Fix python3 unit tests

Fix getsymval for python3
setsymlist not called yet in TestMilter
2018-12-23 23:38:15 -05:00 · 2018-12-23 23:16:42 -05:00 · 2018-12-23 23:03:46 -05:00 · 2018-12-23 22:31:20 -05:00 · 2018-12-23 20:29:01 -05:00 · 2018-12-23 20:00:24 -05:00
64 changed files with 27189 additions and 5241 deletions
@@ -0,0 +1,8 @@
 *.pyc
 build/
 test/*.out
 test/*.tstout
 test/*.log
 test.db
 dist
 MANIFEST
@@ -0,0 +1,339 @@
 		    GNU GENERAL PUBLIC LICENSE
 		       Version 2, June 1991
 Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.
 			    Preamble
  The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
 License is intended to guarantee your freedom to share and change free
 software--to make sure the software is free for all its users.  This
 General Public License applies to most of the Free Software
 Foundation's software and to any other program whose authors commit to
 using it.  (Some other Free Software Foundation software is covered by
 the GNU Lesser General Public License instead.)  You can apply it to
 your programs, too.
  When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
 have the freedom to distribute copies of free software (and charge for
 this service if you wish), that you receive source code or can get it
 if you want it, that you can change the software or use pieces of it
 in new free programs; and that you know you can do these things.
  To protect your rights, we need to make restrictions that forbid
 anyone to deny you these rights or to ask you to surrender the rights.
 These restrictions translate to certain responsibilities for you if you
 distribute copies of the software, or if you modify it.
  For example, if you distribute copies of such a program, whether
 gratis or for a fee, you must give the recipients all the rights that
 you have.  You must make sure that they, too, receive or can get the
 source code.  And you must show them these terms so they know their
 rights.
  We protect your rights with two steps: (1) copyright the software, and
 (2) offer you this license which gives you legal permission to copy,
 distribute and/or modify the software.
  Also, for each author's protection and ours, we want to make certain
 that everyone understands that there is no warranty for this free
 software.  If the software is modified by someone else and passed on, we
 want its recipients to know that what they have is not the original, so
 that any problems introduced by others will not reflect on the original
 authors' reputations.
  Finally, any free program is threatened constantly by software
 patents.  We wish to avoid the danger that redistributors of a free
 program will individually obtain patent licenses, in effect making the
 program proprietary.  To prevent this, we have made it clear that any
 patent must be licensed for everyone's free use or not licensed at all.
  The precise terms and conditions for copying, distribution and
 modification follow.
 		    GNU GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
  0. This License applies to any program or other work which contains
 a notice placed by the copyright holder saying it may be distributed
 under the terms of this General Public License.  The "Program", below,
 refers to any such program or work, and a "work based on the Program"
 means either the Program or any derivative work under copyright law:
 that is to say, a work containing the Program or a portion of it,
 either verbatim or with modifications and/or translated into another
 language.  (Hereinafter, translation is included without limitation in
 the term "modification".)  Each licensee is addressed as "you".
 Activities other than copying, distribution and modification are not
 covered by this License; they are outside its scope.  The act of
 running the Program is not restricted, and the output from the Program
 is covered only if its contents constitute a work based on the
 Program (independent of having been made by running the Program).
 Whether that is true depends on what the Program does.
  1. You may copy and distribute verbatim copies of the Program's
 source code as you receive it, in any medium, provided that you
 conspicuously and appropriately publish on each copy an appropriate
 copyright notice and disclaimer of warranty; keep intact all the
 notices that refer to this License and to the absence of any warranty;
 and give any other recipients of the Program a copy of this License
 along with the Program.
 You may charge a fee for the physical act of transferring a copy, and
 you may at your option offer warranty protection in exchange for a fee.
  2. You may modify your copy or copies of the Program or any portion
 of it, thus forming a work based on the Program, and copy and
 distribute such modifications or work under the terms of Section 1
 above, provided that you also meet all of these conditions:
    a) You must cause the modified files to carry prominent notices
    stating that you changed the files and the date of any change.
    b) You must cause any work that you distribute or publish, that in
    whole or in part contains or is derived from the Program or any
    part thereof, to be licensed as a whole at no charge to all third
    parties under the terms of this License.
    c) If the modified program normally reads commands interactively
    when run, you must cause it, when started running for such
    interactive use in the most ordinary way, to print or display an
    announcement including an appropriate copyright notice and a
    notice that there is no warranty (or else, saying that you provide
    a warranty) and that users may redistribute the program under
    these conditions, and telling the user how to view a copy of this
    License.  (Exception: if the Program itself is interactive but
    does not normally print such an announcement, your work based on
    the Program is not required to print an announcement.)
 These requirements apply to the modified work as a whole.  If
 identifiable sections of that work are not derived from the Program,
 and can be reasonably considered independent and separate works in
 themselves, then this License, and its terms, do not apply to those
 sections when you distribute them as separate works.  But when you
 distribute the same sections as part of a whole which is a work based
 on the Program, the distribution of the whole must be on the terms of
 this License, whose permissions for other licensees extend to the
 entire whole, and thus to each and every part regardless of who wrote it.
 Thus, it is not the intent of this section to claim rights or contest
 your rights to work written entirely by you; rather, the intent is to
 exercise the right to control the distribution of derivative or
 collective works based on the Program.
 In addition, mere aggregation of another work not based on the Program
 with the Program (or with a work based on the Program) on a volume of
 a storage or distribution medium does not bring the other work under
 the scope of this License.
  3. You may copy and distribute the Program (or a work based on it,
 under Section 2) in object code or executable form under the terms of
 Sections 1 and 2 above provided that you also do one of the following:
    a) Accompany it with the complete corresponding machine-readable
    source code, which must be distributed under the terms of Sections
    1 and 2 above on a medium customarily used for software interchange; or,
    b) Accompany it with a written offer, valid for at least three
    years, to give any third party, for a charge no more than your
    cost of physically performing source distribution, a complete
    machine-readable copy of the corresponding source code, to be
    distributed under the terms of Sections 1 and 2 above on a medium
    customarily used for software interchange; or,
    c) Accompany it with the information you received as to the offer
    to distribute corresponding source code.  (This alternative is
    allowed only for noncommercial distribution and only if you
    received the program in object code or executable form with such
    an offer, in accord with Subsection b above.)
 The source code for a work means the preferred form of the work for
 making modifications to it.  For an executable work, complete source
 code means all the source code for all modules it contains, plus any
 associated interface definition files, plus the scripts used to
 control compilation and installation of the executable.  However, as a
 special exception, the source code distributed need not include
 anything that is normally distributed (in either source or binary
 form) with the major components (compiler, kernel, and so on) of the
 operating system on which the executable runs, unless that component
 itself accompanies the executable.
 If distribution of executable or object code is made by offering
 access to copy from a designated place, then offering equivalent
 access to copy the source code from the same place counts as
 distribution of the source code, even though third parties are not
 compelled to copy the source along with the object code.
  4. You may not copy, modify, sublicense, or distribute the Program
 except as expressly provided under this License.  Any attempt
 otherwise to copy, modify, sublicense or distribute the Program is
 void, and will automatically terminate your rights under this License.
 However, parties who have received copies, or rights, from you under
 this License will not have their licenses terminated so long as such
 parties remain in full compliance.
  5. You are not required to accept this License, since you have not
 signed it.  However, nothing else grants you permission to modify or
 distribute the Program or its derivative works.  These actions are
 prohibited by law if you do not accept this License.  Therefore, by
 modifying or distributing the Program (or any work based on the
 Program), you indicate your acceptance of this License to do so, and
 all its terms and conditions for copying, distributing or modifying
 the Program or works based on it.
  6. Each time you redistribute the Program (or any work based on the
 Program), the recipient automatically receives a license from the
 original licensor to copy, distribute or modify the Program subject to
 these terms and conditions.  You may not impose any further
 restrictions on the recipients' exercise of the rights granted herein.
 You are not responsible for enforcing compliance by third parties to
 this License.
  7. If, as a consequence of a court judgment or allegation of patent
 infringement or for any other reason (not limited to patent issues),
 conditions are imposed on you (whether by court order, agreement or
 otherwise) that contradict the conditions of this License, they do not
 excuse you from the conditions of this License.  If you cannot
 distribute so as to satisfy simultaneously your obligations under this
 License and any other pertinent obligations, then as a consequence you
 may not distribute the Program at all.  For example, if a patent
 license would not permit royalty-free redistribution of the Program by
 all those who receive copies directly or indirectly through you, then
 the only way you could satisfy both it and this License would be to
 refrain entirely from distribution of the Program.
 If any portion of this section is held invalid or unenforceable under
 any particular circumstance, the balance of the section is intended to
 apply and the section as a whole is intended to apply in other
 circumstances.
 It is not the purpose of this section to induce you to infringe any
 patents or other property right claims or to contest validity of any
 such claims; this section has the sole purpose of protecting the
 integrity of the free software distribution system, which is
 implemented by public license practices.  Many people have made
 generous contributions to the wide range of software distributed
 through that system in reliance on consistent application of that
 system; it is up to the author/donor to decide if he or she is willing
 to distribute software through any other system and a licensee cannot
 impose that choice.
 This section is intended to make thoroughly clear what is believed to
 be a consequence of the rest of this License.
  8. If the distribution and/or use of the Program is restricted in
 certain countries either by patents or by copyrighted interfaces, the
 original copyright holder who places the Program under this License
 may add an explicit geographical distribution limitation excluding
 those countries, so that distribution is permitted only in or among
 countries not thus excluded.  In such case, this License incorporates
 the limitation as if written in the body of this License.
  9. The Free Software Foundation may publish revised and/or new versions
 of the General Public License from time to time.  Such new versions will
 be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.
 Each version is given a distinguishing version number.  If the Program
 specifies a version number of this License which applies to it and "any
 later version", you have the option of following the terms and conditions
 either of that version or of any later version published by the Free
 Software Foundation.  If the Program does not specify a version number of
 this License, you may choose any version ever published by the Free Software
 Foundation.
  10. If you wish to incorporate parts of the Program into other free
 programs whose distribution conditions are different, write to the author
 to ask for permission.  For software which is copyrighted by the Free
 Software Foundation, write to the Free Software Foundation; we sometimes
 make exceptions for this.  Our decision will be guided by the two goals
 of preserving the free status of all derivatives of our free software and
 of promoting the sharing and reuse of software generally.
 			    NO WARRANTY
  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
 OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
 PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
 OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
 TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
 PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
 REPAIR OR CORRECTION.
  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
 REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
 INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
 OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
 TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
 YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
 		     END OF TERMS AND CONDITIONS
 	    How to Apply These Terms to Your New Programs
  If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
 free software which everyone can redistribute and change under these terms.
  To do so, attach the following notices to the program.  It is safest
 to attach them to the start of each source file to most effectively
 convey the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
    <one line to give the program's name and a brief idea of what it does.>
    Copyright (C) <year>  <name of author>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License along
    with this program; if not, write to the Free Software Foundation, Inc.,
    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 Also add information on how to contact you by electronic and paper mail.
 If the program is interactive, make it output a short notice like this
 when it starts in an interactive mode:
    Gnomovision version 69, Copyright (C) year name of author
    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
    This is free software, and you are welcome to redistribute it
    under certain conditions; type `show c' for details.
 The hypothetical commands `show w' and `show c' should show the appropriate
 parts of the General Public License.  Of course, the commands you use may
 be called something other than `show w' and `show c'; they could even be
 mouse-clicks or menu items--whatever suits your program.
 You should also get your employer (if you work as a programmer) or your
 school, if any, to sign a "copyright disclaimer" for the program, if
 necessary.  Here is a sample; alter the names:
  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
  `Gnomovision' (which makes passes at compilers) written by James Hacker.
  <signature of Ty Coon>, 1 April 1989
  Ty Coon, President of Vice
 This General Public License does not permit incorporating your program into
 proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
 library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.
@@ -1,14 +1,28 @@
 Jim Niemira (urmane@urmane.org) wrote the original C module and some quick
-and dirty python to use it.  Stuart D. Gathman (stuart@bmsi.com) took that
+and dirty python to use it.  Stuart D. Gathman (stuart@gathman.org) took that
 kludge and added threading and context objects to it, wrote a proper OO
 wrapper (Milter.py) that handles attachments, did lots of testing, packaged
 it with distutils, and generally transformed it from a quick hack to a
 real, usable Python extension.
-Other contributors:
+Other contributors (in random order):
 Daniel Troeder
  for pointing out a typo in @noreply
 arkanes@irc.freenode.net
  for suggesting a class method to compute and cache protocol masks
 habnabit@habnabit.org
  for suggesting function attributes and decorators for protocol negotiation
 Dwayne Litzenberger, B.A.Sc.
  for library_dirs patch to compile on Debian 
 Dave MacQuigg 
  for noticing that smfi_insheader wasn't supported, and creating
  a template to help first time pymilter users create their own milter.
 Terence Way
  for providing a Python port of SPF
 Scott Kitterman
  for doing lots of testing and debugging of SPF against draft standard,
  and for putting up a web page that validates SPF records using spf.py
 Alexander Kourakos
  for plugging several memory leaks
 George Graf at Vienna University of Economics and Business Administration
@@ -22,8 +36,11 @@ John Draper
  then pointing out that it would be easier to just write the MTA in Python.
 Eric S. Johansson
  for helpful design discussions while working on camram
 Alex Savguira
  for finding bugs with international headers and
  suggesting the scan_zip option.
 Business Management Systems - http://www.bmsi.com
  for hosting the website, and providing paying clients who need milter service
  so I can work on it as part of my day job.
-If I have left anybody out, send me a reminder: stuart@bmsi.com
+If I have left anybody out, send me a reminder: stuart@gathman.org
@@ -0,0 +1,424 @@
 # Revision 1.35  2013/03/14 22:11:25  customdesigned
 # Release 0.9.8
 #
 # Revision 1.34  2013/03/09 05:42:14  customdesigned
 # Make TestBase members private, fix getsymlist misspelling.
 #
 # Revision 1.33  2013/03/09 00:25:23  customdesigned
 # Better untrapped exception message.  const char for doc comments.
 #
 # Revision 1.32  2013/01/13 01:46:16  customdesigned
 # Doc updates.
 #
 # Revision 1.31  2012/04/12 23:32:50  customdesigned
 # Replace redundant callback array with macros.  If this doesn't break anything,
 # macros can be eliminated with code changes.
 #
 # Revision 1.30  2012/04/12 23:08:06  customdesigned
 # Support RFC2553 on BSD
 #
 # Revision 1.29  2011/06/09 15:45:27  customdesigned
 # Print callback name for non-int return error.
 #
 # Revision 1.28  2011/06/08 23:13:48  customdesigned
 # Generate special exception when callback return not int.
 #
 # Revision 1.27  2009/07/28 21:45:54  customdesigned
 # Add getversion() to return runtime version.
 #
 # Revision 1.26  2009/07/28 21:08:20  customdesigned
 # Increment del count.
 #
 # Revision 1.25  2009/07/28 20:58:55  customdesigned
 # getdiag method
 #
 # Revision 1.24  2009/06/09 01:54:44  customdesigned
 # Forgot to initialize optional parameter.
 #
 # Revision 1.23  2009/05/29 20:44:58  customdesigned
 # Typo SMFIP_NO constants.
 #
 # Revision 1.22  2009/05/29 19:53:36  customdesigned
 # Typo SMFIS_ALL_OPTS
 #
 # Revision 1.21  2009/05/29 19:49:40  customdesigned
 # Typo calling helo instead of negotiate.
 #
 # Revision 1.20  2009/05/29 18:25:59  customdesigned
 # Null terminate keyword list.
 #
 # Revision 1.19  2009/05/28 18:36:42  customdesigned
 # Support new callbacks, including negotiate
 #
 # Revision 1.18  2009/05/21 21:53:05  customdesigned
 # First cut at support unknown, data, negotiate callbacks.
 #
 # Revision 1.17  2009/02/06 04:28:08  customdesigned
 # Oops!  Missing options argument pointer for addrcpt.
 #
 # Revision 1.16  2008/12/16 04:21:05  customdesigned
 # Fedora release
 #
 # Revision 1.15  2008/12/13 20:29:56  customdesigned
 # Split off milter applications.
 #
 # Revision 1.14  2008/12/04 19:43:00  customdesigned
 # Doc updates.
 #
 # Revision 1.13  2008/11/23 03:06:47  customdesigned
 # Milter support for chgfrom.
 #
 # Revision 1.12  2008/11/21 20:42:52  customdesigned
 # Support smfi_chgfrom and smfi_addrcpt_par.
 #
 # Revision 1.11  2007/09/25 02:26:29  customdesigned
 # Update license.
 #
 # Revision 1.10  2006/02/12 02:00:42  customdesigned
 # Resolve FIXME for wrap_close.
 #
 # Revision 1.9  2005/12/23 21:46:36  customdesigned
 # Compile on sendmail-8.12 (ifdef SMFIR_INSHEADER)
 #
 # Revision 1.8  2005/10/20 23:23:36  customdesigned
 # Include smfi_progress is SMFIR_PROGRESS defined
 #
 # Revision 1.7  2005/10/20 23:04:46  customdesigned
 # Add optional idx for position of added header.
 #
 # Revision 1.6  2005/07/15 22:18:17  customdesigned
 # Support callback exception policy
 #
 # Revision 1.5  2005/06/24 04:20:07  customdesigned
 # Report context allocation error.
 #
 # Revision 1.4  2005/06/24 04:12:43  customdesigned
 # Remove unused name argument to generic wrappers.
 #
 # Revision 1.3  2005/06/24 03:57:35  customdesigned
 # Handle close called before connect.
 #
 # Revision 1.2  2005/06/02 04:18:55  customdesigned
 # Update copyright notices after reading article on /.
 #
 # Revision 1.1.1.2  2005/05/31 18:09:06  customdesigned
 # Release 0.7.1
 #
 # Revision 2.31  2004/08/23 02:24:36  stuart
 # Support setbacklog
 #
 # Revision 2.30  2004/08/21 20:29:53  stuart
 # Support option of 11 lines max for mlreply.
 #
 # Revision 2.29  2004/08/21 04:14:29  stuart
 # mlreply support
 #
 # Revision 2.28  2004/08/21 02:45:21  stuart
 # Don't leak int constants if module unloaded.
 #
 # Revision 2.27  2004/04/06 03:19:59  stuart
 # Release 0.6.8
 #
 # Revision 2.26  2004/03/04 21:43:06  stuart
 # Fix memory leak by removing unused dynamic template buffer,
 # thanks again to Alexander Kourakos.
 #
 # Revision 2.25  2004/03/01 19:45:03  stuart
 # Release 0.6.5
 #
 # Revision 2.24  2004/03/01 18:56:50  stuart
 # Support progress reporting.
 #
 # Revision 2.23  2004/03/01 18:36:09  stuart
 # Plug memory leak.  Thanks to Alexander Kourakos.
 #
 # Revision 2.22  2003/11/02 03:01:46  stuart
 # Adjust SMTP error codes after careful reading of standard.
 #
 # Revision 2.21  2003/06/24 19:57:04  stuart
 # Allow removing a python milter callback by setting to None.
 #
 # Revision 2.20  2003/02/13 17:08:57  stuart
 # IPV6 support
 #
 # Revision 2.19  2003/02/13 16:58:29  stuart
 # Support passing None to setreply and chgheader.
 #
 # Revision 2.18  2002/12/11 16:44:06  stuart
 # Support QUARANTINE if supported by libmilter.
 #
 # Revision 2.17  2002/04/18 20:20:35  stuart
 # Fix for NULL hostaddr in connect callback from Jason Erickson.
 #
 # Revision 2.16  2001/09/26 13:29:09  stuart
 # sa_len not supported by linux.
 #
 # Revision 2.15  2001/09/25 17:28:40  stuart
 # Copyrights, documentation, release 0.3.1
 #
 # Revision 2.14  2001/09/25 00:36:57  stuart
 # Pass hostaddr to python code in format used by standard socket module.
 #
 # Revision 2.13  2001/09/24 23:44:55  stuart
 # Return old callback from setcallback functions.
 #
 # Revision 2.12  2001/09/24 20:02:30  stuart
 # Remove redundant setpriv
 #
 # Revision 2.11  2001/09/23 22:26:35  stuart
 # Update docs.  Streamline Milter.py
 # update testbms.py to reflect actual sendmail behaviour with multiple
 # messages per connection.
 #
 # Revision 2.10  2001/09/22 15:33:42  stuart
 # More doc comment updates.
 #
 # Revision 2.9  2001/09/22 14:52:27  stuart
 # Actually return retval in _generic_return.
 # Go over doc comments.
 #
 # Revision 2.8  2001/09/22 01:59:32  stuart
 # Prevent reentrant call of milter_main, which libmilter doesn't support.
 #
 # Revision 2.7  2001/09/22 01:47:37  stuart
 # Forgot to set milter interp.
 #
 # Revision 2.6  2001/09/22 01:23:53  stuart
 # Added proper threading after research in python docs.
 #
 # Revision 2.5  2001/09/21 20:08:51  stuart
 # Release 0.2.3
 #
 # Revision 2.4  2001/09/20 16:18:16  stuart
 # libmilter checks in_eom state, so we don't have to.
 #
 # Revision 2.3  2001/09/19 06:02:33  stuart
 # Make more stuff static.
 #
 # Revision 2.1  2001/09/19 04:24:13  stuart
 # Use extension type to track context in python.
 #
 # Revision 1.4  2001/09/18 18:48:28  stuart
 # clear private data reference in _clear_context
 #
 # Revision 1.3  2001/09/15  04:19:37  stuart
 # nasty off by 1 mem overwrite bugs in wrap_env
 # generic_set_callback
 #
 # Revision 1.2  2001/09/15  03:15:39  stuart
 # several bugs fixed, works smoothly
 #
 # Revision 1.69  2006/11/04 22:09:39  customdesigned
 # Another lame DSN heuristic.  Block PTR cache poisoning attack.
 #
 # Revision 1.68  2006/10/04 03:46:01  customdesigned
 # Fix defaults.
 #
 # Revision 1.67  2006/10/01 01:44:06  customdesigned
 # case_sensitive_localpart option, more delayed bounce heuristics,
 # optional smart_alias section.
 #
 # Revision 1.66  2006/07/26 16:42:26  customdesigned
 # Support CBV timeout
 #
 # Revision 1.65  2006/06/21 22:22:00  customdesigned
 # Handle multi-line headers in delayed dsns.
 #
 # Revision 1.64  2006/06/21 21:12:04  customdesigned
 # More delayed reject token headers.
 # Don't require HELO pass for CBV.
 #
 # Revision 1.63  2006/05/21 03:41:44  customdesigned
 # Fail dsn
 #
 # Revision 1.61  2006/05/17 21:28:07  customdesigned
 # Create GOSSiP record only when connection will procede to DATA.
 #
 # Revision 1.60  2006/05/12 16:14:48  customdesigned
 # Don't require SPF pass for white/black listing mail from trusted relay.
 # Support localpart wildcard for white and black lists.
 #
 # Revision 1.59  2006/04/06 18:14:17  customdesigned
 # Check whitelist/blacklist even when not checking SPF (e.g. trusted relay).
 #
 # Revision 1.58  2006/03/10 20:52:49  customdesigned
 # Use re to recognize failure DSNs.
 #
 # Revision 1.57  2006/03/07 20:50:54  customdesigned
 # Use signed Message-ID in delayed reject to blacklist senders
 #
 # Revision 1.56  2006/02/24 02:12:54  customdesigned
 # Properly report hard PermError (lax mode fails also) by always setting
 # perm_error attribute with PermError exception.  Improve reporting of
 # invalid domain PermError.
 #
 # Revision 1.55  2006/02/17 05:04:29  customdesigned
 # Use SRS sign domain list.
 # Accept but do not use for training whitelisted senders without SPF pass.
 # Immediate rejection of unsigned bounces.
 #
 # Revision 1.54  2006/02/16 02:16:36  customdesigned
 # User specific SPF receiver policy.
 #
 # Revision 1.53  2006/02/12 04:15:01  customdesigned
 # Remove spf dependency for iniplist
 #
 # Revision 1.52  2006/02/12 02:12:08  customdesigned
 # Use CIDR notation for internal connect list.
 #
 # Revision 1.51  2006/02/12 01:13:58  customdesigned
 # Don't check rcpt user list when signed MFROM.
 #
 # Revision 1.50  2006/02/09 20:39:43  customdesigned
 # Use CIDR notation for trusted_relay iplist
 #
 # Revision 1.49  2006/01/30 23:14:48  customdesigned
 # put back eom condition
 #
 # Revision 1.48  2006/01/12 20:31:24  customdesigned
 # Accelerate training via whitelist and blacklist.
 #
 # Revision 1.47  2005/12/29 04:49:10  customdesigned
 # Do not auto-whitelist autoreplys
 #
 # Revision 1.46  2005/12/28 20:17:29  customdesigned
 # Expire and renew AddrCache entries
 #
 # Revision 1.45  2005/12/23 22:34:46  customdesigned
 # Put guessed result in separate header.
 #
 # Revision 1.44  2005/12/23 21:47:07  customdesigned
 # Move Received-SPF header to top.
 #
 # Revision 1.43  2005/12/09 16:54:01  customdesigned
 # Select neutral DSN template for best_guess
 #
 # Revision 1.42  2005/12/01 22:42:32  customdesigned
 # improve gossip support.
 # Initialize srs_domain from srs.srs config property.  Should probably
 # always block unsigned DSN when signing all.
 #
 # Revision 1.41  2005/12/01 18:59:25  customdesigned
 # Fix neutral policy.  pobox.com -> openspf.org
 #
 # Revision 1.40  2005/11/07 21:22:35  customdesigned
 # GOSSiP support, local database only.
 #
 # Revision 1.39  2005/10/31 00:04:58  customdesigned
 # Simple implementation of trusted_forwarder list.  Inefficient for
 # more than 1 or 2 entries.
 #
 # Revision 1.38  2005/10/28 19:36:54  customdesigned
 # Don't check internal_domains for trusted_relay.
 #
 # Revision 1.37  2005/10/28 09:30:49  customdesigned
 # Do not send quarantine DSN when sender is DSN.
 #
 # Revision 1.36  2005/10/23 16:01:29  customdesigned
 # Consider MAIL FROM a match for supply_sender when a subdomain of From or Sender
 #
 # Revision 1.35  2005/10/20 18:47:27  customdesigned
 # Configure auto_whitelist senders.
 #
 # Revision 1.34  2005/10/19 21:07:49  customdesigned
 # access.db stores keys in lower case
 #
 # Revision 1.33  2005/10/19 19:37:50  customdesigned
 # Train screener on whitelisted messages.
 #
 # Revision 1.32  2005/10/14 16:17:31  customdesigned
 # Auto whitelist refinements.
 #
 # Revision 1.31  2005/10/14 01:14:08  customdesigned
 # Auto whitelist feature.
 #
 # Revision 1.30  2005/10/12 16:36:30  customdesigned
 # Release 0.8.3
 #
 # Revision 1.29  2005/10/11 22:50:07  customdesigned
 # Always check HELO except for SPF pass, temperror.
 #
 # Revision 1.28  2005/10/10 23:50:20  customdesigned
 # Use logging module to make logging threadsafe (avoid splitting log lines)
 #
 # Revision 1.27  2005/10/10 20:15:33  customdesigned
 # Configure SPF policy via sendmail access file.
 #
 # Revision 1.26  2005/10/07 03:23:40  customdesigned
 # Banned users option.  Experimental feature to supply Sender when
 # missing and MFROM domain doesn't match From.  Log cipher bits for
 # SMTP AUTH.  Sketch access file feature.
 #
 # Revision 1.25  2005/09/08 03:55:08  customdesigned
 # Handle perverse MFROM quoting.
 #
 # Revision 1.24  2005/08/18 03:36:54  customdesigned
 # Don't innoculate with SCREENED mail.
 #
 # Revision 1.23  2005/08/17 19:35:27  customdesigned
 # Send DSN before adding message to quarantine.
 #
 # Revision 1.22  2005/08/11 22:17:58  customdesigned
 # Consider SMTP AUTH connections internal.
 #
 # Revision 1.21  2005/08/04 21:21:31  customdesigned
 # Treat fail like softfail for selected (braindead) domains.
 # Treat mail according to extended processing results, but
 # report any PermError that would officially result via DSN.
 #
 # Revision 1.20  2005/08/02 18:04:35  customdesigned
 # Keep screened honeypot mail, but optionally discard honeypot only mail.
 #
 # Revision 1.19  2005/07/20 03:30:04  customdesigned
 # Check pydspam version for honeypot, include latest pyspf changes.
 #
 # Revision 1.18  2005/07/17 01:25:44  customdesigned
 # Log as well as use extended result for best guess.
 #
 # Revision 1.17  2005/07/15 20:25:36  customdesigned
 # Use extended results processing for best_guess.
 #
 # Revision 1.16  2005/07/14 03:23:33  customdesigned
 # Make SES package optional.  Initial honeypot support.
 #
 # Revision 1.15  2005/07/06 04:05:40  customdesigned
 # Initial SES integration.
 #
 # Revision 1.14  2005/07/02 23:27:31  customdesigned
 # Don't match hostnames for internal connects.
 #
 # Revision 1.13  2005/07/01 16:30:24  customdesigned
 # Always log trusted Received and Received-SPF headers.
 #
 # Revision 1.12  2005/06/20 22:35:35  customdesigned
 # Setreply for rejectvirus.
 #
 # Revision 1.11  2005/06/17 02:07:20  customdesigned
 # Release 0.8.1
 #
 # Revision 1.10  2005/06/16 18:35:51  customdesigned
 # Ignore HeaderParseError decoding header
 #
 # Revision 1.9  2005/06/14 21:55:29  customdesigned
 # Check internal_domains for outgoing mail.
 #
 # Revision 1.8  2005/06/06 18:24:59  customdesigned
 # Properly log exceptions from pydspam
 #
 # Revision 1.7  2005/06/04 19:41:16  customdesigned
 # Fix bugs from testing RPM
 #
 # Revision 1.6  2005/06/03 04:57:05  customdesigned
 # Organize config reader by section.  Create defang section.
 #
 # Revision 1.5  2005/06/02 15:00:17  customdesigned
 # Configure banned extensions.  Scan zipfile option with test case.
 #
 # Revision 1.4  2005/06/02 04:18:55  customdesigned
 # Update copyright notices after reading article on /.
 #
 # Revision 1.3  2005/06/02 02:09:00  customdesigned
 # Record timestamp in send_dsn.log
 #
 # Revision 1.2  2005/06/02 01:00:36  customdesigned
 # Support configurable templates for DSNs.
@@ -3,19 +3,16 @@ include TODO
 include NEWS
 include CREDITS
 include README
 include ChangeLog
 include MANIFEST.in
 include testsample.py
 include testmime.py
-include testbms.py
+include testutils.py
 include testdspam.py
 include bms.py
 include spf.py
 include spfquery.py
 include test.py
 include sample.py
 include sgmllib.py
 include milter-template.py
 include test/*
 include Milter/*.py
 include *.spec
 include start.sh
 include milter.rc
 include milter.rc7
 include milter.cfg
@@ -1,202 +0,0 @@
 # Author: Stuart D. Gathman <stuart@bmsi.com>
 # Copyright 2001 Business Management Systems, Inc.
 # This code is under GPL.  See COPYING for details.
 import os
 import milter
 import thread
 from milter import ACCEPT,CONTINUE,REJECT,DISCARD,TEMPFAIL,	\
  set_flags, setdbg, \
  ADDHDRS, CHGBODY, ADDRCPT, DELRCPT, CHGHDRS,	\
  V1_ACTS, V2_ACTS, CURR_ACTS
 try:
  from milter import QUARANTINE
 except:
  #print 'No QUARANTINE support'
  pass
 _seq_lock = thread.allocate_lock()
 _seq = 0
 def uniqueID():
  """Return a sequence number unique to this process.
  """
  global _seq
  _seq_lock.acquire()
  seqno = _seq = _seq + 1
  _seq_lock.release()
  return seqno
 class Milter:
  """A simple class interface to the milter module.
  """
  def _setctx(self,ctx):
    self.__ctx = ctx
    if ctx:
      ctx.setpriv(self)
  # user replaceable callbacks
  def log(self,*msg):
    print 'Milter:',
    for i in msg: print i,
    print
  def connect(self,hostname,unused,hostaddr):
    "Called for each connection to sendmail."
    self.log("connect from %s at %s" % (hostname,hostaddr))
    return CONTINUE
  def hello(self,hostname):
    "Called after the HELO command."
    self.log("hello from %s" % hostname)
    return CONTINUE
  def envfrom(self,f,*str):
    """Called to begin each message.
    f -> string		message sender
    str -> tuple	additional ESMTP parameters
    """
    self.log("mail from",f,str)
    return CONTINUE
  def envrcpt(self,to,*str):
    "Called for each message recipient."
    self.log("rcpt to",to,str)
    return CONTINUE
  def header(self,field,value):
    "Called for each message header."
    self.log("%s: %s" % (field,value))
    return CONTINUE
  def eoh(self):
    "Called after all headers are processed."
    self.log("eoh")
    return CONTINUE
  def body(self,unused):
    "Called to transfer the message body."
    return CONTINUE
  def eom(self):
    "Called at the end of message."
    self.log("eom")
    return CONTINUE
  def abort(self):
    "Called if the connection is terminated abnormally."
    self.log("abort")
    return CONTINUE
  def close(self):
    "Called at the end of connection, even if aborted."
    self.log("close")
    return CONTINUE
  # Milter methods which can be invoked from callbacks
  def getsymval(self,sym):
    return self.__ctx.getsymval(sym)
  def setreply(self,rcode,xcode,msg):
    return self.__ctx.setreply(rcode,xcode,msg)
  # Milter methods which can only be called from eom callback.
  def addheader(self,field,value):
    return self.__ctx.addheader(field,value)
  def chgheader(self,field,idx,value):
    return self.__ctx.chgheader(field,idx,value)
  def addrcpt(self,rcpt):
    return self.__ctx.addrcpt(rcpt)
  def delrcpt(self,rcpt):
    return self.__ctx.delrcpt(rcpt)
  def replacebody(self,body):
    return self.__ctx.replacebody(body)
  def quarantine(self,reason):
    return self.__ctx.quarantine(reason)
  def progress(self):
    return self.__ctx.progress()
 factory = Milter
 def connectcallback(ctx,hostname,family,hostaddr):
  m = factory()
  m._setctx(ctx)
  return m.connect(hostname,family,hostaddr)
 def closecallback(ctx):
  m = ctx.getpriv()
  if not m: return CONTINUE
  rc = m.close()
  m._setctx(None)	# release milterContext
  return rc
 def envcallback(c,args):
  """Convert ESMTP parms to keyword parameters.
  Can be used in the envfrom and/or envrcpt callbacks to process
  ESMTP parameters as python keyword parameters."""
  kw = {}
  for s in args[1:]:
    pos = s.find('=')
    if pos > 0:
      kw[s[:pos]] = s[pos+1:]
  return apply(c,args,kw)
 def runmilter(name,socketname,timeout = 0):
  # This bit is here on the assumption that you will be starting this filter
  # before sendmail.  If sendmail is not running and the socket already exists,
  # libmilter will throw a warning.  If sendmail is running, this is still
  # safe if there are no messages currently being processed.  It's safer to
  # shutdown sendmail, kill the filter process, restart the filter, and then
  # restart sendmail.
  pos = socketname.find(':')
  if pos > 1:
    s = socketname[:pos]
    fname = socketname[pos+1:]
  else:
    s = "unix"
    fname = socketname
  if s == "unix" or s == "local":
    print "Removing %s" % fname
    try:
      os.unlink(fname)
    except:
      pass
  # The default flags set include everything
  # milter.set_flags(milter.ADDHDRS)
  milter.set_connect_callback(connectcallback)
  milter.set_helo_callback(lambda ctx, host: ctx.getpriv().hello(host))
  milter.set_envfrom_callback(lambda ctx,*str:
  	ctx.getpriv().envfrom(*str))
 #  	envcallback(ctx.getpriv().envfrom,str))
  milter.set_envrcpt_callback(lambda ctx,*str:
  	ctx.getpriv().envrcpt(*str))
 #  	envcallback(ctx.getpriv().envrcpt,str))
  milter.set_header_callback(lambda ctx,fld,val:
  	ctx.getpriv().header(fld,val))
  milter.set_eoh_callback(lambda ctx: ctx.getpriv().eoh())
  milter.set_body_callback(lambda ctx,chunk: ctx.getpriv().body(chunk))
  milter.set_eom_callback(lambda ctx: ctx.getpriv().eom())
  milter.set_abort_callback(lambda ctx: ctx.getpriv().abort())
  milter.set_close_callback(closecallback)
  milter.setconn(socketname)
  if timeout > 0: milter.settimeout(timeout)
  # The name *must* match the X line in sendmail.cf (supposedly)
  milter.register(name)
  start_seq = _seq
  try:
    milter.main()
  except milter.error:
    if start_seq == _seq: raise	# couldn't start
    # milter has been running for a while, but now it can't start new threads
    raise milter.error("out of thread resources")
@@ -0,0 +1,811 @@
 ## @package Milter
 # A thin OO wrapper for the milter module.
 #
 # Clients generally subclass Milter.Base and define callback
 # methods.
 #
 # @author Stuart D. Gathman <stuart@bmsi.com>
 # Copyright 2001,2009 Business Management Systems, Inc.
 # This code is under the GNU General Public License.  See COPYING for details.
 from __future__ import print_function
 __version__ = '1.0.3'
 import os
 import re
 import milter
 try:
  import thread
 except:
  # libmilter uses posix threads
  import _thread as thread
 from milter import *
 from functools import wraps
 _seq_lock = thread.allocate_lock()
 _seq = 0
 def uniqueID():
  """Return a unique sequence number (incremented on each call).
  """
  global _seq
  _seq_lock.acquire()
  seqno = _seq = _seq + 1
  _seq_lock.release()
  return seqno
 ## @private
 OPTIONAL_CALLBACKS = {
  'connect':(P_NR_CONN,P_NOCONNECT),
  'hello':(P_NR_HELO,P_NOHELO),
  'envfrom':(P_NR_MAIL,P_NOMAIL),
  'envrcpt':(P_NR_RCPT,P_NORCPT),
  'data':(P_NR_DATA,P_NODATA),
  'unknown':(P_NR_UNKN,P_NOUNKNOWN),
  'eoh':(P_NR_EOH,P_NOEOH),
  'body':(P_NR_BODY,P_NOBODY),
  'header':(P_NR_HDR,P_NOHDRS)
 }
 MACRO_CALLBACKS = {
  'connect': M_CONNECT,
  'hello': M_HELO, 'envfrom': M_ENVFROM, 'envrcpt': M_ENVRCPT,
  'data': M_DATA, 'eom': M_EOM, 'eoh': M_EOH
 }
 ## @private
 R = re.compile(r'%+')
 ## @private
 def decode_mask(bits,names):
  t = [ (s,getattr(milter,s)) for s in names]
  nms = [s for s,m in t if bits & m]
  for s,m in t: bits &= ~m
  if bits: nms += hex(bits)
  return nms
 ## Class decorator to enable optional protocol steps.
 # P_SKIP is enabled by default when supported, but
 # applications may wish to enable P_HDR_LEADSPC
 # to send and receive the leading space of header continuation
 # lines unchanged, and/or P_RCPT_REJ to have recipients 
 # detected as invalid by the MTA passed to the envcrpt callback.
 #
 # Applications may want to check whether the protocol is actually
 # supported by the MTA in use.  Base._protocol
 # is a bitmask of protocol options negotiated.  So,
 # for instance, if <code>self._protocol & Milter.P_RCPT_REJ</code>
 # is true, then that feature was successfully negotiated with the MTA
 # and the application will see recipients the MTA has flagged as invalid.
 # 
 # Sample use:
 # <pre>
 # class myMilter(Milter.Base):
 #   def envrcpt(self,to,*params):
 #     return Milter.CONTINUE
 # myMilter = Milter.enable_protocols(myMilter,Milter.P_RCPT_REJ)
 # </pre>
 # @since 0.9.3
 # @param klass the %milter application class to modify
 # @param mask a bitmask of protocol steps to enable
 # @return the modified %milter class
 def enable_protocols(klass,mask):
  klass._protocol_mask = klass.protocol_mask() & ~mask
  return klass
 ## Milter rejected recipients. A class decorator that calls
 # enable_protocols() with the P_RCPT_REJ flag.  By default, the MTA
 # does not pass recipients that it knows are invalid on to the milter.
 # This decorator enables a %milter app to see all recipients if supported
 # by the MTA.  Use like this with python-2.6 and later:
 # <pre>
 # @@Milter.rejected_recipients
 # class myMilter(Milter.Base):
 #   def envrcpt(self,to,*params):
 #     return Milter.CONTINUE
 # </pre>
 # @since 0.9.5
 # @param klass the %milter application class to modify
 # @return the modified %milter class
 def rejected_recipients(klass):
  return enable_protocols(klass,P_RCPT_REJ)
 ## Milter leading space on headers. A class decorator that calls
 # enable_protocols() with the P_HDR_LEADSPC flag.  By default,
 # header continuation lines are collected and joined before getting
 # sent to a milter.  Headers modified or added by the milter are
 # folded by the MTA as necessary according to its own standards.
 # With this flag, header continuation lines are preserved
 # with their newlines and leading space.  In addition, header folding
 # done by the milter is preserved as well.
 # Use like this with python-2.6 and later:
 # <pre>
 # @@Milter.header_leading_space
 # class myMilter(Milter.Base):
 #   def header(self,hname,value):
 #     return Milter.CONTINUE
 # </pre>
 # @since 0.9.5
 # @param klass the %milter application class to modify
 # @return the modified %milter class
 def header_leading_space(klass):
  return enable_protocols(klass,P_HDR_LEADSPC)
 ## Function decorator to disable callback methods.
 # If the MTA supports it, tells the MTA not to invoke this callback,
 # increasing efficiency.  All the callbacks (except negotiate)
 # are disabled in Milter.Base, and overriding them reenables the
 # callback.  An application may need to use @@nocallback when it extends
 # another %milter and wants to disable a callback again.
 # The disabled method should still return Milter.CONTINUE, in case the MTA does
 # not support protocol negotiation, and for when called from a test harness.
 # @since 0.9.2
 def nocallback(func):
  try:
    func.milter_protocol = OPTIONAL_CALLBACKS[func.__name__][1]
  except KeyError:
    raise ValueError(
      '@nocallback applied to non-optional method: '+func.__name__)
  @wraps(func)
  def wrapper(self,*args):
    if func(self,*args) != CONTINUE:
      raise RuntimeError('%s return code must be CONTINUE with @nocallback'
        % func.__name__)
    return CONTINUE
  return wrapper
 ## Function decorator to disable callback reply.
 # If the MTA supports it, tells the MTA not to wait for a reply from
 # this callback, and assume CONTINUE.  The method should still return
 # CONTINUE in case the MTA does not support protocol negotiation.
 # The decorator arranges to change the return code to NOREPLY 
 # when supported by the MTA.
 # @since 0.9.2
 def noreply(func):
  try:
    nr_mask = OPTIONAL_CALLBACKS[func.__name__][0]
  except KeyError:
    raise ValueError(
      '@noreply applied to non-optional method: '+func.__name__)
  @wraps(func)
  def wrapper(self,*args):
    rc = func(self,*args)
    if self._protocol & nr_mask:
      if rc != CONTINUE:
        raise RuntimeError('%s return code must be CONTINUE with @noreply'
 	  % func.__name__)
      return NOREPLY
    return rc
  wrapper.milter_protocol = nr_mask
  return wrapper
 ## Function decorator to set macros used in a callback.
 # By default, the MTA sends all macros defined for a callback.
 # If some or all of these are unused, the bandwidth can be saved
 # by listing the ones that are used.
 # @since 1.0.2
 def symlist(*syms):
  if len(syms) > 5:
    raise ValueError('@symlist limited to 5 macros by MTA: '+func.__name__)
  def setsyms(func):
    if func.__name__ not in MACRO_CALLBACKS:
      raise ValueError('@symlist applied to non-symlist method: '+func.__name__)
    func._symlist = syms
    return func
  return setsyms
 ## Disabled action exception.
 # set_flags() can tell the MTA that this application will not use certain
 # features (such as CHGFROM).  This can also be negotiated for each
 # connection in the negotiate callback.  If the application then calls
 # the feature anyway via an instance method, this exception is
 # thrown.
 # @since 0.9.2
 class DisabledAction(RuntimeError):
  pass
 ## A do "nothing" Milter base class representing an SMTP connection.
 #
 # Python milters should derive from this class
 # unless they are using the low level milter module directly.  
 #
 # Most of the methods are either "actions" or "callbacks".  Callbacks
 # are invoked by the MTA at certain points in the SMTP protocol.  For
 # instance when the HELO command is seen, the MTA calls the helo
 # callback before returning a response code.  All callbacks must
 # return one of these constants: CONTINUE, TEMPFAIL, REJECT, ACCEPT,
 # DISCARD, SKIP.  The NOREPLY response is supplied automatically by
 # the @@noreply decorator if negotiation with the MTA is successful.
 # @@noreply and @@nocallback methods should return CONTINUE for two reasons:
 # the MTA may not support negotiation, and the class may be running in a test
 # harness.
 # 
 # Optional callbacks are disabled with the @@nocallback decorator, and
 # automatically reenabled when overridden.  Disabled callbacks should
 # still return CONTINUE for testing and MTAs that do not support
 # negotiation.  
 # Each SMTP connection to the MTA calls the factory method you provide to
 # create an instance derived from this class.  This is typically the
 # constructor for a class derived from Base.  The _setctx() method attaches
 # the instance to the low level milter.milterContext object.  When the SMTP
 # connection terminates, the close callback is called, the low level connection
 # object is destroyed, and this normally causes instances of this class to be
 # garbage collected as well.  The close() method should release any global
 # resources held by instances.
 # @since 0.9.2
 class Base(object):
  "The core class interface to the %milter module."
  ## Attach this Milter to the low level milter.milterContext object.
  def _setctx(self,ctx):
    ## The low level @ref milter.milterContext object.
    self._ctx = ctx
    ## A bitmask of actions this connection has negotiated to use.
    # By default, all actions are enabled.  High throughput milters
    # may want to disable unused actions to increase efficiency.
    # Some optional actions may be disabled by calling milter.set_flags(), or
    # by overriding the negotiate callback.  The bits include:
    # <code>ADDHDRS,CHGBODY,MODBODY,ADDRCPT,ADDRCPT_PAR,DELRCPT
    #  CHGHDRS,QUARANTINE,CHGFROM,SETSYMLIST</code>.
    # The <code>Milter.CURR_ACTS</code> bitmask is all actions
    # known when the milter module was compiled.
    # Application code can also inspect this field to determine
    # which actions are available.  This is especially useful in
    # generic library code designed to work in multiple milters.
    # @since 0.9.2
    #
    self._actions = CURR_ACTS         # all actions enabled by default
    ## A bitmask of protocol options this connection has negotiated.
    # An application may inspect this
    # variable to determine which protocol steps are supported.  Options
    # of interest to applications: the SKIP result code is allowed
    # only if the P_SKIP bit is set, rejected recipients are passed to the
    # %milter application only if the P_RCPT_REJ bit is set, and
    # header values are sent and received with leading spaces (in the
    # continuation lines) intact if the P_HDR_LEADSPC bit is set (so
    # that the application can customize indenting).  
    #
    # The P_N* bits should be negotiated via the @@noreply and @@nocallback
    # method decorators, and P_RCPT_REJ, P_HDR_LEADSPC should
    # be enabled using the enable_protocols class decorator.
    #
    # The bits include: <code>
    # P_RCPT_REJ P_NR_CONN P_NR_HELO P_NR_MAIL P_NR_RCPT P_NR_DATA P_NR_UNKN
    # P_NR_EOH P_NR_BODY P_NR_HDR P_NOCONNECT P_NOHELO P_NOMAIL P_NORCPT
    # P_NODATA P_NOUNKNOWN P_NOEOH P_NOBODY P_NOHDRS P_HDR_LEADSPC P_SKIP
    # </code> (all under the Milter namespace).
    # @since 0.9.2
    self._protocol = 0                # no protocol options by default
    if ctx:
      ctx.setpriv(self)
  ## Defined by subclasses to write log messages.
  def log(self,*msg): pass
  ## Called for each connection to the MTA.  Called by the
  # <a href="milter_api/xxfi_connect.html">
  # xxfi_connect</a> callback.  
  # The <code>hostname</code> provided by the local MTA is either
  # the PTR name or the IP in the form "[1.2.3.4]" if no PTR is available.
  # The format of hostaddr depends on the socket family:
  # <dl>
  # <dt><code>socket.AF_INET</code>
  # <dd>A tuple of (IP as string in dotted quad form, integer port)
  # <dt><code>socket.AF_INET6</code>
  # <dd>A tuple of (IP as a string in standard representation,
  # integer port, integer flow info, integer scope id)
  # <dt><code>socket.AF_UNIX</code>
  # <dd>A string with the socketname
  # </dl>
  # To vary behavior based on what port the client connected to,
  # for example skipping blacklist checks for port 587 (which must 
  # be authenticated), use @link #getsymval getsymval('{daemon_port}') @endlink.
  # The <code>{daemon_port}</code> macro must be enabled in sendmail.cf
  # <pre>
  # O Milter.macros.connect=j, _, {daemon_name}, {daemon_port}, {if_name}, {if_addr}
  # </pre>
  # or sendmail.mc
  # <pre>
  # define(`confMILTER_MACROS_CONNECT', ``j, _, {daemon_name}, {daemon_port}, {if_name}, {if_addr}'')dnl
  # </pre>
  # @param hostname the PTR name or bracketed IP of the SMTP client
  # @param family <code>socket.AF_INET</code>, <code>socket.AF_INET6</code>,
  #     or <code>socket.AF_UNIX</code>
  # @param hostaddr a tuple or string with peer IP or socketname
  @nocallback
  def connect(self,hostname,family,hostaddr): return CONTINUE
  ## Called when the SMTP client says HELO.
  # Returning REJECT prevents progress until a valid HELO is provided;
  # this almost always results in terminating the connection.
  @nocallback
  def hello(self,hostname): return CONTINUE
  ## Called when the SMTP client says MAIL FROM. Called by the
  # <a href="milter_api/xxfi_envfrom.html">
  # xxfi_envfrom</a> callback.  
  # Returning REJECT rejects the message, but not the connection.
  # The sender is the "envelope" from as defined by
  # <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
  # For the From: header (author) defined in 
  # <a href="http://tools.ietf.org/html/rfc5322">RFC 5322</a>,
  # see @link #header the header callback @endlink.
  @nocallback
  def envfrom(self,f,*str): return CONTINUE
  ## Called when the SMTP client says RCPT TO. Called by the
  # <a href="milter_api/xxfi_envrcpt.html">
  # xxfi_envrcpt</a> callback.
  # Returning REJECT rejects the current recipient, not the entire message.
  # The recipient is the "envelope" recipient as defined by 
  # <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
  # For recipients defined in 
  # <a href="http://tools.ietf.org/html/rfc5322">RFC 5322</a>, 
  # for example To: or Cc:, see @link #header the header callback @endlink.
  @nocallback
  def envrcpt(self,to,*str): return CONTINUE
  ## Called when the SMTP client says DATA.
  # Returning REJECT rejects the message without wasting bandwidth
  # on the unwanted message.
  # @since 0.9.2
  @nocallback
  def data(self): return CONTINUE
  ## Called for each header field in the message body.
  @nocallback
  def header(self,field,value): return CONTINUE
  ## Called at the blank line that terminates the header fields.
  @nocallback
  def eoh(self): return CONTINUE
  ## Called to supply the body of the message to the Milter by chunks.
  # @param blk a block of message bytes
  @nocallback
  def body(self,blk): return CONTINUE
  ## Called when the SMTP client issues an unknown command.
  # @param cmd the unknown command
  # @since 0.9.2
  @nocallback
  def unknown(self,cmd): return CONTINUE
  ## Called at the end of the message body.
  # Most of the message manipulation actions can only take place from
  # the eom callback.
  def eom(self): return CONTINUE
  ## Called when the connection is abnormally terminated.
  # The close callback is still called also.
  def abort(self): return CONTINUE
  ## Called when the connection is closed.
  def close(self): return CONTINUE
  ## Return mask of SMFIP_N* protocol option bits to clear for this class
  # The @@nocallback and @@noreply decorators set the
  # <code>milter_protocol</code> function attribute to the protocol mask bit to
  # pass to libmilter, causing that callback or its reply to be skipped.
  # Overriding a method creates a new function object, so that 
  # <code>milter_protocol</code> defaults to 0.
  # Libmilter passes the protocol bits that the current MTA knows
  # how to skip.  We clear the ones we don't want to skip.
  # The negation is somewhat mind bending, but it is simple.
  # @since 0.9.2
  @classmethod
  def protocol_mask(klass):
    try:
      return klass._protocol_mask
    except AttributeError:
      p = P_RCPT_REJ | P_HDR_LEADSPC    # turn these new features off by default
      for func,(nr,nc) in OPTIONAL_CALLBACKS.items():
        func = getattr(klass,func)
        ca = getattr(func,'milter_protocol',0)
        #print(func,hex(nr),hex(nc),hex(ca))
