improve gossip support.
Initialize srs_domain from srs.srs config property. Should probably always block unsigned DSN when signing all.
This commit is contained in:
Stuart Gathman
@@ -1,3 +1,10 @@
|
||||
Include full info in Received-SPF for neutral. When making best
|
||||
guess, Received-SPF should be none. Add additional keywords or
|
||||
another header.
|
||||
|
||||
Require signed MFROM for all incoming bounces when signing all outgoing mail -
|
||||
except from trusted relays.
|
||||
|
||||
Send DSN for permerror before processing extended result. An additional
|
||||
DSN may be sent based on extended result.
|
||||
|
||||
|
||||
@@ -1,6 +1,9 @@
|
||||
#!/usr/bin/env python
|
||||
# A simple milter that has grown quite a bit.
|
||||
# $Log$
|
||||
# Revision 1.41 2005/12/01 18:59:25 customdesigned
|
||||
# Fix neutral policy. pobox.com -> openspf.org
|
||||
#
|
||||
# Revision 1.40 2005/11/07 21:22:35 customdesigned
|
||||
# GOSSiP support, local database only.
|
||||
#
|
||||
@@ -578,7 +581,7 @@ def read_config(list):
|
||||
ses = SES.new(secret=srs_secret,expiration=maxage)
|
||||
srs_domain = cp.getlist('srs','ses')
|
||||
else:
|
||||
srs_domain = []
|
||||
srs_domain = cp.getlist('srs','srs')
|
||||
srs_domain.append(cp.getdefault('srs','fwdomain'))
|
||||
banned_users = cp.getlist('srs','banned_users')
|
||||
#print srs_domain
|
||||
@@ -947,15 +950,7 @@ class bmsMilter(Milter.Milter):
|
||||
self.umis = None
|
||||
if not (self.internal_connection or self.trusted_relay) \
|
||||
and self.connectip and spf:
|
||||
rc = self.check_spf()
|
||||
if rc != Milter.CONTINUE or not domain or not gossip: return rc
|
||||
if self.spf.result == 'pass':
|
||||
qual = 'SPF'
|
||||
else:
|
||||
qual = self.connectip
|
||||
self.umis = gossip.umis(domain+qual,self.id+time.time())
|
||||
res,hdr,val = gossip_node.query(self.umis,domain,qual,1)
|
||||
self.add_header(hdr,val,idx=0)
|
||||
return self.check_spf()
|
||||
else:
|
||||
self.spf = None
|
||||
return Milter.CONTINUE
|
||||
@@ -1094,6 +1089,14 @@ class bmsMilter(Milter.Milter):
|
||||
if res == 'pass' and auto_whitelist.has_key(self.canon_from):
|
||||
self.whitelist = True
|
||||
self.log("WHITELIST",self.canon_from)
|
||||
if gossip:
|
||||
if res == 'pass':
|
||||
qual = 'SPF'
|
||||
else:
|
||||
qual = self.connectip
|
||||
self.umis = gossip.umis(q.o+qual,self.id+time.time())
|
||||
res,hdr,val = gossip_node.query(self.umis,q.o,qual,1)
|
||||
self.add_header(hdr,val)
|
||||
return Milter.CONTINUE
|
||||
|
||||
# hide_path causes a copy of the message to be saved - until we
|
||||
|
||||
@@ -6,6 +6,11 @@ Python milter has been moved to
|
||||
<a href="http://sourceforge.net/projects/pymilter/">pymilter Sourceforge
|
||||
project</a> for development and release downloads.
|
||||
|
||||
<h3> GOSSiP </h3>
|
||||
An alpha release of <a href="pygossip.html">pygossip</a> has been commited to
|
||||
CVS, module pygossip. A version of the bms.py milter has been commited to CVS
|
||||
which supports calling GOSSiP to track domain reputation in a local database.
|
||||
|
||||
<h3> New website design </h3>
|
||||
|
||||
Hey, I'm no artist, so I just used the
|
||||
|
||||
+2
-1
@@ -25,7 +25,8 @@ real, usable Python extension.
