Organize config reader by section. Create defang section.
This commit is contained in:
Stuart Gathman
@@ -3,8 +3,6 @@ Defer TEMPERROR in SPF evaluation - give precedence to security
|
|||||||
|
|
||||||
Option to add Received-SPF header, but never reject on SPF.
|
Option to add Received-SPF header, but never reject on SPF.
|
||||||
|
|
||||||
Option to configure banned extension list for mime.py. Default to empty.
|
|
||||||
|
|
||||||
Create null config that does nothing - except maybe add Received-SPF
|
Create null config that does nothing - except maybe add Received-SPF
|
||||||
headers. Many admins would like to turn features on one at a time.
|
headers. Many admins would like to turn features on one at a time.
|
||||||
|
|
||||||
@@ -25,8 +23,6 @@ or recipient prefix.
|
|||||||
|
|
||||||
Can't output messages with malformed rfc822 attachments.
|
Can't output messages with malformed rfc822 attachments.
|
||||||
|
|
||||||
Use python exceptions in SPF to cleanly handle unknown and error results.
|
|
||||||
|
|
||||||
Example malformed SPF:
|
Example malformed SPF:
|
||||||
onvunvuvvx.usafisnews.org text "v=spf1 mx ptr ip4:207.44.199.970 -all"
|
onvunvuvvx.usafisnews.org text "v=spf1 mx ptr ip4:207.44.199.970 -all"
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,9 @@
|
|||||||
#!/usr/bin/env python
|
#!/usr/bin/env python
|
||||||
# A simple milter that has grown quite a bit.
|
# A simple milter that has grown quite a bit.
|
||||||
# $Log$
|
# $Log$
|
||||||
|
# Revision 1.5 2005/06/02 15:00:17 customdesigned
|
||||||
|
# Configure banned extensions. Scan zipfile option with test case.
|
||||||
|
#
|
||||||
# Revision 1.4 2005/06/02 04:18:55 customdesigned
|
# Revision 1.4 2005/06/02 04:18:55 customdesigned
|
||||||
# Update copyright notices after reading article on /.
|
# Update copyright notices after reading article on /.
|
||||||
#
|
#
|
||||||
@@ -333,6 +336,7 @@ def read_config(list):
|
|||||||
'timeout': '600',
|
'timeout': '600',
|
||||||
'scan_html': 'no',
|
'scan_html': 'no',
|
||||||
'scan_rfc822': 'yes',
|
'scan_rfc822': 'yes',
|
||||||
|
'scan_zip': 'no',
|
||||||
'block_chinese': 'no',
|
'block_chinese': 'no',
|
||||||
'log_headers': 'no',
|
'log_headers': 'no',
|
||||||
'blind_wiretap': 'yes',
|
'blind_wiretap': 'yes',
|
||||||
@@ -344,20 +348,42 @@ def read_config(list):
|
|||||||
'dspam_internal': 'yes'
|
'dspam_internal': 'yes'
|
||||||
})
|
})
|
||||||
cp.read(list)
|
cp.read(list)
|
||||||
|
|
||||||
|
# milter section
|
||||||
tempfile.tempdir = cp.get('milter','tempdir')
|
tempfile.tempdir = cp.get('milter','tempdir')
|
||||||
global socketname, scan_rfc822, scan_html, block_chinese, timeout, scan_zip
|
global socketname, timeout, check_user, log_headers
|
||||||
|
global internal_connect, internal_domains, trusted_relay, hello_blacklist
|
||||||
socketname = cp.get('milter','socket')
|
socketname = cp.get('milter','socket')
|
||||||
timeout = cp.getint('milter','timeout')
|
timeout = cp.getint('milter','timeout')
|
||||||
scan_rfc822 = cp.getboolean('milter','scan_rfc822')
|
check_user = cp.getaddrset(section,'check_user')
|
||||||
scan_zip = cp.getboolean('milter','scan_zip')
|
|
||||||
scan_html = cp.getboolean('milter','scan_html')
|
|
||||||
block_chinese = cp.getboolean('milter','block_chinese')
|
|
||||||
|
|
||||||
global hide_path, block_forward, log_headers
|
|
||||||