        p |= (nr|nc) & ~ca
      klass._protocol_mask = p
      return p
  ## Negotiate milter protocol options.  Called by the
  # <a href="milter_api/xxfi_negotiate.html">
  # xffi_negotiate</a> callback.  This is an advanced callback,
  # do not override unless you know what you are doing.  Most
  # negotiation can be done simply by using the supplied 
  # class and function decorators.
  # Options are passed as 
  # a list of 4 32-bit ints which can be modified and are passed
  # back to libmilter on return.
  # Default negotiation sets P_NO* and P_NR* for callbacks
  # marked @@nocallback and @@noreply respectively, leaves all
  # actions enabled, and enables Milter.SKIP.  The @@enable_protocols
  # class decorator can customize which protocol steps are implemented.
  # @param opts a modifiable list of 4 ints with negotiated options
  # @since 0.9.2
  def negotiate(self,opts):
    try:
      self._actions,p,f1,f2 = opts
      for func,stage in MACRO_CALLBACKS.items():
        func = getattr(self,func)
        syms = getattr(func,'_symlist',None)
        if syms is not None:
          self.setsymlist(stage,*syms)
      opts[1] = self._protocol = p & ~self.protocol_mask()
      opts[2] = 0
      opts[3] = 0
      #self.log("Negotiated:",opts)
    except Exception as x:
      # don't change anything if something went wrong
      return ALL_OPTS 
    return CONTINUE
  # Milter methods which can be invoked from most callbacks
  ## Return the value of an MTA macro.  Sendmail macro names
  # are either single chars (e.g. "j") or multiple chars enclosed
  # in braces (e.g. "{auth_type}").  Macro names are MTA dependent.
  # See <a href="milter_api/smfi_getsymval.html">
  # smfi_getsymval</a> for default sendmail macros.
  # @param sym the macro name
  def getsymval(self,sym):
    return self._ctx.getsymval(sym)
  ## Set the SMTP reply code and message.
  # If the MTA does not support setmlreply, then only the
  # first msg line is used.  Any '%%' in a message line
  # must be doubled, or libmilter will silently ignore the setreply.
  # Beginning with 0.9.6, we test for that case and throw ValueError to avoid
  # head scratching.  What will <i>really</i> irritate you, however,
  # is that if you carefully double any '%%', your message will be
  # sent - but with the '%%' still doubled!
  # See <a href="milter_api/smfi_setreply.html">
  # smfi_setreply</a> for more information.
  # @param rcode The three-digit (RFC 821/2821) SMTP reply code as a string. 
  # rcode cannot be None, and <b>must be a valid 4XX or 5XX reply code</b>.
  # @param xcode The extended (RFC 1893/2034) reply code. If xcode is None,
  # no extended code is used. Otherwise, xcode must conform to RFC 1893/2034.
  # @param msg The text part of the SMTP reply. If msg is None,
  # an empty message is used.
  # @param ml  Optional additional message lines.
  def setreply(self,rcode,xcode=None,msg=None,*ml):
    for m in (msg,)+ml:
      if 1 in [len(s)&1 for s in R.findall(m)]:
        raise ValueError("'%' must be doubled: "+m)
    return self._ctx.setreply(rcode,xcode,msg,*ml)
  ## Tell the MTA which macro names will be used.
  # This information can reduce the size of messages received from sendmail,
  # and hence could reduce bandwidth between sendmail and your milter where
  # that is a factor.  The <code>Milter.SETSYMLIST</code> action flag must be
  # set.  The protocol stages are M_CONNECT, M_HELO, M_ENVFROM, M_ENVRCPT,
  # M_DATA, M_EOM, M_EOH.
  #
  # May only be called from negotiate callback.  Hence, this is an advanced
  # feature.  Use the @@symlist function decorator to conviently set
  # the macros used by a callback.
  # @since 0.9.8, previous version was misspelled!
  # @param stage the protocol stage to set to macro list for, 
  # one of the M_* constants defined in Milter
  # @param macros space separated and/or lists of strings
  def setsymlist(self,stage,*macros):
    if not self._actions & SETSYMLIST: raise DisabledAction("SETSYMLIST")
    if len(macros) > 5:
      raise ValueError('setsymlist limited to 5 macros by MTA')
    a = []
    for m in macros:
      try:
        m = m.encode('utf8')
      except: pass
      try:
        m = m.split(b' ')
        a += m
      except: pass
    return self._ctx.setsymlist(stage,b' '.join(a))
  # Milter methods which can only be called from eom callback.
  ## Add a mail header field.
  # Calls <a href="milter_api/smfi_addheader.html">
  # smfi_addheader</a>.  
  # The <code>Milter.ADDHDRS</code> action flag must be set.
  #
  # May be called from eom callback only.
  # @param field        the header field name
  # @param value        the header field value
  # @param idx header field index from the top of the message to insert at
  # @throws DisabledAction if ADDHDRS is not enabled
  def addheader(self,field,value,idx=-1):
    if not self._actions & ADDHDRS: raise DisabledAction("ADDHDRS")
    return self._ctx.addheader(field,value,idx)
  ## Change the value of a mail header field.
  # Calls <a href="milter_api/smfi_chgheader.html">
  # smfi_chgheader</a>.  
  # The <code>Milter.CHGHDRS</code> action flag must be set.
  #
  # May be called from eom callback only.
  # @param field the name of the field to change
  # @param idx index of the field to change when there are multiple instances
  # @param value the new value of the field
  # @throws DisabledAction if CHGHDRS is not enabled
  def chgheader(self,field,idx,value):
    if not self._actions & CHGHDRS: raise DisabledAction("CHGHDRS")
    return self._ctx.chgheader(field,idx,value)
  ## Add a recipient to the message.  
  # Calls <a href="milter_api/smfi_addrcpt.html">
  # smfi_addrcpt</a>.  
  # If no corresponding mail header is added, this is like a Bcc.
  # The syntax of the recipient is the same as used in the SMTP
  # RCPT TO command (and as delivered to the envrcpt callback), for example
  # "self.addrcpt('<foo@example.com>')".  
  # The <code>Milter.ADDRCPT</code> action flag must be set.
  # If the optional <code>params</code> argument is used, then
  # the <code>Milter.ADDRCPT_PAR</code> action flag must be set.
  #
  # May be called from eom callback only.
  # @param rcpt the message recipient 
  # @param params an optional list of ESMTP parameters
  # @throws DisabledAction if ADDRCPT or ADDRCPT_PAR is not enabled 
  def addrcpt(self,rcpt,params=None):
    if not self._actions & ADDRCPT: raise DisabledAction("ADDRCPT")
    if params and not self._actions & ADDRCPT_PAR:
        raise DisabledAction("ADDRCPT_PAR")
    return self._ctx.addrcpt(rcpt,params)
  ## Delete a recipient from the message.
  # Calls <a href="milter_api/smfi_delrcpt.html">
  # smfi_delrcpt</a>.  
  # The recipient should match one passed to the envrcpt callback.
  # The <code>Milter.DELRCPT</code> action flag must be set.
  #
  # May be called from eom callback only.
  # @param rcpt the message recipient to delete
  # @throws DisabledAction if DELRCPT is not enabled
  def delrcpt(self,rcpt):
    if not self._actions & DELRCPT: raise DisabledAction("DELRCPT")
    return self._ctx.delrcpt(rcpt)
  ## Replace the message body.
  # Calls <a href="milter_api/smfi_replacebody.html">
  # smfi_replacebody</a>.  
  # The entire message body must be replaced.  
  # Call repeatedly with blocks of data until the entire body is transferred.
  # The <code>Milter.MODBODY</code> action flag must be set.
  #
  # May be called from eom callback only.
  # @param body a chunk of body data
  # @throws DisabledAction if MODBODY is not enabled
  def replacebody(self,body):
    if not self._actions & MODBODY: raise DisabledAction("MODBODY")
    return self._ctx.replacebody(body)
  ## Change the SMTP envelope sender address.
  # Calls <a href="milter_api/smfi_chgfrom.html">
  # smfi_chgfrom</a>.  
  # The syntax of the sender is that same as used in the SMTP
  # MAIL FROM command (and as delivered to the envfrom callback),
  # for example <code>self.chgfrom('<bar@example.com>')</code>.
  # The <code>Milter.CHGFROM</code> action flag must be set.
  #
  # May be called from eom callback only.
  # @since 0.9.1
  # @param sender the new sender address
  # @param params an optional list of ESMTP parameters
  # @throws DisabledAction if CHGFROM is not enabled
  def chgfrom(self,sender,params=None):
    if not self._actions & CHGFROM: raise DisabledAction("CHGFROM")
    return self._ctx.chgfrom(sender,params)
  ## Quarantine the message.
  # Calls <a href="milter_api/smfi_quarantine.html">
  # smfi_quarantine</a>.  
  # When quarantined, a message goes into the mailq as if to be delivered,
  # but delivery is deferred until the message is unquarantined.
  # The <code>Milter.QUARANTINE</code> action flag must be set.
  #
  # May be called from eom callback only.
  # @param reason a string describing the reason for quarantine
  # @throws DisabledAction if QUARANTINE is not enabled
  def quarantine(self,reason):
    if not self._actions & QUARANTINE: raise DisabledAction("QUARANTINE")
    return self._ctx.quarantine(reason)
  ## Tell the MTA to wait a bit longer.
  # Calls <a href="milter_api/smfi_progress.html">
  # smfi_progress</a>.  
  # Resets timeouts in the MTA that detect a "hung" milter.
  def progress(self):
    return self._ctx.progress()
 ## A logging but otherwise do nothing Milter base class.
 # This is included for compatibility with previous versions of pymilter.
 # The logging callbacks are marked @@noreply.
 class Milter(Base):
  "A simple class interface to the milter module."
  ## Provide simple logging to sys.stdout
  def log(self,*msg):
    print('Milter:',end=None)
    for i in msg: print(i,end=None)
    print()
  @noreply
  def connect(self,hostname,family,hostaddr):
    "Called for each connection to sendmail."
    self.log("connect from %s at %s" % (hostname,hostaddr))
    return CONTINUE
  @noreply
  def hello(self,hostname):
    "Called after the HELO command."
    self.log("hello from %s" % hostname)
    return CONTINUE
  @noreply
  def envfrom(self,f,*str):
    """Called to begin each message.
    f -> string		message sender
    str -> tuple	additional ESMTP parameters
    """
    self.log("mail from",f,str)
    return CONTINUE
  @noreply
  def envrcpt(self,to,*str):
    "Called for each message recipient."
    self.log("rcpt to",to,str)
    return CONTINUE
  @noreply
  def header(self,field,value):
    "Called for each message header."
    self.log("%s: %s" % (field,value))
    return CONTINUE
  @noreply
  def eoh(self):
    "Called after all headers are processed."
    self.log("eoh")
    return CONTINUE
  def eom(self):
    "Called at the end of message."
    self.log("eom")
    return CONTINUE
  def abort(self):
    "Called if the connection is terminated abnormally."
    self.log("abort")
    return CONTINUE
  def close(self):
    "Called at the end of connection, even if aborted."
    self.log("close")
    return CONTINUE
 ## The milter connection factory
 # This factory method is called for each connection to create the
 # python object that tracks the connection.  It should return
 # an object derived from Milter.Base.
 #
 # Note that since python is dynamic, this variable can be changed while
 # the milter is running: for instance, to a new subclass based on a 
 # change in configuration.
 factory = Milter
 ## @private
 # @brief Connect context to connection instance and return enabled callbacks.
 def negotiate_callback(ctx,opts):
  m = factory()
  m._setctx(ctx)
  return m.negotiate(opts)
 ## @private
 # @brief Connect context if needed and invoke connect method.
 def connect_callback(ctx,hostname,family,hostaddr,nr_mask=P_NR_CONN):
  m = ctx.getpriv()
  if not m:     
    # If not already created (because the current MTA doesn't support
    # xmfi_negotiate), create the connection object.
    m = factory()
    m._setctx(ctx)
  return m.connect(hostname,family,hostaddr)
 ## @private
 # @brief Disconnect milterContext and call close method.
 def close_callback(ctx):
  m = ctx.getpriv()
  if not m: return CONTINUE
  try:
    rc = m.close()
  finally:
    m._setctx(None)	# release milterContext
  return rc
 ## Convert ESMTP parameters with values to a keyword dictionary.
 # @deprecated You probably want Milter.param2dict instead.
 def dictfromlist(args):
  "Convert ESMTP parms with values to keyword dictionary."
  kw = {}
  for s in args:
    pos = s.find('=')
    if pos > 0:
      kw[s[:pos].upper()] = s[pos+1:]
  return kw
 ## Convert ESMTP parm list to keyword dictionary.
 # Params with no value are set to None in the dictionary.
 # @since 0.9.3
 # @param str list of param strings of the form "NAME" or "NAME=VALUE"
 # @return a dictionary of ESMTP param names and values
 def param2dict(str): 
  "Convert ESMTP parm list to keyword dictionary."
  pairs = [x.split('=',1) for x in str]
  for e in pairs:
    if len(e) < 2: e.append(None)
  return dict([(k.upper(),v) for k,v in pairs])
 def envcallback(c,args):
  """Call function c with ESMTP parms converted to keyword parameters.
  Can be used in the envfrom and/or envrcpt callbacks to process
  ESMTP parameters as python keyword parameters."""
  kw = {}
  pargs = [args[0]]
  for s in args[1:]:
    pos = s.find('=')
    if pos > 0:
      kw[s[:pos].upper()] = s[pos+1:]
    else:
      pargs.append(s)
  return c(*pargs,**kw)
 ## Run the %milter.
 # @param name the name of the %milter known to the MTA
 # @param socketname the socket to be passed to milter.setconn()
 # @param timeout the time in secs the MTA should wait for a response before 
 #	considering this %milter dead
 def runmilter(name,socketname,timeout = 0,rmsock=True):
  # The default flags set include everything
  # milter.set_flags(milter.ADDHDRS)
  milter.set_connect_callback(connect_callback)
  milter.set_helo_callback(lambda ctx, host: ctx.getpriv().hello(host))
  # For envfrom and envrcpt, we would like to convert ESMTP parms to keyword
  # parms, but then all existing users would have to include **kw to accept
  # arbitrary keywords without crashing.  We do provide envcallback and
  # dictfromlist to make parsing the ESMTP args convenient.
  milter.set_envfrom_callback(lambda ctx,*str: ctx.getpriv().envfrom(*str))
  milter.set_envrcpt_callback(lambda ctx,*str: ctx.getpriv().envrcpt(*str))
  milter.set_header_callback(lambda ctx,fld,val: ctx.getpriv().header(fld,val))
  milter.set_eoh_callback(lambda ctx: ctx.getpriv().eoh())
  milter.set_body_callback(lambda ctx,chunk: ctx.getpriv().body(chunk))
  milter.set_eom_callback(lambda ctx: ctx.getpriv().eom())
  milter.set_abort_callback(lambda ctx: ctx.getpriv().abort())
  milter.set_close_callback(close_callback)
  milter.setconn(socketname)
  if timeout > 0: milter.settimeout(timeout)
  # disable negotiate callback if runtime version < (1,0,1)
  ncb = negotiate_callback
  if milter.getversion() < (1,0,1):
    ncb = None
  # The name *must* match the X line in sendmail.cf (supposedly)
  milter.register(name,
        data=lambda ctx: ctx.getpriv().data(),
        unknown=lambda ctx,cmd: ctx.getpriv().unknown(cmd),
        negotiate=ncb
  )
  # We remove the socket here by default on the assumption that you will be
  # starting this filter before sendmail.  If sendmail is not running and the
  # socket already exists, libmilter will throw a warning.  If sendmail is
  # running, this is still safe if there are no messages currently being
  # processed.  It's safer to shutdown sendmail, kill the filter process,
  # restart the filter, and then restart sendmail.
  milter.opensocket(rmsock)
  start_seq = _seq
  try:
    milter.main()
  except milter.error:
    if start_seq == _seq: raise	# couldn't start
    # milter has been running for a while, but now it can't start new threads
    raise milter.error("out of thread resources")
 __all__ = globals().copy()
 for priv in ('os','milter','thread','factory','_seq','_seq_lock','__version__'):
  del __all__[priv]
 __all__ = __all__.keys()
 ## @example milter-template.py
 ## @example milter-nomix.py
 #
@@ -0,0 +1,164 @@
 # Email address list with expiration
 #
 # This class acts like a map.  Entries with a value of None are persistent,
 # but disappear after a time limit.  This is useful for automatic whitelists
 # and blacklists with expiration.  The persistent store is a simple ascii
 # file with sender and timestamp on each line.  Entries can be appended
 # to the store, and will be picked up the next time it is loaded.
 #
 # Entries with other values are not persistent.  This is used to hold failed
 # CBV results.
 #
 # $Log$
 # Revision 1.9  2008/05/08 21:35:57  customdesigned
 # Allow explicitly whitelisted email from banned_users.
 #
 # Revision 1.8  2007/09/03 16:18:45  customdesigned
 # Delete unparseable timestamps when loading address cache.  These have
 # arisen because of failure to parse MAIL FROM properly.   Will have to
 # tighten up MAIL FROM parsing to match RFC.
 #
 # Revision 1.7  2007/01/25 22:47:26  customdesigned
 # Persist blacklisting from delayed DSNs.
 #
 # Revision 1.6  2007/01/19 23:31:38  customdesigned
 # Move parse_header to Milter.utils.
 # Test case for delayed DSN parsing.
 # Fix plock when source missing or cannot set owner/group.
 #
 # Revision 1.5  2007/01/11 19:59:40  customdesigned
 # Purge old entries in auto_whitelist and send_dsn logs.
 #
 # Revision 1.4  2007/01/11 04:31:26  customdesigned
 # Negative feedback for bad headers.  Purge cache logs on startup.
 #
 # Revision 1.3  2007/01/08 23:20:54  customdesigned
 # Get user feedback.
 #
 # Revision 1.2  2007/01/05 23:33:55  customdesigned
 # Make blacklist an AddrCache
 #
 # Revision 1.1  2007/01/05 21:25:40  customdesigned
 # Move AddrCache to Milter package.
 #
 # Author: Stuart D. Gathman <stuart@bmsi.com>
 # Copyright 2001,2002,2003,2004,2005 Business Management Systems, Inc.
 # This code is under the GNU General Public License.  See COPYING for details.
 from __future__ import print_function
 import time
 from Milter.plock import PLock
 class AddrCache(object):
  time_format = '%Y%b%d %H:%M:%S %Z'
  def __init__(self,renew=7,fname=None):
    self.age = renew
    self.cache = {}
    self.fname = fname
  def load(self,fname,age=0):
    "Load address cache from persistent store."
    if not age:
      age = self.age
    self.fname = fname
    cache = {}
    self.cache = cache
    now = time.time()
    lock = PLock(self.fname)
    wfp = lock.lock()
    changed = False
    try:
      too_old = now - age*24*60*60	# max age in days
      try:
        fp = open(self.fname)
      except OSError:
        fp = ()
      for ln in fp:
        try:
          rcpt,ts = ln.strip().split(None,1)
          try:
            l = time.strptime(ts,AddrCache.time_format)
            t = time.mktime(l)
            if t < too_old:
              changed = True
              continue
            cache[rcpt.lower()] = (t,None)
          except:       # unparsable timestamp - likely garbage
            changed = True
            continue
        except: # manual entry (no timestamp)
          cache[ln.strip().lower()] = (now,None)
        wfp.write(ln)
      if changed:
        lock.commit(self.fname+'.old')
      else:
        lock.unlock()
    except IOError:
      lock.unlock()
  def has_precise_key(self,sender):
    """True if precise sender is cached and has not expired.  Don't
    try looking up wildcard entries.
    """
    try:
      lsender = sender and sender.lower()
      ts,res = self.cache[lsender]
      too_old = time.time() - self.age*24*60*60	# max age in days
      if not ts or ts > too_old:
        return True
      del self.cache[lsender]
    except KeyError: pass
    return False
  def has_key(self,sender):
    "True if sender is cached and has not expired."
    if self.has_precise_key(sender):
      return True
    try:
      user,host = sender.split('@',1)
      return self.has_precise_key(host)
    except: pass
    return False
  __contains__ = has_key
  def __getitem__(self,sender):
    try:
      lsender = sender.lower()
      ts,res = self.cache[lsender]
      too_old = time.time() - self.age*24*60*60	# max age in days
      if not ts or ts > too_old:
        return res
      del self.cache[lsender]
      raise KeyError(sender)
    except KeyError as x:
      try:
        user,host = sender.split('@',1)
        return self.__getitem__(host)
      except ValueError:
        raise x
  def addperm(self,sender,res=None):
    "Add a permanent sender."
    lsender = sender.lower()
    if self.has_key(lsender):
      ts,res = self.cache[lsender]
      if not ts: return		# already permanent
    self.cache[lsender] = (None,res)
    if not res:
      with open(self.fname,'a') as fp:
        print(sender,file=fp)
  def __setitem__(self,sender,res):
    lsender = sender.lower()
    now = time.time()
    self.cache[lsender] = (now,res)
    if not res and self.fname:
      s = time.strftime(AddrCache.time_format,time.localtime(now))
      with open(self.fname,'a') as fp:
        print(sender,s,file=fp) # log refreshed senders
  def __len__(self):
    return len(self.cache)
@@ -0,0 +1,66 @@
 from ConfigParser import ConfigParser
 import os.path
 class MilterConfigParser(ConfigParser):
  def __init__(self,defaults={}):
    ConfigParser.__init__(self)
    self.defaults = defaults
  # The defaults provided by ConfigParser show up in all sections,
  # which screws up iterating over all options in a section.
  # Worse, passing "defaults" with vars= overrides the config file!
  # So we roll our own defaults.
  def get(self,sect,opt):
    if not self.has_option(sect,opt) and opt in self.defaults:
      return self.defaults[opt]
    return ConfigParser.get(self,sect,opt)
  def getlist(self,sect,opt):
    if self.has_option(sect,opt):
      return [q.strip() for q in self.get(sect,opt).split(',')]
    return []
  def getaddrset(self,sect,opt,dir=''):
    if not self.has_option(sect,opt):
      return {}
    s = self.get(sect,opt)
    d = {}
    for q in s.split(','):
      q = q.strip()
      if q.startswith('file:'):
        domain = q[5:].lower()
        fname = os.path.join(dir,domain)
        d[domain] = d.setdefault(domain,[]) + open(fname,'r').read().split()
      else:
        user,domain = q.split('@')
        d.setdefault(domain.lower(),[]).append(user)
    return d
  def getaddrdict(self,sect,opt,dir=''):
    if not self.has_option(sect,opt):
      return {}
    d = {}
    for q in self.get(sect,opt).split(','):
      q = q.strip()
      if self.has_option(sect,q):
        l = self.get(sect,q)
        for addr in l.split(','):
          addr = addr.strip()
          if addr.startswith('file:'):
            fname = os.path.join(dir,addr[5:])
            for a in open(fname,'r').read().split():
              d[a] = q
          else:
            d[addr] = q
    return d
  def getdefault(self,sect,opt,default=None):
    if self.has_option(sect,opt):
      return self.get(sect,opt)
    return default
  def getintdefault(self,sect,opt,default=None):
    if self.has_option(sect,opt):
      return self.getint(sect,opt)
    return default
@@ -0,0 +1,125 @@
 ## @package Milter.dns
 # Provide a higher level interface to pydns.
 from __future__ import print_function
 import DNS
 from DNS import DNSError
 MAX_CNAME = 10
 ## Lookup DNS records by label and RR type.
 # The response can include records of other types that the DNS
 # server thinks we might need.
 # @param name the DNS label to lookup
 # @param qtype the name of the DNS RR type to lookup
 # @return a list of ((name,type),data) tuples
 def DNSLookup(name, qtype):
    try:
        # To be thread safe, we create a fresh DnsRequest with
        # each call.  It would be more efficient to reuse
        # a req object stored in a Session.
        req = DNS.DnsRequest(name, qtype=qtype)
        resp = req.req()
        #resp.show()
        # key k: ('wayforward.net', 'A'), value v
        # FIXME: pydns returns AAAA RR as 16 byte binary string, but
        # A RR as dotted quad.  For consistency, this driver should
        # return both as binary string.
        return [((a['name'], a['typename']), a['data']) for a in resp.answers]
    except IOError as x:
        raise DNSError(str(x))
 class Session(object):
  """A Session object has a simple cache with no TTL that is valid
   for a single "session", for example an SMTP conversation."""
  def __init__(self):
    self.cache = {}
  ## Additional DNS RRs we can safely cache.
  # We have to be careful which additional DNS RRs we cache.  For
  # instance, PTR records are controlled by the connecting IP, and they
  # could poison our local cache with bogus A and MX records.  
  # Each entry is a tuple of (query_type,rr_type).  So for instance,
  # the entry ('MX','A') says it is safe (for milter purposes) to cache
  # any 'A' RRs found in an 'MX' query.
  SAFE2CACHE = frozenset((
    ('MX','MX'), ('MX','A'),
    ('CNAME','CNAME'), ('CNAME','A'),
    ('A','A'),
    ('AAAA','AAAA'),
    ('PTR','PTR'),
    ('NS','NS'), ('NS','A'),
    ('TXT','TXT'),
    ('SPF','SPF')
  ))
  ## Cached DNS lookup.
  # @param name the DNS label to query
  # @param qtype the query type, e.g. 'A'
  # @param cnames tracks CNAMES already followed in recursive calls
  def dns(self, name, qtype, cnames=None):
    """DNS query.
    If the result is in cache, return that.  Otherwise pull the
    result from DNS, and cache ALL answers, so additional info
    is available for further queries later.
    CNAMEs are followed.
    If there is no data, [] is returned.
    pre: qtype in ['A', 'AAAA', 'MX', 'PTR', 'TXT', 'SPF']
    post: isinstance(__return__, types.ListType)
    """
    if name.endswith('.'): name = name[:-1]
    if not reduce(lambda x,y:x and 0 < len(y) < 64, name.split('.'),True):
        return []   # invalid DNS name (too long or empty)
    name = name.lower()
    result = self.cache.get( (name, qtype) )
    cname = None
    if result: return result
    cnamek = (name,'CNAME')
    cname = self.cache.get( cnamek )
    if cname:
        cname = cname[0]
    else:
        safe2cache = Session.SAFE2CACHE
        for k, v in DNSLookup(name, qtype):
            if k == cnamek:
                cname = v
            if k[1] == 'CNAME' or (qtype,k[1]) in safe2cache:
                self.cache.setdefault(k, []).append(v)
        result = self.cache.get( (name, qtype), [])
    if not result and cname:
        if not cnames:
            cnames = {}
        elif len(cnames) >= MAX_CNAME:
            #return result    # if too many == NX_DOMAIN
            raise DNSError('Length of CNAME chain exceeds %d' % MAX_CNAME)
        cnames[name] = cname
        if cname.lower().rstrip('.') in cnames:
            raise DNSError('CNAME loop')
        result = self.dns(cname, qtype, cnames=cnames)
        if result:
            self.cache[(name,qtype)] = result
    return result
  def dns_txt(self, domainname, enc='ascii'):
    "Get a list of TXT records for a domain name."
    if domainname:
        try:
            return [''.join(s.decode(enc) for s in a)
                for a in self.dns(domainname, 'TXT')]
        except UnicodeEncodeError:
            raise DNSError('Non-ascii character in SPF TXT record.')
    return []
 DNS.DiscoverNameServers()
 if __name__ == '__main__':
  import sys
  s = Session()
  for n,t in zip(*[iter(sys.argv[1:])]*2):
    print(n,t)
    print(s.dns(n,t))
@@ -0,0 +1,236 @@
 # Author: Stuart D. Gathman <stuart@bmsi.com>
 # Copyright 2005 Business Management Systems, Inc.
 # This code is under the GNU General Public License.  See COPYING for details.
 # Send DSNs, do call back verification,
 # and generate DSN messages from a template
 # $Log$
 # Revision 1.22  2011/03/18 20:41:31  customdesigned
 # Python2.6 SMTP.close() fails when instance never connected.
 #
 # Revision 1.21  2011/03/03 05:11:58  customdesigned
 # Release 0.9.4
 #
 # Revision 1.20  2010/10/11 00:29:47  customdesigned
 # Handle multiple recipients.  For CBV or auto whitelist of multiple emails.
 #
 # Revision 1.19  2009/07/02 19:41:12  customdesigned
 # Handle @ in localpart.
 #
 # Revision 1.18  2009/06/10 18:01:59  customdesigned
 # Doxygen updates
 #
 # Revision 1.17  2009/05/20 20:08:44  customdesigned
 # Support non-DSN CBV (non-empty MAIL FROM)
 #
 # Revision 1.16  2007/09/25 01:24:59  customdesigned
 # Allow arbitrary object, not just spf.query like, to provide data for create_msg
 #
 # Revision 1.15  2007/09/24 20:13:26  customdesigned
 # Remove explicit spf dependency.
 #
 # Revision 1.14  2007/03/03 18:19:40  customdesigned
 # Handle DNS error sending DSN.
 #
 # Revision 1.13  2007/01/04 18:01:11  customdesigned
 # Do plain CBV when template missing.
 #
 # Revision 1.12  2006/07/26 16:37:35  customdesigned
 # Support timeout.
 #
 # Revision 1.11  2006/06/21 21:07:11  customdesigned
 # Include header fields in DSN template.
 #
 # Revision 1.10  2006/05/24 20:56:35  customdesigned
 # Remove default templates.  Scrub test.
 #
 ## @package Milter.dsn
 # Support DSNs and CallBackValidations (CBV).
 #
 # A Delivery Status Notification (bounce) is sent to the envelope
 # sender (original MAIL FROM) with a null MAIL FROM (<>) to notify the
 # original sender # of delays or problems with delivery.  A Callback Validation
 # starts the DSN process, but stops before issuing the DATA command.  The
 # purpose is to check whether the envelope recipient is accepted (and is
 # therefore a valid email).  The null MAIL FROM tells the remote
 # MTA to never reply according to RFC2821 (but some braindead MTAs
 # reply anyway, of course).
 #
 # Milters should cache CBV results and should avoid sending DSNs
 # unless the sender is authenticated somehow (e.g. SPF Pass).  However,
 # when email is quarantined, and is not known to be a forgery, sending a DSN 
 # is better than silently disappearing, and a DSN is better than sending
 # a normal message as notification - because MAIL FROM signing schemes
 # can reject bounces of forged emails.   Whatever you do, don't copy those
 # assinine commercial filters that send a normal message to notify you
 # that some virus is forging your email.
 #
 # <b>DSNs should *only* be sent to MAIL FROM addresses.</b>  Never send
 # a DSN or use a null MAIL FROM with an email address obtained from
 # anywhere else.
 #
 from __future__ import print_function
 import smtplib
 import socket
 from email.Message import Message
 import Milter
 import time
 import dns
 ## Send DSN.
 # Try the published MX names in order, rejecting obviously bogus entries
 # (like <code>localhost</code>).
 # @param mailfrom the original sender we are notifying or validating
 # @param receiver the HELO name of the MTA we are sending the DSN on behalf of.
 #	Be sure to send from an IP that matches the HELO.
 # @param msg the DSN message in RFC2822 format, or None for CBV.
 # @param timeout total seconds to wait for a response from an MX
 # @param session Milter.dns.Session object from current incoming mail
 #	session to reuse its cache, or None to create a fresh one.
 # @param ourfrom set to a valid email to send a normal notification from, or
 #	to validate emails not obtained from MAIL FROM.
 # @return None on success or (status_code,msg) on failure.
 def send_dsn(mailfrom,receiver,msg=None,timeout=600,session=None,ourfrom=''):
  """Send DSN.  If msg is None, do callback verification.
     Mailfrom is original sender we are sending DSN or CBV to.
     Receiver is the MTA sending the DSN.
     Return None for success or (code,msg) for failure."""
  user,domain = mailfrom.rsplit('@',1)
  if not session: session = dns.Session()
  try:
    mxlist = session.dns(domain,'MX')
  except dns.DNSError:
    return (450,'DNS Timeout: %s MX'%domain)	# temp error
  if not mxlist:
    mxlist = (0,domain),	# fallback to A record when no MX
  else:
    mxlist.sort()
  smtp = smtplib.SMTP()
  toolate = time.time() + timeout
  for prior,host in mxlist:
    try:
      smtp.connect(host)
      code,resp = smtp.helo(receiver)
      # some wiley spammers have MX records that resolve to 127.0.0.1
      a = resp.split()
      if not a:
        return (553,'MX for %s has no hostname in banner: %s' % (domain,host))
      if a[0] == receiver:
        return (553,'Fraudulent MX for %s: %s' % (domain,host))
      if not (200 <= code <= 299):
        raise smtplib.SMTPHeloError(code, resp)
      if msg:
        try:
          smtp.sendmail('<%s>'%ourfrom,mailfrom,msg)
        except smtplib.SMTPSenderRefused:
 	  # does not accept DSN, try postmaster (at the risk of mail loops)
          smtp.sendmail('<postmaster@%s>'%receiver,mailfrom,msg)
      else:	# CBV
        code,resp = smtp.docmd('MAIL FROM: <%s>'%ourfrom)
        if code != 250:
          raise smtplib.SMTPSenderRefused(code, resp, '<%s>'%ourfrom)
        if isinstance(mailfrom,basestring):
          mailfrom = [mailfrom]
        badrcpts = {}
        for rcpt in mailfrom:
          code,resp = smtp.rcpt(rcpt)
          if code not in (250,251):
            badrcpts[rcpt] = (code,resp)# permanent error
        smtp.quit()
        if len(badrcpts) == 1:
          return badrcpts.values()[0]	# permanent error
        if badrcpts:
          return badrcpts
      return None			# success
    except smtplib.SMTPRecipientsRefused as x:
      if len(x.recipients) == 1:
        return x.recipients.values()[0]	# permanent error
      return x.recipients
    except smtplib.SMTPSenderRefused as x:
      return x.args[:2]			# does not accept DSN
    except smtplib.SMTPDataError as x:
      return x.args			# permanent error
    except smtplib.SMTPException:
      pass		# any other error, try next MX
    except socket.error:
      pass		# MX didn't accept connections, try next one
    except socket.timeout:
      pass		# MX too slow, try next one
    if hasattr(smtp,'sock'): smtp.close()
    if time.time() > toolate:
      return (450,'No MX response within %f minutes'%(timeout/60.0))
  return (450,'No MX servers available')	# temp error
 class Vars: pass
 # NOTE: Caller can pass an object to create_msg that in a typical milter
 # collects things like heloname or sender anyway.
 def create_msg(v,rcptlist=None,origmsg=None,template=None):
  """Create a DSN message from a template.  Template must be '\n' separated.
     v - an object whose attributes are used for substitutions.  Must
       have sender and receiver attributes at a minimum.
     rcptlist - used to set v.rcpt if given
     origmsg - used to set v.subject and v.spf_result if given
     template - a '\n' separated string with python '%(name)s' substitutions.
  """
  if not template:
    return None
  if hasattr(v,'perm_error'):
    # likely to be an spf.query, try translating for backward compatibility
    q = v
    v = Vars()
    try:
      v.heloname = q.h
      v.sender = q.s
      v.connectip = q.i
      v.receiver = q.r
      v.sender_domain = q.o
      v.result = q.result
      v.perm_error = q.perm_error
    except: v = q
  if rcptlist:
    v.rcpt = '\n\t'.join(rcptlist)
  if origmsg:
    try: v.subject = origmsg['Subject']
    except: v.subject = '(none)'
    try:
      v.spf_result = origmsg['Received-SPF']
    except: v.spf_result = None
  msg = Message()
  msg.add_header('X-Mailer','PyMilter-'+Milter.__version__)
  msg.set_type('text/plain')
  hdrs,body = template.split('\n\n',1)
  for ln in hdrs.splitlines():
    name,val = ln.split(':',1)
    msg.add_header(name,(val % v.__dict__).strip())
  msg.set_payload(body % v.__dict__)
  # add headers if missing from old template
  if 'to' not in msg:
    msg.add_header('To',v.sender)
  if 'from' not in msg:
    msg.add_header('From','postmaster@%s'%v.receiver)
  if 'auto-submitted' not in msg:
    msg.add_header('Auto-Submitted','auto-generated')
  return msg
 if __name__ == '__main__':
  import spf
  q = spf.query('192.168.9.50',
  'SRS0=pmeHL=RH==stuart@example.com',
  'red.example.com',receiver='mail.example.com')
  q.result = 'softfail'
  q.perm_error = None
  msg = create_msg(q,['charlie@example.com'],None,
 """From: postmaster@%(receiver)s
 To: %(sender)s
 Subject: Test
 Test DSN template
 """
  )
  print(msg.as_string())
  # print(send_dsn(f,msg.as_string()))
  # print(send_dsn(q.s,'mail.example.com',msg.as_string()))
@@ -0,0 +1,97 @@
 # Author: Stuart D. Gathman <stuart@bmsi.com>
 # Copyright 2005 Business Management Systems, Inc.
 # This code is under the GNU General Public License.  See COPYING for details.
 # Heuristically determine whether a domain name is for a dynamic IP.
 # examples we don't yet recognize:
 #
 # wiley-268-8196.roadrunner.nf.net at ('205.251.174.46', 4810)
 # cbl-sd-02-79.aster.com.do at ('200.88.62.79', 4153)
 from __future__ import print_function
 import re
 ip3 = re.compile('[0-9]{1,3}')
 hpats = (
 'h[0-9a-f]{12}[.]',
 'h\d*n\d*c\d*o\d*\.',
 'pcp\d{6,10}pcs[.]',
 'no-reverse',
 'S[0-9a-f]{16}[.][a-z]{2}[.]',
 'user<3>\.',
 '[Cc]ust<3>\.',
 '^<3>\.',
 'ppp[^.]*<3>\.',
 '-ppp\d*\.',
 '\d*-<3>\.',
 '[0-9a-f]{1,3}-<3>\.',
 'p<3>\.pool',
 'h<3>\.',
 'xdsl-\d*\.',
 '-\d*-\d*\.',
 '\.adsl\.',
 '\.cable\.'
 )
 rehmac = re.compile('|'.join(hpats))
 def is_dynip(host,addr):
  """Return True if hostname is for a dynamic ip.
  Examples:
  >>> is_dynip('post3.fabulousdealz.com','69.60.99.112')
  False
  >>> is_dynip('adsl-69-208-201-177.dsl.emhril.ameritech.net','69.208.201.177')
  True
  >>> is_dynip('[1.2.3.4]','1.2.3.4')
  True
  >>> is_dynip('c-71-63-151-151.hsd1.mn.comcast.net','71.63.151.151')
  True
  """
  if host.startswith('[') and host.endswith(']'):
    return True                                 # no ptr
  if addr:
    if host.find(addr) >= 0: return True
    if addr.find(':') >= 0: return False        # IP6
    a = addr.split('.')
    ia = list(map(int,a))
    h = host
    m = ip3.findall(host)
    if m:
      g = list(map(int,m))[:4]
      ia3 = (ia[1:],ia[:3])
      if g[-3:] in ia3: return True
      if g[0] == ia[3] and g[1:3] == ia[:2]: return True
      if g[-2:] == ia[2:]: return True
      g.reverse()
      if g[:3] in ia3: return True
      if g[:2] == ia[2:]: return True
      if ia[2:] in (g[:2],g[-2:]): return True
      for m in ip3.finditer(host):
        if int(m.group()) == ia[3]:
          h = host[:m.start()] + '<3>' + host[m.end():]
          break
    if rehmac.search(h): return True
    if host.find(''.join(a[:3])) >= 0: return True
    if host.find(''.join(a[1:])) >= 0: return True
    x = "%02x%02x%02x%02x" % tuple(ia)
    if host.lower().find(x) >= 0: return True
  return False
 if __name__ == '__main__':
  import fileinput
  import sets
  seen = sets.Set()
  for ln in fileinput.input():
    a = ln.split()
    if a[3:5] == ['connect','from']:
      host = a[5]
      if host.startswith('[') and host.endswith(']'):
        continue	# no PTR
      ip = a[7][2:-2]
      if ip in seen: continue
      seen.add(ip)
      if is_dynip(host,ip):
        print('%s\t%s DYN' % (ip,host))
      else:
        print('%s\t%s' % (ip,host))
@@ -0,0 +1,121 @@
 from __future__ import print_function
 import time
 import shelve
 import thread
 import logging
 import urllib
 log = logging.getLogger('milter.greylist')
 def quoteAddress(s):
  '''Quote an address so that it's safe to store in the file-system.
  Address can either be a domain name, or local part.
  Returns the quoted address.'''
  s = urllib.quote(s, '@_-+~!.%')
  if s.startswith('.'): s = '%2e' + s[1:]
  return s
 class Record(object):
  __slots__ = ( 'firstseen', 'lastseen', 'umis', 'cnt' )
  def __init__(self,timeinc=0):
    now = time.time() + timeinc
    self.firstseen = now
    self.lastseen = now
    self.cnt = 0
    self.umis = None
  def __str__(self):
    return "Grey[%s:%s:%s:%d]" % (
        time.ctime(self.firstseen),time.ctime(self.lastseen),
        self.umis,self.cnt
    )
 class Greylist(object):
  def __init__(self,dbname,grey_time=10,grey_expire=4,grey_retain=36):
    self.ignoreLastByte = False
    self.greylist_time = grey_time * 60         # minutes
    self.greylist_expire = grey_expire * 3600   # hours
    self.greylist_retain = grey_retain * 24 * 3600   # days
    self.dbp = shelve.open(dbname,'c',protocol=2)
    self.lock = thread.allocate_lock()
  def export_csv(self,fp,timeinc=0):
    "Export records to csv."
    import csv
    dbp = self.dbp
    w = csv.writer(fp)
    now = time.time() + timeinc
    for key, r in dbp.iteritems():
      if now > r.lastseen + self.greylist_retain: continue
      ip,sender,recipient = key.rsplit(':',2)
      w.writerow([ip,sender,recipient,r.firstseen,r.lastseen,r.cnt,r.umis])
  def clean(self,timeinc=0):
    "Delete records past the retention limit."
    now = time.time() + timeinc
    cnt = 0
    dbp = self.dbp
    for key, r in dbp.iteritems():
      #print(key,r,time.ctime(now))
      if now > r.lastseen + self.greylist_retain:
        self.lock.acquire()
        try:
          r = dbp[key]
          now = time.time() + timeinc
          if now > r.lastseen + self.greylist_retain:
            del dbp[key]
            cnt += 1
        finally:
          self.lock.release()
    return cnt
  def check(self,ip,sender,recipient,timeinc=0):
    "Return number of allowed messages for greylist triple."
    sender = quoteAddress(sender)
    recipient = quoteAddress(recipient)
    key = ip + ':' + sender + ':' + recipient
    self.lock.acquire()
    try:
      dbp = self.dbp
      try:
        r = dbp[key]
        now = time.time() + timeinc
        if now > r.lastseen + self.greylist_retain:
          # expired
          log.debug('Expired greylist: %s',key)
          r = Record(timeinc)
        elif now < r.firstseen + self.greylist_time + 5:
          # still greylisted
          log.debug('Early greylist: %s',key)
          #r = Record(timeinc)
          r.lastseen = now
        elif r.cnt or now < r.firstseen + self.greylist_expire:
          # in greylist window or active
          r.lastseen = now
          r.cnt += 1
          log.debug('Active greylist(%d): %s',r.cnt,key)
        else:
          # passed greylist window
          log.debug('Late greylist: %s',key)
          r = Record(timeinc)
        dbp[key] = r
      except:
        r = Record(timeinc)
        dbp[key] = r
      dbp.sync()
    finally:
      self.lock.release()
    return r.cnt
  def close(self):
    self.dbp.close()
 if __name__ == '__main__':
  import sys
  g = Greylist(sys.argv[1],5,24,36)
  try:
    g.export_csv(sys.stdout)
  finally: g.close()
@@ -0,0 +1,109 @@
 import time
 import logging
 import urllib
 import sqlite3
 try:
  import thread
 except:
  import _thread as thread
 from datetime import datetime
 log = logging.getLogger('milter.greylist')
 _db_lock = thread.allocate_lock()
 class Greylist(object):
  def __init__(self,dbname,grey_time=10,grey_expire=4,grey_retain=36):
    self.ignoreLastByte = False
    self.greylist_time = grey_time * 60         # minutes
    self.greylist_expire = grey_expire * 3600   # hours
    self.greylist_retain = grey_retain * 24 * 3600   # days
    self.conn = sqlite3.connect(dbname)
    self.conn.row_factory = sqlite3.Row
    try:
      self.conn.execute('''create table greylist(
        ip text , sender text, recipient text,
        firstseen timestamp, lastseen timestamp, cnt integer, umis text,
        primary key (ip,sender,recipient))''')
    except: pass
  def import_csv(self,fp):
    import csv
    rdr = csv.reader(fp)
    cur = self.conn.execute('begin immediate')
    try:
      for r in rdr:
        cur.execute('''insert into 
          greylist(ip,sender,recipient,firstseen,lastseen,cnt,umis)
          values(?,?,?,?,?,?,?)''', r)
      self.conn.commit()
    finally:
      cur.close();
  def clean(self,timeinc=0):
    "Delete records past the retention limit."
    now = time.time() + timeinc - self.greylist_retain
    cur = self.conn.cursor()
    try:
      cur.execute('delete from greylist where lastseen < ?',(now,))
      cnt = cur.rowcount
      self.conn.commit()
    finally: cur.close()
    return cnt
  def check(self,ip,sender,recipient,timeinc=0):
    "Return number of allowed messages for greylist triple."
    _db_lock.acquire()
    cur = self.conn.execute('begin immediate')
    try:
      cur.execute('''select firstseen,lastseen,cnt,umis from greylist where
        ip=? and sender=? and recipient=?''',(ip,sender,recipient))
      r = cur.fetchone()
      now = time.time() + timeinc
      cnt = 0
      if not r:
        cur.execute('''insert into 
          greylist(ip,sender,recipient,firstseen,lastseen,cnt,umis)
          values(?,?,?,?,?,?,?)''', (ip,sender,recipient,now,now,0,None))
      elif now > r['lastseen'] + self.greylist_retain:
        # expired
        log.debug('Expired greylist: %s:%s:%s',ip,sender,recipient)
        cur.execute('''update greylist set firstseen=?,lastseen=?,cnt=?,umis=?
          where ip=? and sender=? and recipient=?''',
          (now,now,0,None,ip,sender,recipient))
      elif now < r['firstseen'] + self.greylist_time + 5:
        # still greylisted
        log.debug('Early greylist: %s:%s:%s',ip,sender,recipient)
        #r = Record()
        cur.execute('''update greylist set lastseen=?
          where ip=? and sender=? and recipient=?''',
          (now,ip,sender,recipient))
      elif r['cnt'] or now < r['firstseen'] + self.greylist_expire:
        # in greylist window or active
        cnt = r['cnt'] + 1
        cur.execute('''update greylist set lastseen=?,cnt=?
          where ip=? and sender=? and recipient=?''',
          (now,cnt,ip,sender,recipient))
        log.debug('Active greylist(%d): %s:%s:%s',cnt,ip,sender,recipient)
      else:
        # passed greylist window
        log.debug('Late greylist: %s:%s:%s',ip,sender,recipient)
        cur.execute('''update greylist set firstseen=?,lastseen=?,cnt=?,umis=?
          where ip=? and sender=? and recipient=?''',
          (now,now,0,None,ip,sender,recipient))
      self.conn.commit()
    finally:
      cur.close()
      _db_lock.release()
    return cnt
  def close(self):
    self.conn.close()
 if __name__ == '__main__':
  import sys
  g = Greylist(sys.argv[1])
  try:
    g.import_csv(sys.stdin)
  finally: g.close()
@@ -0,0 +1,66 @@
 # Author: Stuart D. Gathman <stuart@bmsi.com>
 # Copyright 2001 Business Management Systems, Inc.
 # This code is under the GNU General Public License.  See COPYING for details.
 import os
 from time import sleep
 class PLock(object):
  "A simple /etc/passwd style lock,update,rename protocol for updating files."
  def __init__(self,basename):
    self.basename = basename
    self.fp = None
  def lock(self,lockname=None,mode=0o660,strict_perms=False):
    "Start an update transaction.  Return FILE to write new version."
    self.unlock()
    if not lockname:
      lockname = self.basename + '.lock'
    self.lockname = lockname
    try:
      st = os.stat(self.basename)
      mode |= st.st_mode
    except OSError: pass
    u = os.umask(0o2)
    try:
      fd = os.open(lockname,os.O_WRONLY+os.O_CREAT+os.O_EXCL,mode)
    finally:
      os.umask(u)
    self.fp = os.fdopen(fd,'w')
    try:
      os.chown(self.lockname,-1,st.st_gid)
    except:
      if strict_perms:
        self.unlock()
        raise
    return self.fp
  def wlock(self,lockname=None):
    "Wait until lock is free, then start an update transaction."
    while True:
      try:
        return self.lock(lockname)
      except OSError:
        sleep(2)
  def commit(self,backname=None):
    "Commit update transaction with optional backup file."
    if not self.fp:
      raise IOError("File not locked")
    self.fp.close()
    self.fp = None
    if backname:
      try:
        os.remove(backname)
      except OSError: pass
      os.link(self.basename,backname)
    os.rename(self.lockname,self.basename)
  def unlock(self):
    "Cancel update transaction."
    if self.fp:
      try:
        self.fp.close()
      except: pass
      self.fp = None
      os.remove(self.lockname)
@@ -0,0 +1,118 @@
 """Pure Python IP6 parsing and formatting
 Copyright (c) 2006 Stuart Gathman <stuart@bmsi.com>
 This module is free software, and you may redistribute it and/or modify
 it under the same terms as Python itself, so long as this copyright message
 and disclaimer are retained in their original form.
 """
 from __future__ import print_function
 import struct
 #from spf import RE_IP4 
 import re
 PAT_IP4 = r'\.'.join([r'(?:\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])']*4)
 RE_IP4 = re.compile(PAT_IP4+'$')
 def inet_ntop(s):
  """
  Convert ip6 address to standard hex notation.
  Examples:
  >>> inet_ntop(struct.pack("!HHHHHHHH",0,0,0,0,0,0xFFFF,0x0102,0x0304))
  '::FFFF:1.2.3.4'
  >>> inet_ntop(struct.pack("!HHHHHHHH",0x1234,0x5678,0,0,0,0,0x0102,0x0304))
  '1234:5678::102:304'
  >>> inet_ntop(struct.pack("!HHHHHHHH",0,0,0,0x1234,0x5678,0,0x0102,0x0304))
  '::1234:5678:0:102:304'
  >>> inet_ntop(struct.pack("!HHHHHHHH",0x1234,0x5678,0,0x0102,0x0304,0,0,0))
  '1234:5678:0:102:304::'
  >>> inet_ntop(struct.pack("!HHHHHHHH",0,0,0,0,0,0,0,0))
  '::'
  """
  # convert to 8 words
  a = struct.unpack("!HHHHHHHH",s)
  n = (0,0,0,0,0,0,0,0)	# null ip6
  if a == n: return '::'
  # check for ip4 mapped
  if a[:5] == (0,0,0,0,0) and a[5] in (0,0xFFFF):
    ip4 = '.'.join([str(i) for i in struct.unpack("!BBBB",s[12:])])
    if a[5]:
      return "::FFFF:" + ip4
    return "::" + ip4
  # find index of longest sequence of 0
  for l in (7,6,5,4,3,2,1):
    e = n[:l]
    for i in range(9-l):
      if a[i:i+l] == e:
        if i == 0:
          return ':'+':%x'*(8-l) % a[l:]
        if i == 8 - l:
          return '%x:'*(8-l) % a[:-l] + ':'
        return '%x:'*i % a[:i] + ':%x'*(8-l-i) % a[i+l:]
  return "%x:%x:%x:%x:%x:%x:%x:%x" % a
 def inet_pton(p):
  """
  Convert ip6 standard hex notation to ip6 address.
  Examples:
  >>> struct.unpack('!HHHHHHHH',inet_pton('::'))
  (0, 0, 0, 0, 0, 0, 0, 0)
  >>> struct.unpack('!HHHHHHHH',inet_pton('::1234'))
  (0, 0, 0, 0, 0, 0, 0, 4660)
  >>> struct.unpack('!HHHHHHHH',inet_pton('1234::'))
  (4660, 0, 0, 0, 0, 0, 0, 0)
  >>> struct.unpack('!HHHHHHHH',inet_pton('1234::5678'))
  (4660, 0, 0, 0, 0, 0, 0, 22136)
  >>> struct.unpack('!HHHHHHHH',inet_pton('::FFFF:1.2.3.4'))
  (0, 0, 0, 0, 0, 65535, 258, 772)
  >>> struct.unpack('!HHHHHHHH',inet_pton('1.2.3.4'))
  (0, 0, 0, 0, 0, 65535, 258, 772)
  >>> try: inet_pton('::1.2.3.4.5')
  ... except ValueError as x: print(x)
  ::1.2.3.4.5
  """
  if p == '::':
    return b'\0'*16
  s = p
  m = RE_IP4.search(s)
  try:
      if m:
          pos = m.start()
          ip4 = [int(i) for i in s[pos:].split('.')]
          if not pos:
              return struct.pack('!QLBBBB',0,65535,*ip4)
          s = s[:pos]+'%x%02x:%x%02x'%tuple(ip4)
      a = s.split('::')
      if len(a) == 2:
        l,r = a
        if not l:
          r = r.split(':')
          return struct.pack('!HHHHHHHH',
 	    *[0]*(8-len(r)) + [int(s,16) for s in r])
        if not r:
          l = l.split(':')
          return struct.pack('!HHHHHHHH',
 	    *[int(s,16) for s in l] + [0]*(8-len(l)))
        l = l.split(':')
        r = r.split(':')
        return struct.pack('!HHHHHHHH',
 	    *[int(s,16) for s in l] + [0]*(8-len(l)-len(r))
 	    + [int(s,16) for s in r])
      if len(a) == 1:
        return struct.pack('!HHHHHHHH',
 	    *[int(s,16) for s in a[0].split(':')])
  except ValueError: pass
  raise ValueError(p)
@@ -0,0 +1,553 @@
 """A parser for SGML, using the derived class as a static DTD."""
