Allow explicitly whitelisted email from banned_users.

Milter/cache.py

@@ -10,6 +10,11 @@
 # CBV results.
 #
 # $Log$
+# Revision 1.8  2007/09/03 16:18:45  customdesigned
+# Delete unparseable timestamps when loading address cache.  These have
+# arisen because of failure to parse MAIL FROM properly.   Will have to
+# tighten up MAIL FROM parsing to match RFC.
+#
 # Revision 1.7  2007/01/25 22:47:26  customdesigned
 # Persist blacklisting from delayed DSNs.
 #
@@ -89,8 +94,10 @@ class AddrCache(object):
     except IOError:
       lock.unlock()
 
-  def has_key(self,sender):
-    "True if sender is cached and has not expired."
+  def has_precise_key(self,sender):
+    """True if precise sender is cached and has not expired.  Don't
+    try looking up wildcard entries.
+    """
     try:
       lsender = sender and sender.lower()
       ts,res = self.cache[lsender]
@@ -98,15 +105,16 @@ class AddrCache(object):
       if not ts or ts > too_old:
         return True
       del self.cache[lsender]
+    except KeyError: pass
+    return False
+
+  def has_key(self,sender):
+    "True if sender is cached and has not expired."
+    if self.has_precise_key(sender):
+      return True
     try:
       user,host = sender.split('@',1)
-	return self.has_key(host)
-      except ValueError:
-        pass
-    except KeyError:
-      try:
-	user,host = sender.split('@',1)
-	return self.has_key(host)
+      return self.has_precise_key(host)
     except: pass
     return False
 

TODO

@@ -1,5 +1,3 @@
-Add parseaddr test case for 'foo@bar.com <baz@barf.biz>'
-
 Check ESMTP NOTIFY before sending real DSNs.  Just use CBV if DSNs are
 not wanted.
 
@@ -22,7 +20,8 @@ MTA.  The mail is flagged external, so we don't list example.com in
 internal_domains (or we would get "spam from self").  But, if we try to do a
 CBV, we get "fraudulent MX", because the MX is ourself!  So we need to 
 avoid doing CBV on such domains.  Currently, we try to make sure the SPF
-policies don't do CBV.
+policies don't do CBV.  The real solution is for users to use SMTP AUTH,
+but some of them are stubborn.
 
 We now don't check internal domains for incoming mail if there is an
 SPF record.
@@ -190,6 +189,8 @@ Need a test module to feed sample messages to a milter though a live
 sendmail and SMTP.  The mockup currently used is probably not very accurate,
 and doesn't test the threading code.
 
+DONE Add parseaddr test case for 'foo@bar.com <baz@barf.biz>'
+
 DONE Require signed MFROM for all incoming bounces when signing all outgoing
 mail - except from trusted relays.
 

bms.py

@@ -1,6 +1,9 @@
 #!/usr/bin/env python
 # A simple milter that has grown quite a bit.
 # $Log$
+# Revision 1.121  2008/04/10 14:59:35  customdesigned
+# Configure gossip TTL.
+#
 # Revision 1.120  2008/04/02 18:59:14  customdesigned
 # Release 0.8.10
 #
@@ -1112,8 +1115,11 @@ class bmsMilter(Milter.Milter):
                 self.setreply('550','5.7.1','Invalid SES signature')
                 return Milter.REJECT
               # reject for certain recipients are delayed until after DATA
+	      if auto_whitelist.has_precise_key(self.canon_from):
+		self.log("WHITELIST: DSN from",self.canon_from)
+	      else:
                 if srs_reject_spoofed \
-                  and not user.lower() in ('postmaster','abuse'):
+                  and user.lower() not in ('postmaster','abuse'):
                   return self.forged_bounce()
                 self.data_allowed = not srs_reject_spoofed