DandelionNStuff/pymilter
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improve gossip support.

Browse Source 
Initialize srs_domain from srs.srs config property.  Should probably
always block unsigned DSN when signing all.
This commit is contained in:
Stuart Gathman
2005-12-01 22:42:32 +00:00
parent 36a7dce2e5
commit 3b544a4076
7 changed files with 51 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
TODO
+7
View File
@@ -1,3 +1,10 @@
Include full info in Received-SPF for neutral. When making best
guess, Received-SPF should be none. Add additional keywords or
another header.
Require signed MFROM for all incoming bounces when signing all outgoing mail -
except from trusted relays.
Send DSN for permerror before processing extended result. An additional Send DSN for permerror before processing extended result. An additional
DSN may be sent based on extended result. DSN may be sent based on extended result.
bms.py
+13 -10
View File
@@ -1,6 +1,9 @@
#!/usr/bin/env python #!/usr/bin/env python
# A simple milter that has grown quite a bit. # A simple milter that has grown quite a bit.
# $Log$ # $Log$
# Revision 1.41 2005/12/01 18:59:25 customdesigned
# Fix neutral policy. pobox.com -> openspf.org
#
# Revision 1.40 2005/11/07 21:22:35 customdesigned # Revision 1.40 2005/11/07 21:22:35 customdesigned
# GOSSiP support, local database only. # GOSSiP support, local database only.
# #
@@ -578,7 +581,7 @@ def read_config(list):
ses = SES.new(secret=srs_secret,expiration=maxage) ses = SES.new(secret=srs_secret,expiration=maxage)
srs_domain = cp.getlist('srs','ses') srs_domain = cp.getlist('srs','ses')
else: else:
srs_domain = [] srs_domain = cp.getlist('srs','srs')
srs_domain.append(cp.getdefault('srs','fwdomain')) srs_domain.append(cp.getdefault('srs','fwdomain'))
banned_users = cp.getlist('srs','banned_users') banned_users = cp.getlist('srs','banned_users')
#print srs_domain #print srs_domain
@@ -947,15 +950,7 @@ class bmsMilter(Milter.Milter):
self.umis = None self.umis = None
if not (self.internal_connection or self.trusted_relay) \ if not (self.internal_connection or self.trusted_relay) \
and self.connectip and spf: and self.connectip and spf:
rc = self.check_spf() return self.check_spf()
if rc != Milter.CONTINUE or not domain or not gossip: return rc
if self.spf.result == 'pass':
qual = 'SPF'
else:
qual = self.connectip
self.umis = gossip.umis(domain+qual,self.id+time.time())
res,hdr,val = gossip_node.query(self.umis,domain,qual,1)
self.add_header(hdr,val,idx=0)
else: else:
self.spf = None self.spf = None
return Milter.CONTINUE return Milter.CONTINUE
@@ -1094,6 +1089,14 @@ class bmsMilter(Milter.Milter):
if res == 'pass' and auto_whitelist.has_key(self.canon_from): if res == 'pass' and auto_whitelist.has_key(self.canon_from):
self.whitelist = True self.whitelist = True
self.log("WHITELIST",self.canon_from) self.log("WHITELIST",self.canon_from)
if gossip:
if res == 'pass':
qual = 'SPF'
else:
qual = self.connectip
self.umis = gossip.umis(q.o+qual,self.id+time.time())
res,hdr,val = gossip_node.query(self.umis,q.o,qual,1)
self.add_header(hdr,val)
return Milter.CONTINUE return Milter.CONTINUE
# hide_path causes a copy of the message to be saved - until we # hide_path causes a copy of the message to be saved - until we
doc/changes.ht
+5
View File
@@ -6,6 +6,11 @@ Python milter has been moved to
<a href="http://sourceforge.net/projects/pymilter/">pymilter Sourceforge <a href="http://sourceforge.net/projects/pymilter/">pymilter Sourceforge
project</a> for development and release downloads. project</a> for development and release downloads.
<h3> GOSSiP </h3>
An alpha release of <a href="pygossip.html">pygossip</a> has been commited to
CVS, module pygossip. A version of the bms.py milter has been commited to CVS
which supports calling GOSSiP to track domain reputation in a local database.
<h3> New website design </h3> <h3> New website design </h3>
Hey, I'm no artist, so I just used the Hey, I'm no artist, so I just used the
doc/credits.ht
+2 -1
View File
@@ -25,7 +25,8 @@ real, usable Python extension.