 # XXX This only supports those SGML features used by HTML.
 # XXX There should be a way to distinguish between PCDATA (parsed
 # character data -- the normal case), RCDATA (replaceable character
 # data -- only char and entity references and end tags are special)
 # and CDATA (character data -- only end tags are special).  RCDATA is
 # not supported at all.
 from __future__ import print_function
 try:
  import _markupbase
 except:
  import markupbase as _markupbase
 import re
 __all__ = ["SGMLParser", "SGMLParseError"]
 # Regular expressions used for parsing
 interesting = re.compile('[&<]')
 incomplete = re.compile('&([a-zA-Z][a-zA-Z0-9]*|#[0-9]*)?|'
                           '<([a-zA-Z][^<>]*|'
                              '/([a-zA-Z][^<>]*)?|'
                              '![^<>]*)?')
 entityref = re.compile('&([a-zA-Z][-.a-zA-Z0-9]*)[^a-zA-Z0-9]')
 charref = re.compile('&#([0-9]+)[^0-9]')
 starttagopen = re.compile('<[>a-zA-Z]')
 shorttagopen = re.compile('<[a-zA-Z][-.a-zA-Z0-9]*/')
 shorttag = re.compile('<([a-zA-Z][-.a-zA-Z0-9]*)/([^/]*)/')
 piclose = re.compile('>')
 endbracket = re.compile('[<>]')
 tagfind = re.compile('[a-zA-Z][-_.a-zA-Z0-9]*')
 attrfind = re.compile(
    r'\s*([a-zA-Z_][-:.a-zA-Z_0-9]*)(\s*=\s*'
    r'(\'[^\']*\'|"[^"]*"|[][\-a-zA-Z0-9./,:;+*%?!&$\(\)_#=~\'"@]*))?')
 class SGMLParseError(RuntimeError):
    """Exception raised for all parse errors."""
    pass
 # SGML parser base class -- find tags and call handler functions.
 # Usage: p = SGMLParser(); p.feed(data); ...; p.close().
 # The dtd is defined by deriving a class which defines methods
 # with special names to handle tags: start_foo and end_foo to handle
 # <foo> and </foo>, respectively, or do_foo to handle <foo> by itself.
 # (Tags are converted to lower case for this purpose.)  The data
 # between tags is passed to the parser by calling self.handle_data()
 # with some data as argument (the data may be split up in arbitrary
 # chunks).  Entity references are passed by calling
 # self.handle_entityref() with the entity reference as argument.
 class SGMLParser(_markupbase.ParserBase):
    # Definition of entities -- derived classes may override
    entity_or_charref = re.compile('&(?:'
      '([a-zA-Z][-.a-zA-Z0-9]*)|#([0-9]+)'
      ')(;?)')
    def __init__(self, verbose=0):
        """Initialize and reset this instance."""
        self.verbose = verbose
        self.reset()
    def reset(self):
        """Reset this instance. Loses all unprocessed data."""
        self.__starttag_text = None
        self.rawdata = ''
        self.stack = []
        self.lasttag = '???'
        self.nomoretags = 0
        self.literal = 0
        _markupbase.ParserBase.reset(self)
    def setnomoretags(self):
        """Enter literal mode (CDATA) till EOF.
        Intended for derived classes only.
        """
        self.nomoretags = self.literal = 1
    def setliteral(self, *args):
        """Enter literal mode (CDATA).
        Intended for derived classes only.
        """
        self.literal = 1
    def feed(self, data):
        """Feed some data to the parser.
        Call this as often as you want, with as little or as much text
        as you want (may include '\n').  (This just saves the text,
        all the processing is done by goahead().)
        """
        self.rawdata = self.rawdata + data
        self.goahead(0)
    def close(self):
        """Handle the remaining data."""
        self.goahead(1)
    def error(self, message):
        raise SGMLParseError(message)
    # Internal -- handle data as far as reasonable.  May leave state
    # and data to be processed by a subsequent call.  If 'end' is
    # true, force handling all data as if followed by EOF marker.
    def goahead(self, end):
        rawdata = self.rawdata
        i = 0
        n = len(rawdata)
        while i < n:
            if self.nomoretags:
                self.handle_data(rawdata[i:n])
                i = n
                break
            match = interesting.search(rawdata, i)
            if match: j = match.start()
            else: j = n
            if i < j:
                self.handle_data(rawdata[i:j])
            i = j
            if i == n: break
            if rawdata[i] == '<':
                if starttagopen.match(rawdata, i):
                    if self.literal:
                        self.handle_data(rawdata[i])
                        i = i+1
                        continue
                    k = self.parse_starttag(i)
                    if k < 0: break
                    i = k
                    continue
                if rawdata.startswith("</", i):
                    k = self.parse_endtag(i)
                    if k < 0: break
                    i = k
                    self.literal = 0
                    continue
                if self.literal:
                    if n > (i + 1):
                        self.handle_data("<")
                        i = i+1
                    else:
                        # incomplete
                        break
                    continue
                if rawdata.startswith("<!--", i):
                        # Strictly speaking, a comment is --.*--
                        # within a declaration tag <!...>.
                        # This should be removed,
                        # and comments handled only in parse_declaration.
                    k = self.parse_comment(i)
                    if k < 0: break
                    i = k
                    continue
                if rawdata.startswith("<?", i):
                    k = self.parse_pi(i)
                    if k < 0: break
                    i = i+k
                    continue
                if rawdata.startswith("<!", i):
                    # This is some sort of declaration; in "HTML as
                    # deployed," this should only be the document type
                    # declaration ("<!DOCTYPE html...>").
                    k = self.parse_declaration(i)
                    if k < 0: break
                    i = k
                    continue
            elif rawdata[i] == '&':
                if self.literal:
                    self.handle_data(rawdata[i])
                    i = i+1
                    continue
                match = charref.match(rawdata, i)
                if match:
                    name = match.group(1)
                    self.handle_charref(name)
                    i = match.end(0)
                    if rawdata[i-1] != ';': i = i-1
                    continue
                match = entityref.match(rawdata, i)
                if match:
                    name = match.group(1)
                    self.handle_entityref(name)
                    i = match.end(0)
                    if rawdata[i-1] != ';': i = i-1
                    continue
            else:
                self.error('neither < nor & ??')
            # We get here only if incomplete matches but
            # nothing else
            match = incomplete.match(rawdata, i)
            if not match:
                self.handle_data(rawdata[i])
                i = i+1
                continue
            j = match.end(0)
            if j == n:
                break # Really incomplete
            self.handle_data(rawdata[i:j])
            i = j
        # end while
        if end and i < n:
            self.handle_data(rawdata[i:n])
            i = n
        self.rawdata = rawdata[i:]
        # XXX if end: check for empty stack
    # Extensions for the DOCTYPE scanner:
    _decl_otherchars = '='
    # Internal -- parse processing instr, return length or -1 if not terminated
    def parse_pi(self, i):
        rawdata = self.rawdata
        if rawdata[i:i+2] != '<?':
            self.error('unexpected call to parse_pi()')
        match = piclose.search(rawdata, i+2)
        if not match:
            return -1
        j = match.start(0)
        self.handle_pi(rawdata[i+2: j])
        j = match.end(0)
        return j-i
    def get_starttag_text(self):
        return self.__starttag_text
    # Internal -- handle starttag, return length or -1 if not terminated
    def parse_starttag(self, i):
        self.__starttag_text = None
        start_pos = i
        rawdata = self.rawdata
        if shorttagopen.match(rawdata, i):
            # SGML shorthand: <tag/data/ == <tag>data</tag>
            # XXX Can data contain &... (entity or char refs)?
            # XXX Can data contain < or > (tag characters)?
            # XXX Can there be whitespace before the first /?
            match = shorttag.match(rawdata, i)
            if not match:
                return -1
            tag, data = match.group(1, 2)
            self.__starttag_text = '<%s/' % tag
            tag = tag.lower()
            k = match.end(0)
            self.finish_shorttag(tag, data)
            self.__starttag_text = rawdata[start_pos:match.end(1) + 1]
            return k
        # XXX The following should skip matching quotes (' or ")
        # As a shortcut way to exit, this isn't so bad, but shouldn't
        # be used to locate the actual end of the start tag since the
        # < or > characters may be embedded in an attribute value.
        match = endbracket.search(rawdata, i+1)
        if not match:
            return -1
        j = match.start(0)
        # Now parse the data between i+1 and j into a tag and attrs
        attrs = []
        if rawdata[i:i+2] == '<>':
            # SGML shorthand: <> == <last open tag seen>
            k = j
            tag = self.lasttag
        else:
            match = tagfind.match(rawdata, i+1)
            if not match:
                self.error('unexpected call to parse_starttag')
            k = match.end(0)
            tag = rawdata[i+1:k].lower()
            self.lasttag = tag
        while k < j:
            match = attrfind.match(rawdata, k)
            if not match: break
            attrname, rest, attrvalue = match.group(1, 2, 3)
            if not rest:
                attrvalue = attrname
            else:
                if (attrvalue[:1] == "'" == attrvalue[-1:] or
                    attrvalue[:1] == '"' == attrvalue[-1:]):
                    # strip quotes
                    attrvalue = attrvalue[1:-1]
                attrvalue = self.entity_or_charref.sub(
                    self._convert_ref, attrvalue)
            attrs.append((attrname.lower(), attrvalue))
            k = match.end(0)
        if rawdata[j] == '>':
            j = j+1
        self.__starttag_text = rawdata[start_pos:j]
        self.finish_starttag(tag, attrs)
        return j
    # Internal -- convert entity or character reference
    def _convert_ref(self, match):
        if match.group(2):
            return self.convert_charref(match.group(2)) or \
                '&#%s%s' % match.groups()[1:]
        elif match.group(3):
            return self.convert_entityref(match.group(1)) or \
                '&%s;' % match.group(1)
        else:
            return '&%s' % match.group(1)
    # Internal -- parse endtag
    def parse_endtag(self, i):
        rawdata = self.rawdata
        match = endbracket.search(rawdata, i+1)
        if not match:
            return -1
        j = match.start(0)
        tag = rawdata[i+2:j].strip().lower()
        if rawdata[j] == '>':
            j = j+1
        self.finish_endtag(tag)
        return j
    # Internal -- finish parsing of <tag/data/ (same as <tag>data</tag>)
    def finish_shorttag(self, tag, data):
        self.finish_starttag(tag, [])
        self.handle_data(data)
        self.finish_endtag(tag)
    # Internal -- finish processing of start tag
    # Return -1 for unknown tag, 0 for open-only tag, 1 for balanced tag
    def finish_starttag(self, tag, attrs):
        try:
            method = getattr(self, 'start_' + tag)
        except AttributeError:
            try:
                method = getattr(self, 'do_' + tag)
            except AttributeError:
                self.unknown_starttag(tag, attrs)
                return -1
            else:
                self.handle_starttag(tag, method, attrs)
                return 0
        else:
            self.stack.append(tag)
            self.handle_starttag(tag, method, attrs)
            return 1
    # Internal -- finish processing of end tag
    def finish_endtag(self, tag):
        if not tag:
            found = len(self.stack) - 1
            if found < 0:
                self.unknown_endtag(tag)
                return
        else:
            if tag not in self.stack:
                try:
                    method = getattr(self, 'end_' + tag)
                except AttributeError:
                    self.unknown_endtag(tag)
                else:
                    self.report_unbalanced(tag)
                return
            found = len(self.stack)
            for i in range(found):
                if self.stack[i] == tag: found = i
        while len(self.stack) > found:
            tag = self.stack[-1]
            try:
                method = getattr(self, 'end_' + tag)
            except AttributeError:
                method = None
            if method:
                self.handle_endtag(tag, method)
            else:
                self.unknown_endtag(tag)
            del self.stack[-1]
    # Overridable -- handle start tag
    def handle_starttag(self, tag, method, attrs):
        method(attrs)
    # Overridable -- handle end tag
    def handle_endtag(self, tag, method):
        method()
    # Example -- report an unbalanced </...> tag.
    def report_unbalanced(self, tag):
        if self.verbose:
            print('*** Unbalanced </' + tag + '>')
            print('*** Stack:', self.stack)
    def convert_charref(self, name):
        """Convert character reference, may be overridden."""
        try:
            n = int(name)
        except ValueError:
            return
        if not 0 <= n <= 127:
            return
        return self.convert_codepoint(n)
    def convert_codepoint(self, codepoint):
        return chr(codepoint)
    def handle_charref(self, name):
        """Handle character reference, no need to override."""
        replacement = self.convert_charref(name)
        if replacement is None:
            self.unknown_charref(name)
        else:
            self.handle_data(replacement)
    # Definition of entities -- derived classes may override
    entitydefs = \
            {'lt': '<', 'gt': '>', 'amp': '&', 'quot': '"', 'apos': '\''}
    def convert_entityref(self, name):
        """Convert entity references.
        As an alternative to overriding this method; one can tailor the
        results by setting up the self.entitydefs mapping appropriately.
        """
        table = self.entitydefs
        if name in table:
            return table[name]
        else:
            return
    def handle_entityref(self, name):
        """Handle entity references, no need to override."""
        replacement = self.convert_entityref(name)
        if replacement is None:
            self.unknown_entityref(name)
        else:
            self.handle_data(replacement)
    # Example -- handle data, should be overridden
    def handle_data(self, data):
        pass
    # Example -- handle comment, could be overridden
    def handle_comment(self, data):
        pass
    # Example -- handle declaration, could be overridden
    def handle_decl(self, decl):
        pass
    # Example -- handle processing instruction, could be overridden
    def handle_pi(self, data):
        pass
    # To be overridden -- handlers for unknown objects
    def unknown_starttag(self, tag, attrs): pass
    def unknown_endtag(self, tag): pass
    def unknown_charref(self, ref): pass
    def unknown_entityref(self, ref): pass
 class TestSGMLParser(SGMLParser):
    def __init__(self, verbose=0):
        self.testdata = ""
        SGMLParser.__init__(self, verbose)
    def handle_data(self, data):
        self.testdata = self.testdata + data
        if len(repr(self.testdata)) >= 70:
            self.flush()
    def flush(self):
        data = self.testdata
        if data:
            self.testdata = ""
            print('data:', repr(data))
    def handle_comment(self, data):
        self.flush()
        r = repr(data)
        if len(r) > 68:
            r = r[:32] + '...' + r[-32:]
        print('comment:', r)
    def unknown_starttag(self, tag, attrs):
        self.flush()
        if not attrs:
            print('start tag: <' + tag + '>')
        else:
            print('start tag: <' + tag, end=' ')
            for name, value in attrs:
                print(name + '=' + '"' + value + '"', end=' ')
            print('>')
    def unknown_endtag(self, tag):
        self.flush()
        print('end tag: </' + tag + '>')
    def unknown_entityref(self, ref):
        self.flush()
        print('*** unknown entity ref: &' + ref + ';')
    def unknown_charref(self, ref):
        self.flush()
        print('*** unknown char ref: &#' + ref + ';')
    def unknown_decl(self, data):
        self.flush()
        print('*** unknown decl: [' + data + ']')
    def close(self):
        SGMLParser.close(self)
        self.flush()
 def test(args = None):
    import sys
    if args is None:
        args = sys.argv[1:]
    if args and args[0] == '-s':
        args = args[1:]
        klass = SGMLParser
    else:
        klass = TestSGMLParser
    if args:
        file = args[0]
    else:
        file = 'test.html'
    if file == '-':
        f = sys.stdin
    else:
        try:
            f = open(file, 'r')
        except IOError as msg:
            print(file, ":", msg)
            sys.exit(1)
    data = f.read()
    if f is not sys.stdin:
        f.close()
    x = klass()
    for c in data:
        x.feed(c)
    x.close()
 if __name__ == '__main__':
    test()
@@ -0,0 +1,240 @@
 ## @package Milter.test
 # A test framework for milters
 from __future__ import print_function
 import mime
 try:
  from io import BytesIO
 except:
  from StringIO import StringIO as BytesIO
 import Milter
 Milter.NOREPLY = Milter.CONTINUE
 ## Test mixin for unit testing %milter applications.
 # This mixin overrides many Milter.MilterBase methods
 # with stub versions that simply record what was done.
 # @deprecated Use Milter.test.TestCtx
 # @since 0.9.8
 class TestBase(object):
  def __init__(self,logfile='test/milter.log'):
    self._protocol = 0
    self.logfp = open(logfile,"a")
    ## The MAIL FROM for the current email being fed to the %milter
    self._sender = None
    ## List of recipients deleted
    self._delrcpt = []
    ## List of recipients added
    self._addrcpt = []
    ## Macros defined
    self._macros = { }
    ## The message body.
    self._body = None
    ## True if the %milter replaced the message body.
    self._bodyreplaced = False
    ## True if the %milter changed any headers.
    self._headerschanged = False
    ## True if the %milter changed the envelope from.
    self._envfromchanged = False
    ## Reply codes and messages set by the %milter
    self._reply = None
    ## The rfc822 message object for the current email being fed to the %milter.
    self._msg = None
    ## The protocol stage for macros returned
    self._stage = None
    ## The macros returned by protocol stage
    self._symlist = [ None, None, None, None, None, None, None ]
  def log(self,*msg):
    for i in msg: print(i,file=self.logfp,end=None)
    print(file=self.logfp)
  ## Set a macro value.
  # These are retrieved by the %milter with getsymval.
  # @param name the macro name, as passed to getsymval
  # @param val the macro value
  def setsymval(self,name,val):
    self._macros[name] = val
  def getsymval(self,name):
    stage = self._stage
    if stage >= 0:
      syms = self._symlist[stage]
      if syms is not None and name not in syms:
        return None
    return self._macros.get(name,None)
  def replacebody(self,chunk):
    if self._body:
      self._body.write(chunk)
      self._bodyreplaced = True
    else:
      raise IOError("replacebody not called from eom()")
  def chgfrom(self,sender,params=None):
    if not self._body:
      raise IOError("chgfrom not called from eom()")
    self.log('chgfrom: sender=%s' % (sender))
    self._envfromchanged = True
    self._sender = sender
  # TODO: write implement quarantine()
  def quarantine(self,reason):
    raise NotImplemented
  # TODO: measure time between milter calls
  def progress(self):
    pass
  # FIXME: rfc822 indexing does not really reflect the way chg/add header
  # work for a %milter
  def chgheader(self,field,idx,value):
    if not self._body:
      raise IOError("chgheader not called from eom()")
    self.log('chgheader: %s[%d]=%s' % (field,idx,value))
    if value == '':
      del self._msg[field]
    else:
      self._msg[field] = value
    self._headerschanged = True
  def addheader(self,field,value,idx=-1):
    if not self._body:
      raise IOError("addheader not called from eom()")
    self.log('addheader: %s=%s' % (field,value))
    self._msg[field] = value
    self._headerschanged = True
  def delrcpt(self,rcpt):
    if not self._body:
      raise IOError("delrcpt not called from eom()")
    self._delrcpt.append(rcpt)
  def addrcpt(self,rcpt):
    if not self._body:
      raise IOError("addrcpt not called from eom()")
    self._addrcpt.append(rcpt)
  ## Save the reply codes and messages in self._reply.
  def setreply(self,rcode,xcode,*msg):
    self._reply = (rcode,xcode) + msg
  def setsymlist(self,stage,macros):
    if not self._actions & Milter.SETSYMLIST:
      raise DisabledAction("SETSYMLIST")
    if self._stage != -1:
      raise RuntimeError("setsymlist may only be called from negotiate")
    # not used yet, but just for grins we save the data
    a = []
    for m in macros:
      try:
        m = m.encode('utf8')
      except: pass
      try:
        m = m.split(b' ')
      except: pass
      a += m
    if len(a) > 5:
      raise ValueError('setsymlist limited to 5 macros by MTA')
    if self._symlist[stage] is not None:
      raise ValueError('setsymlist already called for stage:'+stage)
    print('setsymlist',stage,a)
    self._symlist[stage] = set(a)
  ## Feed a file like object to the %milter.  Calls envfrom, envrcpt for
  # each recipient, header for each header field, body for each body 
  # block, and finally eom.  A return code from the %milter other than
  # CONTINUE returns immediately with that return code.
  #
  # This is a convenience method, a test could invoke the callbacks
  # in sequence on its own - and for some complex tests, this may
  # be necessary.
  # @param fp the file with rfc2822 message stream
  # @param sender the MAIL FROM
  # @param rcpt RCPT TO - additional recipients may follow
  def feedFile(self,fp,sender="spam@adv.com",rcpt="victim@lamb.com",*rcpts):
    self._body = None
    self._bodyreplaced = False
    self._headerschanged = False
    self._reply = None
    self._sender = '<%s>'%sender
    msg = mime.message_from_file(fp)
    # envfrom
    self._stage = Milter.M_ENVFROM
    rc = self.envfrom(self._sender)
    self._stage = None
    if rc != Milter.CONTINUE: return rc
    # envrcpt
    for rcpt in (rcpt,) + rcpts:
      self._stage = Milter.M_ENVRCPT
      rc = self.envrcpt('<%s>'%rcpt)
      self._stage = None
      if rc != Milter.CONTINUE: return rc
    # data
    self._stage = Milter.M_DATA
    rc = self.data()
    self._stage = None
    if rc != Milter.CONTINUE: return rc
    # header
    for h,val in msg.items():
      rc = self.header(h,val)
      if rc != Milter.CONTINUE: return rc
    # eoh
    self._stage = Milter.M_EOH
    rc = self.eoh()
    self._stage = None
    if rc != Milter.CONTINUE: return rc
    # body
    header,body = msg.as_bytes().split(b'\n\n',1)
    bfp = BytesIO(body)
    while 1:
      buf = bfp.read(8192)
      if len(buf) == 0: break
      rc = self.body(buf)
      if rc != Milter.CONTINUE: return rc
    self._msg = msg
    self._body = BytesIO()
    self._stage = Milter.M_EOM
    rc = self.eom()
    self._stage = None
    if self._bodyreplaced:
      body = self._body.getvalue()
    self._body = BytesIO()
    self._body.write(header)
    self._body.write(b'\n\n')
    self._body.write(body)
    return rc
  ## Feed an email contained in a file to the %milter.
  # This is a convenience method that invokes @link #feedFile feedFile @endlink.
  # @param sender MAIL FROM
  # @param rcpts RCPT TO, multiple recipients may be supplied
  def feedMsg(self,fname,sender="spam@adv.com",*rcpts):
    with open('test/'+fname,'rb') as fp:
      return self.feedFile(fp,sender,*rcpts)
  ## Call the connect and helo callbacks.
  # The helo callback is not called if connect does not return CONTINUE.
  # @param host the hostname passed to the connect callback
  # @param helo the hostname passed to the helo callback
  # @param ip the IP address passed to the connect callback
  def connect(self,host='localhost',helo='spamrelay',ip='1.2.3.4'):
    self._body = None
    self._bodyreplaced = False
    self._setctx(None)
    opts = [ Milter.CURR_ACTS,~0,0,0 ]
    self._stage = -1
    rc = self.negotiate(opts)
    self._stage = Milter.M_CONNECT
    rc =  super(TestBase,self).connect(host,1,(ip,1234)) 
    if rc != Milter.CONTINUE:
      self._stage = None
      self.close()
      return rc
    self._stage = Milter.M_HELO
    rc = self.hello(helo)
    self._stage = None
    if rc != Milter.CONTINUE:
      self.close()
    return rc
@@ -0,0 +1,297 @@
 ## @package Milter.testctx
 # A test framework for milters that replaces milterContext rather
 # than Milter.Base.  Since miltermodule.c doesn't currently export
 # a way to query callbacks set (and we might want to run without 
 # loading milter), we assume the callbacks set by Milter.runmilter().
 from __future__ import print_function
 from socket import AF_INET,AF_INET6
 import time
 import mime
 try:
  from io import BytesIO
 except:
  from StringIO import StringIO as BytesIO
 import Milter
 from Milter import utils
 import mime
 ## Milter context for unit testing %milter applications.
 # A substitute for milter.milterContext that can be passed to
 # Milter.Base._setctx().
 # @since 1.0.3
 class TestCtx(object):
  default_opts = [Milter.CURR_ACTS,0x1fffff,0,0]
  def __init__(self,logfile='test/milter.log'):
    ## Usually the Milter application derived from Milter.Base
    self._priv = None
    ## List of recipients deleted
    self._delrcpt = []
    ## List of recipients added
    self._addrcpt = []
    ## Macros defined
    self._macros = { }
    ## Reply codes and messages set by the %milter
    self._reply = None
    ## The macros returned by protocol stage
    self._symlist = [ None, None, None, None, None, None, None ]
    ## The message body.
    self._body = None
    ## True if the %milter replaced the message body.
    self._bodyreplaced = False
    ## True if the %milter changed any headers.
    self._headerschanged = False
    ## The rfc822 message object for the current email being fed to the %milter.
    self._msg = None
    ## The MAIL FROM for the current email being fed to the %milter
    self._sender = None
    ## True if the %milter changed the envelope from.
    self._envfromchanged = False
    ## List of recipients added
    self._addrcpt = []
    ## Negotiated options
    self._opts = TestCtx.default_opts
    ## Last activity
    self._activity = time.time()
  def getpriv(self):
    return self._priv
  def setpriv(self,priv):
    self._priv = priv
  def getsymval(self,name):
    stage = self._stage
    if stage >= 0:
      try:
        s = name.encode('utf8')
      except: pass
      syms = self._symlist[stage]
      if syms is not None and s not in syms:
        return None
    return self._macros.get(name,None)
  def _setsymval(self,name,val):
    self._macros[name] = val
  def setreply(self,rcode,xcode,*msg):
    self._reply = (rcode,xcode) + msg
  def setsymlist(self,stage,macros):
    if self._stage != -1:
      raise RuntimeError("setsymlist may only be called from negotiate")
    # Records which macros are available to getsymval()
    m = macros
    try:
      m = m.encode('utf8')
    except: pass
    try:
      m = m.split(b' ')
    except: pass
    if len(m) > 5:
      raise ValueError('setsymlist limited to 5 macros by MTA')
    if self._symlist[stage] is not None:
      raise ValueError('setsymlist already called for stage:'+stage)
    if not m:
      raise ValueError('setsymlist with empty list for stage:'+stage)
    self._symlist[stage] = set(m)
  def addheader(self,field,value,idx):
    if not self._body:
      raise IOError("addheader not called from eom()")
    self._msg[field] = value
    self._headerschanged = True
  def chgheader(self,field,idx,value):
    if not self._body:
      raise IOError("chgheader not called from eom()")
    if value == '':
      del self._msg[field]
    else:
      self._msg[field] = value
    self._headerschanged = True
  def addrcpt(self,rcpt,params):
    if not self._body:
      raise IOError("addrcpt not called from eom()")
    self._addrcpt.append((rcpt,params))
  def delrcpt(self,rcpt):
    if not self._body:
      raise IOError("delrcpt not called from eom()")
    self._delrcpt.append(rcpt)
  def replacebody(self,chunk):
    if self._body:
      self._body.write(chunk)
      self._bodyreplaced = True
    else:
      raise IOError("replacebody not called from eom()")
  def chgfrom(self,sender,params=None):
    if not self._body:
      raise IOError("chgfrom not called from eom()")
    self._envfromchanged = True
    self._sender = sender
  def quarantine(self,reason):
    raise NotImplemented
  ## Reset activity timer.
  def progress(self):
    self._activity = time.time()
  def _abort(self):
    "What Milter sets for abort_callback"
    self._priv.abort()
    self._close()
  def _close(self):
    Milter.close_callback(self)
  def _negotiate(self):
    self._body = None
    self._bodyreplaced = False
    self._priv = None
    self._opts = TestCtx.default_opts
    self._stage = -1
    rc = Milter.negotiate_callback(self,self._opts)
    if rc == Milter.ALL_OPTS:
      self._opts = TestCtx.default_opts
    elif rc != Milter.CONTINUE:
      self._abort()
      self._close()
    self._protocol = self._opts[1]
    return rc
  def _connect(self,host='localhost',helo='spamrelay',ip='1.2.3.4'):
    rc = self._negotiate()
    # FIXME: what if not CONTINUE or ALL_OPTS?
    if self._protocol & Milter.P_NOCONNECT:
      return Milter.CONTINUE
    if utils.ip4re.match(ip):
      af = AF_INET
    elif utils.ip6re.match(ip):
      af = AF_INET6
    else:
      raise ValueError('TestCtx.connect: invalid ip address: '+ip)
    self._stage = Milter.M_CONNECT
    rc = Milter.connect_callback(self,host,af,ip)
    self._stage = None
    if rc != Milter.CONTINUE:
      self._close()
      return rc
    return self._helo(helo)
  def _helo(self,helo):
    if self._protocol & Milter.P_NOHELO:
      return Milter.CONTINUE
    self._stage = Milter.M_HELO
    rc = self._priv.hello(helo)
    self._stage = None
    if rc != Milter.CONTINUE:
      self._close()
    return rc
  def _envfrom(self,*s):
    self._sender = s[0]
    if self._protocol & Milter.P_NOMAIL:
      return Milter.CONTINUE
    self._stage = Milter.M_ENVFROM
    rc = self._priv.envfrom(*s)
    self._stage = None
    return rc
  def _envrcpt(self,s):
    if self._protocol & Milter.P_NORCPT:
      return Milter.CONTINUE
    self._stage = Milter.M_ENVRCPT
    rc = self._priv.envrcpt(s)
    self._stage = None
    return rc
  def _data(self):
    if self._protocol & Milter.P_NODATA:
      return Milter.CONTINUE
    self._stage = Milter.M_DATA
    rc = self._priv.data()
    self._stage = None
    return rc
  def _header(self,fld,val):
    return self._priv.header(fld,val)
  def _eoh(self):
    if self._protocol & Milter.P_NOEOH:
      return Milter.CONTINUE
    self._stage = Milter.M_EOH
    rc = self._priv.eoh()
    self._stage = None
    return rc
  def _feed_body(self,bfp):
    if self._protocol & Milter.P_NOBODY:
      return Milter.CONTINUE
    while True:
      buf = bfp.read(8192)
      if len(buf) == 0: break
      rc = self._priv.body(buf)
      if rc != Milter.CONTINUE: return rc
    return Milter.CONTINUE
  def _eom(self):
    self._body = BytesIO()
    self._stage = Milter.M_EOM
    rc = self._priv.eom()
    self._stage = None
    return rc
  ## Feed a file like object to the ctx.  Calls the callbacks in
  # the same sequence as libmilter.
  # @param fp the file with rfc2822 message stream
  # @param sender the MAIL FROM
  # @param rcpt RCPT TO - additional recipients may follow
  def _feedFile(self,fp,sender="spam@adv.com",rcpt="victim@lamb.com",*rcpts):
    self._body = None
    self._bodyreplaced = False
    self._headerschanged = False
    self._reply = None
    msg = mime.message_from_file(fp)
    self._msg = msg
    # envfrom
    rc = self._envfrom('<%s>'%sender)
    if rc != Milter.CONTINUE: return rc
    # envrcpt
    for rcpt in (rcpt,) + rcpts:
      rc = self._envrcpt('<%s>'%rcpt)
      if rc != Milter.CONTINUE: return rc
    # data
    rc = self._data()
    if rc != Milter.CONTINUE: return rc
    # header
    for h,val in msg.items():
      rc = self._header(h,val)
      if rc != Milter.CONTINUE: return rc
    # eoh
    rc = self._eoh()
    if rc != Milter.CONTINUE: return rc
    # body
    header,body = msg.as_bytes().split(b'\n\n',1)
    rc = self._feed_body(BytesIO(body))
    if rc != Milter.CONTINUE: return rc
    rc = self._eom()
    if self._bodyreplaced:
      body = self._body.getvalue()
    self._body = BytesIO()
    self._body.write(header)
    self._body.write(b'\n\n')
    self._body.write(body)
    return rc
  ## Feed an email contained in a file to the %milter.
  # This is a convenience method that invokes @link #feedFile feedFile @endlink.
  # @param sender MAIL FROM
  # @param rcpts RCPT TO, multiple recipients may be supplied
  def _feedMsg(self,fname,sender="spam@adv.com",*rcpts):
    with open('test/'+fname,'rb') as fp:
      return self._feedFile(fp,sender,*rcpts)
@@ -0,0 +1,17 @@
 # Author: Stuart D. Gathman <stuart@bmsi.com>
 # Copyright 2005 Business Management Systems, Inc.
 # This code is under the GNU General Public License.  See COPYING for details.
 # The localpart of SMTP return addresses is often signed.  The format
 # of the signing is application specific and doesn't concern us -
 # except that we wish to extract some sort of fixed string from
 # the variable signature which represents the "source" of the message.
 def unsign(s):
  """Attempt to unsign localpart and return original email.
  No attempt is made to verify the signature.
  >>> unsign('SRS0=8Y3CZ=3U=jsconnor.com=bills@bmsi.com')
  'bills@jsconnor.com'
  """
  # not implemented yet
  return s
@@ -0,0 +1,227 @@
 ## @package Milter.utils
 # Miscellaneous functions.
 #
 import re
 import struct
 import socket
 import email.errors
 from email.header import decode_header
 import email.base64mime
 from fnmatch import fnmatchcase
 from binascii import a2b_base64
 dnsre = re.compile(r'^[a-z][-a-z\d.]+$', re.IGNORECASE)
 PAT_IP4 = r'\.'.join([r'(?:\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])']*4)
 ip4re = re.compile(PAT_IP4+'$')
 ip6re = re.compile(                 '(?:%(hex4)s:){6}%(ls32)s$'
                   '|::(?:%(hex4)s:){5}%(ls32)s$'
                  '|(?:%(hex4)s)?::(?:%(hex4)s:){4}%(ls32)s$'
    '|(?:(?:%(hex4)s:){0,1}%(hex4)s)?::(?:%(hex4)s:){3}%(ls32)s$'
    '|(?:(?:%(hex4)s:){0,2}%(hex4)s)?::(?:%(hex4)s:){2}%(ls32)s$'
    '|(?:(?:%(hex4)s:){0,3}%(hex4)s)?::%(hex4)s:%(ls32)s$'
    '|(?:(?:%(hex4)s:){0,4}%(hex4)s)?::%(ls32)s$'
    '|(?:(?:%(hex4)s:){0,5}%(hex4)s)?::%(hex4)s$'
    '|(?:(?:%(hex4)s:){0,6}%(hex4)s)?::$'
  % {
    'ls32': r'(?:[0-9a-f]{1,4}:[0-9a-f]{1,4}|%s)'%PAT_IP4,
    'hex4': r'[0-9a-f]{1,4}'
    }, re.IGNORECASE)
 # from spf.py
 def addr2bin(s):
  """Convert a string IPv4 address into an unsigned integer."""
  if s.find(':') >= 0:
    try:
      return bin2long6(inet_pton(s))
    except:
      raise socket.error("Invalid IP6 address: "+s)
  try:
    return struct.unpack("!L", socket.inet_aton(s))[0]
  except socket.error:
    raise socket.error("Invalid IP4 address: "+s)
 def bin2long6(s):
    """Convert binary IP6 address into an unsigned Python long integer."""
    h, l = struct.unpack("!QQ", s)
    return h << 64 | l
 if hasattr(socket,'has_ipv6') and socket.has_ipv6:
    def inet_ntop(s):
        return socket.inet_ntop(socket.AF_INET6,s)
    def inet_pton(s):
        return socket.inet_pton(socket.AF_INET6,s.strip())
 else:
    from pyip6 import inet_ntop, inet_pton
 MASK = 0xFFFFFFFF
 MASK6 = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
 def cidr(i,n,mask=MASK):
  return ~(mask >> n) & mask & i
 def iniplist(ipaddr,iplist):
  """Return whether ip is in cidr list
  >>> iniplist('66.179.26.146',['127.0.0.1','66.179.26.128/26'])
  True
  >>> iniplist('127.0.0.1',['127.0.0.1','66.179.26.128/26'])
  True
  >>> iniplist('192.168.0.45',['192.168.0.*'])
  True
  >>> iniplist('4.2.2.2',['b.resolvers.Level3.net'])
  True
  >>> iniplist('2606:2800:220:1::',['example.com/40'])
  True
  >>> iniplist('4.2.2.2',['nothing.example.com'])
  False
  >>> iniplist('2001:610:779:0:223:6cff:fe9a:9cf3',['127.0.0.1','172.20.1.0/24','2001:610:779::/48'])
  True
  >>> iniplist('2G01:610:779:0:223:6cff:fe9a:9cf3',['127.0.0.1','172.20.1.0/24','2001:610:779::/48'])
  Traceback (most recent call last):
    ...
  ValueError: Invalid ip syntax:2G01:610:779:0:223:6cff:fe9a:9cf3
  """
  if ip4re.match(ipaddr):
    fam = socket.AF_INET
    ipnum = addr2bin(ipaddr)
  elif ip6re.match(ipaddr):
    fam = socket.AF_INET6
    ipnum = bin2long6(inet_pton(ipaddr))
  else:
    raise ValueError('Invalid ip syntax:'+ipaddr)
  for pat in iplist:
    p = pat.split('/',1)
    if ip4re.match(p[0]):
      if len(p) > 1:
        n = int(p[1])
      else:
        n = 32
      if cidr(addr2bin(p[0]),n) == cidr(ipnum,n):
        return True
    elif ip6re.match(p[0]):
      if len(p) > 1:
        n = int(p[1])
      else:
        n = 128
      if cidr(bin2long6(inet_pton(p[0])),n,MASK6) == cidr(ipnum,n,MASK6):
        return True
    elif dnsre.match(p[0]):
      try:
        sfx = '/'.join(['']+p[1:])
        addrlist = [r[4][0]+sfx for r in socket.getaddrinfo(p[0],25,fam)]
        if iniplist(ipaddr,addrlist):
          return True
      except socket.gaierror: pass
    elif fnmatchcase(ipaddr,pat):
      return True
  return False
 ## Split email into Fullname and address.
 # This replaces <code>email.utils.parseaddr</code> but fixes
 # some <a href="http://bugs.python.org/issue1025395">tricky test cases</a>.
 # Additional tricky cases are still broken.  Patches welcome.
 #
 def parseaddr(t):
  """Split email into Fullname and address.
  >>> parseaddr('user@example.com')
  ('', 'user@example.com')
  >>> parseaddr('"Full Name" <foo@example.com>')
  ('Full Name', 'foo@example.com')
  >>> parseaddr('spam@spammer.com <foo@example.com>')
  ('spam@spammer.com', 'foo@example.com')
  >>> parseaddr('God@heaven <@hop1.org,@hop2.net:jeff@spec.org>')
  ('God@heaven', 'jeff@spec.org')
  >>> parseaddr('Real Name ((comment)) <addr...@example.com>')
  ('Real Name (comment)', 'addr...@example.com')
  """
  #return email.utils.parseaddr(t)
  res = email.utils.parseaddr(t)
  # dirty fix for some broken cases
  if not res[0]:
    pos = t.find('<')
    if pos > 0 and t[-1] == '>':
      addrspec = t[pos+1:-1]
      pos1 = addrspec.rfind(':')
      if pos1 > 0:
        addrspec = addrspec[pos1+1:]
      return email.utils.parseaddr('"%s" <%s>' % (t[:pos].strip(),addrspec))
  if not res[1]:
    pos = t.find('<')
    if pos > 0 and t[-1] == '>':
      addrspec = t[pos+1:-1]
      pos1 = addrspec.rfind(':')
      if pos1 > 0:
        addrspec = addrspec[pos1+1:]
      return email.utils.parseaddr('%s<%s>' % (t[:pos].strip(),addrspec))
  return res
 ## Fix email.base64mime.decode to add any missing padding
 def decode(s, convert_eols=None):
  if not s: return s
  while len(s) % 4: s += '='	# add missing padding
  dec = a2b_base64(s)
  if convert_eols:
      return dec.replace(CRLF, convert_eols)
  return dec
 email.base64mime.decode = decode
 def parse_addr(t):
  """Split email into user,domain.
  >>> parse_addr('user@example.com')
  ['user', 'example.com']
  >>> parse_addr('"user@example.com"')
  ['user@example.com']
  >>> parse_addr('"user@bar"@example.com')
  ['user@bar', 'example.com']
  >>> parse_addr('foo')
  ['foo']
  >>> parse_addr('@mx.example.com:user@example.com')
  ['user', 'example.com']
  >>> parse_addr('@user@example.com')
  ['@user', 'example.com']
  """
  if t.startswith('<') and t.endswith('>'): t = t[1:-1]
  if t.startswith('"'):
    if t.endswith('"'): return [t[1:-1]]
    pos = t.find('"@')
    if pos > 0: return [t[1:pos],t[pos+2:]]
  if t.startswith('@'):
    try: t = t.split(':',1)[1]
    except IndexError: pass
  return t.rsplit('@',1)
 ## Decode headers gratuitously encoded to hide the content.
 # Spammers often encode headers to obscure the content from
 # spam filters.  This function decodes gratuitously encoded
 # headers.
 # @param val    the raw header value
 # @return the decoded value or the original raw value
 def parse_header(val):
  """Decode headers gratuitously encoded to hide the content.
  """
  try:
    h = decode_header(val)
    if not len(h) or (not h[0][1] and len(h) == 1): return val
    u = []
    for s,enc in h:
      if enc:
        try:
          u.append(s.decode(enc,'replace'))
        except LookupError:
          u.append(s.decode())
      else:
        u.append(s.decode())
    u = u''.join(u)
    for enc in ('us-ascii','iso-8859-1','utf-8'):
      try:
        return u.encode(enc)
      except UnicodeError: continue
  except UnicodeDecodeError: pass
  except LookupError: pass
  except ValueError: pass
  except email.errors.HeaderParseError: pass
  return val
@@ -1,5 +1,93 @@
-Here is a history of user visible changes to Python milter.
+See pymilter.spec for recent history.
 Here is a history of older changes to Python milter.
 0.8.8	move AddrCache, parse_addr, iniplist, parse_header to Milter package
 	fix plock for missing source and can't change owner/group
 	add sample spfmilter.py milter
 	private_relay config option
 0.8.7	Move spf module to pyspf
 	Prevent PTR cache poisoning
 	More lame bounce heuristics
 	Do plain CBV when template is missing
 0.8.6	Support CBV timeout
 	Support fail template, headers in templates
 	Create GOSSiP record only when connection will procede to DATA.
 	More SPF lax heuristics
 	Don't require SPF pass for white/black listing mail from trusted relay.
 	Support localpart wildcard for white and black lists.
 	Delay reject of unsigned RCPT for postmaster and abuse only
 	Fix dsn reporting of hard permerror
 	Resolve FIXME for wrap_close in miltermodule.c
 	Add Message-ID to DSNs
 	Use signed Message-ID in delayed reject to blacklist senders
 	Auto-train via blacklist and auto-whitelist
 	Don't check userlist for signed MFROM
 	Accept but skip DSPAM training for whitelisted senders without SPF PASS
 	Report GC stats 
 	Support CIDR matching for IP lists
 	Support pysrs sign feature
 	Support localpart specific SPF policy in access file
 0.8.5	Simple trusted_forwarder implementation.
 	Fix access_file neutral policy
 	Move Received-SPF header to beginning of headers
 	Supply keyword info for all results in Received-SPF header.
 	Move guessed SPF result to separate header
 	Activate smfi_insheader only when SMFIR_INSHEADER defined
 	Handle NULL MX in spf.py
 	in-process GOSSiP server support (to be extended later)
 	Expire CBV cache and renew auto-whitelist entries
 0.8.4	Auto-whitelist recipients of outgoing email.
 	Fix SPF policy via sendmail access map (case insensitive keys).
 	Train screener on whitelisted messages
 	Optional idx parameter to addheader to invoke smfi_insheader
 	Activate progress API when SMFIR_PROGRESS defined
 0.8.3   Keep screened honeypot mail, but optionally discard honeypot only mail.
 	spf_accept_fail option for braindead SPF senders 
 	  (treats fail like softfail)
 	Option to set SPF policy via sendmail access map.
 	Option to supply Sender header from MAIL FROM when missing.
 	Consider SMTP AUTH connections internal.
 	Send DSN for SPF errors corrected by extended processing.
 	Send DSN before SCREENED mail is quarantined
 	Use logging package to keep log lines atomic.
 0.8.2	Strict processing limits per SPF RFC
 	Fixed several parsing bugs under RFC 
 	Support official IANA SPF record (type99)
 	Honeypot support (requires pydspam-1.1.9)
 	Extended SPF processing results beyond strict RFC limits
 	Support original SES for bounce protection (requires pysrs-0.30.10)
 	Callback exception processing option in milter module
 	Handle corrupt ZIP attachments
 0.8.1	Fix zip in zip loop in mime.py
 	Fix HeaderParseError in bms.py header callback
 	Check internal_domains for outgoing mail
 	Fix inconsistent results from send_dsn
 0.8.0	Move Milter module to subpackage.
 	DSN support for Three strikes rule and SPF SOFTFAIL
 	Move /*mime*/ and dynip to Milter subpackage
 	Fix SPF unknown mechanism list not cleared
 	Make banned extensions configurable.
 	Option to scan zipfiles for bad extensions.
 	Properly log pydspam exceptions
 0.7.3	Experimental release with python2.4 support
 0.7.2	Return unknown for invalid ip address in mechanism
 	Recognize dynamic PTR names, and don't count them as authentication.
 	Three strikes and yer out rule.
 	Block softfail by default when no PTR or HELO
 	Return unknown for null mechanism
 	Try best guess on HELO also
 	Expand setreply for common errors
 	make rhsbl.m4 hack available for sendmail.mc
 0.7.1	Handle modifying mislabeled multipart messages without an exception
 	Support setbacklog, setmlreply
 	Allow multi-recipient CBV
 	Return TEMPFAIL for SPF softfail
 0.7.0	SPF check hello name
 	Move pythonsock to /var/run/milter
 	Move milter.cfg to /etc/mail/pymilter.cfg
 	Check M$ style XML CID records by converting to SPF
 	Recognize, but never match ip6 - until we properly support it.
 	Option to reject when no PTR and no SPF
 0.6.9	Reject invalid SRS immediately for benefit of callback verifiers
 	Fix include bug in spf.py
 	Fix check_header bug
@@ -11,25 +11,24 @@ any point, tell Sendmail to reject, discard, or accept the message.
 Requirements
 ------------
-This python milter extension: http://www.bmsi.com/python/milter.html
+Python milter extension: http://https://pypi.python.org/pypi/pymilter/
 Python: http://www.python.org
 Sendmail: http://www.sendmail.org
 NB: From Sendmail's libmilter/README:
 libmilter requires pthread support in the operating system.  Moreover, it
 requires that the library functions it uses are thread safe; which is true
 for the operating systems libmilter has been developed and tested on.  On
 some operating systems this requires special compile time options (e.g.,
-not just -pthread).  libmilter is currently known to work on (modulo
+not just -pthread).  libmilter is currently known to work on (modulo problems
-problems in the pthread support of some specific versions):
+in the pthread support of some specific versions):
 FreeBSD 3.x, 4.x
 SunOS 5.x (x >= 5)
 AIX 4.3.x
 HP UX 11.x
 Linux (recent versions/distributions)
 OpenBSD
 AIX 4.1.5
 libmilter is currently not supported on:
@@ -42,7 +41,7 @@ Quick Installation
 1. Build and install Sendmail, enabling libmilter (see libmilter/README).
 2. Build and install Python, enabling threading.
 3. Install this module: python setup.py --help
-4. Add these two lines to sendmail.cf:
+4. Add these two lines to sendmail.cf[*]:
 O InputMailFilters=pythonfilter
 Xpythonfilter,        S=local:/home/username/pythonsock
@@ -51,9 +50,17 @@ Xpythonfilter,        S=local:/home/username/pythonsock
 Note that milters should almost certainly not run as root.
 That's it.  Incoming mail will cause the milter to print some things, and
-some email will be rejected (see the "header" method).  Edit and play.  See
+some email will be rejected (see the "header" method).  Edit and play.  
-bms.py for an example milter used in production.
+See spfmilter.py for a functional SPF milter, or see bms.py for an complex
 milter used in production.
 [*] This is for a quick test.  Your sendmail.cf in most distros will get
 overwritten whenever sendmail.mc is updated.  To make a milter permanent,
 add something like:
 INPUT_MAIL_FILTER(`pythonfilter', `S=local:/home/username/pythonsock, F=T, T=C:5m;S:20s;R:5m;E:5m')
 to sendmail.mc instead.
 Not-so-quick Installation
 -------------------------
@@ -61,8 +68,7 @@ Not-so-quick Installation
 First install Sendmail.  Make sure you read libmilter/README in the Sendmail
 source directory, and make sure you enable libmilter before you build.  The
 8.11 series had libmilter marked as FFR (For Future Release); 8.12
-officially
+officially supports libmilter, but it's still not built by default.
 supports libmilter, but it's still not built by default.
 Install Python, and enable threading in Modules/Setup.
@@ -90,9 +96,10 @@ some options associated with it.  In this case, we have the "S" option, which
 names the socket that sendmail will use to communicate with this particular
 milter.  This milter's socket is a unix-domain socket in the filesystem.
 See libmilter/README for the definitive list of options.
 NB: The name is specified in two places: here, in sendmail's cf file, and
 in the milter itself.  Make sure the two match.
-NB: OpenBSD must use an inet socket.  See the web page for details.
+
 NB: The above lines can be added in your .mc file with this line:
 INPUT_MAIL_FILTER(`pythonfilter', `S=local:/home/username/pythonsock')
@@ -102,43 +109,9 @@ _FFR_MILTER for the cf macros.  For example,
 m4 -D_FFR_MILTER ../m4/cf.m4 myconfig.mc > myconfig.cf
 RedHat 6.2 Notes
 ----------------
 The Redhat 6.2 sendmail RPM does not enable milter.  You can obtain a
 modified spec file at
 http://www.bmsi.com/linux/rh62/sendmail-rhmilter.spec
 use it to rebuild the Redhat 7.2 SRPM.  The RH6.2 SRPM does not have
 recent sendmail security patches.
 RedHat 7.2 Notes
 ----------------
 The Redhat 7.2 sendmail RPM enables milter in sendmail - but does not include
 the headers needed for compiling a milter.  You can obtain a modified spec
 file with a sendmail-devel package that includes the needed static libraries
 and headers at
 http://www.bmsi.com/linux/sendmail-rh72.spec
 OpenBSD Notes
 -------------
 Sendmail is broken on OpenBSD for unix domain sockets.  You must use an
 inet socket for milter.  The sendmail.cf 'X' config line would look like:
 Xpythonfilter,        S=inet:1234@localhost
 and the sample milter needs to be modified accordingly.
 IPv6 Notes
 ----------
 IPv6 is still experimental.
 The IPv6 protocol is supported if your operation system supports it
 and if sendmail was compiled with IPv6 support.  To determine if your
 sendmail supports IPv6, run "sendmail -d0" and check for the NETINET6
@@ -196,7 +169,7 @@ Authors
 -------
 Jim Niemira (urmane@urmane.org) wrote the original C module and some quick
-and dirty python to use it.  Stuart D. Gathman (stuart@bmsi.com) took that
+and dirty python to use it.  Stuart D. Gathman (stuart@gathman.org) took that
 kludge and added threading and context objects to it, wrote a proper OO
 wrapper (Milter.py) that handles attachments, did lots of testing, packaged
 it with distutils, and generally transformed it from a quick hack to a
@@ -1,50 +1,2 @@
-Web admin interface
+Lookup exact RFC syntax of real name / email and make 
-RHBL
+Milter.utils.parse_addr() pass all unit tests.
 Check valid domains allowed by internal senders to detect PCs infected
 with spam trojans.
 Do CBV (callback verification) for mail with no published SPF record.
 message log for automated stats and blacklisting
 adapt init script to work on RH9
 Skip dspam when SPF pass?
 Report 551 with rcpt on SPF fail?
 check spam keywords with character classes, e.g.
 	{a}=[a@ãä], {i}=[i1í], {e}=[eë], {o}=[o0ö]
 Implement RRS - a backdoor for non-SRS forwarders.  User lists non-SRS 
 forwarder accounts, and a util provides a special local alias for the
 user to give to the forwarder.  Alias only works for mail from that
 forwarder.  Milter gets forwarder domain from alias and uses it to
 SPF check forwarder.
 Another special dspam user, 'honeypot', can be listed in innoculations.
 All email to those addresses is treated as known spam.
 Framework for modular Python milter components within a single VM.
 Python milters can be already be composed through sendmail by running each in
 a separate process.  However, a significant amount of memory is wasted
 for each additional Python VM, and communication between milters
 is cumbersome (e.g., adding mail headers, writing external files).
 Backup copies for outgoing/incoming mail.
 Allow multiple wiretap groups, each with its own destination.  Perhaps 
 also copy incoming wiretap mail, even though sendmail alias works perfectly
 for the purpose, to avoid having to change two configs for a wiretap.
 Provide a way to reload milter.cfg without stopping/restarting milter.
 Allow selected Windows extensions for specific domains via milter.cfg
 Fix setup.py so that _FFR_QUARANTINE is automatically defined when
 available in libmilter.
 Keep separate ismodified flag for headers and body.  This is important
 when rejecting outgoing mail with viruses removed (so as not to
 embarrass yourself), and also removing Received headers with hidepath.
 Wrap smfi_setbacklog(int) - but it is only available in sendmail >= 8.12.3,
  so how can we detect whether to wrap it?
 Need a test module to feed sample messages to a milter though a live 
 sendmail and SMTP.  The mockup currently used is probably not very accurate,
 and doesn't test the threading code.
