++++---------------- dkimpy_milter/config.py | 6 ++++-- man/dkimpy-milter.conf.5 | 27 +++++++++++++++++++++++++++ setup.py | 2 +- 5 files changed, 42 insertions(+), 19 deletions(-) diff --git a/CHANGES b/CHANGES index 1fae732..29d22dd 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,6 @@ 0.9.5 UNRELEASED - Beta 1 (updated Alpha -> Beta warning in README and trove classifiers) + - Add support for MacroList option 0.9.4 2018-03-09 - Create PID directory if it is missing diff --git a/dkimpy_milter/__init__.py b/dkimpy_milter/__init__.py index 11f6ca5..02221ca 100644 --- a/dkimpy_milter/__init__.py +++ b/dkimpy_milter/__init__.py @@ -74,6 +74,15 @@ class dkimMilter(Milter.Base): self.internal_connection = True else: ipaddr = '' self.connectip = ipaddr + if milterconfig.get('MacroList') and not self.internal_connection: + macrolist = milterconfig.get('MacroList') + for macro in macrolist: + macroname = macro.split('|')[0] + macroname = '{' + macroname + '}' + macroresult = self.getsymval(macroname) + if (len(macro.split('|')) == 1 and macroresult) or macroresult in \ + macro.split('|')[1:]: + self.internal_connection = True if self.internal_connection: connecttype = 'INTERNAL' else: @@ -99,22 +108,6 @@ class dkimMilter(Milter.Base): self.author = None self.arheaders = [] self.arresults = [] - '''if self.user: - # Very simple SMTP AUTH policy by default: - # any successful authentication is considered INTERNAL - self.internal_connection = True - auth_type = self.getsymval('{auth_type}') - ssl_bits = self.getsymval('{cipher_bits}') - if milterconfig.get('Syslog'): - syslog.syslog( - "SMTP AUTH:",self.user,"sslbits =",ssl_bits, auth_type, - "ssf =",self.getsymval('{auth_ssf}'), "INTERNAL" - ) - # Detailed authorization policy is configured in the access file below. - self.arresults.append( - authres.SMTPAUTHAuthenticationResult(result = 'pass', - result_comment = auth_type+' sslbits='+ssl_bits, smtp_auth = self.user) - )''' return Milter.CONTINUE @Milter.noreply diff --git a/dkimpy_milter/config.py b/dkimpy_milter/config.py index 0e276e3..1b3a6b2 100644 --- a/dkimpy_milter/config.py +++ b/dkimpy_milter/config.py @@ -47,7 +47,8 @@ defaultConfigData = { 'Canonicalization' : 'relaxed/simple', 'InternalHosts' : '127.0.0.1', 'InternalHostsObj' : False, - 'DiagnosticDirectory' : '' + 'DiagnosticDirectory' : '', + 'MacroList' : '' } @@ -335,7 +336,8 @@ def _readConfigFile(path, configData = None, configGlobal = {}): 'Canonicalization' : 'str', 'InternalHosts' : 'dataset', 'InternalHostsObj': 'bool', - 'DiagnosticDirectory' : 'str' + 'DiagnosticDirectory' : 'str', + 'MacroList' : 'dataset' } # check to see if it's a file diff --git a/man/dkimpy-milter.conf.5 b/man/dkimpy-milter.conf.5 index 9a3dcab..4d9b36f 100644 --- a/man/dkimpy-milter.conf.5 +++ b/man/dkimpy-milter.conf.5 @@ -262,6 +262,33 @@ generation (as used in dkimpy). Ignored if a .I KeyTableEd25519 is defined. [KeyTableEd25519 NOT IMPLEMENTED] +.TP +.I MacroList (dataset) +Defines a set of MTA-provided +.I macros +that should be checked to see if the sender has been determined to be a +local user and therefore whether or not the message should be signed. If +a +.I value +is specified matching a macro name in the data set, the value of the macro +must match a value specified (matching is case-sensitive), otherwise the +macro must be defined but may contain any value. The set is empty by +default, meaning macros are not considered when making the sign-verify +decision. The general format of the value is +.I value1[|value2[|...]]; +if one or more value is defined then the macro must be set to one of the +listed values, otherwise the macro must be set but can contain any +value. + +In order for the macro and its value to be available to the filter for +checking, the MTA must send it during the protocol exchange. This is either +accomplished via manual configuration of the MTA to send the desired macros +or, for MTA/filter combinations that support the feature, the filter can +request those macros that are of interest. The latter is a feature negotiated +at the time the filter receives a connection from the MTA and its availability +depends upon the version of milter used to compile the filter and the version +of the MTA making the connection. + .TP .I Mode (string) Selects operating modes. The string is a concatenation of characters that diff --git a/setup.py b/setup.py index ded83cd..995fb3e 100644 --- a/setup.py +++ b/setup.py @@ -55,6 +55,6 @@ setup( (os.path.join('/lib', 'systemd', 'system'), ['system/dkimpy-milter.service']),(os.path.join('/etc', 'init.d'), ['system/dkimpy-milter'])], - install_requires = ['dkimpy>=0.7', 'pymilter', 'authres>=1.1.0', 'PyNaCl', 'ipaddress', 'dns'], + install_requires = ['dkimpy>=0.7', 'pymilter', 'authres>=1.1.0', 'PyNaCl', 'ipaddress', 'dnspython'], zip_safe = False, )