Add support for MacroList option

2018-03-09 21:53:58 -05:00
parent daaa6aada7
commit a9b8a44bfc
5 changed files with 42 additions and 19 deletions
@@ -1,5 +1,6 @@
 0.9.5 UNRELEASED
 - Beta 1 (updated Alpha -> Beta warning in README and trove classifiers)
+ - Add support for MacroList option

 0.9.4 2018-03-09
 - Create PID directory if it is missing
@@ -74,6 +74,15 @@ class dkimMilter(Milter.Base):
                self.internal_connection = True
    else: ipaddr = ''
    self.connectip = ipaddr
+    if milterconfig.get('MacroList') and not self.internal_connection:
+        macrolist = milterconfig.get('MacroList')
+        for macro in macrolist:
+            macroname = macro.split('|')[0]
+            macroname = '{' + macroname + '}'
+            macroresult = self.getsymval(macroname)
+            if (len(macro.split('|')) == 1 and macroresult) or macroresult in \
+                    macro.split('|')[1:]:
+                self.internal_connection = True
    if self.internal_connection:
        connecttype = 'INTERNAL'
    else:
@@ -99,22 +108,6 @@ class dkimMilter(Milter.Base):
    self.author = None
    self.arheaders = []
    self.arresults = []
-    '''if self.user:
-      # Very simple SMTP AUTH policy by default:
-      #   any successful authentication is considered INTERNAL
-      self.internal_connection = True
-      auth_type = self.getsymval('{auth_type}')
-      ssl_bits =  self.getsymval('{cipher_bits}')
-      if milterconfig.get('Syslog'):
-          syslog.syslog(
-              "SMTP AUTH:",self.user,"sslbits =",ssl_bits, auth_type,
-              "ssf =",self.getsymval('{auth_ssf}'), "INTERNAL"
-      )
-      # Detailed authorization policy is configured in the access file below.
-      self.arresults.append(
-        authres.SMTPAUTHAuthenticationResult(result = 'pass',
-      	result_comment = auth_type+' sslbits='+ssl_bits, smtp_auth = self.user)
-      )'''
    return Milter.CONTINUE

  @Milter.noreply
@@ -47,7 +47,8 @@ defaultConfigData = {
        'Canonicalization' : 'relaxed/simple',
        'InternalHosts' : '127.0.0.1',
        'InternalHostsObj' : False,
-        'DiagnosticDirectory' : ''
+        'DiagnosticDirectory' : '',
+        'MacroList' : ''
        }


@@ -335,7 +336,8 @@ def _readConfigFile(path, configData = None, configGlobal = {}):
        'Canonicalization' : 'str',
        'InternalHosts' : 'dataset',
        'InternalHostsObj': 'bool',
-        'DiagnosticDirectory' : 'str'
+        'DiagnosticDirectory' : 'str',
+        'MacroList' : 'dataset'
            }

    #  check to see if it's a file
@@ -262,6 +262,33 @@ generation (as used in dkimpy).  Ignored if a
 .I KeyTableEd25519
 is defined.  [KeyTableEd25519 NOT IMPLEMENTED]

+.TP
+.I MacroList (dataset)
+Defines a set of MTA-provided
+.I macros
+that should be checked to see if the sender has been determined to be a
+local user and therefore whether or not the message should be signed.  If
+a
+.I value
+is specified matching a macro name in the data set, the value of the macro
+must match a value specified (matching is case-sensitive), otherwise the
+macro must be defined but may contain any value.  The set is empty by
+default, meaning macros are not considered when making the sign-verify
+decision.  The general format of the value is
+.I value1[|value2[|...]];
+if one or more value is defined then the macro must be set to one of the
+listed values, otherwise the macro must be set but can contain any
+value.
+
+In order for the macro and its value to be available to the filter for
+checking, the MTA must send it during the protocol exchange.  This is either
+accomplished via manual configuration of the MTA to send the desired macros
+or, for MTA/filter combinations that support the feature, the filter can
+request those macros that are of interest.  The latter is a feature negotiated
+at the time the filter receives a connection from the MTA and its availability
+depends upon the version of milter used to compile the filter and the version
+of the MTA making the connection.
+
 .TP
 .I Mode (string)
 Selects operating modes.  The string is a concatenation of characters that
@@ -55,6 +55,6 @@ setup(
        (os.path.join('/lib', 'systemd', 'system'),
        ['system/dkimpy-milter.service']),(os.path.join('/etc', 'init.d'),
        ['system/dkimpy-milter'])],
-    install_requires = ['dkimpy>=0.7', 'pymilter', 'authres>=1.1.0', 'PyNaCl', 'ipaddress', 'dns'],
+    install_requires = ['dkimpy>=0.7', 'pymilter', 'authres>=1.1.0', 'PyNaCl', 'ipaddress', 'dnspython'],
    zip_safe = False,
 )