@@ -1,987 +0,0 @@
 #!/usr/bin/env python
 # A simple milter.
 # $Log$
 # Revision 1.105  2004/04/20 15:16:00  stuart
 # Release 0.6.9
 #
 # Revision 1.104  2004/04/19 21:56:26  stuart
 # Support SPF best_guess and get_header
 #
 # Revision 1.103  2004/04/10 02:31:01  stuart
 # Fix timeout config
 #
 # Revision 1.102  2004/04/08 20:25:11  stuart
 # Make libmilter timeout a config option
 #
 # Revision 1.101  2004/04/08 19:18:16  stuart
 # Preserve case of local part in sender
 #
 # Revision 1.100  2004/04/08 18:41:15  stuart
 # Reject numeric hello names
 #
 # Revision 1.99  2004/04/06 19:46:39  stuart
 # Reject invalid SRS immediately for benefit of CallBack Verifiers.
 #
 # Revision 1.98  2004/04/06 15:28:20  stuart
 # Release 0.6.8-2
 #
 # Revision 1.97  2004/04/06 13:07:43  stuart
 # Pass original header name to check_header
 #
 # Revision 1.96  2004/04/06 03:27:03  stuart
 # bugs from Redhat 9 testing
 #
 # Revision 1.95  2004/04/05 22:37:08  stuart
 # Include Received-SPF headers in dspam.
 #
 # Revision 1.94  2004/04/05 22:16:50  stuart
 # Separate check_header method taking decoded header.
 # Reject multiple recipients for a bounce.
 #
 # Revision 1.93  2004/04/01 20:57:45  stuart
 # Report only SRS like addresses as spoofed.
 # Return TEMPFAIL on SPF error.
 #
 # Revision 1.92  2004/03/25 17:45:53  stuart
 # Make spf_reject_neutral global in bms.py
 #
 # Revision 1.91  2004/03/25 03:38:02  stuart
 # Reject neutral SPF result for selected domains.
 #
 # Revision 1.90  2004/03/25 03:27:33  stuart
 # Support delegation of SPF records.
 #
 # Revision 1.89  2004/03/23 22:02:49  stuart
 # Header decoding bug.
 #
 # Revision 1.88  2004/03/23 05:08:45  stuart
 # Decode headers, indirect srs config.
 #
 # Revision 1.87  2004/03/18 02:21:16  stuart
 # SRS checking
 #
 # Revision 1.86  2004/03/11 05:00:37  stuart
 # Don't wipe out fail messages from SPF records.
 # Hello blacklist
 #
 # Revision 1.85  2004/03/10 01:49:22  stuart
 # Enhanced SPF support.
 #
 # Revision 1.84  2004/03/09 17:04:49  stuart
 # Received-SPF header.
 #
 # Revision 1.83  2004/03/08 20:23:26  stuart
 # SPF support
 #
 # Revision 1.82  2004/03/01 18:56:50  stuart
 # Support progress reporting.
 #
 # Revision 1.81  2004/03/01 18:36:09  stuart
 # Trusted relay.
 #
 # Revision 1.80  2004/01/12 21:10:58  stuart
 # Support wildcard user for smart_alias
 #
 # Revision 1.79  2003/12/04 23:46:06  stuart
 # Release 0.6.4
 #
 # Revision 1.78  2003/12/04 23:20:24  stuart
 # Make headerChange handle deleting absent header
 #
 # Revision 1.77  2003/12/04 22:01:40  stuart
 # Limit size of messages which will be dspammed.  This works around a bug
 # in dspam-2.6.5.2 where it scans large binary attachments.  I've never
 # seen really big spam anyway.
 #
 # Revision 1.76  2003/12/04 21:44:33  stuart
 # Pass header changes from Dspam to sendmail
 #
 # Revision 1.75  2003/11/25 17:43:07  stuart
 # Update FAQ.
 #
 # Revision 1.74  2003/11/25 17:36:58  stuart
 # dspam_reject
 #
 # Revision 1.73  2003/11/24 15:46:00  stuart
 # Missing global for dspam_whitelist
 #
 # Revision 1.72  2003/11/22 02:52:07  stuart
 # Handle multiple x-dspam-recipients properly on false positive
 #
 # Revision 1.71  2003/11/22 02:49:57  stuart
 # dspam whitelist
 #
 # Revision 1.70  2003/11/09 03:53:34  stuart
 # Don't block delivery of defanged false positives.
 #
 # Revision 1.69  2003/11/08 22:47:04  stuart
 # Exempt entire domains with '@domain.com'
 #
 # Revision 1.68  2003/11/02 03:06:16  stuart
 # Adjust error codes again.
 #
 # Revision 1.67  2003/11/02 03:01:46  stuart
 # Adjust SMTP error codes after careful reading of standard.
 #
 # Revision 1.66  2003/11/02 01:56:43  stuart
 # Use busy SMTP code.
 #
 # Revision 1.65  2003/11/02 01:44:11  stuart
 # Suppress traceback for Dspam lock timeouts
 #
 # Revision 1.64  2003/10/28 01:00:19  stuart
 # Dspam internal mail for dspam users
 #
 # Revision 1.63  2003/10/25 02:10:34  stuart
 # Match hostname for internal connection test, even if no ipaddr.
 #
 # Revision 1.62  2003/10/24 04:34:52  stuart
 # Fix for not saving defang of false positive triggered rejecting it
 # as a virus from self.
 #
 # Revision 1.61  2003/10/22 22:03:14  stuart
 # Apply dspam_exempt to screening
 #
 # Revision 1.60  2003/10/22 21:58:42  stuart
 # Don't save false positives as defang file.
 #
 # Revision 1.59  2003/10/22 05:02:27  stuart
 # Add support for dspam screeners
 #
 # Revision 1.58  2003/10/16 22:19:24  stuart
 # Redirect Dspam logging to bms milter
 #
 # Revision 1.57  2003/10/10 00:15:04  stuart
 # DISCARD message if quarrantined for any recipient.
 #
 # Revision 1.56  2003/10/06 19:30:27  stuart
 # REJECT messages with boundard errors
 #
 # Revision 1.55  2003/10/03 18:20:31  stuart
 # Opt-out feature to exempt certain recipients from header filtering.
 #
 # Revision 1.54  2003/09/22 13:36:04  stuart
 # Release 0.6.1
 #
 # Revision 1.53  2003/09/06 07:08:36  stuart
 # dspam support improvements.
 #
 # Revision 1.51  2003/09/02 00:27:27  stuart
 # Should have full milter based dspam support working
 #
 # Revision 1.50  2003/08/26 06:08:17  stuart
 # Use new python boolean since we now require 2.2.2
 #
 # Revision 1.49  2003/08/26 05:45:51  stuart
 # Fix conditional import of dspam.  Update web page.
 #
 # Revision 1.48  2003/08/26 05:10:43  stuart
 # Readability tweaks
 #
 # Revision 1.47  2003/08/26 05:01:38  stuart
 # Release 0.6.0
 #
 # Author: Stuart D. Gathman <stuart@bmsi.com>
 # Copyright 2001 Business Management Systems, Inc.
 # This code is under GPL.  See COPYING for details.
 import sys
 import os
 import StringIO
 import rfc822
 import mime
 import email.Errors
 import Milter
 import tempfile
 import ConfigParser
 import time
 import re
 from fnmatch import fnmatchcase
 from email.Header import decode_header
 # Import pysrs if available
 try:
  import SRS
  srsre = re.compile(r'^SRS[01][+-=]',re.IGNORECASE)
 except: SRS = None
 # Import spf if available
 try: import spf
 except: spf = None
 ip4re = re.compile(r'^[1-9][0-9]*\.[1-9][0-9]*\.[1-9][0-9]*\.[1-9][0-9]*$')
 #import syslog
 #syslog.openlog('milter')
 # Thanks to Chris Liechti for config parsing suggestions
 # Global configuration defaults suitable for test framework.
 socketname = "/tmp/pythonsock"
 reject_virus_from = ()
 wiretap_users = {}
 discard_users = {}
 wiretap_dest = None
 blind_wiretap = True
 check_user = {}
 block_forward = {}
 hide_path = ()
 log_headers = False
 block_chinese = False
 spam_words = ()
 porn_words = ()
 scan_html = True
 scan_rfc822 = True
 internal_connect = ()
 trusted_relay = ()
 internal_domains = ()
 hello_blacklist = ()
 smart_alias = {}
 dspam_dict = None
 dspam_users = {}
 dspam_userdir = None
 dspam_exempt = {}
 dspam_whitelist = {}
 dspam_screener = None
 dspam_internal = True	# True if internal mail should be dspammed
 dspam_reject = ()
 dspam_sizelimit = 180000
 srs = None
 srs_reject_spoofed = False
 spf_reject_neutral = ()
 spf_best_guess = False
 timeout = 600
 class MilterConfigParser(ConfigParser.ConfigParser):
  def getlist(self,sect,opt):
    if self.has_option(sect,opt):
      return [q.strip() for q in self.get(sect,opt).split(',')]
    return ()
  def getaddrset(self,sect,opt):
    if not self.has_option(sect,opt):
      return {}
    s = self.get(sect,opt)
    d = {}
    for q in s.split(','):
      q = q.strip()
      if q.startswith('file:'):
        domain = q[5:]
 	d[domain] = d.setdefault(domain,[]) + open(domain,'r').read().split()
      else:
 	user,domain = q.split('@')
 	d.setdefault(domain,[]).append(user)
    return d
  def getaddrdict(self,sect,opt):
    if not self.has_option(sect,opt):
      return {}
    d = {}
    for q in self.get(sect,opt).split(','):
      q = q.strip()
      if self.has_option(sect,q):
        l = self.get(sect,q)
 	for addr in l.split(','):
 	  addr = addr.strip()
 	  if addr.startswith('file:'):
 	    fname = addr[5:]
 	    for a in open(fname,'r').read().split():
 	      d[a] = q
 	  else:
 	    d[addr] = q
    return d
  def getdefault(self,sect,opt,default=None):
    if self.has_option(sect,opt):
      return self.get(sect,opt)
    return default
 def read_config(list):
  cp = MilterConfigParser({
    'tempdir': "/var/log/milter/save",
    'socket': "/var/log/milter/pythonsock",
    'timeout': '600',
    'scan_html': 'no',
    'scan_rfc822': 'yes',
    'block_chinese': 'no',
    'log_headers': 'no',
    'blind_wiretap': 'yes',
    'maxage': '8',
    'hashlength': '8',
    'reject_spoofed': 'no',
    'best_guess': 'no'
  })
  cp.read(list)
  tempfile.tempdir = cp.get('milter','tempdir')
  global socketname, scan_rfc822, scan_html, block_chinese, timeout
  socketname = cp.get('milter','socket')
  timeout = cp.getint('milter','timeout')
  scan_rfc822 = cp.getboolean('milter','scan_rfc822')
  scan_html = cp.getboolean('milter','scan_html')
  block_chinese = cp.getboolean('milter','block_chinese')
  global hide_path, block_forward, log_headers
  hide_path = cp.getlist('scrub','hide_path')
  block_forward = cp.getaddrset('milter','block_forward')
  log_headers = cp.getboolean('milter','log_headers')
  global blind_wiretap, wiretap_users, wiretap_dest, discard_users
  blind_wiretap = cp.getboolean('wiretap','blind')
  wiretap_users = cp.getaddrset('wiretap','users')
  discard_users = cp.getaddrset('wiretap','discard')
  wiretap_dest = cp.getdefault('wiretap','dest')
  if wiretap_dest: wiretap_dest = '<%s>' % wiretap_dest
  global check_user, reject_virus_from, internal_connect, internal_domains
  check_user = cp.getaddrset('milter','check_user')
  reject_virus_from = cp.getlist('scrub','reject_virus_from')
  internal_connect = cp.getlist('milter','internal_connect')
  internal_domains = cp.getlist('milter','internal_domains')
  global porn_words, spam_words, smart_alias, trusted_relay, hello_blacklist
  trusted_relay = cp.getlist('milter','trusted_relay')
  porn_words = cp.getlist('milter','porn_words')
  spam_words = cp.getlist('milter','spam_words')
  hello_blacklist = cp.getlist('milter','hello_blacklist')
  for sa in cp.getlist('wiretap','smart_alias'):
    sm = cp.getlist('wiretap',sa)
    if len(sm) < 2:
      print 'malformed smart alias:',sa
      continue
    if len(sm) == 2: sm.append(sa)
    key = (sm[0],sm[1])
    smart_alias[key] = sm[2:]
  global dspam_dict, dspam_users, dspam_userdir, dspam_exempt
  global dspam_screener,dspam_whitelist,dspam_reject,dspam_sizelimit
  global spf_reject_neutral,spf_best_guess,SRS
  dspam_dict = cp.getdefault('dspam','dspam_dict')
  dspam_exempt = cp.getaddrset('dspam','dspam_exempt')
  dspam_whitelist = cp.getaddrset('dspam','dspam_whitelist')
  dspam_users = cp.getaddrdict('dspam','dspam_users')
  dspam_userdir = cp.getdefault('dspam','dspam_userdir')
  dspam_screener = cp.getdefault('dspam','dspam_screener')
  dspam_reject = cp.getlist('dspam','dspam_reject')
  if cp.has_option('dspam','dspam_sizelimit'):
    dspam_sizelimit = cp.getint('dspam','dspam_sizelimit')
  if spf:
    spf.DELEGATE = cp.getdefault('spf','delegate')
    spf_reject_neutral = cp.getlist('spf','reject_neutral')
    spf_best_guess = cp.getboolean('spf','best_guess')
  srs_config = cp.getdefault('srs','config')
  if srs_config: cp.read([srs_config])
  srs_secret = cp.getdefault('srs','secret')
  if SRS and srs_secret:
    global srs,srs_reject_spoofed
    database = cp.getdefault('srs','database')
    srs_reject_spoofed = cp.getboolean('srs','reject_spoofed')
    maxage = cp.getint('srs','maxage')
    hashlength = cp.getint('srs','hashlength')
    separator = cp.getdefault('srs','separator','=')
    if database:
      import SRS.DB
      srs = SRS.DB.DB(database=database,secret=srs_secret,
        maxage=maxage,hashlength=hashlength,separator=separator)
    else:
      srs = SRS.Guarded.Guarded(secret=srs_secret,
        maxage=maxage,hashlength=hashlength,separator=separator)
 def parse_addr(t):
  if t.startswith('<') and t.endswith('>'): t = t[1:-1]
  return t.split('@')
 def parse_header(val):
  h = decode_header(val)
  if not len(h) or (not h[0][1] and len(h) == 1): return val
  try:
    u = []
    for s,enc in h:
      if enc:
 	u.append(unicode(s,enc))
      else:
 	u.append(unicode(s))
    u = ''.join(u)
    for enc in ('us-ascii','iso-8859-1','utf8'):
      try:
 	return u.encode(enc)
      except UnicodeError: continue
  except LookupError:
    return val
 class bmsMilter(Milter.Milter):
  "Milter to replace attachments poisonous to Windows with a WARNING message."
  def log(self,*msg):
    print "%s [%d]" % (time.strftime('%Y%b%d %H:%M:%S'),self.id),
    for i in msg: print i,
    print
  def __init__(self):
    self.tempname = None
    self.mailfrom = None	# sender in SMTP form
    self.canon_from = None	# sender in end user form
    self.fp = None
    self.bodysize = 0
    self.id = Milter.uniqueID()
  # delrcpt can only be called from eom().  This accumulates recipient
  # changes which can then be applied by alter_recipients()
  def del_recipient(self,rcpt):
    rcpt = rcpt.lower()
    if not rcpt in self.discard_list:
      self.discard_list.append(rcpt)
  # addrcpt can only be called from eom().  This accumulates recipient
  # changes which can then be applied by alter_recipients()
  def add_recipient(self,rcpt):
    rcpt = rcpt.lower()
    if not rcpt in self.redirect_list:
      self.redirect_list.append(rcpt)
  # addheader can only be called from eom().  This accumulates added headers
  # which can then be applied by alter_headers()
  def add_header(self,name,val):
    self.new_headers.append((name,val))
    self.log('%s: %s' % (name,val))
  def connect(self,hostname,unused,hostaddr):
    self.internal_connection = False
    self.trusted_relay = False
    self.receiver = self.getsymval('j')
    if hostaddr and len(hostaddr) > 0:
      ipaddr = hostaddr[0]
      for pat in internal_connect:
 	if fnmatchcase(ipaddr,pat):
 	  self.internal_connection = True
 	  break
      for pat in trusted_relay:
 	if fnmatchcase(ipaddr,pat):
 	  self.trusted_relay = True
 	  break
      self.connectip = ipaddr
    else:
      self.connectip = None
    for pat in internal_connect:
      if fnmatchcase(hostname,pat):
 	self.internal_connection = True
 	break
    if self.internal_connection:
      connecttype = 'INTERNAL'
    else:
      connecttype = 'EXTERNAL'
    if self.trusted_relay:
      connecttype += ' TRUSTED'
    self.log("connect from %s at %s %s" % (hostname,hostaddr,connecttype))
    return Milter.CONTINUE
  def hello(self,hostname):
    self.hello_name = hostname
    self.log("hello from %s" % hostname)
    if ip4re.match(hostname):
      self.log("REJECT: numeric hello name:",hostname)
      self.setreply('550','5.7.1','hello name cannot be numeric ip')
      return Milter.REJECT
    if not self.internal_connection and hostname in hello_blacklist:
      self.log("REJECT: spam from self:",hostname)
      self.setreply('550','5.7.1','I hate talking to myself.')
      return Milter.REJECT
    return Milter.CONTINUE
  # multiple messages can be received on a single connection
  # envfrom (MAIL FROM in the SMTP protocol) seems to mark the start
  # of each message.
  def envfrom(self,f,*str):
    self.log("mail from",f,str)
    self.fp = StringIO.StringIO()
    self.tempname = None
    self.mailfrom = f
    self.forward = True
    self.bodysize = 0
    self.hidepath = False
    self.discard = False
    self.dspam = True
    self.reject_spam = True
    self.data_allowed = True
    self.trust_received = self.trusted_relay
    self.redirect_list = []
    self.discard_list = []
    self.new_headers = []
    self.recipients = []
    t = parse_addr(f.lower())
    self.canon_from = '@'.join(t)
    self.fp.write('From %s %s\n' % (self.canon_from,time.ctime()))
    if len(t) == 2:
      user,domain = t
      if not self.internal_connection:
 	for pat in internal_domains:
 	  if fnmatchcase(domain,pat):
 	    self.log("REJECT: spam from self",pat)
 	    self.setreply('550','5.7.1','I hate talking to myself.')
 	    return Milter.REJECT
      self.rejectvirus = domain in reject_virus_from
      if user in wiretap_users.get(domain,()):
        self.add_recipient(wiretap_dest)
      if user in discard_users.get(domain,()):
 	self.discard = True
      exempt_users = dspam_whitelist.get(domain,())
      if user in exempt_users or '' in exempt_users:
 	self.dspam = False
    else:
      self.rejectvirus = False
    if not (self.internal_connection or self.trusted_relay)	\
    	and self.connectip and spf:
      return self.check_spf()
    return Milter.CONTINUE
  def check_spf(self):
    t = parse_addr(self.mailfrom)
    if len(t) == 2: t[1] = t[1].lower()
    q = spf.query(self.connectip,'@'.join(t),self.hello_name)
    q.set_default_explanation('SPF fail: see http://spf.pobox.com/why.html')
    res,code,txt = q.check()
    receiver = self.receiver
    if res == 'none' and spf_best_guess:
      #self.log('SPF: no record published, guessing')
      q.set_default_explanation('SPF guess: see http://spf.pobox.com/why.html')
      # best_guess should not result in fail
      res,code,txt = q.best_guess()
      receiver += ': guessing'
    if res in ('deny', 'fail'):
      self.log('REJECT: SPF %s %i %s' % (res,code,txt))
      self.setreply(str(code),'5.7.1',txt)
      return Milter.REJECT
    if res == 'neutral' and q.o in spf_reject_neutral:
      self.log('REJECT: SPF neutral for',q.s)
      self.setreply('550','5.7.1',
 	'mail from %s must pass SPF: http://spf.pobox.com/why.html' % q.o
      )
      return Milter.REJECT
    if res == 'error':
      self.setreply(str(code),'4.3.0',txt)
      return Milter.TEMPFAIL
    self.add_header('Received-SPF',q.get_header(res,receiver))
    return Milter.CONTINUE
  # hide_path causes a copy of the message to be saved - until we
  # track header mods separately from body mods - so use only
  # in emergencies.
  def envrcpt(self,to,*str):
    # mail to MAILER-DAEMON is generally spam that bounced
    if to.startswith('<MAILER-DAEMON@'):
      self.log('DISCARD: RCPT TO:',to,str)
      return Milter.DISCARD
    self.log("rcpt to",to,str)
    t = parse_addr(to.lower())
    if len(t) == 2:
      if self.mailfrom == '<>':
        if self.recipients:
 	  self.log('REJECT: Multiple bounce recipients')
 	  self.setreply('550','5.7.1','Multiple bounce recipients')
 	  return Milter.REJECT
        if srs and not (self.internal_connection or self.trusted_relay):
 	  oldaddr = '@'.join(parse_addr(to))
 	  try:
 	    newaddr = srs.reverse(oldaddr)
 	    self.log("srs rcpt:",newaddr)
 	  except:
 	    if srsre.match(oldaddr):
 	      self.log("REJECT: srs spoofed:",oldaddr)
 	      self.setreply('550','5.7.1','Invalid SRS signature')
 	      return Milter.REJECT
 	    self.data_allowed = not srs_reject_spoofed
      self.recipients.append('@'.join(t))
      user,domain = t
      users = check_user.get(domain)
      if self.discard:
        self.del_recipient(to)
      if users and not user in users:
        self.log('REJECT: RCPT TO:',to,str)
 	return Milter.REJECT
      if user in block_forward.get(domain,()):
        self.forward = False
      exempt_users = dspam_exempt.get(domain,())
      if user in exempt_users or '' in exempt_users:
 	self.dspam = False
      if domain in hide_path:
        self.hidepath = True
      if not domain in dspam_reject:
        self.reject_spam = False
    if smart_alias:
      cf = self.canon_from
      cf0 = cf.split('@',1)
      if len(cf0) == 2:
 	cf0 = '@' + cf0[1]
      else:
 	cf0 = cf
      ct = '@'.join(t)
      for key in ((cf,ct),(cf0,ct)):
 	if smart_alias.has_key(key):
 	  self.del_recipient(to)
 	  for t in smart_alias[key]:
 	    self.add_recipient('<%s>'%t)
    #rcpt = self.getsymval("{rcpt_addr}")
    #self.log("rcpt-addr",rcpt);
    return Milter.CONTINUE
  # Heuristic checks for spam headers
  def check_header(self,name,val):
    lname = name.lower()
    # val is decoded header value
    if lname == 'subject':
      # check for common spam keywords
      for wrd in spam_words:
        if val.find(wrd) >= 0:
 	  self.log('REJECT: %s: %s' % (name,val))
 	  self.setreply('550','5.7.1','That subject is not allowed')
 	  return Milter.REJECT
      # check for spam that claims to be legal
      lval = val.lower().strip()
      for adv in ("adv:","adv.","adv ","[adv]","(adv)","advt:","advert:"):
        if lval.startswith(adv):
 	  self.log('REJECT: %s: %s' % (name,val))
 	  self.setreply('550','5.7.1','Advertising not accepted here')
 	  return Milter.REJECT
      for adv in ("adv","(adv)","[adv]"):
        if lval.endswith(adv):
 	  self.log('REJECT: %s: %s' % (name,val))
 	  self.setreply('550','5.7.1','Advertising not accepted here')
 	  return Milter.REJECT
      # check for porn keywords
      for w in porn_words:
        if lval.find(w) >= 0:
          self.log('REJECT: %s: %s' % (name,val))
 	  self.setreply('550','5.7.1','That subject is not allowed')
          return Milter.REJECT
      # check for annoying forwarders
      if not self.forward:
 	if lval.startswith("fwd:") or lval.startswith("[fw"):
 	  self.log('REJECT: %s: %s' % (name,val))
 	  self.setreply('550','5.7.1','I find unedited forwards annoying')
 	  return Milter.REJECT
    # check for invalid message id
    if lname == 'message-id' and len(val) < 4:
      self.log('REJECT: %s: %s' % (name,val))
      return Milter.REJECT
    # check for common bulk mailers
    if lname == 'x-mailer':
      mailer = val.lower()
      if mailer in ('direct email','calypso','mail bomber') \
 	or mailer.find('optin') >= 0:
        self.log('REJECT: %s: %s' % (name,val))
        return Milter.REJECT
    elif self.trust_received and lname == 'received':
      self.trust_received = False
      self.log('%s: %s' % (name,val.splitlines()[0]))
    return Milter.CONTINUE
  def header(self,name,hval):
    if not self.data_allowed:
      self.log('REJECT: bounce with no SRS encoding')
      self.setreply('550','5.7.1',"spoofed reply address")
      return Milter.REJECT
    lname = name.lower()
    # decode near ascii text to unobfuscate
    val = parse_header(hval)
    if not self.internal_connection:
      # even if we wanted the Taiwanese spam, we can't read Chinese
      if block_chinese and lname == 'subject':
 	if hval.startswith('=?big5') or hval.startswith('=?ISO-2022-JP'):
 	  self.log('REJECT: %s: %s' % (name,hval))
 	  self.setreply('550','5.7.1',"We don't understand chinese")
 	  return Milter.REJECT
      rc = self.check_header(name,val)
      if rc != Milter.CONTINUE: return rc
    # log selected headers
    if log_headers or lname in ('subject','x-mailer'):
      self.log('%s: %s' % (name,val))
    if self.fp:
      try:
        val = val.encode('us-ascii')
      except:
        val = hval
      self.fp.write("%s: %s\n" % (name,val))	# add header to buffer
    return Milter.CONTINUE
  def eoh(self):
    if not self.fp: return Milter.TEMPFAIL	# not seen by envfrom
    for name,val in self.new_headers:
      self.fp.write("%s: %s\n" % (name,val))	# add new headers to buffer
    self.fp.write("\n")				# terminate headers
    self.fp.seek(0)
    # copy headers to a temp file for scanning the body
    headers = self.fp.getvalue()
    self.fp.close()
    self.tempname = fname = tempfile.mktemp(".defang")
    self.fp = open(fname,"w+b")
    self.fp.write(headers)	# IOError (e.g. disk full) causes TEMPFAIL
    # check if headers are really spammy
    if dspam_dict and not self.internal_connection:
      ds = dspam.dspam(dspam_dict,dspam.DSM_PROCESS,
        dspam.DSF_CHAINED|dspam.DSF_CLASSIFY)
      try:
        ds.process(headers)
        if ds.probability > 0.93 and self.dspam:
          self.log('REJECT: X-DSpam-HeaderScore: %f' % ds.probability)
 	  self.setreply('550','5.7.1','Your Message looks spammy')
 	  return Milter.REJECT
 	self.add_header('X-DSpam-HeaderScore','%f'%ds.probability)
      finally:
        ds.destroy()
    return Milter.CONTINUE
  def body(self,chunk):		# copy body to temp file
    if self.fp:
      self.fp.write(chunk)	# IOError causes TEMPFAIL in milter
      self.bodysize += len(chunk)
    return Milter.CONTINUE
  def _headerChange(self,msg,name,value):
    if value:	# add header
      self.addheader(name,value)
    else:	# delete all headers with name
      h = msg.getheaders(name)
      if h:
 	for i in range(len(h),0,-1):
 	  self.chgheader(name,i-1,'')
  def _chk_attach(self,msg):
    "Filter attachments by content."
    mime.check_name(msg,self.tempname)	# check for bad extensions
    if scan_html:
      mime.check_html(msg,self.tempname)	# remove scripts from HTML
    # don't let a tricky virus slip one past us
    if scan_rfc822:
      msg = msg.get_submsg()
      if msg: return mime.check_attachments(msg,self._chk_attach)
    return Milter.CONTINUE
  def alter_recipients(self,discard_list,redirect_list):
    for rcpt in discard_list:
      if rcpt in redirect_list: continue
      self.log("DISCARD RCPT: %s" % rcpt)	# log discarded rcpt
      self.delrcpt(rcpt)
    for rcpt in redirect_list:
      if rcpt in discard_list: continue
      self.log("APPEND RCPT: %s" % rcpt)	# log appended rcpt
      self.addrcpt(rcpt)
      if not blind_wiretap:
        self.addheader('Cc',rcpt)
  # check spaminess for recipients in dictionary groups
  # if there are multiple users getting dspammed, then
  # a signature tag for each is added to the message.
  # FIXME: quarantine messages rejected via fixed patterns above
  #	   this will give a fast start to stats
  def check_spam(self):
    if not dspam_userdir: return False
    ds = Dspam.DSpamDirectory(dspam_userdir)
    ds.log = self.log
    ds.headerchange = self._headerChange
    modified = False
    for rcpt in self.recipients:
      if dspam_users.has_key(rcpt):
        user = dspam_users.get(rcpt)
 	if user:
 	  try:
 	    self.fp.seek(0)
 	    txt = self.fp.read()
 	    if user == 'spam' and self.internal_connection:
 	      sender = dspam_users.get(self.canon_from)
 	      if sender:
 	        self.log("SPAM: %s" % sender)	# log user for FP
 		ds.add_spam(sender,txt)
 		txt = None
 		self.fp = None
 		return False
 	    elif user == 'falsepositive' and self.internal_connection:
 	      sender = dspam_users.get(self.canon_from)
 	      if sender:
 	        self.log("FP: %s" % sender)	# log user for FP
 	        txt = ds.false_positive(sender,txt)
 		self.fp = StringIO.StringIO(txt)
 		self.delrcpt('<%s>' % rcpt)
 		self.recipients = None
 		self.rejectvirus = False
 		return True
 	    elif not self.internal_connection or dspam_internal:
 	      if len(txt) > dspam_sizelimit:
 		self.log("Large message:",len(txt))
 		return False
 	      txt = ds.check_spam(user,txt,self.recipients)
 	      if not txt:
 	        # DISCARD if quarrantined for any recipient.  It
 		# will be resent to all recipients if they submit
 		# as a false positive.
 		self.log("DSPAM:",user,rcpt)
 		self.fp = None
 		return False
 	      self.fp = StringIO.StringIO(txt)
 	      modified = True
 	  except Exception,x:
 	    print x
    # screen if no recipients are dspam_users
    if not modified and dspam_screener and not self.internal_connection \
    	and (self.dspam or self.reject_spam):
      self.fp.seek(0)
      txt = self.fp.read()
      if len(txt) > dspam_sizelimit:
 	self.log("Large message:",len(txt))
 	return False
      if not ds.check_spam(dspam_screener,txt,self.recipients,
      	classify=True,quarantine=not self.reject_spam):
 	self.fp = None
 	if self.reject_spam:
 	  self.log("DSPAM:",dspam_screener,
 	  	'REJECT: X-DSpam-Score: %f' % ds.probability)
 	  self.setreply('550','5.7.1','Your Message looks spammy')
 	  return True
 	self.log("DSPAM:",dspam_screener,"SCREENED")
    return modified
  def eom(self):
    if not self.fp:
      return Milter.ACCEPT	# no message collected - so no eom processing
    try:
      # analyze external mail for spam
      spam_checked = self.check_spam()	# tag or quarantine for spam
      if not self.fp:
        if spam_checked: return Milter.REJECT
 	return Milter.DISCARD	# message quarantined for all recipients
      # analyze all mail for dangerous attachments and scripts
      self.fp.seek(0)
      msg = mime.MimeMessage(self.fp)
      # pass header changes in top level message to sendmail
      msg.headerchange = self._headerChange
      # filter leaf attachments through _chk_attach
      rc = mime.check_attachments(msg,self._chk_attach)
    except:	# milter crashed trying to analyze mail
      exc_type,exc_value = sys.exc_info()[0:2]
      if dspam_userdir and exc_type == dspam.error:
        if not exc_value.strerror:
 	  exc_value.strerror = exc_value.args[0]
 	if exc_value.strerror == 'Lock failed':
 	  self.log("LOCK: BUSY")	# log filename
 	  self.setreply('450','4.2.0',
 		'Too busy discarding spam.  Please try again later.')
 	  return Milter.TEMPFAIL
      fname = tempfile.mktemp(".fail")	# save message that caused crash
      os.rename(self.tempname,fname)
      self.tempname = None
      self.log("FAIL: %s" % fname)	# log filename
      if exc_type == email.Errors.BoundaryError:
 	self.setreply('554','5.7.7',
 		'Boundary error in your message, are you a spammer?')
        return Milter.REJECT
      if exc_type == email.Errors.HeaderParseError:
 	self.setreply('554','5.7.7',
 		'Header parse error in your message, are you a spammer?')
        return Milter.REJECT
      # let default exception handler print traceback and return 451 code
      raise
    if rc == Milter.REJECT: return rc;
    if rc == Milter.DISCARD: return rc;
    if rc == Milter.CONTINUE: rc = Milter.ACCEPT # for testbms.py compat
    defanged = msg.ismodified()
    if self.hidepath: del msg['Received']
    if self.recipients == None:
      # false positive being recirculated
      self.recipients = msg.get_all('x-dspam-recipients',[])
      if self.recipients:
 	for rcptlist in self.recipients:
 	  for rcpt in rcptlist.split(','):
 	    self.addrcpt('<%s>' % rcpt.strip())
 	del msg['x-dspam-recipients']
      else:
 	self.addrcpt(self.mailfrom)
    else:
      self.alter_recipients(self.discard_list,self.redirect_list)
    for name,val in self.new_headers:
      self.addheader(name,val)
    if not defanged and not spam_checked:
      os.remove(self.tempname)
      self.tempname = None	# prevent re-removal
      self.log("eom")
      return rc			# no modified attachments
    # Body modified, copy modified message to a temp file 
    if defanged:
      if self.rejectvirus and not self.hidepath:
 	self.log("REJECT virus from",self.mailfrom)
 	self.tempname = None
 	return Milter.REJECT
      self.log("Temp file:",self.tempname)
      self.tempname = None	# prevent removal of original message copy
    out = tempfile.TemporaryFile()
    try:
      msg.dump(out)
      out.seek(0)
      msg = rfc822.Message(out)
      msg.rewindbody()
      while True:
 	buf = out.read(8192)
 	if len(buf) == 0: break
 	self.replacebody(buf)	# feed modified message to sendmail
      if spam_checked: self.log("dspam")
      return rc
    finally:
      out.close()
    return Milter.TEMPFAIL
  def close(self):
    sys.stdout.flush()		# make log messages visible
    if self.tempname:
      os.remove(self.tempname)	# remove in case session aborted
    if self.fp:
      self.fp.close()
    sys.stdout.flush()
    return Milter.CONTINUE
  def abort(self):
    self.log("abort after %d body chars" % self.bodysize)
    return Milter.CONTINUE
 def main():
  Milter.factory = bmsMilter
  flags = Milter.CHGBODY + Milter.CHGHDRS + Milter.ADDHDRS
  if wiretap_dest or smart_alias or dspam_userdir:
    flags = flags + Milter.ADDRCPT
  if srs or len(discard_users) > 0 or smart_alias or dspam_userdir:
    flags = flags + Milter.DELRCPT
  Milter.set_flags(flags)
  print "bms milter startup"
  sys.stdout.flush()
  Milter.runmilter("pythonfilter",socketname,timeout)
  print "bms milter shutdown"
 if __name__ == "__main__":
  read_config(["milter.cfg"])
  if dspam_dict:
    import dspam	# low level spam check
  if dspam_userdir:
    import dspam
    import Dspam	# high level spam check
    try:
      dspam_version = Dspam.VERSION
    except:
      dspam_version = '1.1.4'
    assert dspam_version >= '1.1.5'
  main()
@@ -0,0 +1,98 @@
 ## @mainpage Writing Milters in Python
 #
 # At the lowest level, the <code>milter</code> module provides a thin wrapper
 # around the <a href="milter_api/index.html"> sendmail
 # libmilter API</a>.  This API lets you register callbacks for a number of
 # events in the process of sendmail receiving a message via SMTP.  These
 # events include the initial connection from a MTA, the envelope sender and
 # recipients, the top level mail headers, and the message body.  There are
 # options to mangle all of these components of the message as it passes through
 # the %milter.
 # 
 # At the next level, the <code>Milter</code> module (note the case difference)
 # provides a Python friendly object oriented wrapper for the low level API.  To
 # use the Milter module, an application registers a 'factory' to create an
 # object for each connection from a MTA to sendmail.  These connection objects
 # must provide methods corresponding to the libmilter event callbacks.
 # 
 # Each callback method returns a code to tell sendmail whether to proceed with
 # processing the message.  This is a big advantage of milters over other mail
 # filtering systems.  Unwanted mail can be stopped in its tracks at the
 # earliest possible point.  The callback return codes are
 # milter.CONTINUE, milter.REJECT, milter.DISCARD, milter.ACCEPT, 
 # milter.TEMPFAIL, milter.SKIP, milter.NOREPLY.
 # 
 # The Milter.Base class provides default implementations for
 # event methods that do nothing, and also provides wrappers for the libmilter
 # methods to mutate the message.  It automatically negotiates with MTA
 # which protocol steps need to be processed by the %milter, based on
 # which callback methods are overridden.
 #
 # The Milter.Milter class provides an alternate default
 # implementation that logs the main milter callbacks, but otherwise does
 # nothing.  It is provided for compatibility.
 # 
 # The mime module provides a wrapper for the Python email package
 # that fixes some bugs, and simplifies modifying selected parts of a MIME
 # message.
 #
 # @section threading
 #
 # The libmilter library which pymilter wraps 
 # <a href="milter_overview#SignalHandling">handles
 # all signals</a> itself, and expects to be called from a single main thread.
 # It handles SIGTERM, SIGHUP, and SIGINT, mapping the first two to 
 # <a href="milter_api/smfi_stop.html">smfi_stop</a>
 # and the last to an internal ABORT.
 #
 # If you use python threads or threading modules, then signal handling gets
 # confused.  Threads may still be useful, but you may need to provide an
 # alternate means of causing graceful shutdown.
 #
 # You may find the
 # <a href="http://docs.python.org/release/2.6.6/library/multiprocessing.html">
 # multiprocessing</a> module useful.  It can be a drop-in
 # replacement for threading as illustrated in 
 # <a href="milter-template_8py-example.html">milter-template.py</a>.
 #
 # @section Useful python packages for milters
 #
 # <a href="https://github.com/sdgathman/pymilter">pymilter</a> - this package.
 #
 # <a href="https://github.com/sdgathman/pyspf">pyspf</a> checks the
 # SMTP envelope sender (MAIL FROM, passed to the Milter.Base.envfrom callback)
 # against a Sender Policy published in DNS by the sending domain.  This
 # can prevent forgery of the MAIL FROM.  SPF is Sender Policy Framework.
 #
 # <a href="https://launchpad.net/dkimpy">pydkim</a> checks a DKIM signature
 # of the email body and headers against a public key published in DNS by
 # the signing domain.  DKIM is DomainKeys Identified Mail.
 #
 # The <a href="https://pypi.python.org/pypi/authres/">authres</a> module 
 # parses and formats the Authentication-Results email header, providing
 # a standard place to summarize the results from DKIM, SPF, rDNS, SMTP AUTH,
 # and other email authentication methods.
 #
 # <a href="https://github.com/sdgathman/pydspam/">pydspam</a> wraps 
 # the libdspam API of the <a href="http://dspam.sourceforge.net/">DSPAM</a>
 # project.
 #
 # <a href="https://github.com/sdgathman/pysrs/">pysrs</a> rewrites
 # MAIL FROM to include a timestamped signature so that "bounce spam"
 # can be immediately rejected.
 #
 # <a href="https://github.com/sdgathman/pygossip/">pygossip</a> is a 
 # system to track reputation by domain and authentication level and type,
 # and a simple protocol to gossip about reputations with other mail servers.
 #
 # @section Milters written with pymilter
 #
 # <a href="https://github.com/croessner/vrfydmn">Verify Domain</a> is a
 # Postfix milter that rejects/fixes manipulated From: header
 # on a mail host with multiple virtual domains.
 #
 # <a href="https://github.com/sdgathman/milter/">BMS Milter</a> has several
 # milters, a big complicated spam filter that integrates multiple
 # authentication protocols with pydspam, and two simple ones: spfmilter.py and
 # dkim-milter.py.
 #
@@ -0,0 +1,251 @@
 # Document miltermodule for Doxygen
 #
 ## @package milter
 #
 # A thin wrapper around libmilter.  Most users will not import
 # milter directly, but will instead import Milter and subclass
 # Milter.Base.  This module gives you ultimate low level control
 # from python.
 #
 ## Continue processing the current connection, message, or recipient.
 CONTINUE  = 0
 ##  For a connection-oriented routine, reject this connection; 
 # call Milter.Base.close(). For a message-oriented routine, except
 # Milter.Base.eom() or Milter.Base.abort(), reject this message.  For a
 # recipient-oriented routine, reject the current recipient (but continue
 # processing the current message).
 REJECT    = 1
 ## For a message- or recipient-oriented routine, accept this message, but
 # silently discard it.  SMFIS_DISCARD should not be returned by a
 # connection-oriented routine.
 DISCARD   = 2
 ## For a connection-oriented routine, accept this connection without further
 # filter processing; call Milter.Base.close().   For a message- or
 # recipient-oriented routine, accept this message without further filtering.
 ACCEPT    = 3
 ## Return a temporary failure, i.e., the corresponding SMTP command will return
 # an appropriate 4xx status code. For a message-oriented routine, except
 # Milter.Base.envfrom(), fail for this message.  For a connection-oriented
 # routine, fail for this connection; call Milter.Base.close().  For a recipient-oriented
 # routine, only
 # fail for the current recipient; continue message processing.
 TEMPFAIL  = 4
 ## Skip further callbacks of the same type in this transaction. 
 # Currently this return value is only allowed in Milter.Base.body(). It can be
 # used if a %milter has received sufficiently many body chunks to make a
 # decision, but still wants to invoke message modification functions that are
 # only allowed to be called from Milter.Base.eom(). Note: the %milter must
 # negotiate this behavior with the MTA, i.e., it must check whether the
 # protocol action SMFIP_SKIP is available and if so, the %milter must request
 # it.
 SKIP      = 5
 ## Do not send a reply back to the MTA. 
 # The %milter must negotiate this behavior with the MTA, i.e., it must check
 # whether the appropriate protocol action P_NR_* is available and if so,
 # the %milter must request it. If you set the P_NR_* protocol action for a
 # callback, that callback must always reply with NOREPLY. Using any other
 # reply code is a violation of the API. If in some cases your callback may
 # return another value (e.g., due to some resource shortages), then you must
 # not set P_NR_* and you must use CONTINUE as the default return
 # code. (Alternatively you can try to delay reporting the problem to a later
 # callback for which P_NR_* is not set.)
 #
 # This is negotiated and returned automatically by the Milter.noreply 
 # function decorator.
 NOREPLY   = 6
 ## Hold context for a %milter connection.
 # Each connection to sendmail creates a new <code>SMFICTX</code> struct within
 # libmilter.  The milter module in turn creates a milterContext
 # tied to the <code>SMFICTX</code> struct via <code>smfi_setpriv</code>
 # to hold a PyThreadState and a user defined Python object for the connection.
 # 
 # Most application interaction with libmilter takes places via 
 # the milterContext object for the connection.  It is passed to
 # callback functions as the first parameter.
 #
 # The <code>Milter</code> module creates a python class for each connection,
 # and converts function callbacks to instance method invocations.
 #
 class milterContext(object):
  ## Calls <a href="milter_api/smfi_getsymval.html">smfi_getsymval</a>.
  def getsymval(self,sym): pass
  ## Calls <a href="milter_api/smfi_setreply.html">
  # smfi_setreply</a> or
  # <a href="milter_api/smfi_setmlreply.html">
  # smfi_setmlreply</a>.
  # @param rcode SMTP response code
  # @param xcode extended SMTP response code
  # @param msg one or more message lines.  If the MTA does not support 
  #     multiline messages, only the first is used.
  def setreply(self,rcode,xcode,*msg): pass
  ## Calls <a href="milter_api/smfi_addheader.html">smfi_addheader</a>.
  def addheader(self,name,value,idx=-1): pass
  ## Calls <a href="milter_api/smfi_chgheader.html">smfi_chgheader</a>.
  def chgheader(self,name,idx,value): pass
  ## Calls <a href="milter_api/smfi_addrcpt.html">smfi_addrcpt</a>.
  def addrcpt(self,rcpt,params=None): pass
  ## Calls <a href="milter_api/smfi_delrcpt.html">smfi_delrcpt</a>.
  def delrcpt(self,rcpt): pass
  ## Calls <a href="milter_api/smfi_replacebody.html">smfi_replacebody</a>.
  def replacebody(self,data): pass
  ## Attach a Python object to this connection context.
  # @return the old value or None
  def setpriv(self,priv): pass
  ## Return the Python object attached to this connection context.
  def getpriv(self): pass
  ## Calls <a href="milter_api/smfi_quarantine.html">smfi_quarantine</a>.
  def quarantine(self,reason): pass
  ## Calls <a href="milter_api/smfi_progress.html">smfi_progress</a>.
  def progress(self): pass
  ## Calls <a href="milter_api/smfi_chgfrom.html">smfi_chgfrom</a>.
  def chgfrom(self,sender,param=None): pass
  ## Tell the MTA which macro values we are interested in for a given stage.
  # Of interest only when you need to squeeze a few more bytes of bandwidth.
  # It may only be called from the negotiate callback.
  # The protocol stages are 
  # M_CONNECT, M_HELO, M_ENVFROM, M_ENVRCPT, M_DATA, M_EOM, M_EOH.
  # Calls <a href="milter_api/smfi_setsymlist.html">smfi_setsymlist</a>.
  # @param stage protocol stage in which the macro list should be used
  # @param macrolist a space separated list of macro names
  def setsymlist(self,stage,macrolist): pass
 class error(Exception): pass
 ## Enable optional %milter actions.
 # Certain %milter actions need to be enabled before calling main()
 # or they throw an exception.  Pymilter enables them all by
 # default (since 0.9.2), but you may wish to disable unneeded
 # actions as an optimization.
 # @param flags Bit or mask of optional actions to enable
 def set_flags(flags): pass
 def set_connect_callback(cb): pass
 def set_helo_callback(cb): pass
 def set_envfrom_callback(cb): pass
 def set_envrcpt_callback(cb): pass
 def set_header_callback(cb): pass
 def set_eoh_callback(cb): pass
 def set_body_callback(cb): pass
 def set_abort_callback(cb): pass
 def set_close_callback(cb): pass
 ## Sets the return code for untrapped Python exceptions during a callback.
 # The default is TEMPFAIL.  You should not depend on this handler.  Your
 # application should have its own top level exception handler for each
 # callback.  You can then choose your own reply message, log the stack track
 # were you please, and so on.  However, if you miss one, this last ditch
 # handler will print a standard stack trace to sys.stderr, and return to
 # sendmail.  
 # @param code one of #TEMPFAIL,#REJECT,#CONTINUE, or since 1.0, #ACCEPT
 def set_exception_policy(code): pass
 ## Register python %milter with libmilter.
 # The name we pass is used to identify the %milter in the MTA configuration.
 # Callback functions must be set using the set_*_callback() functions before
 # registering the %milter.
 # Three additional callbacks are specified as keyword parameters.  These
 # were added by recent versions of libmilter.  The keyword parameters is
 # a nicer way to do it, I think, since it makes clear that you have to do
 # it before registering.  I may move all the callbacks in the future (perhaps
 # keeping the set functions for compatibility).  Note that Milter.Base
 # automatically maps all callbacks to member functions, and negotiates which
 # member functions are actually overridden by an application class.
 # @param name the %milter name by which the MTA finds us
 # @param negotiate the
 #       <a href="milter_api/xxfi_negotiate.html">
 #       xxfi_negotiate</a> callback, called to negotiate supported
 #       actions, callbacks, and protocol steps.
 # @param unknown the
 #       <a href="milter_api/xxfi_unknown.html">
 #       xxfi_unknown</a> callback, called when for SMTP commands
 #       not recognized by the MTA. (Extend SMTP in your milter!)
 # @param data the
 #       <a href="milter_api/xxfi_data.html">
 #       xxfi_data</a> callback, called when the DATA
 #       SMTP command is received.
 def register(name,negotiate=None,unknown=None,data=None): pass
 ## Attempt to create the socket used to communicate with the MTA.
 # milter.opensocket() attempts to create the socket specified previously by a
 # call to milter.setconn() which will be the interface between MTAs and the
 # %milter.  This allows the calling application to ensure that the socket can be
 # created.  If this is not called, milter.main() will do so implicitly.
 # Calls <a href="milter_api/smfi_opensocket.html">
 # smfi_opensocket</a>.  While not documented for libmilter, my experiments
 # indicate that you must call register() before calling opensocket().
 # @param rmsock Try to remove an existing unix domain socket if true.
 def opensocket(rmsock): pass
 ## Transfer control to libmilter.
 # Calls <a href="milter_api/smfi_main.html">
 #   smfi_main</a>.
 def main(): pass
 ## Set the libmilter debugging level.
 # <a href="milter_api/smfi_setdbg.html">smfi_setdbg</a>
 # sets the %milter library's internal debugging level to a new level
 # so that code details may be traced. A level of zero turns off debugging. The
 # greater (more positive) the level the more detailed the debugging. Six is the
 # current, highest, useful value.  Must be called before calling main().
 def setdbg(lev): pass
 ## Set timeout for MTA communication.
 # Calls <a href="milter_api/smfi_settimeout.html">
 # smfi_settimeout</a>.  Must be called before calling main().
 def settimeout(secs): pass
 ## Set socket backlog.
 # Calls <a href="milter_api/smfi_setbacklog.html">
 # smfi_setbacklog</a>.  Must be called before calling main().
 def setbacklog(n): pass
 ## Set the socket used to communicate with the MTA.
 # The MTA can communicate with the milter by means of a
 # unix, inet, or inet6 socket. By default, a unix domain socket
 # is used.  It must not exist,
 # and sendmail will throw warnings if, eg, the file is under a
 # group or world writable directory.  milter.setconn() will not fail with
 # an invalid socket - this will be detected only when calling milter.main()
 # or milter.opensocket().
 # @param s the socket address in proto:address format
 # <pre>
 # milter.setconn('unix:/var/run/pythonfilter')  # a named pipe
 # milter.setconn('local:/var/run/pythonfilter') # a named pipe
 # milter.setconn('inet:8800') 			# listen on ANY interface
 # milter.setconn('inet:7871@@publichost')	# listen on a specific interface
 # milter.setconn('inet6:8020')
 # milter.setconn('inet6:8020@[2001:db8:1234::1]')      # listen on specific IP
 # </pre>
 def setconn(s): pass
 ## Stop the %milter gracefully.
 def stop(): pass
 ## Retrieve diagnostic info.
 # Return a tuple with diagnostic info gathered by the milter module.
 # The first two fields are counts of milterContext objects created
 # and deleted.  Additional fields may be added later.
 # @return a tuple of diagnostic data
 def getdiag(): pass
 ## Retrieve the runtime libmilter version.
 # Return the runtime libmilter version. This can be different
 # from the compile time version when sendmail or libmilter is upgraded
 # after pymilter is compiled.
 # @return a tuple of <code>(major,minor,patchlevel)</code>
 def getversion(): pass
 ## The compile time libmilter version.
 # Python code might need to deal with pymilter compiled 
 # against various versions of libmilter.  This module constant 
 # contains the contents of the <code>SMFI_VERSION</code> macro when
 # the milter module was compiled.
 VERSION = 0x1000001
@@ -1,138 +0,0 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
 <html>
 <head>
 <title>Python Milter FAQ</title>
 </head><body>
 <h1> Python Milter <a name=faq>FAQ</a> </h1>
 <ol>
 <h3> Compiling Python Milter </h3>
 <li> Q. I have installed sendmail from source, but Python milter won't
 compile.
 <p>  A. Even though libmilter is officially supported in sendmail-8.12, 
 you need to build and install it in separate steps.  Take a look
 at the <a href="/aix/sendmail12.spec">RPM spec file</a> for sendmail-8.12.  
 The %prep section shows you how to create
 a site.config.m4 that enables MILTER.  The %build section shows you how
 to build libmilter in a separate invocation of make.  The %install section
 shows you how to install libmilter with a separate invocation of make.
 <p>
 <li> Q. Why is mfapi.h not found when I try to compile Python milter on
 RedHat 7.2?
 <p>  A. RedHat forgot to include the header in the RPM.  See the
 <a href="milter.html#rh72">RedHat 7.2 requirements</a>.
 <p>
 <h3> Running Python Milter </h3>
 <li> Q. The sample.py milter prints a message, then just sits there.
 <pre>
 To use this with sendmail, add the following to sendmail.cf:
 O InputMailFilters=pythonfilter
 Xpythonfilter,        S=local:inet:1030@localhost
 See the sendmail README for libmilter.
 sample  milter startup
 </pre>
 <p>  A. You need to tell sendmail to connect to your milter.  The
 sample milter tells you what to add to your sendmail.cf to tell
 sendmail to use the milter.  You can also add an INPUT_MAIL_FILTER
 macro to your sendmail.mc file and rebuild sendmail.cf - see the sendmail
 README for milters.
 <p>
 <li> Q. I've configured sendmail properly, but still nothing happens
 when I send myself mail!
 <p>  A. Sendmail only milters SMTP mail.  Local mail is not miltered.
 You can pipe a raw message through sendmail to test your milter:
 <pre>
 $ cat rawtextmsg | sendmail myname@my.full.domain
 </pre>
 Now check your milter log.
 <p>
 <li> Q. Why do I get this ImportError exception?
 <pre>
 File "mime.py", line 370, in ?
    from sgmllib import declstringlit, declname
    ImportError: cannot import name declstringlit
 </pre>
 <p>  A. <code>declstringlit</code> is not provided by sgmllib in all versions
 of python.  For instance, python-2.2 does not have it.  Upgrade to
 milter-0.4.5 or later to remove this dependency.
 <p>
 <li> Q. Why do I get <code>milter.error: cannot add recipient</code>?
 <pre>
 </pre>
 <p>  A. You must tell libmilter how you might mutate the message with
 <code>set_flags()</code> before calling <code>runmilter()</code>.  For
 instance, <code>Milter.set_flags(Milter.ADDRCPT)</code>.  You must add together
 all of <code>ADDHDRS, CHGBODY, ADDRCPT, DELRCPT, CHGHDRS</code> that apply.
 <p>
 <li> Q. Why does sendmail sometimes print something like:
 "...write(D) returned -1, expected 5: Broken pipe"
 in the sendmail log?
 <p>  A. Libmilter expects "rcpt to" shortly after getting "mail from".
 "Shortly" is defined by the timeout parameter you passed to
 <code>Milter.runmilter()
 </code> or <code>milter.settimeout()</code>.  If the timeout is 10 seconds,
 and looking up the first recipient in DNS takes more than
 10 seconds, libmilter will give up and break the connection.  
 <code>Milter.runmilter()</code> defaulted to 10 seconds in 0.3.4.  In 0.3.5
 it will keep the libmilter default of 2 hours.
 <p>
 <li> Q. Why does milter block messages with big5 encoding?  What if I
 want to receive them?
 <p>  A. sample.py is a sample.  It is supposed to be easily modified
 for your specific needs.  We will of course continue to move generic
 code out of the sample as the project evolves.  Think of sample.py as
 an active config file.
 <p>
 <li> Q. Why does sendmail coredump with milters on OpenBSD?
 <p>  A. Sendmail has a problem with unix sockets on OpenBSD.  Use
 an internet domain socket instead.  For example, in <code>sendmail.cf</code> use
 <pre>
 Xpythonfilter, S=inet:1234@localhost
 </pre>
 and change sample.py accordingly.