hide_path = cp.getlist('scrub','hide_path')
|
|
||||||
block_forward = cp.getaddrset('milter','block_forward')
|
|
||||||
log_headers = cp.getboolean('milter','log_headers')
|
log_headers = cp.getboolean('milter','log_headers')
|
||||||
|
internal_connect = cp.getlist('milter','internal_connect')
|
||||||
|
internal_domains = cp.getlist('milter','internal_domains')
|
||||||
|
trusted_relay = cp.getlist('milter','trusted_relay')
|
||||||
|
hello_blacklist = cp.getlist('milter','hello_blacklist')
|
||||||
|
|
||||||
|
# defang section
|
||||||
|
global scan_rfc822, scan_html, block_chinese, scan_zip, block_forward
|
||||||
|
global banned_exts, porn_words, spam_words
|
||||||
|
if cp.has_section('defang'):
|
||||||
|
section = 'defang'
|
||||||
|
else: # use milter section if no defang section for compatibility
|
||||||
|
section = 'milter'
|
||||||
|
scan_rfc822 = cp.getboolean(section,'scan_rfc822')
|
||||||
|
scan_zip = cp.getboolean(section,'scan_zip')
|
||||||
|
scan_html = cp.getboolean(section,'scan_html')
|
||||||
|
block_chinese = cp.getboolean(section,'block_chinese')
|
||||||
|
block_forward = cp.getaddrset(section,'block_forward')
|
||||||
|
banned_exts = cp.getlist(section,'banned_exts')
|
||||||
|
porn_words = cp.getlist(section,'porn_words')
|
||||||
|
spam_words = cp.getlist(section,'spam_words')
|
||||||
|
|
||||||
|
# scrub section
|
||||||
|
global hide_path, reject_virus_from
|
||||||
|
hide_path = cp.getlist('scrub','hide_path')
|
||||||
|
reject_virus_from = cp.getlist('scrub','reject_virus_from')
|
||||||
|
|
||||||
|
# wiretap section
|
||||||
global blind_wiretap, wiretap_users, wiretap_dest, discard_users
|
global blind_wiretap, wiretap_users, wiretap_dest, discard_users
|
||||||
blind_wiretap = cp.getboolean('wiretap','blind')
|
blind_wiretap = cp.getboolean('wiretap','blind')
|
||||||
wiretap_users = cp.getaddrset('wiretap','users')
|
wiretap_users = cp.getaddrset('wiretap','users')
|
||||||
@@ -365,19 +391,7 @@ def read_config(list):
|
|||||||
wiretap_dest = cp.getdefault('wiretap','dest')
|
wiretap_dest = cp.getdefault('wiretap','dest')
|
||||||
if wiretap_dest: wiretap_dest = '<%s>' % wiretap_dest
|
if wiretap_dest: wiretap_dest = '<%s>' % wiretap_dest
|
||||||
|
|
||||||
global check_user, reject_virus_from, internal_connect, internal_domains
|
global smart_alias
|
||||||
check_user = cp.getaddrset('milter','check_user')
|
|
||||||
reject_virus_from = cp.getlist('scrub','reject_virus_from')
|
|
||||||
internal_connect = cp.getlist('milter','internal_connect')
|
|
||||||
internal_domains = cp.getlist('milter','internal_domains')
|
|
||||||
|
|
||||||
global porn_words, spam_words, smart_alias, trusted_relay, hello_blacklist
|
|
||||||
global banned_exts
|
|
||||||
trusted_relay = cp.getlist('milter','trusted_relay')
|
|
||||||
porn_words = cp.getlist('milter','porn_words')
|
|
||||||
spam_words = cp.getlist('milter','spam_words')
|
|
||||||
banned_exts = cp.getlist('milter','banned_exts')
|
|
||||||
hello_blacklist = cp.getlist('milter','hello_blacklist')
|
|
||||||
for sa in cp.getlist('wiretap','smart_alias'):
|
for sa in cp.getlist('wiretap','smart_alias'):
|
||||||
sm = cp.getlist('wiretap',sa)
|
sm = cp.getlist('wiretap',sa)
|
||||||
if len(sm) < 2:
|
if len(sm) < 2:
|
||||||
@@ -387,10 +401,9 @@ def read_config(list):
|
|||||||
key = (sm[0],sm[1])
|
key = (sm[0],sm[1])
|
||||||