|
||||
<dd>for providing a Python port of SPF
|
||||
<dt>Scott Kitterman
|
||||
<dd>for doing lots of testing and debugging of SPF against draft standard,
|
||||
and for putting up a web page that validates SPF records using spf.py
|
||||
and for putting up a <a href="http://www.kitterman.com/spf/validate.html">
|
||||
web page that validates SPF</a> records using spf.py
|
||||
<dt>Alexander Kourakos
|
||||
<dd>for plugging several memory leaks
|
||||
<dt>George Graf at Vienna University of Economics and Business Administration
|
||||
|
||||
+14
-4
@@ -1,6 +1,6 @@
|
||||
%define name milter
|
||||
%define version 0.8.4
|
||||
%define release 1.RH7
|
||||
%define release 2.RH7
|
||||
# what version of RH are we building for?
|
||||
%define redhat9 0
|
||||
%define redhat7 1
|
||||
@@ -31,7 +31,7 @@ Name: %{name}
|
||||
Version: %{version}
|
||||
Release: %{release}
|
||||
Source: %{name}-%{version}.tar.gz
|
||||
#Patch: %{name}-%{version}.patch
|
||||
Patch: %{name}-%{version}.patch
|
||||
Copyright: GPL
|
||||
Group: Development/Libraries
|
||||
BuildRoot: %{_tmppath}/%{name}-buildroot
|
||||
@@ -52,10 +52,15 @@ modules provide for navigating and modifying MIME parts.
|
||||
|
||||
%prep
|
||||
%setup
|
||||
#%patch -p1
|
||||
%patch -p0 -b .bms
|
||||
|
||||
%build
|
||||
env CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" %{python} setup.py build
|
||||
if %{redhat9}; then
|
||||
LDFLAGS="-g"
|
||||
else
|
||||
LDFLAGS="-s"
|
||||
fi
|
||||
env CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$LDFLAGS" %{python} setup.py build
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
@@ -169,8 +174,13 @@ rm -rf $RPM_BUILD_ROOT
|
||||
/usr/share/sendmail-cf/hack/rhsbl.m4
|
||||
|
||||
%changelog
|
||||
* Mon Oct 31 2005 Stuart Gathman <stuart@bmsi.com> 0.8.5-1
|
||||
- Simple trusted_forwarder implementation.
|
||||
- Fix access_file neutral policy
|
||||
* Fri Oct 21 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-2
|
||||
- Don't supply sender when MFROM is subdomain of header from/sender.
|
||||
- Don't send quarantine DSN for DSNs
|
||||
- Skip dspam for replies/DSNs to signed MFROM
|
||||
* Thu Oct 20 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-1
|
||||
- Fix SPF policy via sendmail access map (case insensitive keys).
|
||||
- Auto whitelist senders, train screener on whitelisted messages
|
||||
|
||||
@@ -19,7 +19,7 @@ AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
|
||||
SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
|
||||
|
||||
For more information about SPF, a tool against email forgery, see
|
||||
http://spf.pobox.com/
|
||||
http://openspf.org/
|
||||
|
||||
For news, bugfixes, etc. visit the home page for this implementation at
|
||||
http://www.wayforward.net/spf/
|
||||
@@ -47,6 +47,9 @@ For news, bugfixes, etc. visit the home page for this implementation at
|
||||
# Terrence is not responding to email.
|
||||
#
|
||||
# $Log$
|
||||
# Revision 1.15 2005/10/30 01:08:14 customdesigned
|
||||
# Ignore records missing spaces.
|
||||
#
|
||||
# Revision 1.14 2005/08/12 17:36:51 customdesigned
|
||||
# Trean non-existant include as no match in "lax" mode.
|
||||
#
|
||||
@@ -596,9 +599,12 @@ class query(object):
|
||||
return ('none', 250, EXPLANATIONS['none'])
|
||||
|
||||
# split string by whitespace, drop the 'v=spf1'
|
||||
#
|
||||
spf = spf.split()
|
||||
# Catch case where SPF record has no spaces
|
||||
# Can never happen with conforming dns_spf(), however
|
||||
# in the future we might want to give permerror
|
||||
# for common mistakes like IN TXT "v=spf1" "mx" "-all"
|
||||
# in relaxed mode.
|
||||
if spf[0] != 'v=spf1':
|
||||
raise PermError('Invalid SPF record in', self.d)
|
||||
spf = spf[1:]
|
||||
|
||||
+1
-1
@@ -23,7 +23,7 @@ SMTP (email) servers to prevent criminals from forging your
|
||||
domain. The simplest step is usually to publish an SPF record
|
||||
with your Sender Policy.
|
||||
|
||||
For more information, see: http://openspf.com
|
||||
For more information, see: http://openspf.org
|
||||
|
||||
I hate to annoy you with a DSN (Delivery Status
|
||||
Notification) from a possibly forged email, but since you
|
||||
|
||||
Reference in New Issue
Block a user