 <p>
 <li> Q. How can I change the bounce message for an invalid recipient?
 I can only change the recipient in the eom callback, but the eom callback
 is never called when the recipient is invalid!
 <p>  A. Configure sendmail to use virtusertable, and send all unknown
 addresses to /dev/null.  For example,
 <h4>/etc/mail/virtusertable</h4>
 <pre>
@mycorp.com	dev-null
 dan@mycorp.com	dan
 sally@mycorp.com	sally
 </pre>
 <h4>/etc/aliases</h4>
 <pre>
 dev-null:	/dev/null
 </pre>
 Now your milter will get to the eom callback, and can change the
 envelope recipient at will.  Thanks to Dredd at 
 <a href=http://www.milter.org/>milter.org</a> for this solution.
 <p>
 <li> Q. I am having trouble with the setreply method.  It always outputs
 	"milter.error: cannot set reply".
 <p>  A. Check the sendmail log for errors.  If sendmail is getting
 milter timeouts, then your milter is taking too long and sendmail gave
 up waiting.  You can adjust the timeouts in your sendmail config.  Here
 is a milter declaration for sendmail.cf with all timeouts specified:
 <pre>
 Xpythonfilter, S=local:/var/log/milter/pythonsock, F=T, T=C:5m;S:20s;R:60s;E:5m
 </pre>
 </ol>
 </html>
@@ -0,0 +1,14 @@
 web:
 	doxygen
 	test -L doc/html/milter_api || ln -sf /usr/share/doc/sendmail-milter-devel doc/html/milter_api
 	rsync -ravKk doc/html/ bmsi.com:/var/www/html/pymilter
 	cd doc/html; zip -r ../../doc .
 VERSION=1.0.3
 PKG=pymilter-$(VERSION)
 SRCTAR=$(PKG).tar.gz
 $(SRCTAR):
 	git archive --format=tar.gz --prefix=$(PKG)/ -o $(SRCTAR) $(PKG)
 gittar: $(SRCTAR)
@@ -0,0 +1,80 @@
 ## A very simple milter to prevent mixing of internal and external mail.  
 # Internal is defined as using one of a list of internal top level domains.
 #  This code is open-source on the same terms as Python.
 from __future__ import print_function
 import Milter
 import time
 import sys
 from Milter.utils import parse_addr
 internal_tlds = ["corp", "personal"]
 ## Determine if a hostname is internal or not. 
 # True if internal, False otherwise
 def is_internal(hostname):
    components = hostname.split(".")
    return components.pop() in internal_tlds
 # Determine if internal and external hosts are mixed based on a list
 # of hostnames
 def are_mixed(hostnames):
    hostnames_mapped = map(is_internal, hostnames)
    # Num internals
    num_internal_hosts = hostnames_mapped.count(True)
    # Num externals
    num_external_hosts = hostnames_mapped.count(False)
    return num_external_hosts >= 1 and num_internal_hosts >= 1
 class NoMixMilter(Milter.Base):
  def __init__(self):  # A new instance with each new connection.
    self.id = Milter.uniqueID()  # Integer incremented with each call.
  ##  def envfrom(self,f,*str):
  @Milter.noreply
  def envfrom(self, mailfrom, *str):
    self.mailfrom = mailfrom
    self.domains = []
    t = parse_addr(mailfrom)
    if len(t) > 1:
      self.domains.append(t[1])
    else:
      self.domains.append('local')
    self.internal = False
    return Milter.CONTINUE
  ##  def envrcpt(self, to, *str):
  def envrcpt(self, to, *str):
    self.R.append(to)
    t = parse_addr(to)
    if len(t) > 1:
      self.domains.append(t[1])
    else:
      self.domains.append('local')
    if are_mixed(self.domains):
      # FIXME: log recipients collected in self.mailfrom and self.R
      self.setreply('550','5.7.1','Mixing internal and external TLDs')
      return Milter.REJECT
    return Milter.CONTINUE
 def main():
  socketname = "/var/run/nomixsock"
  timeout = 600
  # Register to have the Milter factory create instances of your class:
  Milter.factory = NoMixMilter
  print("%s milter startup" % time.strftime('%Y%b%d %H:%M:%S'))
  sys.stdout.flush()
  Milter.runmilter("nomixfilter",socketname,timeout)
  logq.put(None)
  bt.join()
  print("%s nomix milter shutdown" % time.strftime('%Y%b%d %H:%M:%S'))
 if __name__ == "__main__":
  main()
@@ -0,0 +1,166 @@
 ## To roll your own milter, create a class that extends Milter.  
 #  See the pymilter project at http://bmsi.com/python/milter.html
 #  based on Sendmail's milter API 
 #  This code is open-source on the same terms as Python.
 ## Milter calls methods of your class at milter events.
 ## Return REJECT,TEMPFAIL,ACCEPT to short circuit processing for a message.
 ## You can also add/del recipients, replacebody, add/del headers, etc.
 from __future__ import print_function
 import Milter
 try:
  from StringIO import StringIO
 except:
  from io import StringIO
 import time
 import email
 import sys
 from socket import AF_INET, AF_INET6
 from Milter.utils import parse_addr
 if True:
  from multiprocessing import Process as Thread, Queue
 else:
  from threading import Thread
  from Queue import Queue
 logq = Queue(maxsize=4)
 class myMilter(Milter.Base):
  def __init__(self):  # A new instance with each new connection.
    self.id = Milter.uniqueID()  # Integer incremented with each call.
  # each connection runs in its own thread and has its own myMilter
  # instance.  Python code must be thread safe.  This is trivial if only stuff
  # in myMilter instances is referenced.
  @Milter.noreply
  def connect(self, IPname, family, hostaddr):
    # (self, 'ip068.subnet71.example.com', AF_INET, ('215.183.71.68', 4720) )
    # (self, 'ip6.mxout.example.com', AF_INET6,
    #	('3ffe:80e8:d8::1', 4720, 1, 0) )
    self.IP = hostaddr[0]
    self.port = hostaddr[1]
    if family == AF_INET6:
      self.flow = hostaddr[2]
      self.scope = hostaddr[3]
    else:
      self.flow = None
      self.scope = None
    self.IPname = IPname  # Name from a reverse IP lookup
    self.H = None
    self.fp = None
    self.receiver = self.getsymval('j')
    self.log("connect from %s at %s" % (IPname, hostaddr) )
    return Milter.CONTINUE
  ##  def hello(self,hostname):
  def hello(self, heloname):
    # (self, 'mailout17.dallas.texas.example.com')
    self.H = heloname
    self.log("HELO %s" % heloname)
    if heloname.find('.') < 0:	# illegal helo name
      # NOTE: example only - too many real braindead clients to reject on this
      self.setreply('550','5.7.1','Sheesh people!  Use a proper helo name!')
      return Milter.REJECT
    return Milter.CONTINUE
  ##  def envfrom(self,f,*str):
  def envfrom(self, mailfrom, *str):
    self.F = mailfrom
    self.R = []  # list of recipients
    self.fromparms = Milter.dictfromlist(str)	# ESMTP parms
    self.user = self.getsymval('{auth_authen}')	# authenticated user
    self.log("mail from:", mailfrom, *str)
    # NOTE: self.fp is only an *internal* copy of message data.  You
    # must use addheader, chgheader, replacebody to change the message
    # on the MTA.
    self.fp = StringIO()
    self.canon_from = '@'.join(parse_addr(mailfrom))
    self.fp.write('From %s %s\n' % (self.canon_from,time.ctime()))
    return Milter.CONTINUE
  ##  def envrcpt(self, to, *str):
  @Milter.noreply
  def envrcpt(self, to, *str):
    rcptinfo = to,Milter.dictfromlist(str)
    self.R.append(rcptinfo)
    return Milter.CONTINUE
  @Milter.noreply
  def header(self, name, hval):
    self.fp.write("%s: %s\n" % (name,hval))	# add header to buffer
    return Milter.CONTINUE
  @Milter.noreply
  def eoh(self):
    self.fp.write("\n")				# terminate headers
    return Milter.CONTINUE
  @Milter.noreply
  def body(self, chunk):
    self.fp.write(chunk)
    return Milter.CONTINUE
  def eom(self):
    self.fp.seek(0)
    msg = email.message_from_file(self.fp)
    # many milter functions can only be called from eom()
    # example of adding a Bcc:
    self.addrcpt('<%s>' % 'spy@example.com')
    return Milter.ACCEPT
  def close(self):
    # always called, even when abort is called.  Clean up
    # any external resources here.
    return Milter.CONTINUE
  def abort(self):
    # client disconnected prematurely
    return Milter.CONTINUE
  ## === Support Functions ===
  def log(self,*msg):
    logq.put((msg,self.id,time.time()))
 def background():
  while True:
    t = logq.get()
    if not t: break
    msg,id,ts = t
    print("%s [%d]" % (time.strftime('%Y%b%d %H:%M:%S',time.localtime(ts)),id),
        end=None)
    # 2005Oct13 02:34:11 [1] msg1 msg2 msg3 ...
    for i in msg: print(i,end=None)
    print()
    sys.stdout.flush()
 ## ===
 def main():
  bt = Thread(target=background)
  bt.start()
  socketname = "/home/stuart/pythonsock"
  timeout = 600
  # Register to have the Milter factory create instances of your class:
  Milter.factory = myMilter
  flags = Milter.CHGBODY + Milter.CHGHDRS + Milter.ADDHDRS
  flags += Milter.ADDRCPT
  flags += Milter.DELRCPT
  Milter.set_flags(flags)       # tell Sendmail which features we use
  print("%s milter startup" % time.strftime('%Y%b%d %H:%M:%S'))
  sys.stdout.flush()
  Milter.runmilter("pythonfilter",socketname,timeout)
  logq.put(None)
  bt.join()
  print("%s bms milter shutdown" % time.strftime('%Y%b%d %H:%M:%S'))
 if __name__ == "__main__":
  main()
@@ -1,120 +0,0 @@
 # features intended to filter or block incoming mail
 [milter]
 ;socket=/var/log/milter/pythonsock
 tempdir = /var/log/milter/save
 ;timeout=600
 scan_rfc822 = 1
 # can be CPU intensive
 scan_html = 0
 # reject asian fonts because we can't read them
 block_chinese = 1
 # users who hate forwarded mail
 ;block_forward = egghead@mycorp.com, busybee@mycorp.com
 log_headers = 0
 # Reject mail for domains mentioned unless user is mentioned here also
 ;check_user = joe@mycorp.com, mary@mycorp.com, file:bigcorp.com
 # porn words are case insensitive
 porn_words = penis, breast, pussy, horse cock, porn, xenical, diet pill, d1ck,
 	vi*gra, vi-a-gra, viag, tits, p0rn, hunza, horny, sexy, c0ck,
 	p-e-n-i-s, hydrocodone, vicodin, xanax, vicod1n, x@nax, diazepam,
 	v1@gra, xan@x, cialis, ci@lis, frëe, xãnax, valíum, vãlium, via-gra,
 	x@n3x, vicod3n, penís, v|c0d1n, phentermine, en1arge, dip1oma, v1codin
 # spam words are case sensitive
 spam_words = $$$, !!!, XXX, FREE, HGH
 # connection ips and hostnames are matched against this glob style list
 # to recognize internal senders
 ;internal_connect = 192.168.*.*
 # mail that is not an internal_connect and claims to be from an
 # internal domain is rejected.
 ;internal_domains = mycorp.com
 # connections from a trusted relay can trust the first Received header
 ;trusted_relay = 1.2.3.4, 66.12.34.56
 # reject external senders with hello names no legit external sender would use
 ;hello_blacklist = mycorp.com, 66.12.34.56
 [srs]
 config=/etc/mail/pysrs.cfg
 ;secret="shhhh!"
 ;maxage=21
 ;hashlength=4
 ;database=/var/log/milter/srsdata
 ;fwdomain = mydomain.com
 # turn this on after a grace period
 reject_spoofed = 0
 [spf]
 # namespace where SPF records can be supplied for domains without one
 # records are search for under _spf.domain.com
 ;delegate = domain.com
 # domains where a neutral SPF result should cause mail to be rejected
 ;reject_neutral = aol.com
 # use a default (v=spf1 a/24 mx/24 ptr) when no SPF records are published
 ;best_guess = 0
 # features intended to clean up outgoing mail
 [scrub]
 # domains that stupidly block visible private nodes
 ;hide_path = jcpenney.com	
 # block, don't just replace with warning, viruses from these domains
 ;reject_virus_from = mycorp.com
 # features intended for spying on users and coworkers
 [wiretap]
 blind = 1
 #
 # wiretap lets you surreptitiously monitor a users outgoing email
 # (sendmail aliases let you monitor incoming mail)
 #
 ;users = disloyal@bigcorp.com, bigmouth@bigcorp.com
 ;dest = spy@bigcorp.com
 # discard outgoing mail without alerting sender
 # can be used in conjunction with wiretap to censor outgoing mail
 ;discard_users = canned@bigcorp.com
 #
 # smart aliases trigger on both sender and recipient
 #
 ;smart_alias = copycust,walter
 # mail from client@clientcorp.com to sue@bigcorp.com is redirected to 
 # local alias copycust
 ;copycust = client@clientcorp.com,sue@bigcorp.com
 # mail from cust@othercorp.com to walter@bigcorp.com is redirected to
 # boss@bigcorp.com
 ;walter = cust@othercorp.com,walter@bigcorp.com,boss@bigcorp.com
 # additional copies can be added
 ;walter1 = cust@othercorp.com,walter@bigcorp.com,boss@bigcorp.com,
 ;	walter@bigcorp.com
 [dspam]
 # Select a well moderated dspam dictionary to reject spammy headers
 # dspam-python must be installed to use: http://bmsi.com/python/dspam.html
 # only EXTERNAL messages are dspam filtered
 ;dspam_dict=/var/lib/dspam/moderator.dict
 # Opt-opt recipients from dspam screening and header triage
 ;dspam_exempt=getitall@mycorp.com
 # Do not scan mail (ostensibly) from these senders
 ;dspam_whitelist=getitall@sender.com
 # Reject spam to these domains, perhaps because we are a backup MX server
 ;dspam_reject=othercorp.com
 # directory for dspam user quarantine, signature db, and dictionaries
 # defining this activates the dspam application
 # dspam and dspam-python must be installed
 ;dspam_userdir=/var/lib/dspam
 # do not dspam messages larger than this
 ;dspam_sizelimit=180000
 # Map email addresses and aliases to dspam users
 ;dspam_users=david,goliath,spam,falsepositive
 ;david=david@foocorp.com,david.yelnetz@foocorp.com,david@bar.foocorp.com
 ;goliath=giant@foocorp.com,goliath.philistine@foocorp.com
 # address to forward spam to.  milter will process these and not deliver
 ;spam=spam@foocorp.com
 # address to forward false positives to.  milter will process and not deliver
 ;falsepositive=ham@foocorp.com
 # the dspam_screener is used to screen mail for all recipients who are
 # not dspam_users.  Spam goes to the screeners quarantine, and the original
 # recipients saved so that false positives can be properly delivered.
 # The dspam CGI can also be used: logins must match dspam users
@@ -1,649 +0,0 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>Python Milters</title>
 </head><body>
 <P ALIGN="CENTER"><A HREF="http://www.anybrowser.org/campaign/">
 <IMG SRC="/art/brain1.gif"
 ALT="Viewable With Any Browser" BORDER="0"></A>
 <img src="/art/banner_4.gif" width="468" height="60" border="0"
 	usemap="#banner_4" alt="Your vote?">
 <map name="banner_4">
  <area shape="rect" coords="330,25,426,59"
  	href="http://www.sepschool.org/survey/" alt="I Disagree">
  <area shape="rect" coords="234,28,304,57" href="http://sepschool.org/" alt="I Agree">
 </map>
 </P>
 <h1 align=center>Sendmail Milters in Python</h1>
 <h4 align=center>by <a href="mailto:%75%72%6D%61%6E%65%40%6E%65%75%72%61l%61%63%63%65%73%73%2E%63%6F%6D">Jim Niemira</a>
  and <a href="mailto:%73%74%75%61%72%74%40%62%6D%73%69%2E%63%6F%6D">
  Stuart D. Gathman</a><br>
 This web page is written by Stuart D. Gathman<br>and<br>sponsored by
 <a href="http://www.bmsi.com">Business Management Systems, Inc.</a> <br>
 Last updated Apr 21, 2004</h4>
 See the <a href="faq.html">FAQ</a> | <a href="#download">Download now</a> |
 <a href="/mailman/listinfo/pymilter">Subscribe to mailing list</a>
 <p>
 <img src="python55.gif" align=left alt="A Python">
 <a href="//www.sendmail.org/">Sendmail</a> introduced a
 <a href="http://www.milter.org/milter_api/api.html"> new API</a> beginning with version 8.10 -
 libmilter.  The milter module for <a href="//www.python.org">Python</a>
 provides a python interface to libmilter that exploits all its features.
 <p>
 Sendmail 8.12 officially releases libmilter.  
 Version 8.12 seems to be more robust, and includes new privilege
 separation features to enhance security.
 I recommend upgrading.
 <h2> <a name=dspam>Bayesian Filtering</a> </h2>
 I have selected the <a href="http://www.nuclearelephant.com/projects/dspam/">
 dspam bayes filter project</a> and <a href="dspam.html">
 packaged it for python</a>.
 Release 0.6.6 adds support for <a href="http://spf.pobox.com/">SPF</a>,
 a protocol to prevent forging of the envelope from address.  
 SPF support requires <a href="http://pydns.sourceforge.net/">pydns</a>.
 The included spf.py module is an updated version of the original 1.6
 version at <a href="http://www.wayforward.net/spf/">wayforward.net</a>.
 The updated version tracks the draft RFC and test suite.
 <p>
 Release 0.6.0 offers a simple application of dspam I call "header triage",
 which rejects messages with spammy headers.  Since sendmail has to
 read the entire message anyway once we start reading headers, it
 would probably be better to scan the whole message - except that 
 we replace dangerous attachments elsewhere in the milter  - which screws up the
 body statistics for messages with dangerous attachments.
 <p>
 Release 0.6.1 adds a full milter based dspam application.
 <p>
 To use header triage, you must have <a href="dspam.html">DSPAM</a> installed,
 and select a dictionary that is well moderated by someone who gets
 lots of spam.  That dictionary can be used to block spam that is 
 obvious from the headers (e.g. X-Mailer and Subject) before it ties
 up any more resources.  I have yet to see any false positives from this
 approach (check the milter log), but if there are, the sender will
 get a REJECT with the message "Your message looks spammy."
 <h2> Enough Already! </h2>
 Nearly a dozen people have emailed me begging for a feature to copy
 outgoing and/or incoming mail to a backup directory by user.  Ok, it
 looks like this is a most requested feature for 0.5.6.  In the meantime,
 here are some things to consider:
 <ul>
 <li> If you want to equivalent of a Bcc added to each message, this
 is very easy to do in the python code for bms.py.   See below.
 <li> If you want to copy to a file in a directory (thus avoiding having to
 set up aliases), this is slightly more involved.  The bms.py milter already
 copies the message to a temporary file for use in replacing the message body
 when banned attachments are found.  You have to open a file, and copy the
 Mesage object to it in eom().
 <li> Finally, you are probably aware that most email clients already
 keep a copy of outgoing mail?  Presumably there is a good reason for
 keeping another copy on the server.
 </ul>
 <p>
 To Bcc a message, call <code>self.add_recipient(rcpt)</code> in envfrom after
 determining whether you want to copy (e.g. whether the sender is local).  For
 example,
 <pre>
  def envfrom(...
    ...
    if len(t) == 2:
      self.rejectvirus = t[1] in reject_virus_from
      if t[0] in wiretap_users.get(t[1],()):
 	self.add_recipient(wiretap_dest)
      if t[1] == 'mydomain.com':
        self.add_recipient('&lt;copy-%s&gt;' % t[0])
      ...
 </pre>
 <p>
 To make this a generic feature requires thinking about how the configuration
 would look.  Feel free to make specific suggestions about config file
 entries.  Be sure to handle both Bcc and file copies, and designating what
 mail should be copied.  How should "outgoing" be defined?  Implementing it is
 easy once the configuration is designed.
 <h3>Overview</h3>
 This package provides a robust toolkit for Python <a
 href="#milter">milters</a>, and the beginnings of a general purpose mail
 filtering system written in Python.
 <p>
 At the lowest level, the 'milter' module provides a thin wrapper around the
 <a href="http://www.milter.org/milter_api/api.html">
 sendmail libmilter API</a>.  This API lets you register callbacks for 
 a number of events in the
 <a href="http://www.cs.concordia.ca/~group/fig/public/email/relay/milter+ruleset-checks.html">process of sendmail receiving a message via SMTP</a>.  
 These events include the initial connection from a MTA,
 the envelope sender and recipients, the top level mail headers, and
 the message body.  There are options to mangle all of these components
 of the message as it passes through the milter.
 <p>
 At the next level, the 'Milter' module (note the case difference) provides a
 Python friendly object oriented wrapper for the low level API.  To use the
 Milter module, an application registers a 'factory' to create an object
 for each connection from a MTA to sendmail.  These connection objects
 must provide methods corresponding to the libmilter callback events.
 <p>
 Each event method returns a code to tell sendmail whether to proceed
 with processing the message.  This is a big advantage of milters over
 other mail filtering systems.  Unwanted mail can be stopped in its
 tracks at the earliest possible point.
 <p>
 The Milter.Milter class provides default implementations for event
 methods that
 do nothing, and also provides wrappers for the libmilter methods to mutate
 the message.
 <p>
 Finally, the bms.py application is both a sample of how to use the
 Milter module, and the beginnings of a general purpose SPAM filtering,
 wiretapping, and Win32 virus protection milter.
 <h3><a name=download>Downloading</a></h3>
 The latest stable release is <a href="#stable">0.6.9</a>. A stable
 release is one which has been installed (and working correctly) on
 production systems long enough to convince me that it is stable.  As
 the package gains more features and complexity, stable will mean no
 bug reports from outside users either.
 <p>
 The latest version is 0.6.9-1.  See the <a href=NEWS>Change Log</a>.
 <p>
 <a name="stable"><b>Stable</b></a>
 <a href="http://bmsi.com/python/milter-0.6.9.tar.gz">
 milter-0.6.9.tar.gz</a> Add SPF test suite driver, and validate
 spf.py against test suite.  Add best_guess and get_header to spf.py.
 Libmilter timeout option in config.
 <br>
 <a href="http://bmsi.com/linux/rh72/milter-0.6.9-1.i386.rpm">
 milter-0.6.9-1.i386.rpm</a> Binary RPM for Redhat 7.x, now requires 
 	sendmail-8.12 and <a href="http://www.python.org/2.3.3/rpms.html">
 	python2.3</a>.
 <br>
 <a href="http://bmsi.com/linux/rh9/milter-0.6.9-1.src.rpm">
 milter-0.6.9-1.src.rpm</a> Source RPM for Redhat 9,7.x.  
 <p>
 <a href="http://bmsi.com/python/milter-0.6.8.tar.gz">
 milter-0.6.8.tar.gz</a> Include Received-SPF headers in Dspam analysis.
 Fix sysv init for Redhat 9 and later.  Reject bounces with multiple
 recipients.
 <br>
 <a href="http://bmsi.com/python/milter-0.6.8.patch">milter-0.6.8.patch</a>
 Last minutes fixes from production testing.
 <p>
 <a href="http://bmsi.com/linux/rh72/milter-0.6.8-3.i386.rpm">
 milter-0.6.8-3.i386.rpm</a> Binary RPM for Redhat 7.x, now requires 
 	sendmail-8.12 and <a href="http://www.python.org/2.3.3/rpms.html">
 	python2.3</a>. 
 <br>
 <a href="http://bmsi.com/linux/rh9/milter-0.6.8-3.src.rpm">
 milter-0.6.8-3.src.rpm</a> Source RPM for Redhat 9,7.x.  
 <p>
 <a href="http://bmsi.com/python/milter-0.6.7.tar.gz">
 milter-0.6.7.tar.gz</a> Explicit local socket bug,
 <a href="http://spf.pobox.com/srs.html">SRS</a> forgery detection,
 thread resource starvation detection.
 SRS support requires <a href="http://bmsi.com/python/pysrs.html">pysrs</a>.
 <p>
 <a href="http://bmsi.com/linux/rh72/milter-0.6.7-3.i386.rpm">
 milter-0.6.7-3.i386.rpm</a> Binary RPM for Redhat 7.x, now requires 
 	sendmail-8.12 and <a href="http://www.python.org/2.3.3/rpms.html">
 	python2.3</a>. 
 <br>
 <a href="http://bmsi.com/linux/rh72/milter-0.6.7-3.src.rpm">
 milter-0.6.7-3.src.rpm</a> Source RPM for Redhat 7.x. 
 Release 0.6.7-3 patches:
 <ul>
 <li> Defang message/rfc822 content_type with boundary 
 <li> Support SPF delegation
 <li> Reject neutral SPF result for selected domains
 </ul>
 <p>
 <a href="http://bmsi.com/python/milter-0.6.6.tar.gz">
 milter-0.6.6.tar.gz</a> Plug another memory leak, 
 <a href="http://spf.pobox.com/">SPF</a> support, hello blacklist.
 SPF support requires <a href="http://pydns.sourceforge.net/">pydns</a>.
 NOTE - the spf.py module included is modified from the official 1.6
 version at <a href="http://www.wayforward.net/spf/">wayforward.net</a>.
 I neglected to add the CVS log.  The changes are expanded result codes
 and tolerating common method misspellings in SPF records.  I have notified the
 author, but haven't heard back.  At some point, the RPM will
 include the official pyspf tarball and apply patches.
 <p>
 <a href="http://bmsi.com/linux/rh72/milter-0.6.6-2.i386.rpm">
 milter-0.6.6-2.i386.rpm</a> Binary RPM for Redhat 7.x, now requires 
 	sendmail-8.12 and <a href="http://www.python.org/2.3.3/rpms.html">
 	python2.3</a>.  Release 2 fixes sysv init script bug for python2.3.
 <br>
 <a href="http://bmsi.com/linux/rh72/milter-0.6.6-2.src.rpm">
 milter-0.6.6-2.src.rpm</a> Source RPM for Redhat 7.x
 <p>
 <a href="http://bmsi.com/python/milter-0.6.5.tar.gz">
 milter-0.6.5.tar.gz</a> Plug memory leak, progress reporting, trusted relay.
 Redhat RPM now requires sendmail-8.12.
 <p>
 <a href="http://bmsi.com/linux/rh72/milter-0.6.5-2.i386.rpm">
 milter-0.6.5-2.i386.rpm</a> Binary RPM for Redhat 7.x
 <br>
 <a href="http://bmsi.com/linux/rh72/milter-0.6.5-2.src.rpm">
 milter-0.6.5-2.src.rpm</a> Source RPM for Redhat 7.x
 <p>
 <a href="http://bmsi.com/python/milter-0.6.4.tar.gz">
 milter-0.6.4.tar.gz</a> Numerous Dspam fixes.  Requires
 <a href="dspam.html">pydspam-1.1.5</a> and 
 <a href="/libdspam/dspam.html">dspam-2.6.5.2</a>
 for Dspam features.  The dspam-python RPM has been replaced by pydspam.
 <p>
 <a href="http://bmsi.com/linux/rh72/milter-0.6.4-1.i386.rpm">
 milter-0.6.4-1.i386.rpm</a> Binary RPM for Redhat 7.x
 <p>
 <a href="http://bmsi.com/python/milter-0.6.3.1.tar.gz">
 milter-0.6.3.1.tar.gz</a> New dspam SCREENER feature with pydspam-1.1.4.
 Don't save a defang copy of false positives.  Fixed an oops from last fix,
 rejecting false positives.  BUG: sendmail-8.11 doesn't invoke milter
 when sending mail via sendmail from command line (8.12 works).  Therefore,
 the supplied falsepositive script for milter based dspam doesn't work
 with stock RedHat 7.x.  I am writing a HOWTO for configuring milter
 based dspam that will address this (and a fix in the next version).
 <p>
 <a href="http://bmsi.com/linux/rh72/milter-0.6.3-1.i386.rpm">
 milter-0.6.3-1.i386.rpm</a> Binary RPM for Redhat 7.x
 <p>
 <a href="http://bmsi.com/python/milter-0.6.2.tar.gz">
 milter-0.6.2.tar.gz</a> work around email.Message.get_filename bug,
 dspam_exempt list, REJECT messages with missing MIME boundaries (which
 are almost always spam),
 DISCARD messages which any dspam user flags as spam,
 start.sh was calling python instead of python2 on Linux.
 <p>
 <a href="http://bmsi.com/linux/rh72/milter-0.6.2-1.src.rpm">
 milter-0.6.2-1.src.rpm</a> Source RPM for Redhat 7.x (and likely
 higher versions)
 <p>
 <a href="http://bmsi.com/python/milter-0.6.1.tar.gz">
 milter-0.6.1.tar.gz</a> dspam milter application, python-2.2.3 support.
 <p>
 You must have <a href=dspam.html>dspam and dspam-python</a> loaded for
 the dspam feature to work.  Brief instructions for configuring are
 in the default config file.  This is working at a customer, but I'm
 sure a few more iterations will be required to make setup as smooth
 as possible.
 <p>
 NOTE: Outlook destroys dspam tags when forwarding mail (while converting
 HTML to text).  Perhaps some config option will turn this abominable
 "feature" off.  Working around this by making dspam tags visble on
 HTML mail is ugly.  My suggestion is to not use Outlook, for this and
 many other reasons - especially security.  Any other suggestions for
 those married to Microsoft are welcome.  The DSPAM LDA works around this
 by making the tags visible in HTML attachments.  This is ugly, and
 occasionally corrupts attachments.
 <p>
 We have to supply workarounds for bugs in the email module (reported
 to sourceforge).  The workarounds reference some internal variables
 which change with python versions.
 <p>
 <a href="http://bmsi.com/linux/rh72/milter-0.6.1-1.i386.rpm">
 milter-0.6.1-1.i386.rpm</a> Binary RPM for Redhat 7.x
 <p>
 <a href="http://bmsi.com/linux/rh72/milter-0.6.1-1.src.rpm">
 milter-0.6.1-1.src.rpm</a> Source RPM for Redhat 7.x (and likely
 higher versions)
 <p>
 <a href="http://bmsi.com/python/milter-0.6.0.tar.gz">
 milter-0.6.0.tar.gz</a> simple dspam pre-filtering, use email module,
 requires python &gt;= 2.2.2.  
 <ul>
 <li> The milter.so module from 0.5.4
 is needed to run this release on AIX.  Haven't tracked this down yet.
 <li> The patches to fix the email packages in mime.py don't work
 on python-2.2.3.  The email package is still broken in 2.3, and patches
 required for that will likely be different still.
 </ul>
 <p>
 <a href="http://bmsi.com/linux/rh72/milter-0.6.0-1.i386.rpm">
 milter-0.6.0-1.i386.rpm</a> Binary RPM for Redhat 7.x
 <p>
 <a href="http://bmsi.com/linux/rh72/milter-0.6.0-1.src.rpm">
 milter-0.6.0-1.src.rpm</a> Source RPM for Redhat 7.x (and likely
 higher versions)
 <p>
 <a href="http://www.bmsi.com/python/milter-0.5.5.tar.gz">
 milter-0.5.5.tar.gz</a> IPV6 support, passing None to set_XXX_callback,
 set_reply, chg_header, detect internal connections.  Note, this release
 did not work on AIX4.1.5, probably due to IPV6 support breaking something.
 The milter.so module from 0.5.4 can be installed to use this release 
 with AIX.
 <p>
 <a href="http://www.bmsi.com/python/milter-0.5.4.tar.gz">
 milter-0.5.4.tar.gz</a> wiretap, smart alias features, quarantine support.
 <p>
 The name of the production "sample" milter "bms.py" now
 stands for "Basic Milter System" until someone suggests a better name.
 The test coverage is rather
  sparse at present.  
  Please <a href="mailto:%73%74%75%61%72%74%40%62%6D%73%69%2E%63%6F%6D">email</a> with proposals for what
  to name the milter application.
 <h4>NOTES</h4>
 <ul>
 <li>
  Quarantine support requires that you define _FFR_QUARANTINE 
  when compiling miltermodule.c.  I am not sure how to make setup.py
  do that for you iff sendmail was actually compiled with _FFR_QUARANTINE.
 <li>
  While 0.6.0 will use the new email package in Python-2.2, that
  package seems to be buggy in Python-2.2.1.  The list example in the docs
  doesn't find all MIME parts.  Update: Python-2.2.2 has fixed the email
  package.  It can now parse my test cases.
 <li>
  Preliminary testing with python-2.2 shows that most things work after
  adding <code>self.readahead = ""</code> to <code>mimepart.seek</code>.
  Python-2.2 <code>multifile</code> reads one less newline per section than
  2.1.  I'm not not sure which is correct.  After adding some calls to
  <code>rstrip()</code> in testmime.py, all milter modules pass unit testing
  with python-2.2.  Python-2.2 patches have been released since 0.5.3.
 <li>
  sgmlop-1.1a3 has a memory leak (at least Python milter has a
  memory leak when using sgmlop instead of sgmllib).  Do not make Python
  milter use sgmlop-1.1a2 or a3 in a production
  system unless you can restart your milter periodically.  The amount
  of memory leaked seems roughly proportional to the amount of HTML
  parsed.
 <li>
  There are a number of ways that malformed MIME attachments
  can cause a python traceback.  Uncaught exceptions cause a 415
  error to be returned to sendmail.  So far, all the malformed messages
  I've investigated have been SPAM - so good riddance.  I would prefer,
  however, that the mime handling libraries were more precise.  Beginning
  with 0.5.1, bms.py will save messages that cause a traceback during
  scanning in the tempfile directory with a ".fail" extension.  This
  makes it easier to get samples of mail that causes parsing problems
  for incorporation into the unit tests.
 </ul>
 <p>
 <a href="http://www.bmsi.com/python/milter-0.5.2.tar.gz">
 milter-0.5.2.tar.gz</a> Fix and unittest another HTML parsing bug.<br>
 <a href="http://www.bmsi.com/python/milter-0.5.1.tar.gz">
 milter-0.5.1.tar.gz</a> Handle encoded rfc822 attachments.<br>
 <a href="http://www.bmsi.com/python/milter-0.5.0.tar.gz">
 milter-0.5.0.tar.gz</a> Use a config file so users don't have to
 keep syncing with bms.py.  <br>
 <a href="http://www.bmsi.com/python/milter-0.4.5.tar.gz">
 milter-0.4.5.tar.gz</a> Work with sgmlop. Reduce local hacks to config variables.
 <p>
 Python milter is under GPL.  The authors can probably be convinced to
 change this to LGPL.
 <h3>What is a <a name="milter">milter</a>?</h3>
 Milters can run on the same machine as sendmail, or another machine.  The
 milter can even run with a different operating system or processor than
 sendmail.
 Sendmail talks to the milter via a local or internet socket.
 Sendmail keeps the
 milter informed of events as it processes a mail connection.  At any 
 point, the milter can cut the conversation short by telling sendmail
 to ACCEPT, REJECT, or DISCARD the message.  After receiving a complete
 message from sendmail, the milter can again REJECT or DISCARD it, but it
 can also ACCEPT it with changes to the headers or body.
 <h3> What can you do with a milter? </h3>
 <menu>
 <li> A milter can DISCARD or REJECT spam based based on algorithms scripted
 in python rather than sendmail's cryptic "cf" language.
 <li> A milter can alter or remove attachments from mail that are poisonous to
 Windows.
 <li> A milter can scan for viruses and clean them when detected.
 <li> A milter scans outgoing as well as incoming mail.
 <li> A milter can add and delete recipients to forward or secretly
 copy mail.
 <li> For more ideas, check the <a href="//www.milter.org">Milter Web Page</a>.
 </menu>
 <a href="http://www.milter.org/milter_api/api.html">
 Documentation</a> for the C API is provided with sendmail.  Miltermodule
 provides a thin python wrapper for the C API.  Milter.py provides a simple
 OO wrapper on top of that.
 <p>
 The Python milter package includes a sample milter that replaces dangerous 
 attachments with a warning message, discards mail addressed to
 MAILER-DAEMON, and demonstrates several SPAM abatement strategies.  
 The MimeMessage class to do this used to be based on the
 <code>mimetools</code> and <code>multifile</code> standard python packages.  
 As of milter version 0.6.0, it is based on the email standard
 python packages, which were derived from the 
 <a href="http://sourceforge.net/projects/mimelib">mimelib</a> project.
 The MimeMessage class patches several bugs in the email package,
 and provides some backward compatibility.
 <p>
 The "defang" function of the sample milter was inspired by
 <a href="http://www.roaringpenguin.com/mimedefang/">MIMEDefang</a>,
 a Perl milter with flexible attachment processing options.  The latest
 version of MIMEDefang uses an apache style process pool to avoid reloading
 the Perl interpreter for each message.  This makes it fast enough for
 production and does not use Perl threading.
 <p>
 <a href="http://sourceforge.net/projects/mailchecker">mailchecker</a> is
 a Python project to provide flexible attachment processing for mail.  I
 will be looking at plugging mailchecker into a milter.
 <p>
 <a href="http://software.libertine.org/tmda/">TMDA</a> is a Python project
 to require confirmation the first time someone tries to send to your
 mailbox.  This would be a nice feature to have in a milter.
 <p>
 There is also a <a href="http://www.milter.org/">Milter community website</a>
 where milter software and gory details of the API are discussed.
 <h3> Is a milter written in python efficient? </h3>
 The python milter process is multi-threaded and startup cost is incurred
 only once.  This is much more efficient than some implementations that
 start a new interpreter for each connection.  Testing in a production
 environment did not use a significant percentage of the CPU.  Furthermore,
 python is easily extended in C for any step requiring expensive CPU
 processing.
 <p>
 For example, the HTML parsing feature to remove scripts from HTML attachments
 is rather CPU intensive in pure python.  Using the C replacement for sgmllib
 greatly speeds things up.
 <h3> Goals </h3>
 <menu>
 <li> Implement RRS - a backdoor for non-SRS forwarders.  User lists non-SRS 
     forwarder accounts (perhaps in <code>~/.forwarders</code>), and a util
     provides a special local alias for the user to give to the forwarder.
     Alias only works for mail from that forwarder.  Milter gets forwarder
     domain from alias and uses it to SPF check forwarder.  Requires
     milter to have read access to <code>~/.forwarders</code> or else
     a way for user to submit entries to milter database.
 <li> The bms.py milter has too many features.  Create a framework where
     numerous small feature modules can be plugged together in the
     configuration.
 <li> Create a pure python substitute for miltermodule and libmilter that
     implements the <a
 href="http://www.duh.org/cvsweb.cgi/~checkout~/pmilter/doc/milter-protocol.txt?rev=1">
     libmilter protocol</a> in python. 
 <li> Find or write a faster implementation of sgmllib.  The 
     <a href="http://www.effbot.org/zone/sgmlop-index.htm">sgmlop package</a>
     is not very compatible with 
     <a href="http://www.python.org/doc/2.1.3/lib/module-sgmllib.html">
     Python-2.1 sgmllib</a>, but it is a start, and is supported in
     milter-0.4.5 or later.
 <li> Implement all or most of the features of 
     <a href="http://www.roaringpenguin.com/mimedefang/">MIMEDefang</a>.
 <li> Follow the official <a href="http://www.python.org/peps/pep-0008.html">
     Python coding standards</a> more closely.
 <li> Make unit test code more like other python modules.
 </menu>
 <h3> Confirmed Installations </h3>
 Please <a href="mailto:%73%74%75%61%72%74%40%62%6D%73%69%2E%63%6F%6D">email</a>
 me if you successfully install milter on a system not mentioned below.
 <p>
 <table>
 <tr>
 <th>Operating System</th> <th>Compiler</th> <th>Python</th> <th>Sendmail</th>
 <th>milter</th>
 <tr>
 <td>Mandrake 8.0</td><td>gcc-3.0.1</td><td>2.1.1</td><td>8.12.0</td>
 <td>0.3.3</td><tr>
 <td>Mandrake 8.0</td><td>gcc-2.96</td><td>2.0</td><td>8.11.2</td>
 <td>0.3.6</td><tr>
 <td>RedHat 6.2</td><td>egcs-1.1.2</td><td>2.2.2</td><td>8.11.6</td>
 <td>0.5.4</td><tr>
 <td>RedHat 7.1</td><td>gcc-2.96</td><td>?</td><td>8.12.1</td>
 <td>0.3.5</td><tr>
 <td>RedHat 7.2</td><td>gcc-2.96</td><td>2.1.1</td><td>8.11.6</td>
 <td>0.4.1</td><tr>
 <td>RedHat 7.2</td><td>gcc-2.96</td><td>2.2.1</td><td>8.11.6</td>
 <td>0.4.5</td><tr>
 <td>RedHat 7.2</td><td>gcc-2.96</td><td>2.2.2</td><td>8.11.6</td>
 <td>0.5.5</td><tr>
 <td>RedHat 7.2</td><td>gcc-2.96</td><td>2.3.3</td><td>8.12.10</td>
 <td>0.6.6</td><tr>
 <td>RedHat 7.3</td><td>gcc-2.96</td><td>2.2.2</td><td>8.11.6</td>
 <td>0.5.5</td><tr>
 <td>RedHat 7.3</td><td>gcc-2.96</td><td>2.3.3</td><td>8.12.10</td>
 <td>0.6.6</td><tr>
 <td>RedHat 8.0</td><td>gcc-3.2</td><td>2.2.1</td><td>8.12.6</td>
 <td>0.5.2</td><tr>
 <td>Debian Linux</td><td>gcc-2.95.2</td><td>2.1.1</td><td>8.12.0</td>
 <td>0.3.7</td><tr>
 <td>Debian Linux</td><td>gcc-3.2.2</td><td>2.2.2</td><td>8.12.7</td>
 <td>0.5.4</td><tr>
 <td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.1.1</td><td>8.11.5</td>
 <td>0.3.3</td><tr>
 <td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.1.1</td><td>8.12.1</td>
 <td>0.3.4</td><tr>
 <td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.1.3</td><td>8.12.3</td>
 <td>0.4.2</td><tr>
 <td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.2.2</td><td>8.12.6</td>
 <td>0.5.4</td><tr>
 <td>Slackware 7.1</td><td>?</td><td>?</td><td>8.12.1</td>
 <td>0.3.8</td><tr>
 <td>Slackware 9.0</td><td>gcc-3.2.2</td><td>2.2.3</td><td>8.12.9</td>
 <td>0.5.4</td><tr>
 <td>OpenBSD</td><td>?</td><td>2.1.1</td><td>8.11.6</td>
 <td>0.3.9</td><tr>
 <td>SuSE 7.3</td><td>gcc-2.95.3</td><td>2.1.1</td><td>8.12.2</td>
 <td>0.3.9</td><tr>
 <td>FreeBSD</td><td>gcc-2.95.3</td><td>2.2.1</td><td>8.12.3</td>
 <td>0.4.0</td><tr>
 <td>FreeBSD</td><td>gcc-2.95.3</td><td>2.2.2</td><td>?</td>
 <td>0.5.5</td><tr>
 <td>FreeBSD 4.4</td><td>gcc-2.95.3</td><td>?</td><td>8.12.10</td>
 <td>0.6.6</td><tr>
 </table>
 <h3> Requirements </h3>
 <menu>
 <li> While the miltermodule will work with python 1.5, you probably
 want to use python 2.0 or better.  The python code uses a number of
 python 2 features.
 <li> Python must be configured with thread support.  This is because
 sendmail's libmilter requires thread support.
 <li> You must compile sendmail with libmilter enabled.  In versions of
 sendmail prior to 8.12 libmilter is marked FFR (For Future Release) and
 is not installed by default.  
 Sendmail 8.12 still does not enable libmilter by default.  You must 
 explicitly select the "MILTER" option when compiling.  
 <li> Python milter has been tested against sendmail-8.11 and sendmail-8.12.
 <li> Python milter must be compiled for the specific version of sendmail
 it will run with.  (Since the result is dynamically loaded, there could 
 conceivably be multiple versions available and selected at startup - but
 that will have to wait.)  This situation may only exist for sendmail
 versions prior to 8.12.  The protocol seems designed for backward 
 compatibility - and 8.12 is the first official milter release.
 <li> Mea Culpa!  After reading the Python Style guide, I realize that
 my Python code is not up to snuff.  Apparently mixed tabs and spaces
 are anathema to those using Windows editors, where tabs can be expanded using
 any arbitrary algorithm.  Other than that, my
 intuition matched Guido's pretty well - although I like to indent by 2
 rather than 4.  I will arrange to have tabs expanded to spaces when
 exporting new versions.  Until then, beware!
 </menu>
 <h3> <a name="aix4"> AIX 4.1.5 Requirements </a> </h3>
 To create sendmail RPMs for AIX, you can download my AIX 4.1.5 spec files 
 for <a href="/aix/sendmail.spec">sendmail-8.11.5</a> 
 or <a href="/aix/sendmail12.spec">sendmail-8.12.3</a>.  If you have
 not already set it up, I use a <a href="/aix/aix.spec">dummy RPM package</a>
 to represent the stuff that comes with AIX.  You might also want
 my <a href="/aix/python.spec">python-2.1.1</a> spec file for AIX.  It
 does not include Tk or curses modules, sorry.  If y'all trust me, you can
 download rpms for AIX 4.x from my <a href="/aix">AIX RPM directory</a>.
 <p>
 Sendmail-8.12 renames 
 libsmutil.a to libsm.a.  Unfortunately, libsm.a is an important AIX system
 shared library.  Therefore, I rename libsm.a back to libsmutil.a for
 AIX.  This presents a problem for setup.py.
 <h3> <a name="rh72"> RedHat 7.2 Requirements </a> </h3>
 If you are running Redhat 7.2, the distributed version of sendmail
 now enables libmilter by default.  RedHat 7.2 bundles
 the development libraries with the main sendmail package, so
 there is no sendmail-devel package.  However, they forgot to include the
 headers!  So you'll have to get the SRPM and modify it.  I suggest
 moving the static libs to a devel package and adding the headers.  If
 this is too much trouble, you can get the <a href="mfapi.h">mfapi.h</a>
 header for sendmail-8.6.11 from here and manually install it as
 <code>/usr/include/libmilter/mfapi.h</code>.
 <p>
 If you do modify the SRPM, I suggest renaming libsmutil.a
 to libsm.a - just like sendmail-8.12 will.  If you manually install
 mfapi.h or don't rename libsmutil.a, you'll
 need to force <code>libs = ["milter", "smutil"]</code> in setup.py.
 <p>
 If you have installed python2, and want
 python-milter to use python2, add <code>python=python2</code> to setup.cfg
 and build with <code>python2 setup.py bdist_rpm</code>.   
 <h3> <a name="rh62"> Redhat 6.2 Requirements </a> </h3>
 If you are running Redhat 6.2, the distributed version of sendmail
 does not enable libmilter.  You can download the Redhat 7.2 sendmail.spec
 modified to compile on RedHat 6.2:
 <a href="http://www.bmsi.com/linux/rh62/sendmail-rhmilter.spec">
 sendmail-rhmilter.spec</a>.  The <a
 href="ftp://updates.redhat.com/7.0/en/os/SRPMS/sendmail-8.11.6-1.7.0.src.rpm">
 SRPM for sendmail-8.11.6</a> is available from
 <a href="http://www.redhat.com">Redhat</a> under 
 <a href="http://www.redhat.com/support/errata/RHSA-2001-106.html">
 Errata for RH6.2</a>.  But that doesn't include the latest security
 patches since RH6.2 is no longer supported.
 <p>
 If y'all trust me, you can pick up source and binary sendmail RPMs for RH6.2
 from my <a href="http://www.bmsi.com/linux/rh62">linux downloads</a> directory.
 The lastest RPMs were built by taking a RH7.2 SRPMS and removing some
 RPM features from the spec file that RH6.2 doesn't support, then
 recompiling on RH6.2.  You can check this by installing the RH7.2 SRPM,
 then diffing my sendmail.spec with theirs.  Then run
 "rpm -bb sendmail-rhmilter.spec" when you are satisfied.
 <p>
 If you have installed python2, and want
 python-milter to use python2, add <code>python=python2</code> to setup.cfg
 and build with <code>python2 setup.py bdist_rpm</code>.
 You'll need to install the sendmail-devel package to compile milter.
 <hr>
 <p>
 <a href="http://validator.w3.org/check/referer">
 <img border=0 src="/vh32.png" alt=" [ Valid HTML 3.2! ] " height=31 width=88></a>
 <a href="http://www.redhat.com">
 <img src="/art/powered_by.gif" width="88" height="31" alt=" [ Powered By Red Hat Linux ] " border="0"></a>
 </p>
 </body></html>
@@ -0,0 +1,174 @@
 diff --git a/miltermodule.c b/miltermodule.c
 index aa10a08..4d5a93d 100644
 --- a/miltermodule.c
 +++ b/miltermodule.c
@@ -343,7 +343,7 @@ static struct MilterCallback {
       { NULL , NULL }
     };
 -staticforward struct smfiDesc description; /* forward declaration */
 +static struct smfiDesc description; /* forward declaration */
 static PyObject *MilterError;
 /* The interpreter instance that called milter.main */
@@ -355,7 +355,7 @@ typedef struct {
 static milter_Diag diag;
 -staticforward PyTypeObject milter_ContextType;
 +static PyTypeObject milter_ContextType;
 typedef struct {
   PyObject_HEAD
@@ -700,7 +700,7 @@ _generic_wrapper(milter_ContextObject *self, PyObject *cb, PyObject *arglist) {
   result = PyEval_CallObject(cb, arglist);
   Py_DECREF(arglist);
   if (result == NULL) return _report_exception(self);
 -  if (!PyInt_Check(result)) {
 +  if (!PyLong_Check(result)) {
     const struct MilterCallback *p;
     const char *cbname = "milter";
     char buf[40];
@@ -715,7 +715,7 @@ _generic_wrapper(milter_ContextObject *self, PyObject *cb, PyObject *arglist) {
     PyErr_SetString(MilterError,buf);
     return _report_exception(self);
   }
 -  retval = PyInt_AS_LONG(result);
 +  retval = PyLong_AS_LONG(result);
   Py_DECREF(result);
   _release_thread(self->t);
   return retval;
@@ -732,7 +732,7 @@ makeipaddr(struct sockaddr_in *addr) {
 	sprintf(buf, "%d.%d.%d.%d",
 		(int) (x>>24) & 0xff, (int) (x>>16) & 0xff,
 		(int) (x>> 8) & 0xff, (int) (x>> 0) & 0xff);
 -	return PyString_FromString(buf);
 +	return PyUnicode_FromString(buf);
 }
 #ifdef HAVE_IPV6_SUPPORT
@@ -740,8 +740,8 @@ static PyObject *
 makeip6addr(struct sockaddr_in6 *addr) {
 	char buf[100]; /* must be at least INET6_ADDRSTRLEN + 1 */
 	const char *s = inet_ntop(AF_INET6, &addr->sin6_addr, buf, sizeof buf);
 -	if (s) return PyString_FromString(s);
 -	return PyString_FromString("inet6:unknown");
 +	if (s) return PyUnicode_FromString(s);
 +	return PyUnicode_FromString("inet6:unknown");
 }
 #endif
@@ -832,7 +832,7 @@ generic_env_wrapper(SMFICTX *ctx, PyObject*cb, char **argv) {
    for (i=0;i<count;i++) {
      /* There's some error checking performed in do_mkvalue() for a string */
      /* that's not currently done here - it probably should be */
 -     PyObject *o = PyString_FromStringAndSize(argv[i], strlen(argv[i]));
 +     PyObject *o = PyUnicode_FromStringAndSize(argv[i], strlen(argv[i]));
      if (o == NULL) {	/* out of memory */
        Py_DECREF(arglist);
        return _report_exception(self);
@@ -889,7 +889,7 @@ milter_wrap_body(SMFICTX *ctx, u_char *bodyp, size_t bodylen) {
    c = _get_context(ctx);
    if (!c) return SMFIS_TEMPFAIL;
    /* Unclear whether this should be s#, z#, or t# */
 -   arglist = Py_BuildValue("(Os#)", c, bodyp, bodylen);
 +   arglist = Py_BuildValue("(Oy#)", c, bodyp, bodylen);
    return _generic_wrapper(c, body_callback, arglist);
 }
@@ -963,7 +963,7 @@ milter_wrap_negotiate(SMFICTX *ctx,
     int i;
     for (i = 0; i < 4; ++i) {
       *pa[i] = (i <= len)
 -      	? PyInt_AsUnsignedLongMask(PyList_GET_ITEM(optlist,i))
 +      	? PyLong_AsUnsignedLongMask(PyList_GET_ITEM(optlist,i))
 	: fa[i];
     }
     if (PyErr_Occurred()) {
@@ -1551,11 +1551,6 @@ static PyMethodDef context_methods[] = {
   { NULL, NULL }
 };
 -static PyObject *
 -milter_Context_getattr(PyObject *self, char *name) {
 -  return Py_FindMethod(context_methods, self, name);
 -}
 -
 static struct smfiDesc description = {  /* Set some reasonable defaults */
   "pythonfilter",
   SMFI_VERSION,
@@ -1604,14 +1599,13 @@ static PyMethodDef milter_methods[] = {
 };
 static PyTypeObject milter_ContextType = {
 -  PyObject_HEAD_INIT(&PyType_Type)
 -  0,
 -  "milterContext",
 +  PyVarObject_HEAD_INIT(&PyType_Type,0)
 +  "milter.Context",
   sizeof(milter_ContextObject),
   0,
         milter_Context_dealloc,            /* tp_dealloc */
         0,               /* tp_print */
 -        milter_Context_getattr,           /* tp_getattr */
 +        0,           /* tp_getattr */
         0,			/* tp_setattr */
         0,                                      /* tp_compare */
         0,                 /* tp_repr */
@@ -1625,6 +1619,13 @@ static PyTypeObject milter_ContextType = {
         0,                                      /* tp_setattro */
         0,                                      /* tp_as_buffer */
         Py_TPFLAGS_DEFAULT,                     /* tp_flags */
 +	NULL,	/* Documentation string */
 +	0, 	/* call function for all accessible objects */
 +    	0,	/* delete references to contained objects */
 +    	0,	/* rich comparisons */
 +    	0,	/* weak reference enabler */
 +    	0, 0,	/* Iterators */
 +    	context_methods, /* Attribute descriptor and subclassing stuff */
 };
 static const char milter_documentation[] =
@@ -1634,17 +1635,31 @@ Libmilter is currently marked FFR, and needs to be explicitly installed.\n\
 See <sendmailsource>/libmilter/README for details on setting it up.\n";
 static void setitem(PyObject *d,const char *name,long val) {
 -  PyObject *v = PyInt_FromLong(val);
 +  PyObject *v = PyLong_FromLong(val);
   PyDict_SetItemString(d,name,v);
   Py_DECREF(v);
 }
 -void
 -initmilter(void) {
 +static struct PyModuleDef moduledef = {
 +    PyModuleDef_HEAD_INIT,
 +    "milter",     	 /* m_name */
 +    milter_documentation,/* m_doc */
 +    -1,                  /* m_size */
 +    milter_methods,      /* m_methods */
 +    NULL,                /* m_reload */
 +    NULL,                /* m_traverse */
 +    NULL,                /* m_clear */
 +    NULL,                /* m_free */
 +};
 +
 +PyMODINIT_FUNC PyInit_milter(void) {
    PyObject *m, *d;
 -   m = Py_InitModule4("milter", milter_methods, milter_documentation,
 -		      (PyObject*)NULL, PYTHON_API_VERSION);
 +   if (PyType_Ready(&milter_ContextType) < 0)
 +          return NULL;
 +
 +   m = PyModule_Create(&moduledef);
 +   if (m == NULL) return NULL;
    d = PyModule_GetDict(m);
    MilterError = PyErr_NewException("milter.error", NULL, NULL);
    PyDict_SetItemString(d,"error", MilterError);
@@ -1710,4 +1725,5 @@ initmilter(void) {
    setitem(d,"DISCARD",  SMFIS_DISCARD);
    setitem(d,"ACCEPT",  SMFIS_ACCEPT);
    setitem(d,"TEMPFAIL",  SMFIS_TEMPFAIL);
 +   return m;
 }
@@ -1,81 +0,0 @@
 #!/bin/bash
 #
 # milter	This shell script takes care of starting and stopping milter.
 #
 # chkconfig: 2345 80 30
 # description: Milter is a process that filters messages sent through sendmail.
 # processname: milter
 # config: /var/log/milter/bms.py
 # pidfile: /var/run/milter/milter.pid
 python="python2.3"
 pidof() {
 	set - ""
 	if set - `ps -e -o pid,cmd | grep "${python} bms.py"` &&
 	  [ "$2" != "grep" ]; then
 	  echo $1
 	  return 0
 	fi
 	return 1
 }
 # Source function library.
 . /etc/rc.d/init.d/functions
 [ -x /var/log/milter/start.sh ] || exit 0
 RETVAL=0
 prog="milter"
 start() {
 	# Start daemons.
 	echo -n "Starting $prog: "
 	daemon --check milter --user mail /var/log/milter/start.sh
 	RETVAL=$?
 	echo
 	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/milter
 	return $RETVAL
 }
 stop() {
 	# Stop daemons.
 	echo -n "Shutting down $prog: "
 	killproc milter
 	RETVAL=$?
 	echo
 	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/milter
 	return $RETVAL
 }
 # See how we were called.
 case "$1" in
  start)
 	start
 	;;
  stop)
 	stop
 	;;
  restart|reload)
 	stop
 	start
 	RETVAL=$?