<dd>for providing a Python port of SPF <dd>for providing a Python port of SPF
<dt>Scott Kitterman <dt>Scott Kitterman
<dd>for doing lots of testing and debugging of SPF against draft standard, <dd>for doing lots of testing and debugging of SPF against draft standard,
and for putting up a web page that validates SPF records using spf.py and for putting up a <a href="http://www.kitterman.com/spf/validate.html">
web page that validates SPF</a> records using spf.py
<dt>Alexander Kourakos <dt>Alexander Kourakos
<dd>for plugging several memory leaks <dd>for plugging several memory leaks
<dt>George Graf at Vienna University of Economics and Business Administration <dt>George Graf at Vienna University of Economics and Business Administration
milter.spec
+14 -4
View File
@@ -1,6 +1,6 @@
%define name milter %define name milter
%define version 0.8.4 %define version 0.8.4
%define release 1.RH7 %define release 2.RH7
# what version of RH are we building for? # what version of RH are we building for?
%define redhat9 0 %define redhat9 0
%define redhat7 1 %define redhat7 1
@@ -31,7 +31,7 @@ Name: %{name}
Version: %{version} Version: %{version}
Release: %{release} Release: %{release}
Source: %{name}-%{version}.tar.gz Source: %{name}-%{version}.tar.gz
#Patch: %{name}-%{version}.patch Patch: %{name}-%{version}.patch
Copyright: GPL Copyright: GPL
Group: Development/Libraries Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-buildroot BuildRoot: %{_tmppath}/%{name}-buildroot
@@ -52,10 +52,15 @@ modules provide for navigating and modifying MIME parts.
%prep %prep
%setup %setup
#%patch -p1 %patch -p0 -b .bms
%build %build
env CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" %{python} setup.py build if %{redhat9}; then
LDFLAGS="-g"
else
LDFLAGS="-s"
fi
env CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$LDFLAGS" %{python} setup.py build
%install %install
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
@@ -169,8 +174,13 @@ rm -rf $RPM_BUILD_ROOT
/usr/share/sendmail-cf/hack/rhsbl.m4 /usr/share/sendmail-cf/hack/rhsbl.m4
%changelog %changelog
* Mon Oct 31 2005 Stuart Gathman <stuart@bmsi.com> 0.8.5-1
- Simple trusted_forwarder implementation.
- Fix access_file neutral policy
* Fri Oct 21 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-2 * Fri Oct 21 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-2
- Don't supply sender when MFROM is subdomain of header from/sender. - Don't supply sender when MFROM is subdomain of header from/sender.
- Don't send quarantine DSN for DSNs
- Skip dspam for replies/DSNs to signed MFROM
* Thu Oct 20 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-1 * Thu Oct 20 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-1
- Fix SPF policy via sendmail access map (case insensitive keys). - Fix SPF policy via sendmail access map (case insensitive keys).
- Auto whitelist senders, train screener on whitelisted messages - Auto whitelist senders, train screener on whitelisted messages
spf.py
+9 -3
View File
@@ -19,7 +19,7 @@ AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
For more information about SPF, a tool against email forgery, see For more information about SPF, a tool against email forgery, see
http://spf.pobox.com/ http://openspf.org/
For news, bugfixes, etc. visit the home page for this implementation at For news, bugfixes, etc. visit the home page for this implementation at
http://www.wayforward.net/spf/ http://www.wayforward.net/spf/
@@ -47,6 +47,9 @@ For news, bugfixes, etc. visit the home page for this implementation at
# Terrence is not responding to email. # Terrence is not responding to email.
# #
# $Log$ # $Log$
# Revision 1.15 2005/10/30 01:08:14 customdesigned
# Ignore records missing spaces.
#
# Revision 1.14 2005/08/12 17:36:51 customdesigned # Revision 1.14 2005/08/12 17:36:51 customdesigned
# Trean non-existant include as no match in "lax" mode. # Trean non-existant include as no match in "lax" mode.
# #
@@ -596,9 +599,12 @@ class query(object):
return ('none', 250, EXPLANATIONS['none']) return ('none', 250, EXPLANATIONS['none'])
# split string by whitespace, drop the 'v=spf1' # split string by whitespace, drop the 'v=spf1'
#
spf = spf.split() spf = spf.split()
#Catch case where SPF record has no spaces # Catch case where SPF record has no spaces
# Can never happen with conforming dns_spf(), however
# in the future we might want to give permerror
# for common mistakes like IN TXT "v=spf1" "mx" "-all"
# in relaxed mode.
if spf[0] != 'v=spf1': if spf[0] != 'v=spf1':
raise PermError('Invalid SPF record in', self.d) raise PermError('Invalid SPF record in', self.d)
spf = spf[1:] spf = spf[1:]
strike3.txt
+1 -1
View File
@@ -23,7 +23,7 @@ SMTP (email) servers to prevent criminals from forging your
domain. The simplest step is usually to publish an SPF record domain. The simplest step is usually to publish an SPF record
with your Sender Policy. with your Sender Policy.
For more information, see: http://openspf.com For more information, see: http://openspf.org
I hate to annoy you with a DSN (Delivery Status I hate to annoy you with a DSN (Delivery Status
Notification) from a possibly forged email, but since you Notification) from a possibly forged email, but since you