Initial SES integration.
This commit is contained in:
Stuart Gathman
@@ -1,6 +1,9 @@
|
|||||||
#!/usr/bin/env python
|
#!/usr/bin/env python
|
||||||
# A simple milter that has grown quite a bit.
|
# A simple milter that has grown quite a bit.
|
||||||
# $Log$
|
# $Log$
|
||||||
|
# Revision 1.14 2005/07/02 23:27:31 customdesigned
|
||||||
|
# Don't match hostnames for internal connects.
|
||||||
|
#
|
||||||
# Revision 1.13 2005/07/01 16:30:24 customdesigned
|
# Revision 1.13 2005/07/01 16:30:24 customdesigned
|
||||||
# Always log trusted Received and Received-SPF headers.
|
# Always log trusted Received and Received-SPF headers.
|
||||||
#
|
#
|
||||||
@@ -240,6 +243,7 @@ from email.Header import decode_header
|
|||||||
# Import pysrs if available
|
# Import pysrs if available
|
||||||
try:
|
try:
|
||||||
import SRS
|
import SRS
|
||||||
|
import SES
|
||||||
srsre = re.compile(r'^SRS[01][+-=]',re.IGNORECASE)
|
srsre = re.compile(r'^SRS[01][+-=]',re.IGNORECASE)
|
||||||
except: SRS = None
|
except: SRS = None
|
||||||
|
|
||||||
@@ -287,7 +291,7 @@ dspam_reject = ()
|
|||||||
dspam_sizelimit = 180000
|
dspam_sizelimit = 180000
|
||||||
srs = None
|
srs = None
|
||||||
srs_reject_spoofed = False
|
srs_reject_spoofed = False
|
||||||
srs_fwdomain = None
|
srs_domain = None
|
||||||
spf_reject_neutral = ()
|
spf_reject_neutral = ()
|
||||||
spf_accept_softfail = ()
|
spf_accept_softfail = ()
|
||||||
spf_best_guess = False
|
spf_best_guess = False
|
||||||
@@ -455,7 +459,7 @@ def read_config(list):
|
|||||||
if srs_config: cp.read([srs_config])
|
if srs_config: cp.read([srs_config])
|
||||||
srs_secret = cp.getdefault('srs','secret')
|
srs_secret = cp.getdefault('srs','secret')
|
||||||
if SRS and srs_secret:
|
if SRS and srs_secret:
|
||||||
global srs,srs_reject_spoofed,srs_fwdomain
|
global ses,srs,srs_reject_spoofed,srs_domain
|
||||||
database = cp.getdefault('srs','database')
|
database = cp.getdefault('srs','database')
|
||||||
srs_reject_spoofed = cp.getboolean('srs','reject_spoofed')
|
srs_reject_spoofed = cp.getboolean('srs','reject_spoofed')
|
||||||
maxage = cp.getint('srs','maxage')
|
maxage = cp.getint('srs','maxage')
|
||||||
@@ -468,7 +472,10 @@ def read_config(list):
|
|||||||
else:
|
else:
|
||||||
srs = SRS.Guarded.Guarded(secret=srs_secret,
|
srs = SRS.Guarded.Guarded(secret=srs_secret,
|
||||||
maxage=maxage,hashlength=hashlength,separator=separator)
|
maxage=maxage,hashlength=hashlength,separator=separator)
|
||||||
srs_fwdomain = cp.getdefault('srs','fwdomain')
|
srs_domain = cp.getlist('srs','ses')
|
||||||
|
srs_domain.append(cp.getdefault('srs','fwdomain'))
|
||||||
|
ses = SES.new(secret=srs_secret,expiration=maxage)
|
||||||
|
print srs_domain
|
||||||
|
|
||||||
def parse_addr(t):
|
def parse_addr(t):
|
||||||
if t.startswith('<') and t.endswith('>'): t = t[1:-1]
|
if t.startswith('<') and t.endswith('>'): t = t[1:-1]
|
||||||
@@ -777,9 +784,13 @@ class bmsMilter(Milter.Milter):
|
|||||||
or self.canon_from.startswith('mailer-daemon@'):
|
or self.canon_from.startswith('mailer-daemon@'):
|
||||||
if self.recipients and not multiple_bounce_recipients:
|
if self.recipients and not multiple_bounce_recipients:
|
||||||
self.data_allowed = False
|
self.data_allowed = False
|
||||||
if srs and domain == srs_fwdomain:
|
if srs and domain in srs_domain:
|
||||||
oldaddr = '@'.join(parse_addr(to))
|
oldaddr = '@'.join(parse_addr(to))
|
||||||
try:
|
try:
|
||||||
|
newaddr = ses.verify(oldaddr)
|
||||||
|
if len(newaddr) > 1:
|
||||||
|
self.log("ses rcpt:",newaddr[0])
|
||||||
|
else:
|
||||||
newaddr = srs.reverse(oldaddr)
|
newaddr = srs.reverse(oldaddr)
|
||||||
# Currently, a sendmail map reverses SRS. We just log it here.
|
# Currently, a sendmail map reverses SRS. We just log it here.
|
||||||
self.log("srs rcpt:",newaddr)
|
self.log("srs rcpt:",newaddr)
|
||||||
@@ -789,6 +800,10 @@ class bmsMilter(Milter.Milter):
|
|||||||
self.log("REJECT: srs spoofed:",oldaddr)
|
self.log("REJECT: srs spoofed:",oldaddr)
|
||||||
self.setreply('550','5.7.1','Invalid SRS signature')
|
self.setreply('550','5.7.1','Invalid SRS signature')
|
||||||
return Milter.REJECT
|
return Milter.REJECT
|
||||||
|
if oldaddr.startswith('SES='):
|
||||||
|
self.log("REJECT: ses spoofed:",oldaddr)
|
||||||
|
self.setreply('550','5.7.1','Invalid SES signature')
|
||||||
|
return Milter.REJECT
|
||||||
self.data_allowed = not srs_reject_spoofed
|
self.data_allowed = not srs_reject_spoofed
|
||||||
# non DSN mail to SRS address will bounce due to invalid local part
|
# non DSN mail to SRS address will bounce due to invalid local part
|
||||||
self.recipients.append('@'.join(t))
|
self.recipients.append('@'.join(t))
|
||||||
|
|||||||
Reference in New Issue
Block a user