 	;;
  condrestart)
 	if [ -f /var/lock/subsys/milter ]; then
 	    stop
 	    start
 	    RETVAL=$?
 	fi
 	;;
  status)
 	status milter
 	RETVAL=$?
 	;;
  *)
 	echo "Usage: $0 {start|stop|restart|condrestart|status}"
 	exit 1
 esac
 exit $RETVAL
@@ -1,81 +0,0 @@
 #!/bin/bash
 #
 # milter	This shell script takes care of starting and stopping milter.
 #
 # chkconfig: 2345 80 30
 # description: Milter is a process that filters messages sent through sendmail.
 # processname: milter
 # config: /var/log/milter/bms.py
 # pidfile: /var/run/milter/milter.pid
 python="python2.3"
 pidof() {
 	set - ""
 	if set - `ps -e -o pid,wchan,cmd | grep "rt_sig ${python} bms.py"` &&
 	  [ "$3" != "grep" ]; then
 	  echo $1
 	  return 0
 	fi
 	return 1
 }
 # Source function library.
 . /etc/rc.d/init.d/functions
 [ -x /var/log/milter/start.sh ] || exit 0
 RETVAL=0
 prog="milter"
 start() {
 	# Start daemons.
 	echo -n "Starting $prog: "
 	daemon --check milter --user mail /var/log/milter/start.sh
 	RETVAL=$?
 	echo
 	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/milter
 	return $RETVAL
 }
 stop() {
 	# Stop daemons.
 	echo -n "Shutting down $prog: "
 	killproc milter
 	RETVAL=$?
 	echo
 	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/milter
 	return $RETVAL
 }
 # See how we were called.
 case "$1" in
  start)
 	start
 	;;
  stop)
 	stop
 	;;
  restart|reload)
 	stop
 	start
 	RETVAL=$?
 	;;
  condrestart)
 	if [ -f /var/lock/subsys/milter ]; then
 	    stop
 	    start
 	    RETVAL=$?
 	fi
 	;;
  status)
 	status milter
 	RETVAL=$?
 	;;
  *)
 	echo "Usage: $0 {start|stop|restart|condrestart|status}"
 	exit 1
 esac
 exit $RETVAL
@@ -1,179 +0,0 @@
 %define name milter
 %define version 0.6.9
 %define release 1
 # Redhat 7.x and earlier (multiple ps lines per thread)
 %define sysvinit milter.rc7
 # RH9, other systems (single ps line per process)
 #define sysvinit milter.rc
 %ifos Linux
 %define python python2.3
 %else
 %define python python
 %endif
 Summary: Python interface to sendmail milter API
 Name: %{name}
 Version: %{version}
 Release: %{release}
 Source: %{name}-%{version}.tar.gz
 #Patch: %{name}-%{version}.patch
 Copyright: GPL
 Group: Development/Libraries
 BuildRoot: %{_tmppath}/%{name}-buildroot
 Prefix: %{_prefix}
 Vendor: Stuart D. Gathman <stuart@bmsi.com>
 Packager: Stuart D. Gathman <stuart@bmsi.com>
 Url: http://www.bmsi.com/python/milter.html
 Requires: %{python} >= 2.2.2, sendmail >= 8.12
 BuildRequires: %{python}-devel >= 2.2.2, sendmail-devel >= 8.12
 %description
 This is a python extension module to enable python scripts to
 attach to sendmail's libmilter functionality.  Additional python
 modules provide for navigating and modifying MIME parts.
 %prep
 %setup
 #%patch -p1
 %build
 env CFLAGS="$RPM_OPT_FLAGS" %{python} setup.py build
 %install
 rm -rf $RPM_BUILD_ROOT
 %{python} setup.py install --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES
 mkdir -p $RPM_BUILD_ROOT/var/log/milter
 mkdir $RPM_BUILD_ROOT/var/log/milter/save
 cp bms.py milter.cfg $RPM_BUILD_ROOT/var/log/milter
 # logfile rotation
 mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
 cat >$RPM_BUILD_ROOT/etc/logrotate.d/milter <<'EOF'
 /var/log/milter/milter.log {
  copytruncate
  compress
 }
 EOF
 # purge saved defanged message copies
 mkdir -p $RPM_BUILD_ROOT/etc/cron.daily
 cat >$RPM_BUILD_ROOT/etc/cron.daily/milter <<'EOF'
 #!/bin/sh
 find /var/log/milter/save -mtime +7 | xargs -r rm
 EOF
 chmod a+x $RPM_BUILD_ROOT/etc/cron.daily/milter
 %ifos aix4.1
 cat >$RPM_BUILD_ROOT/var/log/milter/start.sh <<'EOF'
 #!/bin/sh
 cd /var/log/milter
 # uncomment to enable sgmlop if installed
 #export PYTHONPATH=/usr/local/lib/python2.1/site-packages
 exec /usr/local/bin/python bms.py >>milter.log 2>&1
 EOF
 %else
 cat >$RPM_BUILD_ROOT/var/log/milter/start.sh <<'EOF'
 #!/bin/sh
 cd /var/log/milter
 exec >>milter.log 2>&1
 %{python} bms.py &
 echo $! >/var/run/milter/milter.pid
 EOF
 mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
 cp %{sysvinit} $RPM_BUILD_ROOT/etc/rc.d/init.d/milter
 ed $RPM_BUILD_ROOT/etc/rc.d/init.d/milter <<'EOF'
 /^python=/
 c
 python="%{python}"
 .
 w
 q
 EOF
 %endif
 chmod a+x $RPM_BUILD_ROOT/var/log/milter/start.sh
 mkdir -p $RPM_BUILD_ROOT/var/run/milter
 %ifos aix4.1
 %post
 mkssys -s milter -p /var/log/milter/start.sh -u 25 -S -n 15 -f 9 -G mail || :
 %preun
 if [ $1 = 0 ]; then
  rmssys -s milter || :
 fi
 %endif
 %clean
 rm -rf $RPM_BUILD_ROOT
 %files -f INSTALLED_FILES
 %defattr(-,root,root)
 %doc README NEWS TODO CREDITS sample.py
 /etc/logrotate.d/milter
 /etc/cron.daily/milter
 %ifos aix4.1
 %defattr(-,smmsp,mail)
 %else
 /etc/rc.d/init.d/milter
 %defattr(-,mail,mail)
 %endif
 %dir /var/log/milter
 %dir /var/run/milter
 %dir /var/log/milter/save
 %config /var/log/milter/start.sh
 %config /var/log/milter/bms.py
 %config /var/log/milter/milter.cfg
 %changelog
 * Fri Apr 09 2004 Stuart Gathman <stuart@bmsi.com> 0.6.9-1
 - Validate spf.py against test suite, and add Received-SPF support to spf.py
 - Support best_guess for SPF
 - Reject numeric hello names
 - Preserve case of local part in sender
 - Make libmilter timeout a config option
 - Fix setup.py to work with python < 2.2.3
 * Tue Apr 06 2004 Stuart Gathman <stuart@bmsi.com> 0.6.8-3
 - Reject invalid SRS immediately for benefit of callback verifiers
 - Fix include bug in spf.py
 * Tue Apr 06 2004 Stuart Gathman <stuart@bmsi.com> 0.6.8-2
 - Bug in check_header
 * Mon Apr 05 2004 Stuart Gathman <stuart@bmsi.com> 0.6.8-1
 - Don't report spoofed unless rcpt looks like SRS
 - Check for bounce with multiple rcpts
 - Make dspam see Received-SPF headers
 - Make sysv init work with RH9
 * Thu Mar 25 2004 Stuart Gathman <stuart@bmsi.com> 0.6.7-3
 - Forgot to make spf_reject_neutral global in bms.py
 * Wed Mar 24 2004 Stuart Gathman <stuart@bmsi.com> 0.6.7-2
 - Defang message/rfc822 content_type with boundary 
 - Support SPF delegation
 - Reject neutral SPF result for selected domains
 * Tue Mar 23 2004 Stuart Gathman <stuart@bmsi.com> 0.6.7-1
 - SRS forgery check.  Detect thread resource starvation.
 - Properly remove local socket with explicit type.
 - Decode obfuscated subject headers.
 * Wed Mar 11 2004 Stuart Gathman <stuart@bmsi.com> 0.6.6-2
 - init script bug with python2.3
 * Wed Mar 10 2004 Stuart Gathman <stuart@bmsi.com> 0.6.6-1
 - SPF checking, hello blacklist
 * Mon Mar 08 2004 Stuart Gathman <stuart@bmsi.com> 0.6.5-2
 - memory leak in envfrom and envrcpt
 * Mon Mar 01 2004 Stuart Gathman <stuart@bmsi.com> 0.6.5-1
 - progress notification
 - memory leak in connect
 - trusted relay
 * Thu Feb 19 2004 Stuart Gathman <stuart@bmsi.com> 0.6.4-2
 - smart alias wildcard patch, compile for sendmail-8.12
 * Thu Dec 04 2003 Stuart Gathman <stuart@bmsi.com> 0.6.4-1
 - many fixes for dspam support
 * Wed Oct 22 2003 Stuart Gathman <stuart@bmsi.com> 0.6.3
 - dspam SCREEN feature
 - streamline dspam false positive handling
 * Mon Sep 01 2003 Stuart Gathman <stuart@bmsi.com> 0.6.1
 - Full dspam support added
 * Mon Aug 26 2003 Stuart Gathman <stuart@bmsi.com>
 - Use New email module
 * Fri Jun 27 2003 Stuart Gathman <stuart@bmsi.com>
 - Add dspam module
@@ -1,4 +1,62 @@
 # $Log$
 # Revision 1.8  2011/11/05 15:51:03  customdesigned
 # New example
 #
 # Revision 1.7  2009/06/13 21:15:12  customdesigned
 # Doxygen updates.
 #
 # Revision 1.6  2009/06/09 03:13:13  customdesigned
 # More doxygen docs.
 #
 # Revision 1.5  2005/07/20 14:49:43  customdesigned
 # Handle corrupt and empty ZIP files.
 #
 # Revision 1.4  2005/06/17 01:49:39  customdesigned
 # Handle zip within zip.
 #
 # Revision 1.3  2005/06/02 15:00:17  customdesigned
 # Configure banned extensions.  Scan zipfile option with test case.
 #
 # Revision 1.2  2005/06/02 04:18:55  customdesigned
 # Update copyright notices after reading article on /.
 #
 # Revision 1.1.1.4  2005/05/31 18:23:49  customdesigned
 # Development changes since 0.7.2
 #
 # Revision 1.62  2005/02/14 22:31:17  stuart
 # _parseparam replacement not needed for python2.4
 #
 # Revision 1.61  2005/02/12 02:11:11  stuart
 # Pass unit tests with python2.4.
 #
 # Revision 1.60  2005/02/11 18:34:14  stuart
 # Handle garbage after quote in boundary.
 #
 # Revision 1.59  2005/02/10 01:10:59  stuart
 # Fixed MimeMessage.ismodified()
 #
 # Revision 1.58  2005/02/10 00:56:49  stuart
 # Runs with python2.4.  Defang not working correctly - more work needed.
 #
 # Revision 1.57  2004/11/20 16:37:52  stuart
 # fix regex for splitting header and body
 #
 # Revision 1.56  2004/11/09 20:33:51  stuart
 # Recognize more dynamic PTR variations.
 #
 # Revision 1.55  2004/10/06 21:39:20  stuart
 # Handle message attachments with boundary errors by not parsing them
 # until needed.
 #
 # Revision 1.54  2004/08/18 01:59:46  stuart
 # Handle mislabeled multipart messages
 #
 # Revision 1.53  2004/04/24 22:53:20  stuart
 # Rename some local variables to avoid shadowing builtins
 #
 # Revision 1.52  2004/04/24 22:47:13  stuart
 # Convert header values to str
 #
 # Revision 1.51  2004/03/25 03:19:10  stuart
 # Correctly defang rfc822 attachments when boundary specified with
 # content-type message/rfc822.
@@ -24,285 +82,118 @@
 # with old milter code.
 #
-# This module provides a "defang" function to replace naughty attachments
+## @package mime
-# with a warning message.
+# This module provides a "defang" function to replace naughty attachments.
 #
 # We also provide workarounds for bugs in the email module that comes 
 # with python.  The "bugs" fixed mostly come up only with malformed
 # messages - but that is what you have when dealing with spam.
 # Author: Stuart D. Gathman <stuart@bmsi.com>
-# Copyright 2001 Business Management Systems, Inc.
+# Copyright 2001,2002,2003,2004,2005 Business Management Systems, Inc.
-# This code is under GPL.  See COPYING for details.
+# This code is under the GNU General Public License.  See COPYING for details.
-import StringIO
+from __future__ import print_function
 try:
  from io import BytesIO, StringIO
 except:
  from StringIO import StringIO 
  BytesIO = StringIO
 import socket
 import Milter
 import zipfile
 import sys
 import email
-import email.Message
+from email.message import Message
-from email.Message import Message
+try:
-from email.Generator import Generator
+  from email.generator import BytesGenerator
-from email.Utils import quote
+  from email import message_from_binary_file
-from email import Utils
+except:
  from email.generator import Generator as BytesGenerator
  from email import message_from_file as message_from_binary_file
 from email.utils import quote
-from types import ListType,StringType
+if not getattr(Message,'as_bytes',None):
  Message.as_bytes = Message.as_string
-# Enhance email.Parser
+## Return a list of filenames in a zip file.
-# - Fix _parsebody to decode message attachments before parsing
+# Embedded zip files are recursively expanded.
 def zipnames(txt):
  fp =  BytesIO(txt)
  zipf = zipfile.ZipFile(fp,'r')
  names = []
  for nm in zipf.namelist():
    names.append(('zipname',nm))
    if nm.lower().endswith('.zip'):
      names += zipnames(zipf.read(nm))
  return names
-from email.Parser import Parser
+## Fix multipart handling in email.Generator.
-try: from email.Parser import NLCRE
+#
-except: from email.Parser import nlcre as NLCRE
+class MimeGenerator(BytesGenerator):
-
+    def _dispatch(self, msg):
-from email import Errors
+        # Get the Content-Type: for the message, then try to dispatch to
-
+        # self._handle_<maintype>_<subtype>().  If there's no handler for the
-class MimeParser(Parser):
+        # full MIME type, then dispatch to self._handle_<maintype>().  If
-
+        # that's missing too, then dispatch to self._writeBody().
-    # This is a copy of _parsebody from email.Parser, with a fix
+        main = msg.get_content_maintype()
-    # for message attachments.  I couldn't find a smaller way to patch it
+        if msg.is_multipart() and main.lower() != 'multipart':
-    # in a subclass.
+          self._handle_multipart(msg)
    def _parsebody(self, container, fp, firstbodyline=None):
        # Parse the body, but first split the payload on the content-type
        # boundary if present.
        boundary = container.get_boundary()
        isdigest = (container.get_content_type() == 'multipart/digest')
        # If there's a boundary, split the payload text into its constituent
        # parts and parse each separately.  Otherwise, just parse the rest of
        # the body as a single message.  Note: any exceptions raised in the
        # recursive parse need to have their line numbers coerced.
        if boundary:
            preamble = epilogue = None
            # Split into subparts.  The first boundary we're looking for won't
            # always have a leading newline since we're at the start of the
            # body text, and there's not always a preamble before the first
            # boundary.
            separator = '--' + boundary
            payload = fp.read()
            if firstbodyline is not None:
                payload = firstbodyline + '\n' + payload
            # We use an RE here because boundaries can have trailing
            # whitespace.
            mo = re.search(
                r'(?P<sep>' + re.escape(separator) + r')(?P<ws>[ \t]*)',
                payload)
            if not mo:
                if self._strict:
                    raise Errors.BoundaryError(
                        "Couldn't find starting boundary: %s" % boundary)
                container.set_payload(payload)
                return
            start = mo.start()
            if start > 0:
                # there's some pre-MIME boundary preamble
                preamble = payload[0:start]
            # Find out what kind of line endings we're using
            start += len(mo.group('sep')) + len(mo.group('ws'))
            mo = NLCRE.search(payload, start)
            if mo:
                start += len(mo.group(0))
            # We create a compiled regexp first because we need to be able to
            # specify the start position, and the module function doesn't
            # support this signature. :(
            cre = re.compile('(?P<sep>\r\n|\r|\n)' +
                             re.escape(separator) + '--')
            mo = cre.search(payload, start)
            if mo:
                terminator = mo.start()
                linesep = mo.group('sep')
                if mo.end() < len(payload):
                    # There's some post-MIME boundary epilogue
                    epilogue = payload[mo.end():]
            elif self._strict:
                raise Errors.BoundaryError(
                        "Couldn't find terminating boundary: %s" % boundary)
            else:
                # Handle the case of no trailing boundary.  Check that it ends
                # in a blank line.  Some cases (spamspamspam) don't even have
                # that!
                mo = re.search('(?P<sep>\r\n|\r|\n){2}$', payload)
                if not mo:
                    mo = re.search('(?P<sep>\r\n|\r|\n)$', payload)
                    if not mo:
                        raise Errors.BoundaryError(
                          'No terminating boundary and no trailing empty line')
                linesep = mo.group('sep')
                terminator = len(payload)
            # We split the textual payload on the boundary separator, which
            # includes the trailing newline. If the container is a
            # multipart/digest then the subparts are by default message/rfc822
            # instead of text/plain.  In that case, they'll have a optional
            # block of MIME headers, then an empty line followed by the
            # message headers.
            parts = re.split(
                linesep + re.escape(separator) + r'[ \t]*' + linesep,
                payload[start:terminator])
            for part in parts:
                if isdigest:
                    if part.startswith(linesep):
                        # There's no header block so create an empty message
                        # object as the container, and lop off the newline so
                        # we can parse the sub-subobject
                        msgobj = self._class()
                        part = part[len(linesep):]
                    else:
                        parthdrs, part = part.split(linesep+linesep, 1)
                        # msgobj in this case is the "message/rfc822" container
                        msgobj = self.parsestr(parthdrs, headersonly=1)
                    # while submsgobj is the message itself
                    msgobj.set_default_type('message/rfc822')
                    maintype = msgobj.get_content_maintype()
                    if maintype in ('message', 'multipart'):
                        submsgobj = self.parsestr(part)
                        msgobj.attach(submsgobj)
                    else:
                        msgobj.set_payload(part)
                else:
                    msgobj = self.parsestr(part)
                container.preamble = preamble
                container.epilogue = epilogue
                container.attach(msgobj)
        elif container.get_main_type() == 'multipart':
            # Very bad.  A message is a multipart with no boundary!
            raise Errors.BoundaryError(
                'multipart message with no defined boundary')
        elif container.get_type() == 'message/delivery-status':
            # This special kind of type contains blocks of headers separated
            # by a blank line.  We'll represent each header block as a
            # separate Message object
            blocks = []
            while True:
                blockmsg = self._class()
                self._parseheaders(blockmsg, fp)
                if not len(blockmsg):
                    # No more header blocks left
                    break
                blocks.append(blockmsg)
            container.set_payload(blocks)
        elif container.get_main_type() == 'message':
            # Create a container for the payload, but watch out for there not
            # being any headers left
            container.set_payload(fp.read())
 	    fp = StringIO.StringIO(container.get_payload(decode=True))
            try:
                msg = self.parse(fp)
            except Errors.HeaderParseError:
                msg = self._class()
                self._parsebody(msg, fp)
            container.set_payload([msg])
        else:
-            text = fp.read()
+          BytesGenerator._dispatch(self,msg)
            if firstbodyline is not None:
                text = firstbodyline + '\n' + text
            container.set_payload(text)
-def unquote(str):
+def unquote(s):
    """Remove quotes from a string."""
-    if len(str) > 1:
+    if len(s) > 1:
-        if str.startswith('"'):
+        if s.startswith('"'):
-	  if str.endswith('"'):
+          if s.endswith('"'):
-            str = str[1:-1]
+            s = s[1:-1]
-	  else: # remove garbage after trailing quote
+          else: # remove garbage after trailing quote
-	    try: str = str[1:str[1:].index('"')+1]
+            try: s = s[1:s[1:].index('"')+1]
-	    except: return str
+            except:
-	  return str.replace('\\\\', '\\').replace('\\"', '"')
+              return s
-        if str.startswith('<') and str.endswith('>'):
+          return s.replace('\\\\', '\\').replace('\\"', '"')
-            return str[1:-1]
+        if s.startswith('<') and s.endswith('>'):
-    return str
+          return s[1:-1]
-
+    return s
 from types import TupleType
 def _unquotevalue(value):
-  if isinstance(value, TupleType):
+  if isinstance(value, tuple):
      return value[0], value[1], unquote(value[2])
  else:
      return unquote(value)
-email.Message._unquotevalue = _unquotevalue
+#email.Message._unquotevalue = _unquotevalue
-def _parseparam(str):
+from email.message import _parseparam
    plist = []
    while str[:1] == ';':
 	str = str[1:]
 	end = str.find(';')
 	while end > 0 and (str.count('"',0,end) & 1):
 	  end = str.find(';',end + 1)
 	if end < 0: end = len(str)
 	f = str[:end]
 	if '=' in f:
 	    i = f.index('=')
 	    f = f[:i].strip().lower() + \
 		    '=' + f[i+1:].strip()
 	plist.append(f.strip())
 	str = str[end:]
    return plist
-# Enhance email.Message 
+## Enhance email.message.Message
-# - Fix getparam to parse attributes IE style
+#
-# - Provide a headerchange event for integration with Milter
+# Tracks modifications to headers of body or any part independently.
 #   Headerchange attribute can be assigned a function to be called when
 #   changing headers.  The signature is:
 #	headerchange(msg,name,value) -> None
 # - Track modifications to headers of body or any part independently
 class MimeMessage(Message):
  """Version of email.Message.Message compatible with old mime module
  """
  def __init__(self,fp=None,seekable=1):
    self.headerchange = None
    self.submsg = None
    Message.__init__(self)
-    self.fp = fp
+    self.submsg = None
-    if fp:
+    self.modified = False
-      parser = MimeParser(MimeMessage)
+  ## @var headerchange
-      self.startofheaders = fp.tell()
+  # Provide a headerchange event for integration with Milter.
-      parser._parseheaders(self,fp)
+  #   The headerchange attribute can be assigned a function to be called when
-      self.startofbody = fp.tell()
+  #   changing headers.  The signature is:
-      parser._parsebody(self,fp)
+  #   headerchange(msg,name,value) -> None
-    for part in self.walk():
+    self.headerchange = None
      part.modified = False
-  def rewindbody(self):
+  def get_param(self, param, failobj=None, header='content-type', unquote=True):
-    return self.fp.seek(self.startofbody)
+    val = Message.get_param(self,param,failobj,header,unquote)
    if val != failobj and param == 'boundary' and unquote:
      # unquote boundaries an extra time, test case testDefang5
      return _unquotevalue(val)
    return val
-  # override param parsing to handle quotes
+  getfilename = Message.get_filename
  def _get_params_preserve(self,failobj=None,header='content-type'):
    "Return all parameter names and values. Use parser that handles quotes."
    missing = []
    value = self.get(header, missing)
    if value is missing:
 	return failobj
    params = []
    for p in _parseparam(';' + value):
 	  try:
 	      name, val = p.split('=', 1)
 	      name = name.strip()
 	      val = val.strip()
 	  except ValueError:
 	      # Must have been a bare attribute
 	      name = p.strip()
 	      val = ''
 	  params.append((name, val))
    params = Utils.decode_params(params)
    return params
  def get_filename(self, failobj=None):
      """Return the filename associated with the payload if present.
      The filename is extracted from the Content-Disposition header's
      `filename' parameter, and it is unquoted.
      """
      missing = []
      filename = self.get_param('filename', missing, 'content-disposition')
      if filename is missing:
 	  return failobj
      if isinstance(filename, TupleType):
 	  # It's an RFC 2231 encoded parameter
 	  newvalue = _unquotevalue(filename)
 	  if newvalue[0]:
 	    return unicode(newvalue[2], newvalue[0])
 	  return unicode(newvalue[2])
      else:
 	  newvalue = _unquotevalue(filename.strip())
 	  return newvalue
  getfilename = get_filename
  ismultipart = Message.is_multipart
  getheaders = Message.get_all
  gettype = Message.get_content_type
@@ -313,27 +204,34 @@ class MimeMessage(Message):
  def getname(self):
    return self.get_param('name')
-  def getnames(self):
+  def getnames(self,scan_zip=False):
    """Return a list of (attr,name) pairs of attributes that IE might
       interpret as a name - and hence decide to execute this message."""
    names = []
-    for attr,val in self.get_params([]):
+    for attr,val in self._get_params_preserve([],'content-type'):
-      if isinstance(val, TupleType):
+      if isinstance(val, tuple):
 	  # It's an RFC 2231 encoded parameter
-	  newvalue = _unquotevalue(val)
+          newvalue = _unquotevalue(val)
-	  if val[0]:
+          if val[0]:
-	    val =  unicode(newvalue[2], newvalue[0])
+            val =  unicode(newvalue[2], newvalue[0])
-	  else:
+          else:
-	    val = unicode(newvalue[2])
+            val = unicode(newvalue[2])
      else:
-	  val = _unquotevalue(val.strip())
+          val = _unquotevalue(val.strip())
      names.append((attr,val))
-    return names + [("filename",self.get_filename())]
+    names += [("filename",self.get_filename())]
    if scan_zip:
      for key,name in tuple(names):	# copy by converting to tuple
        if name and name.lower().endswith('.zip'):
          txt = self.get_payload(decode=True)
          if txt.strip():
            names += zipnames(txt)
    return names
  def ismodified(self):
    "True if this message or a subpart has been modified."
    if not self.is_multipart():
-      if self.submsg:
+      if isinstance(self.submsg,Message):
        return self.submsg.ismodified()
      return self.modified
    if self.modified: return True
@@ -343,16 +241,22 @@ class MimeMessage(Message):
  def dump(self,file,unixfrom=False):
    "Write this message (and all subparts) to a file"
-    g = Generator(file)
+    g = MimeGenerator(file)
    g.flatten(self,unixfrom=unixfrom)
  def as_bytes(self, unixfrom=False):
      "Return the entire formatted message as a string."
      fp = BytesIO()
      self.dump(fp,unixfrom=unixfrom)
      return fp.getvalue()
  def getencoding(self):
    return self.get('content-transfer-encoding',None)
  # Decode body to stream according to transfer encoding, return encoding name
-  def decode(self,filter):
+  def decode(self,filt):
    try:
-      filter.write(self.get_payload(decode=True))
+      filt.write(self.get_payload(decode=True))
    except:
      pass
    return self.getencoding()
@@ -363,7 +267,7 @@ class MimeMessage(Message):
  def __setitem__(self, name, value):
    rc = Message.__setitem__(self,name,value)
    self.modified = True
-    if self.headerchange: self.headerchange(self,name,value)
+    if self.headerchange: self.headerchange(self,name,str(value))
    return rc
  def __delitem__(self, name):
@@ -374,7 +278,7 @@ class MimeMessage(Message):
  def get_payload(self,i=None,decode=False):
    msg = self.submsg
-    if msg and msg.ismodified():
+    if isinstance(msg,Message) and msg.ismodified():
      self.set_payload([msg])
    return Message.get_payload(self,i,decode)
@@ -388,24 +292,33 @@ class MimeMessage(Message):
    self.submsg = None
  def get_submsg(self):
-    if self.get_content_type().lower() == 'message/rfc822':
+    t = self.get_content_type().lower()
    if t == 'message/rfc822' or t.startswith('multipart/'):
      if not self.submsg:
        txt = self.get_payload()
-	if type(txt) == str:
+        if type(txt) == str:
-	  txt = self.get_payload(decode=True)
+          txt = self.get_payload(decode=True)
-	  parser = MimeParser(MimeMessage)
+          self.submsg = email.message_from_string(txt,MimeMessage)
-	  self.submsg = parser.parsestr(txt)
+          for part in self.submsg.walk():
-	else:
+            part.modified = False
-	  self.submsg = txt[0]
+        else:
          self.submsg = txt[0]
      return self.submsg
    return None
 def message_from_file(fp):
  msg = message_from_binary_file(fp,MimeMessage)
  for part in msg.walk():
    part.modified = False
  assert not msg.ismodified()
  return msg
 extlist = ''.join("""
 ade,adp,asd,asx,asp,bas,bat,chm,cmd,com,cpl,crt,dll,exe,hlp,hta,inf,ins,isp,js,
 jse,lnk,mdb,mde,msc,msi,msp,mst,ocx,pcd,pif,reg,scr,sct,shs,url,vb,vbe,vbs,wsc,
 wsf,wsh 
 """.split())
-bad_extensions = map(lambda x:'.' + x,extlist.split(','))
+bad_extensions = ['.' + x for x in extlist.split(',')]
 def check_ext(name):
  "Check a name for dangerous Winblows extensions."
@@ -421,30 +334,36 @@ A copy of your original message was saved as '%s:%s'.
 See your administrator.
 """
-def check_name(msg,savname=None,ckname=check_ext):
+def check_name(msg,savname=None,ckname=check_ext,scan_zip=False):
  "Replace attachment with a warning if its name is suspicious."
-  for (key,name) in msg.getnames():
+  try:
-    badname = ckname(name)
+    for key,name in msg.getnames(scan_zip):
-    if badname:
+      badname = ckname(name)
-      hostname = socket.gethostname()
+      if badname:
-      msg.set_payload(virus_msg % (badname,hostname,savname))
+        if key == 'zipname':
-      del msg["content-type"]
+          badname = msg.get_filename()
-      del msg["content-disposition"]
+        break
-      del msg["content-transfer-encoding"]
+    else:
-      name = "WARNING.TXT"
+      return Milter.CONTINUE
-      msg["Content-Type"] = "text/plain; name="+name
+  except zipfile.BadZipfile:
-      break
+    # a ZIP that is not a zip is very suspicious
    badname = msg.get_filename()
  hostname = socket.gethostname()
  msg.set_payload(virus_msg % (badname,hostname,savname))
  del msg["content-type"]
  del msg["content-disposition"]
  del msg["content-transfer-encoding"]
  name = "WARNING.TXT"
  msg["Content-Type"] = "text/plain; name="+name
  return Milter.CONTINUE
 import email.Iterators
 def check_attachments(msg,check):
  """Scan attachments.
 msg	MimeMessage
 check	function(MimeMessage): int
 	Return CONTINUE, REJECT, ACCEPT
  """
-  if msg.ismultipart() and not msg.get_content_type() == 'message/rfc822':
+  if msg.is_multipart():
    for i in msg.get_payload():
      rc = check_attachments(i,check)
      if rc != Milter.CONTINUE: return rc
@@ -453,41 +372,51 @@ check	function(MimeMessage): int
 # save call context for Python without nested_scopes
 class _defang:
-  def __init__(self,savname,check):
+
-    self._savname = savname
+  def __init__(self,scan_html=True):
-    self._check = check
+    self.scan_html = scan_html
-    self.scan_rfc822 = True
+
    self.scan_html = True
  def _chk_name(self,msg):
-    rc = check_name(msg,self._savname,self._check)
+    rc = check_name(msg,self._savname,self._check,self.scan_zip)
    if self.scan_html:
      check_html(msg,self._savname)	# remove scripts from HTML
    if self.scan_rfc822:
      msg = msg.get_submsg()
-      if msg: return check_attachments(msg,self._chk_name)
+      if isinstance(msg,Message):
        return check_attachments(msg,self._chk_name)
    return rc
-# emulate old defang function
+  def __call__(self,msg,savname=None,check=check_ext,scan_rfc822=True,
-def defang(msg,savname=None,check=check_ext):
+		scan_zip=False):
-  """Compatible entry point.
+    """Compatible entry point.
-Replace all attachments with dangerous names."""
+    Replace all attachments with dangerous names."""
-  check_attachments(msg,_defang(savname,check)._chk_name)
+    self._savname = savname
-  if msg.ismodified():
+    self._check = check
-    return 1;
+    self.scan_rfc822 = scan_rfc822
-  return 0
+    self.scan_zip = scan_zip
    check_attachments(msg,self._chk_name)
    if msg.ismodified():
      return True
    return False
-import sgmllib
+# emulate old defang function
 defang = _defang()
 if sys.version < '3.0.0':
    from sgmllib import SGMLParser as HTMLParser
 else:
    from Milter.sgmllib import SGMLParser as HTMLParser
 import re
 declname = re.compile(r'[a-zA-Z][-_.a-zA-Z0-9]*\s*')
 declstringlit = re.compile(r'(\'[^\']*\'|"[^"]*")\s*')
-class SGMLFilter(sgmllib.SGMLParser):
+class SGMLFilter(HTMLParser):
  """Parse HTML and pass through all constructs unchanged.  It is intended for
     derived classes to implement exceptional processing for selected cases.
  """
  def __init__(self,out):
-    sgmllib.SGMLParser.__init__(self)
+    HTMLParser.__init__(self)
    self.out = out
  def handle_comment(self,comment):
@@ -518,7 +447,7 @@ class SGMLFilter(sgmllib.SGMLParser):
    self.out.write("<!%s>" % data)
  def write(self,buf):
-    "Act like a writer.  Why doesn't SGMLParser do this by default?"
+    "Act like a writer.  Why doesn't HTMLParser do this by default?"
    self.feed(buf)
  # Python-2.1 sgmllib rejects illegal declarations.  Since various Microsoft
@@ -531,25 +460,25 @@ class SGMLFilter(sgmllib.SGMLParser):
      n = len(rawdata)
      j = i + 2
      while j < n:
-	  c = rawdata[j]
+          c = rawdata[j]
-	  if c == ">":
+          if c == ">":
-	      # end of declaration syntax
+              # end of declaration syntax
-	      self.handle_special(rawdata[i+2:j])
+              self.handle_special(rawdata[i+2:j])
-	      return j + 1
+              return j + 1
-	  if c in "\"'":
+          if c in "\"'":
-	      m = declstringlit.match(rawdata, j)
+              m = declstringlit.match(rawdata, j)
-	      if not m:
+              if not m:
 		  # incomplete or an error?
-		  return -1
+                  return -1
-	      j = m.end()
+              j = m.end()
-	  elif c in "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ":
+          elif c in "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ":
-	      m = declname.match(rawdata, j)
+              m = declname.match(rawdata, j)
-	      if not m:
+              if not m:
-		  # incomplete or an error?
+                  # incomplete or an error?
-		  return -1
+                  return -1
-	      j = m.end()
+              j = m.end()
-	  else:
+          else:
-	      j += 1
+              j += 1
      # end of buffer between tokens
      return -1
@@ -561,17 +490,19 @@ class HTMLScriptFilter(SGMLFilter):
    self.modified = False
    self.msg = "<!-- WARNING: embedded script removed -->"
  def start_script(self,unused):
    #print('beg script',unused)
    self.ignoring += 1
    self.modified = True
    self.out.write(self.msg)
  def end_script(self):
    #print('end script')
    self.ignoring -= 1
    if not self.ignoring:
      self.out.write(self.msg)
  def handle_data(self,data):
    if not self.ignoring: SGMLFilter.handle_data(self,data)
  def handle_comment(self,comment):
    if not self.ignoring: SGMLFilter.handle_comment(self,comment)
 def check_html(msg,savname=None):
  "Remove scripts from HTML attachments."
  msgtype = msg.get_content_type().lower()
@@ -579,17 +510,17 @@ def check_html(msg,savname=None):
  if msgtype == 'application/octet-stream':
    for (attr,name) in msg.getnames():
      if name and name.lower().endswith(".htm"):
-	msgtype = 'text/html'
+        msgtype = 'text/html'
  if msgtype == 'text/html':
-    out = StringIO.StringIO()
+    out = StringIO()
-    filter = HTMLScriptFilter(out)
+    htmlfilter = HTMLScriptFilter(out)
    try:
-      filter.write(msg.get_payload(decode=True))
+      htmlfilter.write(msg.get_payload(decode=True).decode())
-      filter.close()
+      htmlfilter.close()
    #except sgmllib.SGMLParseError:
    except:
-      #mimetools.copyliteral(msg.get_payload(),open('debug.out','w')
+      mimetools.copyliteral(msg.get_payload(),open('debug.out','wb'))
-      filter.close()
+      htmlfilter.close()
      hostname = socket.gethostname()
      msg.set_payload(
  "An HTML attachment could not be parsed.  The original is saved as '%s:%s'"
@@ -600,8 +531,24 @@ def check_html(msg,savname=None):
      name = "WARNING.TXT"
      msg["Content-Type"] = "text/plain; name="+name
      return Milter.CONTINUE
-    if filter.modified:
+    if htmlfilter.modified:
      msg.set_payload(out)	# remove embedded scripts
      del msg["content-transfer-encoding"]
      email.Encoders.encode_quopri(msg)
  return Milter.CONTINUE
 if __name__ == '__main__':
  def _list_attach(msg):
    t = msg.get_content_type()
    p = msg.get_payload(decode=True)
    print(msg.get_filename(),msg.get_content_type(),type(p))
    msg = msg.get_submsg()
    if isinstance(msg,Message):
      return check_attachments(msg,_list_attach)
    return Milter.CONTINUE
  for fname in sys.argv[1:]:
    fp = open(fname,'rb')
    msg = message_from_file(fp)
    email.iterators._structure(msg)
    check_attachments(msg,_list_attach)
@@ -0,0 +1,6 @@
 Check	Description		Justification
 E111	req indent 4		Creates more continuation lines
 E114	req indent 4 cmnt	Same
 E231	req space after ,	makes calls like print() harder to read
 E266	no ## 			Required by Doxygen
 W291	trailing spaces in cmnt	Needed for space preserving para reformat
@@ -0,0 +1,5 @@
 #!/bin/sh
 ignore=`awk -F\\\\t '{ print $1 }' pep8.dat | tail -n +2`
 a=(${ignore})
 list=$(echo "${a[@]}"|tr '[ ]' '[,]')
 echo python3 -m pep8 --ignore="$list" $@
@@ -0,0 +1,197 @@
 %if 0%{?rhel} == 7
 %define pythonbase python34
 %else
 %define pythonbase python3
 %endif
 %define __python python3
 %define libdir %{_libdir}/pymilter
 %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
 Summary: Python interface to sendmail milter API
 Name: %{pythonbase}-pymilter
 Version: 1.0.2
 Release: 1%{dist}
 Source: https://github.com/sdgathman/pymilter/archive/pymilter-%{version}.tar.gz
 Source1: pymilter.te
 # Patch miltermodule to python3
 # FIXME: replace with reverse patch at some point (make py3 the default)
 Patch: milter.patch
 License: GPLv2+
 Group: Development/Libraries
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 Url: http://www.bmsi.com/python/milter.html
 # python-2.6.4 gets RuntimeError: not holding the import lock
 Requires: %{pythonbase} >= 2.6.5, sendmail-milter >= 8.13
 %if 0%{?fedora} >= 23
 # Need python2.6 specific pydns, not the version for system python
 Recommends: %{pythonbase}-pydns
 %endif
 # Needed for callbacks, not a core function but highly useful for milters
 BuildRequires: ed, %{pythonbase}-devel, sendmail-devel >= 8.13
 %description
 This is a python extension module to enable python scripts to
 attach to sendmail's libmilter functionality.  Additional python
 modules provide for navigating and modifying MIME parts, sending
 DSNs, and doing CBV.
 %package selinux
 Summary: SELinux policy module for pymilter
 Group: System Environment/Base
 Requires: policycoreutils, selinux-policy, %{name}
 BuildRequires: policycoreutils, checkpolicy
 %if 0%{?epel} >= 6
 BuildRequires: policycoreutils-python
 %else
 BuildRequires: policycoreutils-python-utils
 %endif
 %description selinux
 SELinux policy module for using pymilter with sendmail with selinux enforcing
 %prep
 %setup -q -n pymilter-%{version}
 %patch -p1 -b .py3
 cp %{SOURCE1} pymilter.te
 %build
 env CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build
 checkmodule -m -M -o pymilter.mod pymilter.te
 semodule_package -o pymilter.pp -m pymilter.mod
 %install
 rm -rf $RPM_BUILD_ROOT
 %{__python} setup.py install --root=$RPM_BUILD_ROOT
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/milter
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/milter
 mkdir -p $RPM_BUILD_ROOT%{libdir}
 # install selinux modules
 mkdir -p %{buildroot}%{_datadir}/selinux/targeted
 cp -p pymilter.pp %{buildroot}%{_datadir}/selinux/targeted
 %files
 %defattr(-,root,root,-)
 %doc README ChangeLog NEWS TODO CREDITS sample.py milter-template.py
 %{python_sitearch}/*
 %{libdir}
 %dir %attr(0755,mail,mail) %{_localstatedir}/run/milter
 %dir %attr(0755,mail,mail) %{_localstatedir}/log/milter
 %files selinux
 %doc pymilter.te
 %{_datadir}/selinux/targeted/*
 %clean
 rm -rf $RPM_BUILD_ROOT
 %post selinux
 /usr/sbin/semodule -s targeted -i %{_datadir}/selinux/targeted/pymilter.pp \
 	&>/dev/null || :
 %postun selinux
 if [ $1 -eq 0 ] ; then
 /usr/sbin/semodule -s targeted -r pymilter &> /dev/null || :
 fi
 %changelog
 * Tue Dec 13 2016 Stuart Gathman <stuart@gathman.org> 1.0.2-1
 - Fix the last setsymlist misspelling.  Support in test framework and tests.
 - Add @symlist decorator.
 - Change body callback and a few other APIs to use bytes instead of str.
 * Tue Sep 20 2016 Stuart Gathman <stuart@gathman.org> 1.0.1-1
 - Support python3
 * Sat Mar  1 2014 Stuart Gathman <stuart@gathman.org> 1.0-2
 - Remove start.sh to track EPEL repository, suggest daemonize as replacement
 - Selinux subpackage should not care about pymilter version
 * Wed Jun 26 2013 Stuart Gathman <stuart@gathman.org> 1.0-1
 - Allow ACCEPT as untrapped exception policy
 - Optional dir for getaddrset and getaddrdict in Milter.config
 - Show registered milter name in untrapped exception message.
 - Include selinux subpackage
 - Provide Milter.greylist export and Milter.greylist import to migrate data
 * Sat Mar  9 2013 Stuart Gathman <stuart@bmsi.com> 0.9.8-1
 - Add Milter.test module for unit testing milters.
 - Fix typo that prevented setsymlist from being active.
 - Change untrapped exception message to:
 - "pymilter: untrapped exception in milter app"
 * Thu Apr 12 2012 Stuart Gathman <stuart@bmsi.com> 0.9.7-1
 - Raise RuntimeError when result != CONTINUE for @noreply and @nocallback
 - Remove redundant table in miltermodule
 - Fix CNAME chain duplicating TXT records in Milter.dns (from pyspf).
 * Sat Feb 25 2012 Stuart Gathman <stuart@bmsi.com> 0.9.6-1
 - Raise ValueError on unescaped '%' passed to setreply
 - Grace time at end of Greylist window
 * Fri Aug 19 2011 Stuart Gathman <stuart@bmsi.com> 0.9.5-1
 - Print milter.error for invalid callback return type.
  (Since stacktrace is empty, the TypeError exception is confusing.)
 - Fix milter-template.py
 - Tweak Milter.utils.addr2bin and Milter.dynip to handle IP6
 * Tue Mar 02 2010 Stuart Gathman <stuart@bmsi.com> 0.9.4-1
 - Handle IP6 in Milter.utils.iniplist()
 - python-2.6
 * Thu Jul 02 2009 Stuart Gathman <stuart@bmsi.com> 0.9.3-1
 - Handle source route in Milter.utils.parse_addr()
 - Fix default arg in chgfrom.
 - Disable negotiate callback for libmilter < 8.14.3 (1,0,1)
 * Tue Jun 02 2009 Stuart Gathman <stuart@bmsi.com> 0.9.2-3
 - Change result of @noreply callbacks to NOREPLY when so negotiated.
 * Tue Jun 02 2009 Stuart Gathman <stuart@bmsi.com> 0.9.2-2
 - Cache callback negotiation
 * Thu May 28 2009 Stuart Gathman <stuart@bmsi.com> 0.9.2-1
 - Add new callback support: data,negotiate,unknown
 - Auto-negotiate protocol steps 
 * Thu Feb 05 2009 Stuart Gathman <stuart@bmsi.com> 0.9.1-1
 - Fix missing address of optional param to addrcpt
 * Wed Jan 07 2009 Stuart Gathman <stuart@bmsi.com> 0.9.0-4
 - Stop using INSTALLED_FILES to make Fedora happy
 - Remove config flag from start.sh glue
 - Own /var/log/milter
 - Use _localstatedir
 * Wed Jan 07 2009 Stuart Gathman <stuart@bmsi.com> 0.9.0-2
 - Changes to meet Fedora standards
 * Mon Nov 24 2008 Stuart Gathman <stuart@bmsi.com> 0.9.0-1
 - Split pymilter into its own CVS module
 - Support chgfrom and addrcpt_par
 - Support NS records in Milter.dns
 * Mon Aug 25 2008 Stuart Gathman <stuart@bmsi.com> 0.8.10-2
 - /var/run/milter directory must be owned by mail
 * Mon Aug 25 2008 Stuart Gathman <stuart@bmsi.com> 0.8.10-1
 - improved parsing into email and fullname (still 2 self test failures)
 - implement no-DSN CBV, reduce full DSNs
 * Mon Sep 24 2007 Stuart Gathman <stuart@bmsi.com> 0.8.9-1
 - Use ifarch hack to build milter and milter-spf packages as noarch
 - Remove spf dependency from dsn.py, add dns.py
 * Fri Jan 05 2007 Stuart Gathman <stuart@bmsi.com> 0.8.8-1
 - move AddrCache, parse_addr, iniplist to Milter package
 - move parse_header to Milter.utils
 - fix plock for missing source and can't change owner/group
 - split out pymilter and pymilter-spf packages
 - move milter apps to /usr/lib/pymilter
 * Sat Nov 04 2006 Stuart Gathman <stuart@bmsi.com> 0.8.7-1
 - SPF moved to pyspf RPM
 * Tue May 23 2006 Stuart Gathman <stuart@bmsi.com> 0.8.6-2
 - Support CBV timeout
@@ -0,0 +1,196 @@
 %define __python python2
 %if 0%{?rhel} == 6
 %define pythonbase python
 %else
 %define pythonbase python2
 %endif
 %define libdir %{_libdir}/pymilter
 %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
 Summary: Python interface to sendmail milter API
 Name: %{pythonbase}-pymilter
 Version: 1.0.2
 Release: 1%{dist}
 Source: https://github.com/sdgathman/pymilter/archive/pymilter-%{version}.tar.gz
 Source1: pymilter.te
 # Patch miltermodule to python3
 # FIXME: replace with reverse patch at some point (make py3 the default)
 Patch: milter.patch
 License: GPLv2+
 Group: Development/Libraries
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 Url: http://www.bmsi.com/python/milter.html
 # python-2.6.4 gets RuntimeError: not holding the import lock
 Requires: %{pythonbase} >= 2.6.5, sendmail-milter >= 8.13
 %if 0%{?fedora} >= 23
 # Need python2.6 specific pydns, not the version for system python
 Recommends: %{pythonbase}-pydns
 %endif
 # Needed for callbacks, not a core function but highly useful for milters
 BuildRequires: ed, %{pythonbase}-devel, sendmail-devel >= 8.13
 %description
 This is a python extension module to enable python scripts to
 attach to sendmail's libmilter functionality.  Additional python
 modules provide for navigating and modifying MIME parts, sending
 DSNs, and doing CBV.
 %package selinux
 Summary: SELinux policy module for pymilter
 Group: System Environment/Base
 Requires: policycoreutils, selinux-policy, %{name}
 BuildRequires: policycoreutils, checkpolicy
 %if 0%{?epel} >= 6
 BuildRequires: policycoreutils-python
 %else
 BuildRequires: policycoreutils-python-utils
 %endif
 %description selinux
 SELinux policy module for using pymilter with sendmail with selinux enforcing
 %prep
 %setup -q -n pymilter-%{version}
 cp %{SOURCE1} pymilter.te
 %build
 env CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build
 checkmodule -m -M -o pymilter.mod pymilter.te
 semodule_package -o pymilter.pp -m pymilter.mod
 %install
 rm -rf $RPM_BUILD_ROOT
 %{__python} setup.py install --root=$RPM_BUILD_ROOT
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/milter
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/milter
 mkdir -p $RPM_BUILD_ROOT%{libdir}
 # install selinux modules
 mkdir -p %{buildroot}%{_datadir}/selinux/targeted
 cp -p pymilter.pp %{buildroot}%{_datadir}/selinux/targeted
 %files
 %defattr(-,root,root,-)
 %doc README ChangeLog NEWS TODO CREDITS sample.py milter-template.py
 %{python_sitearch}/*
 %{libdir}
 %dir %attr(0755,mail,mail) %{_localstatedir}/run/milter
 %dir %attr(0755,mail,mail) %{_localstatedir}/log/milter
 %files selinux
 %doc pymilter.te
 %{_datadir}/selinux/targeted/*
 %clean
 rm -rf $RPM_BUILD_ROOT
 %post selinux
 /usr/sbin/semodule -s targeted -i %{_datadir}/selinux/targeted/pymilter.pp \
 	&>/dev/null || :
 %postun selinux
 if [ $1 -eq 0 ] ; then
 /usr/sbin/semodule -s targeted -r pymilter &> /dev/null || :
 fi
 %changelog
 * Tue Dec 13 2016 Stuart Gathman <stuart@gathman.org> 1.0.2-1
 - Fix the last setsymlist misspelling.  Support in test framework and tests.
 - Add @symlist decorator.
 - Change body callback and a few other APIs to use bytes instead of str.
 * Tue Sep 20 2016 Stuart Gathman <stuart@gathman.org> 1.0.1-1
 - Support python3
 * Sat Mar  1 2014 Stuart Gathman <stuart@gathman.org> 1.0-2
 - Remove start.sh to track EPEL repository, suggest daemonize as replacement
 - Selinux subpackage should not care about pymilter version
 * Wed Jun 26 2013 Stuart Gathman <stuart@gathman.org> 1.0-1
 - Allow ACCEPT as untrapped exception policy
 - Optional dir for getaddrset and getaddrdict in Milter.config
 - Show registered milter name in untrapped exception message.
 - Include selinux subpackage
 - Provide Milter.greylist export and Milter.greylist import to migrate data
 * Sat Mar  9 2013 Stuart Gathman <stuart@bmsi.com> 0.9.8-1
 - Add Milter.test module for unit testing milters.
 - Fix typo that prevented setsymlist from being active.