smart_alias[key] = sm[2:]
|
smart_alias[key] = sm[2:]
|
||||||
|
|
||||||
|
# dspam section
|
||||||
global dspam_dict, dspam_users, dspam_userdir, dspam_exempt, dspam_internal
|
global dspam_dict, dspam_users, dspam_userdir, dspam_exempt, dspam_internal
|
||||||
global dspam_screener,dspam_whitelist,dspam_reject,dspam_sizelimit
|
global dspam_screener,dspam_whitelist,dspam_reject,dspam_sizelimit
|
||||||
global spf_reject_neutral,spf_best_guess,SRS,spf_reject_noptr
|
|
||||||
global spf_accept_softfail
|
|
||||||
dspam_dict = cp.getdefault('dspam','dspam_dict')
|
dspam_dict = cp.getdefault('dspam','dspam_dict')
|
||||||
dspam_exempt = cp.getaddrset('dspam','dspam_exempt')
|
dspam_exempt = cp.getaddrset('dspam','dspam_exempt')
|
||||||
dspam_whitelist = cp.getaddrset('dspam','dspam_whitelist')
|
dspam_whitelist = cp.getaddrset('dspam','dspam_whitelist')
|
||||||
@@ -402,6 +415,9 @@ def read_config(list):
|
|||||||
if cp.has_option('dspam','dspam_sizelimit'):
|
if cp.has_option('dspam','dspam_sizelimit'):
|
||||||
dspam_sizelimit = cp.getint('dspam','dspam_sizelimit')
|
dspam_sizelimit = cp.getint('dspam','dspam_sizelimit')
|
||||||
|
|
||||||
|
# spf section
|
||||||
|
global spf_reject_neutral,spf_best_guess,SRS,spf_reject_noptr
|
||||||
|
global spf_accept_softfail
|
||||||
if spf:
|
if spf:
|
||||||
spf.DELEGATE = cp.getdefault('spf','delegate')
|
spf.DELEGATE = cp.getdefault('spf','delegate')
|
||||||
spf_reject_neutral = cp.getlist('spf','reject_neutral')
|
spf_reject_neutral = cp.getlist('spf','reject_neutral')
|
||||||
|
|||||||
+4
-3
@@ -24,8 +24,11 @@ log_headers = 0
|
|||||||
# will save some DNS lookups when rejecting certain viruses.
|
# will save some DNS lookups when rejecting certain viruses.
|
||||||
;hello_blacklist = mycorp.com, 66.12.34.56
|
;hello_blacklist = mycorp.com, 66.12.34.56
|
||||||
|
|
||||||
|
# Reject mail for domains mentioned unless user is mentioned here also
|
||||||
|
;check_user = joe@mycorp.com, mary@mycorp.com, file:bigcorp.com
|
||||||
|
|
||||||
# features intended to filter or block incoming mail
|
# features intended to filter or block incoming mail
|
||||||
;[defang]
|
[defang]
|
||||||
# do virus scanning on attached messages also
|
# do virus scanning on attached messages also
|
||||||
scan_rfc822 = 1
|
scan_rfc822 = 1
|
||||||
# do virus scanning on attached zipfiles also
|
# do virus scanning on attached zipfiles also
|
||||||
@@ -36,8 +39,6 @@ scan_html = 0
|
|||||||
block_chinese = 1
|
block_chinese = 1
|
||||||
# list users who hate forwarded mail
|
# list users who hate forwarded mail
|
||||||
;block_forward = egghead@mycorp.com, busybee@mycorp.com
|
;block_forward = egghead@mycorp.com, busybee@mycorp.com
|
||||||
# Reject mail for domains mentioned unless user is mentioned here also
|
|
||||||
;check_user = joe@mycorp.com, mary@mycorp.com, file:bigcorp.com
|
|
||||||
# reject mail with these case insensitive strings in the subject
|
# reject mail with these case insensitive strings in the subject
|
||||||
porn_words = penis, breast, pussy, horse cock, porn, xenical, diet pill, d1ck,
|
porn_words = penis, breast, pussy, horse cock, porn, xenical, diet pill, d1ck,
|
||||||
vi*gra, vi-a-gra, viag, tits, p0rn, hunza, horny, sexy, c0ck, xanaax,
|
vi*gra, vi-a-gra, viag, tits, p0rn, hunza, horny, sexy, c0ck, xanaax,
|
||||||
|
|||||||
Reference in New Issue
Block a user