 - Change untrapped exception message to:
 - "pymilter: untrapped exception in milter app"
 * Thu Apr 12 2012 Stuart Gathman <stuart@bmsi.com> 0.9.7-1
 - Raise RuntimeError when result != CONTINUE for @noreply and @nocallback
 - Remove redundant table in miltermodule
 - Fix CNAME chain duplicating TXT records in Milter.dns (from pyspf).
 * Sat Feb 25 2012 Stuart Gathman <stuart@bmsi.com> 0.9.6-1
 - Raise ValueError on unescaped '%' passed to setreply
 - Grace time at end of Greylist window
 * Fri Aug 19 2011 Stuart Gathman <stuart@bmsi.com> 0.9.5-1
 - Print milter.error for invalid callback return type.
  (Since stacktrace is empty, the TypeError exception is confusing.)
 - Fix milter-template.py
 - Tweak Milter.utils.addr2bin and Milter.dynip to handle IP6
 * Tue Mar 02 2010 Stuart Gathman <stuart@bmsi.com> 0.9.4-1
 - Handle IP6 in Milter.utils.iniplist()
 - python-2.6
 * Thu Jul 02 2009 Stuart Gathman <stuart@bmsi.com> 0.9.3-1
 - Handle source route in Milter.utils.parse_addr()
 - Fix default arg in chgfrom.
 - Disable negotiate callback for libmilter < 8.14.3 (1,0,1)
 * Tue Jun 02 2009 Stuart Gathman <stuart@bmsi.com> 0.9.2-3
 - Change result of @noreply callbacks to NOREPLY when so negotiated.
 * Tue Jun 02 2009 Stuart Gathman <stuart@bmsi.com> 0.9.2-2
 - Cache callback negotiation
 * Thu May 28 2009 Stuart Gathman <stuart@bmsi.com> 0.9.2-1
 - Add new callback support: data,negotiate,unknown
 - Auto-negotiate protocol steps 
 * Thu Feb 05 2009 Stuart Gathman <stuart@bmsi.com> 0.9.1-1
 - Fix missing address of optional param to addrcpt
 * Wed Jan 07 2009 Stuart Gathman <stuart@bmsi.com> 0.9.0-4
 - Stop using INSTALLED_FILES to make Fedora happy
 - Remove config flag from start.sh glue
 - Own /var/log/milter
 - Use _localstatedir
 * Wed Jan 07 2009 Stuart Gathman <stuart@bmsi.com> 0.9.0-2
 - Changes to meet Fedora standards
 * Mon Nov 24 2008 Stuart Gathman <stuart@bmsi.com> 0.9.0-1
 - Split pymilter into its own CVS module
 - Support chgfrom and addrcpt_par
 - Support NS records in Milter.dns
 * Mon Aug 25 2008 Stuart Gathman <stuart@bmsi.com> 0.8.10-2
 - /var/run/milter directory must be owned by mail
 * Mon Aug 25 2008 Stuart Gathman <stuart@bmsi.com> 0.8.10-1
 - improved parsing into email and fullname (still 2 self test failures)
 - implement no-DSN CBV, reduce full DSNs
 * Mon Sep 24 2007 Stuart Gathman <stuart@bmsi.com> 0.8.9-1
 - Use ifarch hack to build milter and milter-spf packages as noarch
 - Remove spf dependency from dsn.py, add dns.py
 * Fri Jan 05 2007 Stuart Gathman <stuart@bmsi.com> 0.8.8-1
 - move AddrCache, parse_addr, iniplist to Milter package
 - move parse_header to Milter.utils
 - fix plock for missing source and can't change owner/group
 - split out pymilter and pymilter-spf packages
 - move milter apps to /usr/lib/pymilter
 * Sat Nov 04 2006 Stuart Gathman <stuart@bmsi.com> 0.8.7-1
 - SPF moved to pyspf RPM
 * Tue May 23 2006 Stuart Gathman <stuart@bmsi.com> 0.8.6-2
 - Support CBV timeout
@@ -0,0 +1,13 @@
 module pymilter 1.0;
 require {
 	type sendmail_t;
 	type var_run_t;
 	type initrc_t;
 	class sock_file { write getattr };
 	class unix_stream_socket connectto;
 }
 #============= sendmail_t ==============
 allow sendmail_t initrc_t:unix_stream_socket connectto;
 allow sendmail_t var_run_t:sock_file { write getattr };
@@ -1,4 +1,4 @@
-
+from __future__ import print_function
 # A simple milter.
 # Author: Stuart D. Gathman <stuart@bmsi.com>
@@ -7,8 +7,10 @@
 import sys
 import os
-import StringIO
+try:
-import rfc822
+  from io import BytesIO
 except:
  from StringIO import StringIO as BytesIO
 import mime
 import Milter
 import tempfile
@@ -21,9 +23,9 @@ class sampleMilter(Milter.Milter):
  "Milter to replace attachments poisonous to Windows with a WARNING message."
  def log(self,*msg):
-    print "%s [%d]" % (strftime('%Y%b%d %H:%M:%S'),self.id),
+    print("%s [%d]" % (strftime('%Y%b%d %H:%M:%S'),self.id),end=None)
-    for i in msg: print i,
+    for i in msg: print(i,end=None)
-    print
+    print()
  def __init__(self):
    self.tempname = None
@@ -31,16 +33,25 @@ class sampleMilter(Milter.Milter):
    self.fp = None
    self.bodysize = 0
    self.id = Milter.uniqueID()
    self.user = None
  # multiple messages can be received on a single connection
  # envfrom (MAIL FROM in the SMTP protocol) seems to mark the start
  # of each message.
  @Milter.symlist('{auth_authen}')
  @Milter.noreply
  def envfrom(self,f,*str):
-    self.log("mail from",f,str)
+    "start of MAIL transaction"
-    self.fp = StringIO.StringIO()
+    self.fp = BytesIO()
    self.tempname = None
    self.mailfrom = f
    self.bodysize = 0
    self.user = self.getsymval('{auth_authen}')
    self.auth_type = self.getsymval('{auth_type}')
    if self.user:
      self.log("user",self.user,"sent mail from",f,str)
    else:
      self.log("mail from",f,str)
    return Milter.CONTINUE
  def envrcpt(self,to,*str):
@@ -58,23 +69,23 @@ class sampleMilter(Milter.Milter):
      # even if we wanted the Taiwanese spam, we can't read Chinese
      # (delete if you read chinese mail)
      if val.startswith('=?big5') or val.startswith('=?ISO-2022-JP'):
-	self.log('REJECT: %s: %s' % (name,val))
+        self.log('REJECT: %s: %s' % (name,val))
 	#self.setreply('550','','Go away spammer')
-	return Milter.REJECT
+        return Milter.REJECT
      # check for common spam keywords
      if val.find("$$$") >= 0 or val.find("XXX") >= 0	\
-      	or val.find("!!!") >= 0 or val.find("FREE") >= 0:
+	or val.find("!!!") >= 0 or val.find("FREE") >= 0:
-	self.log('REJECT: %s: %s' % (name,val))
+        self.log('REJECT: %s: %s' % (name,val))
 	#self.setreply('550','','Go away spammer')
-	return Milter.REJECT
+        return Milter.REJECT
      # check for spam that pretends to be legal
      lval = val.lower()
      if lval.startswith("adv:") or lval.startswith("adv.") \
-      	or lval.find('viagra') >= 0:
+	or lval.find('viagra') >= 0:
-	self.log('REJECT: %s: %s' % (name,val))
+        self.log('REJECT: %s: %s' % (name,val))
-	return Milter.REJECT
+        return Milter.REJECT
    # check for invalid message id
    if lname == 'message-id' and len(val) < 4:
@@ -84,7 +95,7 @@ class sampleMilter(Milter.Milter):
    # check for common bulk mailers
    if lname == 'x-mailer' and \
-    	val.lower() in ('direct email','calypso','mail bomber'):
+	val.lower() in ('direct email','calypso','mail bomber'):
      self.log('REJECT: %s: %s' % (name,val))
      #self.setreply('550','','Go away spammer')
      return Milter.REJECT
@@ -93,12 +104,12 @@ class sampleMilter(Milter.Milter):
    if lname in ('subject','x-mailer'):
      self.log('%s: %s' % (name,val))
    if self.fp:
-      self.fp.write("%s: %s\n" % (name,val))	# add header to buffer
+      self.fp.write(("%s: %s\n" % (name,val)).encode())	# add header to buffer
    return Milter.CONTINUE
  def eoh(self):
    if not self.fp: return Milter.TEMPFAIL	# not seen by envfrom
-    self.fp.write("\n")
+    self.fp.write(b'\n')
    self.fp.seek(0)
    # copy headers to a temp file for scanning the body
    headers = self.fp.getvalue()
@@ -121,12 +132,12 @@ class sampleMilter(Milter.Milter):
      h = msg.getheaders(name)
      cnt = len(h)
      for i in range(cnt,0,-1):
-	self.chgheader(name,i-1,'')
+        self.chgheader(name,i-1,'')
  def eom(self):
    if not self.fp: return Milter.ACCEPT
    self.fp.seek(0)
-    msg = mime.MimeMessage(self.fp)
+    msg = mime.message_from_file(self.fp)
    msg.headerchange = self._headerChange
    if not mime.defang(msg,self.tempname):
      os.remove(self.tempname)
@@ -136,19 +147,16 @@ class sampleMilter(Milter.Milter):
    self.log("Temp file:",self.tempname)
    self.tempname = None	# prevent removal of original message copy
    # copy defanged message to a temp file 
-    out = tempfile.TemporaryFile()
+    with tempfile.TemporaryFile() as out:
    try:
      msg.dump(out)
      out.seek(0)
-      msg = rfc822.Message(out)
+      msg = mime.message_from_file(out)
-      msg.rewindbody()
+      fp = BytesIO(msg.as_bytes().split(b'\n\n',1)[1])
      while 1:
-	buf = out.read(8192)
+        buf = fp.read(8192)
-	if len(buf) == 0: break
+        if len(buf) == 0: break
-	self.replacebody(buf)	# feed modified message to sendmail
+        self.replacebody(buf)	# feed modified message to sendmail
      return Milter.ACCEPT	# ACCEPT modified message
    finally:
      out.close()
    return Milter.TEMPFAIL
  def close(self):
@@ -169,13 +177,13 @@ if __name__ == "__main__":
  socketname = os.getenv("HOME") + "/pythonsock"
  Milter.factory = sampleMilter
  Milter.set_flags(Milter.CHGBODY + Milter.CHGHDRS + Milter.ADDHDRS)
-  print """To use this with sendmail, add the following to sendmail.cf:
+  print("""To use this with sendmail, add the following to sendmail.cf:
 O InputMailFilters=pythonfilter
 Xpythonfilter,        S=local:%s
 See the sendmail README for libmilter.
-sample  milter startup""" % socketname
+sample  milter startup""" % socketname)
  sys.stdout.flush()
  Milter.runmilter("pythonfilter",socketname,240)
-  print "sample milter shutdown"
+  print("sample milter shutdown")
@@ -1,4 +1,5 @@
 [bdist_rpm]
-python=python2
+python=python3
-doc_files=README NEWS TODO
+doc_files=README NEWS TODO COPYING CREDITS
-packager=Stuart D. Gathman <stuart@bmsi.com>
+packager=Stuart D. Gathman <stuart@gathman.org>
 release=1
@@ -2,33 +2,43 @@ import os
 import sys
 from distutils.core import setup, Extension
-# FIXME: on some versions of sendmail, smutil is renamed to sm
+if sys.version < '2.6.5':
-libs = ["milter", "smutil"]
+  sys.exit('ERROR: Sorry, python 2.6.5 is required for this module.')
-# patch distutils if it can't cope with the "classifiers" or
+# FIXME: on some versions of sendmail, smutil is renamed to sm.
-# "download_url" keywords
+# On slackware and debian, leave it out entirely.  It depends
-if sys.version < '2.2.3':
+# on how libmilter was built by the sendmail package.
-  from distutils.dist import DistributionMetadata
+#libs = ["milter", "smutil"]
-  DistributionMetadata.classifiers = None
+libs = ["milter"]
-  DistributionMetadata.download_url = None
+libdirs = ["/usr/lib/libmilter"]    # needed for Debian
 modules = ["mime"]
-setup(name = "milter", version = "0.6.9",
+# NOTE: importing Milter to obtain version fails when milter.so not built
 setup(name = "pymilter", version = '1.0.3',
 	description="Python interface to sendmail milter API",
 	long_description="""\
 This is a python extension module to enable python scripts to
 attach to sendmail's libmilter functionality.  Additional python
 modules provide for navigating and modifying MIME parts, and
-querying SPF records.
+sending DSNs or doing CBVs.
 """,
 	author="Jim Niemira",
 	author_email="urmane@urmane.org",
 	maintainer="Stuart D. Gathman",
-	maintainer_email="stuart@bmsi.com",
+	maintainer_email="stuart@gathman.org",
 	license="GPL",
-	url="http://www.bmsi.com/python/milter.html",
+	url="https://pythonhosted.org/milter/",
-	py_modules=["Milter","mime","spf"],
+	py_modules=modules,
 	packages = ['Milter'],
 	ext_modules=[
-	  Extension("milter", ["miltermodule.c"],libraries=libs),
+	  Extension("milter", ["miltermodule.c"],
            library_dirs=libdirs,
 	    libraries=libs,
 	    # set MAX_ML_REPLY to 1 for sendmail < 8.13
 	    define_macros = [ ('MAX_ML_REPLY',32) ],
            # save lots of debugging time testing rfc2553 compliance
            extra_compile_args = [ "-Werror=implicit-function-declaration" ]
 	  ),
 	],
 	keywords = ['sendmail','milter'],
 	classifiers = [
@@ -39,6 +49,7 @@ querying SPF records.
 	  'Natural Language :: English',
 	  'Operating System :: POSIX',
 	  'Programming Language :: Python',
-	  'Topic :: Communications :: Email :: Mail Transport Agents'
+	  'Topic :: Communications :: Email :: Mail Transport Agents',
 	  'Topic :: Communications :: Email :: Filters'
 	]
 )
@@ -1,814 +0,0 @@
 #!/usr/bin/env python
 """SPF (Sender-Permitted From) implementation.
 Copyright (c) 2003, Terence Way
 This module is free software, and you may redistribute it and/or modify
 it under the same terms as Python itself, so long as this copyright message
 and disclaimer are retained in their original form.
 IN NO EVENT SHALL THE AUTHOR BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT,
 SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF
 THIS CODE, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGE.
 THE AUTHOR SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT
 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 PARTICULAR PURPOSE.  THE CODE PROVIDED HEREUNDER IS ON AN "AS IS" BASIS,
 AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
 SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 For more information about SPF, a tool against email forgery, see
 	http://spf.pobox.com
 For news, bugfixes, etc. visit the home page for this implementation at
 	http://www.wayforward.net/spf/
 """
 # Changes:
 #    9-dec-2003, v1.1, Meng Weng Wong added PTR code, THANK YOU
 #   11-dec-2003, v1.2, ttw added macro expansion, exp=, and redirect=
 #   13-dec-2003, v1.3, ttw added %{o} original domain macro,
 #                      print spf result on command line, support default=,
 #                      support localhost, follow DNS CNAMEs, cache DNS results
 #                      during query, support Python 2.2 for Mac OS X
 #   16-dec-2003, v1.4, ttw fixed include handling (include is a mechanism,
 #                      complete with status results, so -include: should work.
 #                      Expand macros AFTER looking for status characters ?-+
 #                      so altavista.com SPF records work.
 #   17-dec-2003, v1.5, ttw use socket.inet_aton() instead of DNS.addr2bin, so
 #                      n, n.n, and n.n.n forms for IPv4 addresses work, and to
 #                      ditch the annoying Python 2.4 FutureWarning
 #   18-dec-2003, v1.6, Failures on Intel hardware: endianness.  Use ! on
 #                      struct.pack(), struct.unpack().
 #
 # Development taken over by Stuart Gathman <stuart@bmsi.com> since
 # Terrence is not responding to email.
 #
 # $Log$
 # Revision 1.10  2004/04/19 22:12:11  stuart
 # Release 0.6.9
 #
 # Revision 1.9  2004/04/18 03:29:35  stuart
 # Pass most tests except -local and -rcpt-to
 #
 # Revision 1.8  2004/04/17 22:17:55  stuart
 # Header comment method.
 #
 # Revision 1.7  2004/04/17 18:22:48  stuart
 # Support default explanation.
 #
 # Revision 1.6  2004/04/06 20:18:02  stuart
 # Fix bug in include
 #
 # Revision 1.5  2004/04/05 22:29:46  stuart
 # SPF best_guess,
 #
 # Revision 1.4  2004/03/25 03:27:34  stuart
 # Support delegation of SPF records.
 #
 # Revision 1.3  2004/03/13 12:23:23  stuart
 # Expanded result codes.  Tolerate common method misspellings.
 #
 __author__ = "Terence Way"
 __email__ = "terry@wayforward.net"
 __version__ = "1.6: December 18, 2003"
 MODULE = 'spf'
 USAGE = """To check an incoming mail request:
    % python spf.py {ip} {sender} {helo}
    % python spf.py 69.55.226.139 tway@optsw.com mx1.wayforward.net
 To test an SPF record:
    % python spf.py "v=spf1..." {ip} {sender} {helo}
    % python spf.py "v=spf1 +mx +ip4:10.0.0.1 -all" 10.0.0.1 tway@foo.com a    
 To fetch an SPF record:
    % python spf.py {domain}
    % python spf.py wayforward.net
 To test this script (and to output this usage message):
    % python spf.py
 """
 import re
 import socket  # for inet_ntoa() and inet_aton()
 import struct  # for pack() and unpack()
 import time    # for time()
 import DNS	# http://pydns.sourceforge.net
 # 32-bit IPv4 address mask
 MASK = 0xFFFFFFFFL
 # Regular expression to look for modifiers
 RE_MODIFIER = re.compile(r'^([a-zA-Z]+)=')
 # Regular expression to find macro expansions
 RE_CHAR = re.compile(r'%(%|_|-|(\{[a-zA-Z][0-9]*r?[^\}]*\}))')
 # Regular expression to break up a macro expansion
 RE_ARGS = re.compile(r'([0-9]*)(r?)([^0-9a-zA-Z]*)')
 # Local parts and senders have their delimiters replaced with '.' during
 # macro expansion
 #
 JOINERS = {'l': '.', 's': '.'}
 RESULTS = {'+': 'pass', '-': 'fail', '?': 'neutral', '~': 'softfail',
           'pass': 'pass', 'fail': 'fail', 'unknown': 'unknown',
 	   'neutral': 'neutral', 'softfail': 'softfail',
 	   'none': 'none', 'deny': 'fail' }
 EXPLANATIONS = {'pass': 'sender SPF verified', 'fail': 'access denied',
                'unknown': 'SPF unknown',
 		'softfail': 'domain in transition',
 		'neutral': 'access neither permitted nor denied',
 		'none': ''
 		}
 # if set to a domain name, search _spf.domain namespace if no SPF record
 # found in source domain.
 DELEGATE = None
 # support pre 2.2.1....
 try:
 	bool, True, False = bool, True, False
 except NameError:
 	False, True = 0, 1
 	def bool(x): return not not x
 # ...pre 2.2.1
 # standard default SPF record
 DEFAULT_SPF = 'v=spf1 a/24 mx/24 ptr'
 def check(i, s, h,local=None):
 	"""Test an incoming MAIL FROM:<s>, from a client with ip address i.
 	h is the HELO/EHLO domain name.
 	Returns (result, mta-status-code, explanation) where result in
 	['pass', 'unknown', 'fail', 'error', 'softfail', 'none', 'neutral' ].
 	Example:
 	>>> check(i='127.0.0.1', s='terry@wayforward.net', h='localhost')
 	('pass', 250, 'local connections always pass')
 	#>>> check(i='61.51.192.42', s='liukebing@bcc.com', h='bmsi.com')
 	"""
 	return query(i=i, s=s, h=h,local=local).check()
 class query(object):
 	"""A query object keeps the relevant information about a single SPF
 	query:
 	i: ip address of SMTP client
 	s: sender declared in MAIL FROM:<>
 	l: local part of sender s
 	d: current domain, initially domain part of sender s
 	h: EHLO/HELO domain
 	v: 'in-addr' for IPv4 clients and 'ip6' for IPv6 clients
 	t: current timestamp
 	p: SMTP client domain name
 	o: domain part of sender s
 	This is also, by design, the same variables used in SPF macro
 	expansion.
 	Also keeps cache: DNS cache.
 	"""
 	def __init__(self, i, s, h,local=None):
 		self.i, self.s, self.h = i, s, h
 		self.l, self.o = split_email(s, h)
 		self.t = str(int(time.time()))
 		self.v = 'in-addr'
 		self.d = self.o
 		self.p = None
 		self.cache = {}
 		self.exps = dict(EXPLANATIONS)
 		self.local = local	# local policy
 	def set_default_explanation(self,exp):
 		exps = self.exps
 		for i in 'softfail','fail','unknown':
 		  exps[i] = exp
 	def getp(self):
 		if not self.p:
 			p = self.dns_ptr(self.i)
 			if len(p) > 0:
 				self.p = p[0]
 			else:
 				self.p = self.i
 		return self.p
 	def best_guess(self,spf=DEFAULT_SPF):
 		"""Return a best guess based on a default SPF record"""
 		return self.check(spf)
 	def check(self, spf=None):
 		"""
 	Returns (result, mta-status-code, explanation) where
 	result in ['fail', 'softfail', 'neutral' 'unknown', 'pass', 'error']
 		"""
 		if self.i.startswith('127.'):
 			return ('pass', 250, 'local connections always pass')
 		try:
 			if not spf:
 			    spf = self.dns_spf(self.d)
 			if self.local and spf:
 			    spf += ' ' + self.local
 			return self.check1(spf, self.d, 0)
 		except DNS.DNSError:
 			return ('error', 450, 'SPF DNS Error')
 	def check1(self, spf, domain, recursion):
 		# spf rfc: 3.7 Processing Limits
 		#
 		if recursion > 20:
 			self.prob =  'Mechanisms used too many DNS lookups'
 			return ('unknown', 250, 'SPF recursion limit exceeded')
 		try:
 			tmp, self.d = self.d, domain
 			return self.check0(spf, recursion)
 		finally:
 			self.d = tmp
 	def check0(self, spf, recursion):
 		"""Test this query information against SPF text.
 		Returns (result, mta-status-code, explanation) where
 		result in ['fail', 'unknown', 'pass', 'none']
 		"""
 		if not spf:
 			return ('none', 250, EXPLANATIONS['none'])
 		# split string by whitespace, drop the 'v=spf1'
 		#
 		spf = spf.split()[1:]
 		# copy of explanations to be modified by exp=
 		exps = self.exps
 		redirect = None
 		# no mechanisms at all cause unknown result, unless
 		# overridden with 'default=' modifier
 		#
 		default = 'neutral'
 		self.mech = []		# unknown mechanisms
 		# Look for modifiers
 		#
 		for m in spf:
 			m = RE_MODIFIER.split(m)[1:]
 			if len(m) != 2: continue
 			if m[0] == 'exp':
 				exps['fail'] = exps['unknown'] = \
 					self.get_explanation(m[1])
 			elif m[0] == 'redirect':
 				redirect = self.expand(m[1])
 			elif m[0] == 'default':
 				# default=- is the same as default=fail
 				default = RESULTS.get(m[1], default)
 			# spf rfc: 3.6 Unrecognized Mechanisms and Modifiers
 		# Look for mechanisms
 		#
 		for mech in spf:
 			if RE_MODIFIER.match(mech): continue
 			m, arg, cidrlength = parse_mechanism(mech, self.d)
 			# map '?' '+' or '-' to 'unknown' 'pass' or 'fail'
 			result = RESULTS.get(m[0])
 			if result:
 				# eat '?' '+' or '-'
 				m = m[1:]
 			else:
 				# default pass
 				result = 'pass'
 			if m in ['a', 'mx', 'ptr', 'exists', 'include']:
 				arg = self.expand(arg)
 			if m == 'include':
 			    if arg != self.d:
 				res,code,txt = self.check1(self.dns_spf(arg),
 						  arg, recursion + 1)
 				if res == 'pass':
 					break
 				if res in ('fail','neutral','softfail'):
 					continue
 				if res == 'none':
 				  	self.prob = \
 					  'Could not find a valid SPF record'
 				  	res = 'unknown'
 				return res,code,txt
 			    else:
 			    	self.prob = 'Required option is missing'
 				self.mech.append(mech)
 				return ('unknown', 250, 'missing SPF option')
 			elif m == 'all':
 				break
 			elif m == 'exists':
 				if len(self.dns_a(arg)) > 0:
 					break
 			elif m == 'a':
 				if cidrmatch(self.i, self.dns_a(arg),
 				             cidrlength):
 					break
 			elif m == 'mx':
 				if cidrmatch(self.i, self.dns_mx(arg),
 				             cidrlength):
 					break
 			elif m in ('ip4', 'ipv4') and arg != self.d:
 				if cidrmatch(self.i, [arg], cidrlength):
 					break
 			elif m in ('ptr', 'prt'):
 				if domainmatch(self.validated_ptrs(self.i),
 				               arg):
 					break
 			else:
 				# unknown mechanisms cause immediate unknown
 				# abort results
 				self.mech.append(mech)
 				self.prob = 'Unknown mechanism found'
 				return ('unknown',250,'unknown SPF mechanism')
 		else:
 			# no matches
 			if redirect:
 				return self.check1(self.dns_spf(redirect),
 				                   redirect, recursion+1)
 			else:
 				result = default
 		if result == 'fail':
 			return (result, 550, exps[result])
 		else:
 			return (result, 250, exps[result])
 	def get_explanation(self, spec):
 		"""Expand an explanation."""
 		if spec:
 		  return self.expand(''.join(self.dns_txt(self.expand(spec))))
 		else:
 		  return 'explanation : Required option is missing'
 	def expand(self, str):
 		"""Do SPF RFC macro expansion.
 		Examples:
 		>>> q = query(s='strong-bad@email.example.com',
 		...           h='mx.example.org', i='192.0.2.3')
 		>>> q.p = 'mx.example.org'
 		>>> q.expand('%{d}')
 		'email.example.com'
 		>>> q.expand('%{d4}')
 		'email.example.com'
 		>>> q.expand('%{d3}')
 		'email.example.com'
 		>>> q.expand('%{d2}')
 		'example.com'
 		>>> q.expand('%{d1}')
 		'com'
 		>>> q.expand('%{p}')
 		'mx.example.org'
 		>>> q.expand('%{p2}')
 		'example.org'
 		>>> q.expand('%{dr}')
 		'com.example.email'
 		>>> q.expand('%{d2r}')
 		'example.email'
 		>>> q.expand('%{l}')
 		'strong-bad'
 		>>> q.expand('%{l-}')
 		'strong.bad'
 		>>> q.expand('%{lr}')
 		'strong-bad'
 		>>> q.expand('%{lr-}')
 		'bad.strong'
 		>>> q.expand('%{l1r-}')
 		'strong'
 		>>> q.expand('%{ir}.%{v}._spf.%{d2}')
 		'3.2.0.192.in-addr._spf.example.com'
 		>>> q.expand('%{lr-}.lp._spf.%{d2}')
 		'bad.strong.lp._spf.example.com'
 		>>> q.expand('%{lr-}.lp.%{ir}.%{v}._spf.%{d2}')
 		'bad.strong.lp.3.2.0.192.in-addr._spf.example.com'
 		>>> q.expand('%{ir}.%{v}.%{l1r-}.lp._spf.%{d2}')
 		'3.2.0.192.in-addr.strong.lp._spf.example.com'
 		>>> q.expand('%{p2}.trusted-domains.example.net')
 		'example.org.trusted-domains.example.net'
 		>>> q.expand('%{p2}.trusted-domains.example.net')
 		'example.org.trusted-domains.example.net'
 		"""
 		end = 0
 		result = ''
 		for i in RE_CHAR.finditer(str):
 			result += str[end:i.start()]
 			macro = str[i.start():i.end()]
 			if macro == '%%':
 				result += '%'
 			elif macro == '%_':
 				result += ' '
 			elif macro == '%-':
 				result += '%20'
 			else:
 				letter = macro[2].lower()
 				if letter == 'p':
 					self.getp()
 				expansion = getattr(self, letter, '')
 				if expansion:
 					result += expand_one(expansion,
 						macro[3:-1],
 					        JOINERS.get(letter))
 			end = i.end()
 		return result + str[end:]
 	def dns_spf(self, domain):
 		"""Get the SPF record recorded in DNS for a specific domain
 		name.  Returns None if not found, or if more than one record
 		is found.
 		"""
 		a = [t for t in self.dns_txt(domain) if t.startswith('v=spf1')]
 		if not a and DELEGATE:
 		  a = [t
 		    for t in self.dns_txt(domain+'._spf.'+DELEGATE)
 		      if t.startswith('v=spf1')
 		  ]
 		if len(a) == 1:
 			return a[0]
 		else:
 			return None
 	def dns_txt(self, domainname):
 		if domainname:
 		  return [t for a in self.dns(domainname, 'TXT') for t in a]
 		return []
 	def dns_mx(self, domainname):
 		"""Get a list of IP addresses for all MX exchanges for a
 		domain name.
 		"""
 		return [a for mx in self.dns(domainname, 'MX') \
 		          for a in self.dns_a(mx[1])]
 	def dns_a(self, domainname):
 		"""Get a list of IP addresses for a domainname."""
 		return self.dns(domainname, 'A')
 	def dns_aaaa(self, domainname):
 		"""Get a list of IPv6 addresses for a domainname."""
 		return self.dns(domainname, 'AAAA')
 	def validated_ptrs(self, i):
 		"""Figure out the validated PTR domain names for a given IP
 		address.
 		"""
 		return [p for p in self.dns_ptr(i) if i in self.dns_a(p)]
 	def dns_ptr(self, i):
 		"""Get a list of domain names for an IP address."""
 		return self.dns(reverse_dots(i) + ".in-addr.arpa", 'PTR')
 	def dns(self, name, qtype):
 		"""DNS query.
 		If the result is in cache, return that.  Otherwise pull the
 		result from DNS, and cache ALL answers, so additional info
 		is available for further queries later.
 		CNAMEs are followed.
 		If there is no data, [] is returned.
 		pre: qtype in ['A', 'AAAA', 'MX', 'PTR', 'TXT', 'SPF']
 		post: isinstance(__return__, types.ListType)
 		"""
 		result = self.cache.get( (name, qtype) )
 		cname = None
 		if not result:
 			req = DNS.DnsRequest(name, qtype=qtype)
 			resp = req.req()
 			for a in resp.answers:
 				# key k: ('wayforward.net', 'A'), value v
 				k, v = (a['name'], a['typename']), a['data']
 				if k == (name, 'CNAME'):
 					cname = v
 				self.cache.setdefault(k, []).append(v)
 			result = self.cache.get( (name, qtype), [])
 		if not result and cname:
 			result = self.dns(cname, qtype)
 		return result
 	def get_header(self,res,receiver):
 	  if res in ('pass','fail'):
 	    return '%s (%s: %s) client-ip=%s; envelope-from=%s; helo=%s;' % (
 	  	res,receiver,self.get_header_comment(res),self.i,
 	        self.l + '@' + self.o, self.h)
 	  if res == 'unknown':
 	    return '%s (%s: %s)' % (' '.join([res] + self.mech),
 	      receiver,self.get_header_comment(res))
 	  return '%s (%s: %s)' % (res,receiver,self.get_header_comment(res))
 	def get_header_comment(self,res):
 		"""Return comment for Received-SPF header.
 		"""
 		sender = self.o
 		if res == 'pass':
 		  if self.i.startswith('127.'):
 		    return "localhost is always allowed."
 		  else: return \
 		    "domain of %s designates %s as permitted sender" \
 			% (sender,self.i)
 		elif res == 'softfail': return \
      "transitioning domain of %s does not designate %s as permitted sender" \
 			% (sender,self.i)
 		elif res == 'neutral': return \
 		    "%s is neither permitted nor denied by domain of %s" \
 		    	% (self.i,sender)
 		elif res == 'none': return \
 		    "%s is neither permitted nor denied by domain of %s" \
 		    	% (self.i,sender)
 		    #"%s does not designate permitted sender hosts" % sender
 		elif res == 'unknown': return \
 		    "error in processing during lookup of domain of %s: %s" \
 		    	% (sender, self.prob)
 		elif res == 'error': return \
 		    "error in processing during lookup of %s" % sender
 		elif res == 'fail': return \
 		    "domain of %s does not designate %s as permitted sender" \
 			% (sender,self.i)
 		raise ValueError("invalid SPF result for header comment: "+res)
 def split_email(s, h):
 	"""Given a sender email s and a HELO domain h, create a valid tuple
 	(l, d) local-part and domain-part.
 	Examples:
 	>>> split_email('', 'wayforward.net')
 	('postmaster', 'wayforward.net')
 	>>> split_email('foo.com', 'wayforward.net')
 	('postmaster', 'foo.com')
 	>>> split_email('terry@wayforward.net', 'optsw.com')
 	('terry', 'wayforward.net')
 	"""
 	if not s:
 		return 'postmaster', h
 	else:
 		parts = s.split('@', 1)
 		if len(parts) == 2:
 			return tuple(parts)
 		else:
 			return 'postmaster', s
 def parse_mechanism(str, d):
 	"""Breaks A, MX, IP4, and PTR mechanisms into a (name, domain,
 	cidr) tuple.  The domain portion defaults to d if not present,
 	the cidr defaults to 32 if not present.
 	Examples:
 	>>> parse_mechanism('a', 'foo.com')
 	('a', 'foo.com', 32)
 	>>> parse_mechanism('a:bar.com', 'foo.com')
 	('a', 'bar.com', 32)
 	>>> parse_mechanism('a/24', 'foo.com')
 	('a', 'foo.com', 24)
 	>>> parse_mechanism('a:bar.com/16', 'foo.com')
 	('a', 'bar.com', 16)
 	"""
 	a = str.split('/')
 	if len(a) == 2:
 		a, port = a[0], int(a[1])
 	else:
 		a, port = str, 32
 	b = a.split(':')
 	if len(b) == 2:
 		return b[0], b[1], port
 	else:
 		return a, d, port
 def reverse_dots(name):
 	"""Reverse dotted IP addresses or domain names.
 	Example:
 	>>> reverse_dots('192.168.0.145')
 	'145.0.168.192'
 	>>> reverse_dots('email.example.com')
 	'com.example.email'
 	"""
 	a = name.split('.')
 	a.reverse()
 	return '.'.join(a)
 def domainmatch(ptrs, domainsuffix):
 	"""grep for a given domain suffix against a list of validated PTR
 	domain names.
 	Examples:
 	>>> domainmatch(['FOO.COM'], 'foo.com')
 	1
 	>>> domainmatch(['moo.foo.com'], 'FOO.COM')
 	1
 	>>> domainmatch(['moo.bar.com'], 'foo.com')
 	0
 	"""
 	domainsuffix = domainsuffix.lower()
 	for ptr in ptrs:
 		ptr = ptr.lower()
 		if ptr == domainsuffix or ptr.endswith('.' + domainsuffix):
 			return True
 	return False
 def cidrmatch(i, ipaddrs, cidr_length = 32):
 	"""Match an IP address against a list of other IP addresses.
 	Examples:
 	>>> cidrmatch('192.168.0.45', ['192.168.0.44', '192.168.0.45'])
 	1
 	>>> cidrmatch('192.168.0.43', ['192.168.0.44', '192.168.0.45'])
 	0
 	>>> cidrmatch('192.168.0.43', ['192.168.0.44', '192.168.0.45'], 24)
 	1
 	"""
 	c = cidr(i, cidr_length)
 	for ip in ipaddrs:
 		if cidr(ip, cidr_length) == c:
 			return True
 	return False
 def cidr(i, n):
 	"""Convert an IP address string with a CIDR mask into a 32-bit
 	integer.
 	i must be a string of numbers 0..255 separated by dots '.'::
 	pre: forall([0 <= int(p) < 256 for p in i.split('.')])
 	n is a number of bits to mask::
 	pre: 0 <= n <= 32
 	Examples:
 	>>> bin2addr(cidr('192.168.5.45', 32))
 	'192.168.5.45'
 	>>> bin2addr(cidr('192.168.5.45', 24))
 	'192.168.5.0'
 	>>> bin2addr(cidr('192.168.0.45', 8))
 	'192.0.0.0'
 	"""
 	return ~(MASK >> n) & MASK & addr2bin(i)
 def addr2bin(str):
 	"""Convert a string IPv4 address into an unsigned integer.
 	Examples::
 	>>> addr2bin('127.0.0.1')
 	2130706433L
 	>>> addr2bin('127.0.0.1') == socket.INADDR_LOOPBACK
 	1
 	>>> addr2bin('255.255.255.254')
 	4294967294L
 	>>> addr2bin('192.168.0.1')
 	3232235521L
 	Unlike DNS.addr2bin, the n, n.n, and n.n.n forms for IP addresses
 	are handled as well::
 	>>> addr2bin('10.65536')
 	167837696L
 	>>> 10 * (2 ** 24) + 65536
 	167837696
 	>>> addr2bin('10.93.512')
 	173867520L
 	>>> 10 * (2 ** 24) + 93 * (2 ** 16) + 512
 	173867520
 	"""
 	return struct.unpack("!L", socket.inet_aton(str))[0]
 def bin2addr(addr):
 	"""Convert a numeric IPv4 address into string n.n.n.n form.
 	Examples::
 	>>> bin2addr(socket.INADDR_LOOPBACK)
 	'127.0.0.1'
 	>>> bin2addr(socket.INADDR_ANY)
 	'0.0.0.0'
 	>>> bin2addr(socket.INADDR_NONE)
 	'255.255.255.255'
 	"""
 	return socket.inet_ntoa(struct.pack("!L", addr))
 def expand_one(expansion, str, joiner):
 	if not str:
 		return expansion
 	len, reverse, delimiters = RE_ARGS.split(str)[1:4]
 	if not delimiters:
 		delimiters = '.'
 	expansion = split(expansion, delimiters, joiner)
 	if reverse: expansion.reverse()
 	if len: expansion = expansion[-int(len)*2+1:]
 	return ''.join(expansion)
 def split(str, delimiters, joiner=None):
 	"""Split a string into pieces by a set of delimiter characters.  The
 	resulting list is delimited by joiner, or the original delimiter if
 	joiner is not specified.
 	Examples:
 	>>> split('192.168.0.45', '.')
 	['192', '.', '168', '.', '0', '.', '45']
 	>>> split('terry@wayforward.net', '@.')
 	['terry', '@', 'wayforward', '.', 'net']
 	>>> split('terry@wayforward.net', '@.', '.')
 	['terry', '.', 'wayforward', '.', 'net']
 	"""
 	result, element = [], ''
 	for c in str:
 		if c in delimiters:
 			result.append(element)
 			element = ''
 			if joiner:
 				result.append(joiner)
 			else:
 				result.append(c)
 		else:
 			element += c
 	result.append(element)
 	return result
 def _test():
 	import doctest, spf
 	return doctest.testmod(spf)
 DNS.DiscoverNameServers() # Fails on Mac OS X? Add domain to /etc/resolv.conf
 if __name__ == '__main__':
 	import sys
 	if len(sys.argv) == 1:
 		print USAGE
 		_test()
 	elif len(sys.argv) == 2:
 		q = query(i='127.0.0.1', s='localhost', h='unknown')
 		print q.dns_spf(sys.argv[1])
 	elif len(sys.argv) == 4:
 		print check(i=sys.argv[1], s=sys.argv[2], h=sys.argv[3])
 	elif len(sys.argv) == 5:
 		i, s, h = sys.argv[2:]
 		q = query(i=i, s=s, h=h)
 		print q.check(sys.argv[1])
 	else:
 		print USAGE
@@ -1,91 +0,0 @@
 #!/usr/bin/python2.3
 # $Log$
 # Revision 2.3  2004/04/19 22:12:11  stuart
 # Release 0.6.9
 #
 # Revision 2.2  2004/04/18 03:29:35  stuart
 # Pass most tests except -local and -rcpt-to
 #
 # Revision 2.1  2004/04/08 18:41:15  stuart
 # Reject numeric hello names
 #
 # Driver for SPF test system
 import spf
 import sys
 from optparse import OptionParser
 class PerlOptionParser(OptionParser):
    def _process_args (self, largs, rargs, values):
        """_process_args(largs : [string],
                         rargs : [string],
                         values : Values)
        Process command-line arguments and populate 'values', consuming
        options and arguments from 'rargs'.  If 'allow_interspersed_args' is
        false, stop at the first non-option argument.  If true, accumulate any
        interspersed non-option arguments in 'largs'.
        """
        while rargs:
            arg = rargs[0]
            # We handle bare "--" explicitly, and bare "-" is handled by the
            # standard arg handler since the short arg case ensures that the
            # len of the opt string is greater than 1.
            if arg == "--":
                del rargs[0]
                return
            elif arg[0:2] == "--":
                # process a single long option (possibly with value(s))
                self._process_long_opt(rargs, values)
            elif arg[:1] == "-" and len(arg) > 1:
                # process a single perl style long option
 		rargs[0] = '-' + arg
                self._process_long_opt(rargs, values)
            elif self.allow_interspersed_args:
                largs.append(arg)
                del rargs[0]
            else:
 		return
 def format(q):
  res,code,txt = q.check()
  print res
  if res in ('pass','neutral','unknown'): print
  else: print txt
  print 'spfquery:',q.get_header_comment(res)
  print 'Received-SPF:',q.get_header(res,'spfquery')
 def main(argv):
  parser = PerlOptionParser()
  parser.add_option("--file",dest="file")
  parser.add_option("--ip",dest="ip")
  parser.add_option("--sender",dest="sender")
  parser.add_option("--helo",dest="hello_name")
  parser.add_option("--local",dest="local_policy")
  parser.add_option("--rcpt-to",dest="rcpt")
  parser.add_option("--default-explanation",dest="explanation")
  parser.add_option("--sanitize",type="int",dest="sanitize")
  parser.add_option("--debug",type="int",dest="debug")
  opts,args = parser.parse_args(argv)
  if opts.ip:
    q = spf.query(opts.ip,opts.sender,opts.hello_name,local=opts.local_policy)
    if opts.explanation:
      q.set_default_explanation(opts.explanation)
    format(q)
  if opts.file:
    if opts.file == '0':
      fp = sys.stdin
    else:
      fp = open(opts.file,'r')
    for ln in fp:
      ip,sender,helo,rcpt = ln.split(None,3)
      q = spf.query(ip,sender,helo,local=opts.local_policy)
      if opts.explanation:
 	q.set_default_explanation(opts.explanation)
      format(q)
    fp.close()
 if __name__ == "__main__":
  import sys
  main(sys.argv[1:])
@@ -0,0 +1,19 @@
 #!/bin/sh
 appname="$1"
 script="${2:-${appname}}"
 datadir="/var/lib/milter"
 logdir="/var/log/milter"
 piddir="/var/run/milter"
 libdir="/usr/lib/pymilter"
 python="python2.4"
 exec >>${logdir}/${appname}.log 2>&1
 if test -s ${datadir}/${script}.py; then
  cd ${datadir} # use version in data dir if it exists for debugging
 elif test -s ${logdir}/${script}.py; then
  cd ${logdir} # use version in log dir if it exists for debugging
 else
  cd ${libdir}
 fi
 ${python} ${script}.py &
 echo $! >${piddir}/${appname}.pid
@@ -1,14 +1,16 @@
 import unittest
 import testbms
 import testmime
 import testsample
 import testutils
 import testgrey
 import os
 def suite(): 
  s = unittest.TestSuite()
  s.addTest(testbms.suite())
  s.addTest(testmime.suite())
  s.addTest(testsample.suite())
  s.addTest(testutils.suite())
  s.addTest(testgrey.suite())
  return s
 if __name__ == '__main__':
@@ -1,710 +0,0 @@
 From stuart@bmsi.com  Wed May  1 14:37:14 2002
 Return-Path: <stuart@bmsi.com>
 Received: from bmsi.com (IDENT:stuart@localhost [127.0.0.1])
 	by gathman.bmsi.com (8.11.6/8.11.6) with ESMTP id g41IbCF01796
 	for <stuart@gathman.bmsi.com>; Wed, 1 May 2002 14:37:13 -0400
 Sender: stuart@gathman.bmsi.com
 Message-ID: <3CD035D7.18ADF27F@bmsi.com>
 Date: Wed, 01 May 2002 14:37:11 -0400
 From: "Stuart D. Gathman" <stuart@bmsi.com>
 Organization: Business Management Systems, Inc.
 X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.9-21 i586)
 X-Accept-Language: en
 MIME-Version: 1.0
 To: stuart@gathman.bmsi.com
 Subject: Amazon.com--Earth's Biggest Selection
 Content-Type: multipart/mixed;
 boundary="------------59A46341C90BA737DD47867B"
 This is a multi-part message in MIME format.
 --------------59A46341C90BA737DD47867B
 Content-Type: multipart/alternative;
 boundary="------------0B098FB91956AC123C61B151"
 --------------0B098FB91956AC123C61B151
 Content-Type: text/plain; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 http://www.amazon.com/exec/obidos/subst/home/redirect.html/103-3111065-2579065
 --
              Stuart D. Gathman
 Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
 "Confutatis maledictis, flamis acribus addictis" - background song for
 a Microsoft sponsored "Where do you want to go from here?" commercial.
 --------------0B098FB91956AC123C61B151
 Content-Type: text/html; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 <!doctype html public "-//w3c//dtd html 4.0 transitional//en">
 <html>
 <A HREF="http://www.amazon.com/exec/obidos/subst/home/redirect.html/103-3111065-2579065">http://www.amazon.com/exec/obidos/subst/home/redirect.html/103-3111065-2579065</A>
 <pre>--&nbsp;
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Stuart D. Gathman&nbsp;<stuart@bmsi.com>
 Business Management Systems Inc.&nbsp; Phone: 703 591-0911 Fax: 703 591-6154
 "Confutatis maledictis, flamis acribus addictis" - background song for
 a Microsoft sponsored "Where do you want to go from here?" commercial.</pre>
 &nbsp;</html>
 --------------0B098FB91956AC123C61B151--
 --------------59A46341C90BA737DD47867B
 Content-Type: text/html; charset=us-ascii;
 name="103-3111065-2579065"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
 filename="103-3111065-2579065"
 Content-Base: "http://www.amazon.com/exec/obidos/subs
 	t/home/redirect.html/103-3111065-25
 	79065"
 Content-Location: "http://www.amazon.com/exec/obidos/subs
 	t/home/redirect.html/103-3111065-25
 	79065"
 <html>
 <head>
 <title>
 Amazon.com--Earth's Biggest Selection
 </title>
 <meta name="keywords" content="amazon.com,amazon books,amazon,amazon.com books,amazon music,amazon.com music,amazon video,amazon.com video,auctions,amazon auctions,amazon.com auctions,electronics,consumer electronics,gifts,amazon gifts,amazon.com gifts,cards,e-cards,e-mail cards,greeting cards,amazon cards,amazon.com cards,toys,amazon toys,amazon.com toys,games,amazon games,amazon.com games,toys & games,toys and games">
 <style type="text/css"><!-- .serif { font-family: times,serif; font-size: medium; }
 .sans { font-family: verdana,arial,helvetica,sans-serif; font-size: medium; }
 .small { font-family: verdana,arial,helvetica,sans-serif; font-size: small; }
 .h1 { font-family: verdana,arial,helvetica,sans-serif; color: #CC6600; font-size: medium; }
 .h3color { font-family: verdana,arial,helvetica,sans-serif; color: #CC6600; font-size: small; }
 .tiny { font-family: verdana,arial,helvetica,sans-serif; font-size: x-small; }
 .listprice { font-family: arial,verdana,helvetica,sans-serif; text-decoration: line-through; font-size: small; }
 .price { font-family: verdana,arial,helvetica,sans-serif; color: #990000; font-size: small; }
 --></style>
 </head>
 <body bgcolor="#FFFFFF" link="#003399" alink="#FF9933" vlink="#996633" text="#000000" onLoad="document.searchform.elements[1].focus()">
 <a name="top"></a>
 <map name="right_top_nav_map">
 <area shape="rect" href=/exec/obidos/shopping-basket/ref=top_nav_sb_gateway/103-3111065-2579065 coords="0,0,80,21">
 <area shape="rect" href=/exec/obidos/wishlist/ref=cm_wl_topnav_gateway/103-3111065-2579065 coords="85,0,151,21">
 <area shape="rect" href=/exec/obidos/account-access-login/ref=top_nav_ya_gateway/103-3111065-2579065 coords="155,0,256,21">
 <area shape="rect" href=/exec/obidos/tg/browse/-/508510/ref=top_nav_hp_gateway/103-3111065-2579065 coords="260,0,299,21">
 </map>
 <map name="gateway_nav_map">
 <area shape=rect coords="0,0,124,28" href=/exec/obidos/tg/stores/static/-/gateway/international-gateway/ref=gw_subnav_in/103-3111065-2579065>
 <area shape=rect coords="125,0,228,28" href=/exec/obidos/tg/new-for-you/top-sellers/-/main/ref=gw_subnav_ts/103-3111065-2579065>
 <area shape=rect coords="229,0,332,28" href=/exec/obidos/tg/browse/-/700060/ref=gw_subnav_target/103-3111065-2579065>
 <area shape=rect coords="333,0,450,28" href=/exec/obidos/tg/browse/-/909656/ref=stuffandsubnav_td1_/103-3111065-2579065>
 <area shape=rect coords="451,0,580,28" href=/exec/obidos/subst/misc/sell-your-stuff.html/ref=subnav_sys_/103-3111065-2579065>
 </map>
 <table border=0 width=100% cellspacing=0 cellpadding=0>
 <tr><td width=100%>
 <center>
 <table width=100% border=0 cellspacing=0 cellpadding=0 vspace=0>
 <tr>
 <td width=25% rowspan=2>&nbsp;</td>
 <td align=left valign=bottom><a href=/exec/obidos/subst/home/redirect.html/ref=nh_gateway/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/associates/navbar2000/logo-no-border(1).gif" width=148 height=43 alt="" border=0></a></td>
 <td width=10%>&nbsp;</td>
 <td align=right>
 <img src="http://g-images.amazon.com/images/G/01/nav/personalized/cartwish/right-topnav-default-2.gif" width=300 height=22 alt="" USEMAP=#right_top_nav_map border=0></td>
 <td align=right rowspan=2 width=25%>
 &nbsp;
 </td>
 </tr>
 <tr valign=bottom>
 <td colspan=3 align=center>
 <table align=center border=0 cellpadding=0 cellspacing=0><tr valign=bottom>
 <td><a href=/exec/obidos/subst/home/home.html/ref%3Dtab%5Fgw%5Fgw%5F1/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/welcome-on-whole.gif" width=60 height=26 border=0></a></td>
 <td><a href=/exec/obidos/tg/stores/your/store-home/-/0/ref%3Dtab%5Fgw%5Ffr%5F2/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/yourstore-off-sliced._ZCSTUART%27S,0,2,0,0,verdenab,7,90,90,80_.gif" width=81 height=26 border=0></a></td>
 <td><a href=/exec/obidos/tg/browse/-/283155/ref%3Dtab%5Fgw%5Fb%5F3/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/books-off-sliced.gif" width=39 height=26 border=0></a></td>
 <td><a href=/exec/obidos/tg/browse/-/172282/ref%3Dtab%5Fgw%5Fe%5F4/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/electronics-off-sliced.gif" width=74 height=26 border=0></a></td>
 <td><a href=/exec/obidos/tg/browse/-/130/ref%3Dtab%5Fgw%5Fd%5F5/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/dvd-off-sliced.gif" width=35 height=26 border=0></a></td>
 <td><a href=/exec/obidos/tg/browse/-/171280/ref%3Dtab%5Fgw%5Ft%5F6/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/toys-off-sliced.gif" width=47 height=26 border=0></a></td>
 <td><a href=/exec/obidos/tg/browse/-/468642/ref%3Dtab%5Fgw%5Fvg%5F7/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/videogames-off-sliced.gif" width=73 height=26 border=0></a></td>
 <td><a href=/exec/obidos/tg/browse/-/600460/ref%3Dtab%5Fgw%5F%5F8/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/corporate-off-sliced.gif" width=70 height=26 border=0></a></td>
 <td><a href=/exec/obidos/subst/home/all-stores.html/ref%3Dtab_gw_storesdirectory/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/see-more-off-sliced.gif" width=70 height=26 border=0></a></td>
 </tr></table>
 </td>
 </tr>
 </table>
 </center>
 </td></tr>
 <tr align=center bgcolor=#006699>
 <td><img src="http://g-images.amazon.com/images/G/01/nav/amazon/gateway/blue/gateway-subnav-default.gif" width=580 height=28 width=580 height=28 alt="" USEMAP="#gateway_nav_map" border=0></td>
 </tr>
 <tr>
 <td bgcolor=#ffffdd align=center class=small>
 <font face=verdana,arial,helvetica size=-1>
 <font color="#CC6600"><B>Hello, Stuart D. Gathman.</B></font>
 We have <A href="http://www.amazon.com/exec/obidos/ilm-redirect/103-3111065-2579065?append-uid=no&path=http://www.amazon.com/exec/obidos/subst%2Frecs%2Finstant-recs-home.html%2Fref%3Dpd_ir_gw_r/ref=ilm_stripe_272005/103-3111065-2579065&message=272005,m1,26">recommendations</A> for you.
 </font><font face=verdana,arial,helvetica size=-2>
 (If you're not Stuart D. Gathman, <A href="http://www.amazon.com/exec/obidos/ilm-redirect/103-3111065-2579065?append-uid=no&path=http://www.amazon.com/exec/obidos/flex-sign-in%2Fref%3Dpd_ir_gw_r%2F%3Fopt%3Doa%26page%3Drecs%2Fsign-in-secure.html%26response%3Dtg%2Frecs%2Frecs-post-login-dispatch%2F-%2Frecs%2Fpd_rw_gw_r/ref=ilm_stripe_272005/103-3111065-2579065&message=272005,m1,26">click here</A>.)
 </font>
 </td>
 </tr>
 </table>
 <br>
 <table width=100% cellpadding=0 cellspacing=0 border=0>
 <tr valign=top>
 <td width=174>
 <TABLE border=0 cellspacing=0 cellpadding=0><TR valign=bottom align=center>
 <td><img src="http://g-images.amazon.com/images/G/01/v9/search-browse/search-gateway.gif" width=171 height=19 border=0 alt="Search Amazon.com"></td>
 </TR> <TR valign=top align=center><TD> <TABLE border=0 width= 171 cellpadding=1 cellspacing=0 bgcolor=#708090 ><TR> <TD width=100%><TABLE width=100% border=0 cellpadding=4 cellspacing=0 bgcolor=#708090><TR> <TD bgcolor=#FFCC66 valign=top width=100%>
 <form method="post" action="/exec/obidos/search-handle-form/103-3111065-2579065" name="searchform">
 <select name=index>
 <option value=blended selected>All Products
 <option value=books>Books
 <option value=music>Popular Music
 <option value=music-dd>Music Downloads
 <option value=classical>Classical Music
 <option value="dvd">DVD
 <option value="vhs">VHS
 <option value=theatrical>Movie Showtimes
 <option value=toys>Toys
 <option value=baby>Baby
 <option value=pc-hardware>Computers
 <option value=videogames>Video Games
 <option value=electronics>Electronics
 <option value=photo>Camera &amp; Photo
 <option value=software>Software
 <option value=tools>Tools &amp; Hardware
 <option value=magazines>Magazines
 <option value=garden>Outdoor Living
 <option value=kitchen>Kitchen
 <option value=travel>Travel
 <option value=wireless-phones>Cell Phones & Service
 <option value=outlet>Outlet
 <option value=auction-redirect>Auctions
 <option value=fixed-price-redirect>zShops
 </select>
 <input type="text" name="field-keywords" size="15">
 <input type="image" height="21" width="21" border=0 value="Go" name="Go" src="http://g-images.amazon.com/images/G/01/v9/search-browse/go-button-gateway.gif" align=absmiddle>
 </TD> </TR> </TABLE> </TD> </TR> </TABLE> </TD> </form>
 </TR> </TABLE> <br clear=left>
 <TABLE border=0 cellspacing=0 cellpadding=0>
 <TR valign=bottom align=center>
 <td><img src="http://g-images.amazon.com/images/G/01/v9/search-browse/browse-gateway.gif" width=171 height=19 border=0 alt="Browse Amazon.com"></td>
 </TR> <TR valign=top align=center>
 <TD> <TABLE border=0 width= 171 cellpadding=1 cellspacing=0 bgcolor=#708090 ><TR> <TD width=100%><TABLE width=100% border=0 cellpadding=4 cellspacing=0 bgcolor=#708090><TR> <TD bgcolor=#ffffff valign=top width=100%>
 <table cellpadding=3 cellspacing=0>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/283155/ref=gw_br_bo/103-3111065-2579065">Books</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/172282/ref=gw_br_el/103-3111065-2579065">Electronics</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/540744/ref=gw_br_ba/103-3111065-2579065">Baby &amp;</a><br>&nbsp; &nbsp;<a href="/exec/obidos/tg/browse/-/540744/ref=gw_br_ba/103-3111065-2579065">Baby Registry</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/5174/ref=gw_br_mu/103-3111065-2579065">Music</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/redirect-to-partner/ref=gw_br_dscm/103-3111065-2579065?name=dscm&aid=2&aparam=tb5270_bhp&trx=8056">Health & Beauty</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/130/ref=gw_br_dvd/103-3111065-2579065">DVD</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/229534/ref=gw_br_sw/103-3111065-2579065">Software</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/284507/ref=gw_br_ki/103-3111065-2579065">Kitchen &amp;</a><br>&nbsp; &nbsp;<a href="/exec/obidos/tg/browse/-/284507/ref=gw_br_ki/103-3111065-2579065">Housewares</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/228013/ref=gw_br_hi/103-3111065-2579065">Tools &amp;</a><br>&nbsp; &nbsp;<a href="/exec/obidos/tg/browse/-/228013/ref=gw_br_hi/103-3111065-2579065">Hardware</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/541966/ref=gw_br_pc/103-3111065-2579065">Computers</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/502394/ref=gw_br_p/103-3111065-2579065">Camera & Photo</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/562436/ref=gw_br_th/103-3111065-2579065">Movie Showtimes</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/468642/ref=gw_br_cvg/103-3111065-2579065">Computer &amp;</a><br>&nbsp; &nbsp;<a href="/exec/obidos/tg/browse/-/468642/ref=gw_br_cvg/103-3111065-2579065">Video Games</a></b></td>
 </tr> <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/171280/ref=gw_br_tg/103-3111065-2579065">Toys &amp; Games</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/301185/ref=gw_br_wi/103-3111065-2579065">Cell Phones</a><br>&nbsp;&nbsp;&nbsp;<a href="/exec/obidos/tg/browse/-/301185/ref=gw_br_wi/103-3111065-2579065">& Service</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/404272/ref=gw_br_vi/103-3111065-2579065">Video</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/599858/ref=gw_br_zi/103-3111065-2579065">Magazine</a><br>&nbsp; &nbsp;<a href="/exec/obidos/tg/browse/-/599858/ref=gw_br_zi/103-3111065-2579065">Subscriptions</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/286168/ref=gw_br_lp/103-3111065-2579065">Outdoor Living</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/605012/ref=gw_br_tr/103-3111065-2579065">Travel</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/acn-redirect-to-partner/ref=gw_br_cars/103-3111065-2579065?partner-name=carsdirect&partner-url=home%3Fpartner%3Damzn%26customerid%3Dbrowse">Cars</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/229220/ref=gw_br_gi/103-3111065-2579065">Gifts &amp;</a><br>&nbsp; &nbsp;<a href="/exec/obidos/tg/browse/-/229220/ref=gw_br_gi/103-3111065-2579065">Gift Certificates</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="http://s1.amazon.com/exec/varzea/subst/home/home.html/ref=gw_br_au/103-3111065-2579065">Auctions</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="http://s1.amazon.com/exec/varzea/subst/home/fixed.html/ref=gw_br_zs/103-3111065-2579065">zShops</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/517808/ref=gw_br_ou/103-3111065-2579065">Outlet</a></b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/600460/ref=gw_br_cb/103-3111065-2579065">Corporate</a> <br>&nbsp; &nbsp;<a href="/exec/obidos/tg/browse/-/600460/ref=gw_br_cb/103-3111065-2579065">Accounts</a></b></td>
 </tr>
 <tr>
 <td class=small>
 <a href="/exec/obidos/flex-sign-in/ref=pd_fr_gw_fav_edt/103-3111065-2579065?page=personalization/favorites/favorites-sign-in-secure.html&response=favorites-edit/personalization/favorites/edit-areas.html&pass_through=product-group-id.gateway.hp&method=GET">
 <img src="http://g-images.amazon.com/images/G/01/buttons/edit-favorites.gif" width=69 height=15 border=0 valign=top vspace=2></a><br>
 </td>
 </tr>
 <tr>
 <td class=small><b>Browse Partners</b></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<a href="/exec/obidos/tg/browse/-/700060/ref=gw_tarb_/103-3111065-2579065"><img src="http://g-images.amazon.com/images/G/01/target/target-logo-sm.gif" width=71 height=17 border=0 alt=Target></a></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<a href="/exec/obidos/tg/browse/-/171280/ref=gw_trub_/103-3111065-2579065"><img src="http://g-images.amazon.com/images/G/01/toys/navigation/tru-logo.gif" width=117 height=14 border=0 alt=Toysrus.com></a></td>
 </tr>
 <tr>
 <td class=small>&#149;&nbsp;<a href="/exec/obidos/tg/browse/-/540744/ref=gw_brub_/103-3111065-2579065"><img src="http://g-images.amazon.com/images/G/01/toys/navigation/bru-logo.gif" width=136 height=15 border=0 alt=Babiesrus.com></a></td>
 </tr>
 </table>
 </TD> </TR> </TABLE> </TD> </TR> </TABLE> </TD>
 </TR>
 </TABLE> <br>
 <TABLE border=0 width=171 cellpadding=1 cellspacing=0 bgcolor=#708090 ><TR> <TD width=100%><TABLE width=100% border=0 cellpadding=4 cellspacing=0 bgcolor=#708090><TR> <TD bgcolor=#ffffff valign=top width=100%>
 <font face=verdana,arial,helvetica color=#000000 size=-1><b>Special Features</b></font><br>
 <font face=verdana,arial,helvetica size=-1>
 <ul><li> <A href="/exec/obidos/subst/alerts/signup.html/ref=gw_hp_ls_1_1/103-3111065-2579065">Alerts</A><li> <A href="/exec/obidos/subst/misc/anywhere/anywhere.html/ref=gw_hp_ls_1_2/103-3111065-2579065">Amazon.com
 Anywhere</A><li> <A href="/exec/obidos/subst/misc/amazon-credit/marketing-page.html/ref=gw_hp_ls_1_3/103-3111065-2579065">Amazon Credit Account</A><li> <A href="/exec/obidos/subst/delivers/delivers-signup-combo.html/ref=gw_hp_ls_1_4/103-3111065-2579065">Delivers</A><li><A href="/exec/obidos/tg/browse/-/225840/ref=gw_hp_ls_1_5/103-3111065-2579065">Free e-Cards</A><li><A href="/exec/obidos/subst/community/community-home.html/ref=gw_hp_ls_1_6/103-3111065-2579065">Friends &amp; Favorites</A><li> <A href="/exec/obidos/subst/gifts/gift-services/gift-certificates.html/ref=gw_hp_ls_1_7/103-3111065-2579065">Gift
 Certificates</A><li> <A href="http://auctions.amazon.com/exec/varzea/subst/fx/home.html/ref=gw_hp_ls_1_8/103-3111065-2579065">Honor
 System</A><li> <A href="/exec/obidos/subst/community/community.html/ref=gw_hp_ls_1_9/103-3111065-2579065">Purchase
 Circles</A><li>
 <A href="/exec/obidos/tg/browse/-/885446/ref=gw_hp_ls_1_10/103-3111065-2579065">Wedding
 Registry</A></ul>
 </font>
 </TD> </TR> </TABLE> </TD> </TR> </TABLE> <br>
 <TABLE border=0 width=171 cellpadding=1 cellspacing=0 bgcolor=#708090 ><TR> <TD width=100%><TABLE width=100% border=0 cellpadding=4 cellspacing=0 bgcolor=#708090><TR> <TD bgcolor=#ffffff valign=top width=100%>
 <font face=verdana,arial,helvetica color=#000000 size=-1><b>Associates</b></font><br>
 <font face=verdana,arial,helvetica size=-1>
 Sell books, music, videos, and more from your
 Web site. <A href="/exec/obidos/subst/associates/join/associates.html/ref=gw_hp_ls_2_1/103-3111065-2579065">Start earning
 today</A>!<BR>
 </font>
 </TD> </TR> </TABLE> </TD> </TR> </TABLE> <br>
 <p>
 <br clear=all>
 </td>
 <td>&nbsp;</td>
 <td>
 <center>
 </center>
 <br clear=all><p>
 <A href="http://www.amazon.com/exec/obidos/ilm-redirect/103-3111065-2579065?append-uid=no&path=http://www.amazon.com/exec/obidos/tg/browse/-/283155/ref=ilm_rc_285799/103-3111065-2579065&message=285799,m1,27">
 <center><img src="http://g-images.amazon.com/images/G/01/books/homepage-pricing/books-home-pricing-iii.gif" width=257 height=99 border=0></center>
 </A>
 <br clear=all><br>
 <A href="http://www.amazon.com/exec/obidos/ilm-redirect/103-3111065-2579065?append-uid=no&path=http://www.amazon.com/exec/obidos/tg/browse/-/753570/ref=ilm_rc_283024/103-3111065-2579065&message=283024,gw_lr_dvd_lor,28"><img src="http://g-images.amazon.com/images/G/01/icons/thumbnails/b00003cwt6_thumb.gif" width=41 height=60 border=0 valign=top align=left></A>
 Pre-order the Oscar&#174;-winning blockbuster <A href="http://www.amazon.com/exec/obidos/ilm-redirect/103-3111065-2579065?append-uid=no&path=http://www.amazon.com/exec/obidos/tg/browse/-/753570/ref=ilm_rc_283024/103-3111065-2579065&message=283024,gw_lr_dvd_lor,28"><I>The Lord of the Rings: The Fellowship of the Ring</I></A>, arriving on <A href="http://www.amazon.com/exec/obidos/ilm-redirect/103-3111065-2579065?append-uid=no&path=http://www.amazon.com/exec/obidos/ASIN/B00003CWT6/ref=ilm_rc_283024/103-3111065-2579065&message=283024,gw_lr_dvd_lor,28">DVD</A> and <A href="http://www.amazon.com/exec/obidos/ilm-redirect/103-3111065-2579065?append-uid=no&path=http://www.amazon.com/exec/obidos/ASIN/B000065U6Q/ref=ilm_rc_283024/103-3111065-2579065&message=283024,gw_lr_dvd_lor,28">video</A> August 6.
 <br clear=all><br>
 <b class=small><A href="/exec/obidos/tg/browse/-/229220/ref=gw_hp_cs_1_1/103-3111065-2579065">In Gifts</A></b><br>
 <A href="/exec/obidos/tg/browse/-/229220/ref=gw_hp_cs_2_1/103-3111065-2579065"><img src="http://g-images.amazon.com/images/G/01/marketing/mothers_day/md_sd_roto.jpg" width=100 height=95 border=0 align=left hspace=4></A>
 <b><font face=verdana,arial,helvetica color=#CC6600>Mother's Day Is May 12</font></b><br>
 We've made it fun and easy to buy the perfect
 present for Mom. Shop by <A href="/exec/obidos/tg/stores/recs/gift-wizard-refine/-/holiday/ref=gw_hp_cs_2_2/103-3111065-2579065">recipient</A>
 or <A href="/exec/obidos/tg/stores/recs/gift-wizard/-/price/ref=gw_hp_cs_2_3/103-3111065-2579065">price</A>,
 browse <A href="/exec/obidos/tg/stores/recs/gift-wizard/-/topsellers/ref=gw_hp_cs_2_4/103-3111065-2579065">top
 sellers</A>, or order <A href="http://www.amazon.com/exec/obidos/redirect-to-external-url/103-3111065-2579065?path=http%3A//www.proflowers.com/freechocolate/freechocolate.cfm%3FREF%3DFCHAmazonGatewayExp042702">flowers</A>.
 Visit <A href="/exec/obidos/tg/browse/-/229220/ref=gw_hp_cs_2_5/103-3111065-2579065">Gifts</A> for
 these and more great ideas for expressing your love and
 appreciation.<BR>
 &nbsp;<br clear=left>
 <br clear=all>
 <a href=/exec/obidos/instant-recs/recs/instant-recs-home.html/ref=pd_gw_qpt_h/103-3111065-2579065><b class=small>Your Recommendations</b></a>
 <br> <b class=h1>
 <i>War in Heaven</i>
 </b>
 </b><br>
 <a href=/exec/obidos/ASIN/0802812198/ref=pd_gw_qpt_1/103-3111065-2579065><img src="http://images.amazon.com/images/P/0802812198.01.__PE20_PIm.arrow,TopLeft,-2,-19_SCTZZZZZZZ_.jpg" width=76 height=116 vspace=3 hspace=7 align=left border=0></a>
 <b>Amazon.com</b><br>
 "The telephone was ringing wildly," begins Charles Williams's novel <I>War in Heaven</I>, "but without result, since there was no-one in the room but the corpse." From this abrupt--and darkly humorous--start, Williams takes us on a 20th-century version of the Grail quest, with an Archdeacon, a Duke, and an...
 <a href=/exec/obidos/ASIN/0802812198/ref=pd_gw_qpt_1/103-3111065-2579065>
 <font size=-1>Read more</font></a>
 <span class=tiny>
 &#124;
 &#040;<a href=/exec/obidos/tg/recs/ir-why/-/books/0/regular/none/0802812198/gw/1/pc/3/none/ref=pd_gw_qpt_1/103-3111065-2579065>Why was I recommended this?</a>&#041;
 </span>
 <br clear=all>
 <br><b class=small>More Recommendations</b><br>
 <img src="http://g-images.amazon.com/images/G/01/icons/small-blue-books-icon.gif" width=18 height=18 border=0 alt=Icon >
 <a href=/exec/obidos/ASIN/0471070408/ref=pd_gw_qpt_2/103-3111065-2579065><i>Reliable Linux</i></a> by Iain Campbell
 <span class=tiny>
 &#040;<a href=/exec/obidos/tg/recs/ir-why/-/books/0/regular/none/0471070408/gw/1/pc/3/none/ref=pd_gw_qpt_2/103-3111065-2579065>Why?</a>&#041;
 </span>
 <br>
 <img src="http://g-images.amazon.com/images/G/01/icons/small-blue-books-icon.gif" width=18 height=18 border=0 alt=Icon >
 <a href=/exec/obidos/ASIN/1565926102/ref=pd_gw_qpt_3/103-3111065-2579065><i>Programming PHP</i></a> by Rasmus Lerdorf, et al
 <span class=tiny>
 &#040;<a href=/exec/obidos/tg/recs/ir-why/-/books/0/regular/none/1565926102/gw/1/pc/3/none/ref=pd_gw_qpt_3/103-3111065-2579065>Why?</a>&#041;
 </span>
 <br>
 <img src="http://g-images.amazon.com/images/G/01/icons/small-blue-books-icon.gif" width=18 height=18 border=0 alt=Icon >
 <a href=/exec/obidos/ASIN/0802812201/ref=pd_gw_qpt_4/103-3111065-2579065><i>Descent into Hell</i></a> by Charles W. Williams
 <span class=tiny>
 &#040;<a href=/exec/obidos/tg/recs/ir-why/-/books/0/regular/none/0802812201/gw/1/pc/3/none/ref=pd_gw_qpt_4/103-3111065-2579065>Why?</a>&#041;
 </span>
 <br>
 <img src="http://g-images.amazon.com/images/G/01/icons/small-blue-books-icon.gif" width=18 height=18 border=0 alt=Icon >
 <a href=/exec/obidos/ASIN/059600186X/ref=pd_gw_qpt_5/103-3111065-2579065><i>Network Troubleshooting Tools (O'Reilly System Administration)</i></a> by Joseph D. Sloan
 <span class=tiny>
 &#040;<a href=/exec/obidos/tg/recs/ir-why/-/books/0/regular/none/059600186X/gw/1/pc/3/none/ref=pd_gw_qpt_5/103-3111065-2579065>Why?</a>&#041;
 </span>
 <br>
 <p>
 <font face=verdana,arial,helvetica size=-1><a href=/exec/obidos/tg/stores/your/favorites/-/music/ref=pd_fr_gw_nr_h/103-3111065-2579065><b>Your Music Store</b></a></font><br>
 <font face=verdana,arial,helvetica color=#CC6600><b>
 Isaac Freeman, et al&#44;
 <i>Beautiful Stars</i>
 </b></font>
 <br>
 <a href=/exec/obidos/ASIN/B000063TQV/ref=pd_fr_qw_nr_1/103-3111065-2579065><img src="http://images.amazon.com/images/P/B000063TQV.01.26TLZZZZ.jpg" width=73 height=71 vspace=3 hspace=7 align=left border=0></a>
 Great African American gospel music has an indisputable power, rooted in the audible faith of its performers and the beauty of their voices. As the bass singer of the <a href="/exec/obidos/tg/stores/artist/glance/-/73920/103-3111065-2579065">Fairfield Four</a>, an a cappella group that started more than a half century ago,...
 <a href=/exec/obidos/ASIN/B000063TQV/ref=pd_fr_qw_nr_1/103-3111065-2579065><font size=-1>Read more</font></a>
 <br>
 <br clear=left>
 <br>
 <table border=0 cellpadding=2 cellspacing=0><tr><td colspan=2>
 <p><b class="small">More Stores:</b>
 </td></tr>
 <tr valign=top><td width=1%><a href=/exec/obidos/tg/stores/your/favorites/-/electronics/ref=pd_fr_qw_nr_2/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/small-blue-electronics-icon.gif" width=18 height=18 alt=Icon border=0 align=absmiddle></a></td><td><b class="small"><a href=/exec/obidos/tg/stores/your/favorites/-/electronics/ref=pd_fr_gw_nr_2_p/103-3111065-2579065>Your Electronics Store</a>:</b> <a href=/exec/obidos/ASIN/B000063574/ref=pd_fr_gw_nr_2/103-3111065-2579065>iRiver SlimX iMP-350 CD/MP3 Player with 8 minutes ASP and Upgradeable Firmware</a>
 by iRiver
 </td></tr>
 <tr valign=top><td width=1%><a href=/exec/obidos/tg/stores/your/favorites/-/video/ref=pd_fr_qw_nr_3/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/small-blue-video-icon.gif" width=18 height=18 alt=Icon border=0 align=absmiddle></a></td><td><b class="small"><a href=/exec/obidos/tg/stores/your/favorites/-/video/ref=pd_fr_gw_nr_3_p/103-3111065-2579065>Your Video Store</a>:</b> <a href=/exec/obidos/ASIN/B000062XNA/ref=pd_fr_gw_nr_3/103-3111065-2579065><i>Ocean's Eleven</i></a>
 <b>VHS</b> ~ George Clooney
 </td></tr>
 </table>
 <p>
 <b><font face=verdana,arial,helvetica color=#CC6600>Listmania!</font></b><br>
 <font face=verdana,arial,helvetica size=-2>
 (<a href=/exec/obidos/tg/browse/-/542566/103-3111065-2579065>What is this?</a>)
 </font><br>
 <table width=100% border=0 cellpadding=5 cellspacing=0>
 <tr valign=top>
 <td width=50% class=small>
 <a href=/exec/obidos/tg/listmania/list-browse/-/2RKS17C9X4D3F/ref=pd_gw_lmq_1/103-3111065-2579065><img src="http://images.amazon.com/images/P/0072127732.01.__PIm.arrow,TopLeft,-2,-19_SCTZZZZZZZ_.jpg" width=76 height=109 border=0 vspace=4 hspace=5></a>
 <p>
 <font face=verdana,arial,helvetica size=-1>
 <a href=/exec/obidos/tg/listmania/list-browse/-/2RKS17C9X4D3F/ref=pd_gw_lmq_1/103-3111065-2579065><b>Best Linux Security books</b></a>:&nbsp;A list by <a href=/exec/obidos/tg/cm/member-fil/-/A3362WVVMJ3LE9/ref=pd_gw_lmq_n1/103-3111065-2579065>J. Parker</a>, Administrator, hacker.<br>
 (7 item list)</font>
 </td>
 <td width=50% class=small>
 <a href=/exec/obidos/tg/listmania/list-browse/-/2B0DIAPG2D3RT/ref=pd_gw_lmq_2/103-3111065-2579065><img src="http://images.amazon.com/images/P/0070419531.01.__PIm.arrow,TopLeft,-2,-19_SCTZZZZZZZ_.jpg" width=76 height=109 border=0 vspace=4 hspace=5></a>
 <p>
 <font face=verdana,arial,helvetica size=-1>
 <a href=/exec/obidos/tg/listmania/list-browse/-/2B0DIAPG2D3RT/ref=pd_gw_lmq_2/103-3111065-2579065><b>Networking</b></a>:&nbsp;A list by <a href=/exec/obidos/tg/cm/member-fil/-/AJINE650CAMUQ/ref=pd_gw_lmq_n2/103-3111065-2579065>gakis</a>, Engineer<br>
 (13 item list)</font>
 </td>
 </tr>
 <tr>
 <td colspan=2 class=small><ul>
 <li><a href=/exec/obidos/tg/listmania/list-browse/-/IEF1DNVKZO8B/ref=pd_gw_lmq_3/103-3111065-2579065>My Coder Library</a>:&nbsp;A list by <a href=/exec/obidos/tg/cm/member-fil/-/A3RK9LZQKL2YIN/ref=pd_gw_lmq_n3/103-3111065-2579065>John Washam</a><br> <li><a href=/exec/obidos/tg/listmania/list-browse/-/LE6A7H4L7VZK/ref=pd_gw_lmq_4/103-3111065-2579065>ALL THE FANTASY YOU'LL EVER NE</a>:&nbsp;A list by <a href=/exec/obidos/tg/cm/member-fil/-/A3628L43ZVEMP5/ref=pd_gw_lmq_n4/103-3111065-2579065>aramis</a><br> <li><a href=/exec/obidos/tg/listmania/list-browse/-/1MD5H6RUOIMIU/ref=pd_gw_lmq_5/103-3111065-2579065>Mythopoeic Fantasy</a>:&nbsp;A list by <a href=/exec/obidos/tg/cm/member-fil/-/A7CSNW9E46NR5/ref=pd_gw_lmq_n5/103-3111065-2579065>Vera Nazarian</a><br> </ul></td></tr></table>
 <p>
 <b class=small><A href="/exec/obidos/tg/browse/-/605012/ref=gw_hp_cb_1_1/103-3111065-2579065">In Travel</A></b><br>
 <A href="/exec/obidos/tg/browse/-/605012/ref=gw_hp_cb_2_1/103-3111065-2579065"><img src="http://g-images.amazon.com/images/G/01/travel/promotions/travel-gateway1.gif" width=100 height=95 border=0 align=left hspace=4></A>
 <b><font face=verdana,arial,helvetica color=#CC6600>Your Next Vacation Starts
 Here</font></b><br>
 Save up to 70% on hotels from Vegas to New York
 and everywhere in between on <A href="/exec/obidos/acn-redirect-to-partner/103-3111065-2579065?partner-name=expedia&partner-url=pubspec/scripts/eap.asp%3FEAPID%3D11420-1%26GOTO%3DDAILY%26Page%3D/deals/hoteldeals.asp%3Frfrr%3D-2980">Expedia.com</A>.
 Book a flight during Hotwire's <A href="/exec/obidos/acn-redirect-to-partner/103-3111065-2579065?partner-name=hotwire&partner-url=index.jsp%3Fsid%3D39151%26bid%3DB627">major-airline Spring Sale</A> through May 2 and fly the
 big-name airlines at no-name airline prices. <A href="/exec/obidos/acn-redirect-to-partner/103-3111065-2579065?partner-name=thevacationstore&partner-url=cruises/show_cruise.asp%3Fd%3D%26i%3D743065%26c%3D24%26v%3D110">The
 Vacation Store</A> is offering seven-day Holland America
 Caribbean cruises from just $599. <BR>
 &nbsp;<br clear=left>
 <td width=174>
 <table width=100% cellpadding=3 cellspacing=0 border=0>
 <tr>
 <td>
 <a href=/exec/obidos/subst/xs/hotpicks.html/ref=xs_ie_13_gw/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/marketing/cross-shop/web-labs/lp_gate_roto_t._ZCStuart%5c,,3,5,300,300,verdenab,14,204,0,0_SCLZZZZZZZ_.gif" width=174 height=34 border=0></a><br>
 <a href=/exec/obidos/subst/xs/hotpicks.html/ref=xs_ie_13_gw/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/marketing/cross-shop/web-labs/lp_gate_roto_m.gif" width=174 height=200 border=0></a><br>
 <a href=/exec/obidos/subst/xs/hotpicks.html/ref=xs_ie_13_gw/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/marketing/cross-shop/web-labs/lp_gate_roto_b.gif" width=174 height=231 border=0></a><br>
 <a href=/exec/obidos/tg/new-for-you/new-for-you/-/main/ref=pd_nfy_gw_n/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/banners/n4u/n4u-header-recognized-01.gif" width=174 height=41 hspace=0 vspace=0 align=right border=0 alt="New For You"></a><br clear=all>
 <table border=0 bgcolor=#708090 cellpadding=1 cellspacing=0 width=174 align=right valign=top vspace=0 hspace=0><tr><td>
 <table border=0 cellpadding=3 cellspacing=0 width=100% bgcolor=#ffffff>
 <tr><td bgcolor=#ffffff align=middle>
 <span class=small><font color=#CC6600><b>Stuart,</b></font> check out what's<b> <a href=/exec/obidos/tg/new-for-you/new-for-you/-/main/ref=pd_nfy_gw_n/103-3111065-2579065>New for You</a></b>:<br></span>
 </td></tr>
 <tr><td bgcolor=#ffffff align=middle>
 <span class=tiny>(If you're not Stuart D. Gathman, <a href=/exec/obidos/flex-sign-in/ref=pd_nfy_gw_n/103-3111065-2579065?opt=o&page=misc/login/flex-sign-in-secure.html&response=tg/new-for-you/new-for-you/-/main>click here</a>.)</span>
 <br><br>
 </td></tr>
 <tr bgcolor=#eeeecc><td>
 <a href=/exec/obidos/tg/new-for-you/inbox/inbox/-/main/ref=pd_nfy_gw_ibx/103-3111065-2579065><b class=small>Your Message Center</b></a>
 </td></tr>
 <tr bgcolor=#ffffee><td>
 <table><tr bgcolor=#ffffee>
 <td valign=top><a href=/exec/obidos/tg/new-for-you/inbox/inbox/-/main/ref=pd_nfy_gw_ibx/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/exclamation-clear.gif" width=20 height=20 border=0 alt=!></a></td>
 <td class=small> You have <a href=/exec/obidos/tg/new-for-you/inbox/inbox/-/main/ref=pd_nfy_gw_ibx/103-3111065-2579065>5 new messages</a>.
 <br><br>
 </td>
 </tr></table>
 </td></tr>
 <tr bgcolor=#eeeecc><td>
 <font face=verdana,arial,helvetica size=-1><a href=/exec/obidos/shopping-basket/ref=pd_nfy_gw_sc/103-3111065-2579065><b>Your Shopping Cart</b></a></font>
 </td></tr>
 <tr><td>
 <table><tr>
 <td valign=top><a href=/exec/obidos/shopping-basket/ref=pd_nfy_gw_sc/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/shopping-cart-small.gif" width=25 height=25 border=0 alt="Shopping Cart" align=left></a></td>
 <td valign=top><font face=verdana,arial,helvetica size=-1>You have 0 items in <a href=/exec/obidos/shopping-basket/ref=pd_nfy_gw_sc/103-3111065-2579065>your Shopping Cart</a>.</font><br><br></td>
 </tr></table>
 </td></tr></table>
 <table border=0 cellpadding=3 cellspacing=0 width=100% bgcolor=#ffffff vspace=0>
 <tr bgcolor=#eeeecc><td class=small>
 <a href=/exec/obidos/tg/new-for-you/new-releases/-/main/ref=pd_nfy_gw_n/103-3111065-2579065><b>Your New Releases</b></a>
 </td></tr></table>
 <table border=0 cellpadding=3 cellspacing=0 width=100% bgcolor=#ffffff vspace=0>
 <tr valign=top><td>
 <a href=/exec/obidos/tg/new-for-you/new-releases/-/music/37/ref=pd_nfy_gw_n1/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/small-blue-music-icon.gif" width=18 height=18 border=0 alt=Icon ></a></td><td>
 <a href=/exec/obidos/tg/new-for-you/new-releases/-/music/37/ref=pd_nfy_gw_n1/103-3111065-2579065><font face=verdana,arial,helvetica size=-1>Pop</font></a>
 </td></tr>
 <tr valign=top><td>
 <a href=/exec/obidos/tg/new-for-you/new-releases/-/music/173429/ref=pd_nfy_gw_n2/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/small-blue-music-icon.gif" width=18 height=18 border=0 alt=Icon ></a></td><td>
 <a href=/exec/obidos/tg/new-for-you/new-releases/-/music/173429/ref=pd_nfy_gw_n2/103-3111065-2579065><font face=verdana,arial,helvetica size=-1>Christian & Gospel</font></a>
 </td></tr>
 <tr valign=top><td>
 <a href=/exec/obidos/tg/new-for-you/new-releases/-/books/5/ref=pd_nfy_gw_n3/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/small-blue-books-icon.gif" width=18 height=18 border=0 alt=Icon ></a></td><td>
 <a href=/exec/obidos/tg/new-for-you/new-releases/-/books/5/ref=pd_nfy_gw_n3/103-3111065-2579065><font face=verdana,arial,helvetica size=-1>Computers & Internet</font></a>
 </td></tr>
 <tr valign=top><td>
 <a href=/exec/obidos/tg/new-for-you/new-releases/-/kitchen/289814/ref=pd_nfy_gw_n4/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/icon-kitchen-blue.gif" width=18 height=18 border=0 alt=Icon ></a></td><td>
 <a href=/exec/obidos/tg/new-for-you/new-releases/-/kitchen/289814/ref=pd_nfy_gw_n4/103-3111065-2579065><font face=verdana,arial,helvetica size=-1>Cookware</font></a>
 </td></tr>
 <tr valign=top><td>
 <a href=/exec/obidos/tg/new-for-you/new-releases/-/video/141/ref=pd_nfy_gw_n5/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/small-blue-vhs-icon.gif" width=18 height=18 border=0 alt=Icon ></a></td><td>
 <a href=/exec/obidos/tg/new-for-you/new-releases/-/video/141/ref=pd_nfy_gw_n5/103-3111065-2579065><font face=verdana,arial,helvetica size=-1>Action & Adventure</font></a>
 </td></tr>
 </td></tr>
 <tr><td colspan=2 align=left> <img src="http://g-images.amazon.com/images/G/01/icons/orange-arrow.gif" width=10 height=9 border=0> <a href=/exec/obidos/tg/new-for-you/new-releases/-/main/ref=pd_nfy_gw_n/103-3111065-2579065><font face=verdana,arial,helvetica size=-1><b>More New Releases</b></font></a><p>
 </td></tr></table>
 <table border=0 cellpadding=3 cellspacing=0 width=100% bgcolor=#ffffff>
 <tr bgcolor=#eeeecc><td class=small>
 <a href=/exec/obidos/tg/new-for-you/movers-and-shakers/-/books/ref=pd_gw_msgr/103-3111065-2579065><b>Movers &amp; Shakers</b></a>
 </td></tr></table>
 <table border=0 cellpadding=2 cellspacing=0 width=100% bgcolor=#ffffff vspace=0>
 <tr><td valign=top align=center>
 <img src="http://g-images.amazon.com/images/G/01/icons/uparrow_green2.gif" width=13 height=11 alt="Up">
 </td>
 <td valign=top>
 <font color=#339900 face=verdana,arial,helvetica size=-1><b>974%</b></font> </td></tr>
 <tr><td valign=top align=left>
 <img src="http://g-images.amazon.com/images/G/01/icons/small-blue-dvd-icon.gif" width=18 height=18 border=0 alt=Icon >
 </td>
 <td valign=top>
 <font face=verdana,arial,helvetica size=-1><a href=/exec/obidos/tg/new-for-you/movers-and-shakers/-/dvd/ref=pd_gw_msd2/103-3111065-2579065>Dorothy L. Sayers Mysteries (Strong Poison / Have His Carcass / Gaudy Night)</a>
 <font face=verdana,arial,helvetica size=-1>
 <b>DVD</b>
 <br>~ Dorothy L. Sayers
 </font>
 </font>
 </td></tr>
 <tr><td valign=top align=center>
 <img src="http://g-images.amazon.com/images/G/01/icons/uparrow_green2.gif" width=13 height=11 alt="Up">
 </td>
 <td valign=top>
 <font color=#339900 face=verdana,arial,helvetica size=-1><b>2,415%</b></font> </td></tr>
 <tr><td valign=top align=left>
 <img src="http://g-images.amazon.com/images/G/01/icons/small-blue-books-icon.gif" width=18 height=18 border=0 alt=Icon >
 </td>
 <td valign=top>
 <font face=verdana,arial,helvetica size=-1><a href=/exec/obidos/tg/new-for-you/movers-and-shakers/-/books/ref=pd_gw_msb2/103-3111065-2579065>Artemis Fowl</a>
 <br><font face=verdana,arial,helvetica size=-1>by Eoin Colfer</font>
 </font>
 </td></tr>
 <tr><td colspan=2>
 <img src="http://g-images.amazon.com/images/G/01/icons/orange-arrow.gif" width=10 height=9 border=0> <font face=verdana,arial,helvetica size=-1><b><a href=/exec/obidos/tg/new-for-you/movers-and-shakers/-/books/ref=pd_gw_msgr/103-3111065-2579065>More Movers & Shakers</a></b>
 <br>
 </td></tr></table>
 </td></tr></table>
 </td></tr></table>
 </td></tr></table>
 <br clear="all">
 <center>
 <form method="post" action="/exec/obidos/search-handle-form/103-3111065-2579065">
 <table border=0 width=100% cellpadding=1 cellspacing=0 bgcolor=#999999>
 <tr><td>
 <table border=0 width=100% bgcolor=#ffffff cellspacing=0 cellpadding=5 class="small">
 <tr valign=top><td width=33% class="small">
 <b>Where's My Stuff?</b><br>
 &#149; Track your <a href="/exec/obidos/flex-sign-in/ref=hy_f_1/103-3111065-2579065?opt=ab&page=help/ya-sign-in-secure.html&response=order-history-filtered&method=POST&ss-order-filter=wheres-my-stuff&return-url=order-history-filtered">recent orders</a>.<br>
 &#149; View or change your orders in <a href="/exec/obidos/account-access-login/ref=hy_f_2/103-3111065-2579065">Your Account</a>.
 <script language="JavaScript1.1" type="text/javascript">
 <!--
 var agt=navigator.userAgent.toLowerCase();
 var is_major = parseInt(navigator.appVersion);
 var is_nav = ((agt.indexOf('mozilla')!=-1) && (agt.indexOf('spoofer')==-1)
 && (agt.indexOf('compatible') == -1) && (agt.indexOf('opera')==-1)
 && (agt.indexOf('webtv')==-1) && (agt.indexOf('hotjava')==-1));
 var is_gecko = (agt.indexOf('gecko') != -1);
 var is_ie = ((agt.indexOf("msie") != -1) && (agt.indexOf("opera") == -1));
 var is_aol = (agt.indexOf("aol") != -1);
 var is_opera = (agt.indexOf("opera") != -1);
 var is_win = ( (agt.indexOf("win")!=-1) || (agt.indexOf("16bit")!=-1) );
 //-->
 </script>
 <script language="JavaScript1.1" type="text/javascript">
 <!--
 var OpenedWin;
 function openWin (URL, width, height) {
 OpenedWin = window.open(URL, "demo_window", "width="+width+",height="+height+",status=no,menubar=no,location=no,toolbar=no,directories=no,scrollbars=no");
 if (! is_aol) {
 var NewX = (screen.availWidth/2)-(width/2);
 var NewY = (screen.availHeight/2)-(height/2);
 OpenedWin.moveTo(NewX, NewY);
 NewX = null;
 NewY = null;
 }
 }
 function launch (URL, width, height) {
 if (!URL || !width || !height) {
 alert("Error");
 } else if (width>screen.availWidth || height>screen.availHeight) {
 var message;
 message = "Your screen resolution is too low to display the demo.\nClick 'OK' if you wish to continue anyway.\n";
 message += '\n Your screen resolution: '+screen.width+' x '+screen.height;
 message += ' | Viewable: '+screen.availWidth+' x '+screen.availHeight;
 message += '\n Required: '+width+' x '+height;
 if (confirm(message)) {
 message = "If you can not find the close buttons, use your keyboard:\n";
 message += 'Windows: ALT+F4\n';
 message += 'Macintosh: CONTROL+W';
 alert(message);
 openWin(URL, width, height);
 }
 } else {
 openWin(URL, width, height);
 }
 }
 function displayLink(text){
 if ( is_major >= 4 && is_win && ( is_nav || is_ie || is_opera || is_gecko ) ) {
 document.write(text);
 };
 }
 //-->
 </script>
 <script language="JavaScript1.1" type="text/javascript">
 <!--
 displayLink('<br>&#149; See our <b><a href=javascript:launch(\'/exec/obidos/subst/help/demo-wms/display-demo.html/ref=hy_f_demo/103-3111065-2579065\',788,444)>animated demo</a></b>!');
 //-->
 </script>
 </td>
 <td width=33% class="small">
 <b>Shipping &amp; Returns</b><br>
 &#149; See our <a href="/exec/obidos/tg/browse/-/468520/ref=hy_f_3/103-3111065-2579065">shipping rates &amp; policies</a>.<br>
 &#149; <a href="/exec/obidos/subst/help/self-service-returns.html/ref=hy_f_4/103-3111065-2579065">Return</a> an item (here's our <a href="/exec/obidos/tg/browse/-/468532/103-3111065-2579065">Returns Policy</a>).
 </td>
 <td width=33% class="small">
 <b>Need Help?</b><br>
 &#149; Forgot your password? <a href="/exec/obidos/self-service-forgot-password-get-email/ref=hy_f_6/103-3111065-2579065">Click here</a>.
 <br>
 &#149; <a href="/exec/obidos/subst/gifts/gift-certificates/gc-redeeming.html/ref=hy_f_7/103-3111065-2579065">Redeem</a> or <a href="/exec/obidos/subst/gifts/gift-services/gift-certificates.html/ref=hy_f_8/103-3111065-2579065">buy</a> a gift certificate.<br>
 &#149; <a href="/exec/obidos/tg/browse/-/508510/ref=hy_f_9/103-3111065-2579065">Visit our Help department</a>. <br>
 </td></tr>
 </table>
 </td></tr>
 <tr><td>
 <table border=0 width=100% bgcolor=#FFCC66 cellspacing=0 cellpadding=5>
 <tr><td align=center class="small">
 <b>Search&nbsp;</b>
 <select name=index>
 <option value=blended selected>All Products
 <option value=books>Books
 <option value=music>Popular Music
 <option value=music-dd>Music Downloads
 <option value=classical>Classical Music
 <option value="dvd">DVD
 <option value="vhs">VHS
 <option value=theatrical>Movie Showtimes
 <option value=toys>Toys
 <option value=baby>Baby
 <option value=pc-hardware>Computers
 <option value=videogames>Video Games
 <option value=electronics>Electronics
 <option value=photo>Camera &amp; Photo
 <option value=software>Software
 <option value=tools>Tools &amp; Hardware
 <option value=magazines>Magazines
 <option value=garden>Outdoor Living
 <option value=kitchen>Kitchen
 <option value=travel>Travel
 <option value=wireless-phones>Cell Phones & Service
 <option value=outlet>Outlet
 <option value=auction-redirect>Auctions
 <option value=fixed-price-redirect>zShops
 </select>
 <b>&nbsp;&nbsp;for&nbsp;&nbsp;</b>
 <input type="text" name="field-keywords" size="15">&nbsp;&nbsp;
 <input type=image name="Go" value="Go!" border=0 alt="Go!" src=http://g-images.amazon.com/images/G/01/v9/search-browse/go-button-gateway.gif width=21 height=21 border=0 align=absmiddle > </td></tr></table>
 </td></tr>
 </table>
 </form>
 <p align=center>
 <b class=h1>Stuart D. Gathman, make </b><font color=#990000><b class=sans>$</b><b class=sans>310.61</b></font><br />
 <b class=sans>Sell <a href="/exec/obidos/flex-sign-in/ref=sdp_bbump_gw/103-3111065-2579065?opt=an&page=misc/login/flex-sign-in-secure.html&response=tg/stores/static/-/used/sell-your-collection/1/">your past purchases</a> at Amazon.com today!</b>
 </p>
 <table width="100%">
 <tr>
 <td width="50%" valign="top" align="left">
 <span class="small"><a href=/exec/obidos/change-style/subst/home/redirect.html/103-3111065-2579065>Text Only</a></span>
 </td>
 <td width="50%" valign="top" align="right" class="small">
 <a href="#top">Top of Page</a>
 </td>
 </tr>
 </table>
 <center>
 <p>
 <a href=/exec/obidos/subst/home/all-stores.html/ref=gw_bt_st/103-3111065-2579065>Directory of All Stores</a><p>
 Our International Sites:
 <a href="/exec/obidos/redirect-to-external-url/ref=gw_bt_uk/103-3111065-2579065?path=http%3A//www.amazon.co.uk/exec/obidos/redirect-home%3Ftag%3Dintl-usgt-ukhome-21%26site%3Damazon">United Kingdom</a>
 &nbsp;&nbsp;|&nbsp;&nbsp;
 <a href="/exec/obidos/redirect-to-external-url/ref=gw_bt_de/103-3111065-2579065?path=http%3A//www.amazon.de/exec/obidos/redirect-home%3Ftag%3Dintl-usgt-dehome-21%26site%3Dhome">Germany</a>
 &nbsp;&nbsp;|&nbsp;&nbsp;
 <a href="/exec/obidos/redirect-to-external-url/ref=gw_bt_jp/103-3111065-2579065?path=http%3A//www.amazon.co.jp/exec/obidos/redirect-home%3Ftag%3Dintl-usgatew-jphome-22%26site%3Damazon">Japan</a>
 &nbsp;&nbsp|&nbsp;&nbsp;
 <a href="/exec/obidos/redirect-to-external-url/ref=gw_bt_fr/103-3111065-2579065?path=http%3A//www.amazon.fr/exec/obidos/redirect-home%3Fsite%3Damazon%26tag%3Dusfr-gatew-footer-21">France</a>
 <p>
 <a href=/exec/obidos/tg/browse/-/508510/ref=gw_bt_he/103-3111065-2579065>Help</a>&nbsp;&nbsp;|&nbsp;&nbsp;
 <a href=/exec/obidos/shopping-basket/ref=gw_bt_sc/103-3111065-2579065>Shopping Cart</a>&nbsp;&nbsp;|&nbsp;&nbsp;
 <a href=/exec/obidos/account-access-login/ref=gw_bt_ya/103-3111065-2579065>Your Account</a>&nbsp;&nbsp;|&nbsp;&nbsp;
 <a href="http://s1.amazon.com/exec/varzea/ts/announcement-list-zshops/slp/ref=gw_bt_si/103-3111065-2579065">Sell Items</a>&nbsp;&nbsp;|&nbsp;&nbsp;
 <a href="/exec/obidos/flex-sign-in/ref=gw_bt_oc/103-3111065-2579065?opt=a&page=ordering/one-click-address-sign-in-secure.html&response=one-click-main&method=GET&return-url=one-click-main">1-Click Settings</a>
 <p>
 <a href=/exec/obidos/subst/misc/company-info.html/ref=gw_bt_aa/103-3111065-2579065>About Amazon.com</a>&nbsp;&nbsp;|&nbsp;&nbsp;
 <a href=/exec/obidos/tg/stores/job-listings/-/generic/home/103-3111065-2579065>Join Our Staff</a>&nbsp;&nbsp;|&nbsp;&nbsp;
 <a href="/exec/obidos/subst/associates/join/associates.html/ref=gw_bt_as/103-3111065-2579065">Join Associates</a>&nbsp;&nbsp;|&nbsp;&nbsp;
 <a href=/exec/obidos/subst/partners/direct/direct-application.html/ref=gw_bt_ad/103-3111065-2579065>Join Advantage</a>&nbsp;&nbsp;|&nbsp;&nbsp;
 <a href="http://s1.amazon.com/exec/varzea/subst/fx/home.html/ref=gw_bt_hs/103-3111065-2579065">Join Honor System</a>
 </center>
 <center>
 <p>
 <div class="tiny" align=center>
 <A HREF="/exec/obidos/subst/misc/policy/conditions-of-use.html/103-3111065-2579065">Conditions of Use</A> | <A HREF="/exec/obidos/tg/browse/-/468496/103-3111065-2579065">Privacy Notice</A> &copy; 1996-2002, Amazon.com, Inc. or its affiliates
 </div>
 </center>
 <!-- whfhYn47qD1fv3PW2R8XWAkFcMwteHFKxorD -->
 </body>
 </html>
 --------------59A46341C90BA737DD47867B--
@@ -0,0 +1,128 @@
 From leec@windowsshop.com Fri Sep 10 11:48:25 2004
 Message-ID: <4141CDD4.7040305@windowsshop.com>
 Date: Fri, 10 Sep 2004 11:52:52 -0400
 From: Lee Connor <leec@windowsshop.com>
 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
 X-Accept-Language: en-us, en
 MIME-Version: 1.0
 To: Cleo Matthews-Conley <cleom@windowsshop.com>, 
 Tony Collini <tonyc@windowsshop.com>,
 John Higinbothom <johnh@windowsshop.com>
 CC: Rich Higgins <richh@windowsshop.com>
 Subject: [Fwd: [Fwd: Customer Concerns]]
 Content-Type: multipart/mixed;
 boundary="------------020209070802060007090105"
 This is a multi-part message in MIME format.
 --------------020209070802060007090105
 Content-Type: text/plain; charset=us-ascii; format=flowed
 Content-Transfer-Encoding: 7bit
 Cleo - please review attached feedback from Sales team.......I recall at 
 an early meeting after we moved in you and Tony (and maybe 1 or 2 
 others) were going to develop a voice mail procedure or instruction 
 sheet for all staff. It looks like we really need this to get what we 
 are looking for from the system. Please let me know when you can produce 
 this and give a draft to the managers here for review.
 Thanks,
 Lee
 --------------020209070802060007090105
 Content-Type: message/rfc822;
 name="[Fwd: Customer Concerns]"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
 filename="[Fwd: Customer Concerns]"
 Return-Path: <richh@windowsshop.com>
 Received: from windowsshop.com (pc147.windowsshop.com [192.168.100.147] (may be forged))
 	by lord.windowsshop.com (8.12.10/8.12.10) with ESMTP id i89KCClX003425
 	for <leec@windowsshop.com>; Thu, 9 Sep 2004 16:12:12 -0400
 Message-ID: <4140B851.3020501@windowsshop.com>
 Date: Thu, 09 Sep 2004 16:08:49 -0400
 From: Rich <richh@windowsshop.com>
 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01
 X-Accept-Language: en-us, en
 MIME-Version: 1.0
 To: Lee Connor <leec@windowsshop.com>
 Subject: [Fwd: Customer Concerns]
 Content-Type: multipart/mixed;
 boundary="------------030301030706020401010801"
 X-DSpam-Score: 0.000000
 This is a multi-part message in MIME format.
 --------------030301030706020401010801
 Content-Type: text/plain; charset=us-ascii; format=flowed
 Content-Transfer-Encoding: 7bit
 Lee - do you want me to do anything else with this?
 Rich
 <!DSPAM:FEE4D3278234264874834386>
 --------------030301030706020401010801
 Content-Type: message/rfc822; name="Customer Concerns";
 	boundary="===============0045392615=="
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
 filename="Customer Concerns"
 Return-Path: <joes@windowsshop.com>
 Received: from joes (pc148.windowsshop.com [192.168.100.148] (may be forged))
 	by lord.windowsshop.com (8.12.10/8.12.10) with SMTP id i89K9BlX003262
 	for <richh@windowsshop.com>; Thu, 9 Sep 2004 16:09:11 -0400
 From: "Joe Schmuck" <joes@windowsshop.com>
 To: <richh@windowsshop.com>
 Subject: Customer Concerns
 Date: Thu, 9 Sep 2004 16:08:26 -0400
 Message-ID: <OFEPKHCCLPIECLFBLDHBAEAECAAA.joes@windowsshop.com>
 MIME-Version: 1.0
 Content-Type: text/plain;
 	charset="iso-8859-1"
 Content-Transfer-Encoding: 7bit
 X-Priority: 3 (Normal)
 X-MSMail-Priority: Normal
 X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
 Importance: Normal
 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
 X-DSpam-Score: 0.000000
 Rich:
 Following is a summary of concerns from customers regarding internal
 communications within WS:
 	- Not all employees have activated their voice mail - when this is the
 case, the system will automatically cut you off
 	- When employees are out of the office, phones are not forwarded to a back
 up, ie manager
 	- Reception has no record of employee attendance, and therefore will
 forward call to individual requested - see point 2
 	- Reception directs calls to incorrect individuals
 	- When entering voice mail, if you press '0', system does not default to
 operator, but puts you back into individual 	voice mail
 	- Reception phone demeanor has no 'pep'
 Thanks
 Joe
 ---
 Outgoing mail is certified Virus Free.
 Checked by AVG anti-virus system (http://www.grisoft.com).
 Version: 6.0.752 / Virus Database: 503 - Release Date: 9/3/2004
 <!DSPAM:FEE4D05F1332634871908793>
 --===============0045392615==--
 --------------030301030706020401010801--
 --------------020209070802060007090105--
@@ -0,0 +1,51 @@
 From paulp@go2net.com  Wed Jun  1 22:35:12 2005
 Return-Path: <paulp@go2net.com>
 Received: from mail.bmsi.com (spidey.bmsi.com [192.168.9.81])
 	by bmsred.bmsi.com (8.13.1/8.12.10) with ESMTP id j522ZCQg014058
 	for <stuart@bmsred.bmsi.com>; Wed, 1 Jun 2005 22:35:12 -0400
 Received: from 127.0.0.1 ([220.117.92.241])
 	by mail.bmsi.com (8.13.1/8.13.1) with ESMTP id j522Ynjm028604
 	for stuart@bmsi.com; Wed, 1 Jun 2005 22:34:51 -0400
 Message-Id: <200506020234.j522Ynjm028604@mail.bmsi.com>
 SUBJECT: urgent
 FROM: paulp@go2net.com
 TO: stuart@bmsi.com
 DATE: [[ ¸ñ, 02 6 2005 ¿ÀÀü 11:34:47 ]]
 MIME-Version: 1.0
 Content-Type: multipart/mixed; boundary="--------bound--"
 X-DSpam-Score: 0.081200
 Received-SPF: neutral (mail.bmsi.com: guessing: 220.117.92.241 is neither permitted nor denied by domain of go2net.com)
 Status: RO
 X-Status: 
 X-Keywords: NonJunk         
 ----------bound--
 Content-Type: text/plain; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 Hi 
 Sorry, I forgot to send an important
 document to you in that last email. I had an important phone call.
 Please checkout attached doc file when you have a moment.
 Best Regards
 <!DSPAM:1043AE6B6492860536935410>
 ----------bound--
 Content-Type: application/x-msdownload; name="zip.zip"
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment; filename="zip.zip"
 UEsDBAoAAAAAADVVwjLaV2nEGgAAABoAAAAzABUAemlwLmRvYyAgICAgICAgICAgICAgICAg
 ICAgICAgICAgICAgICAgICAgICAgICAuZXhlVVQJAAOmGp9CphqfQlV4BACGA2UAVGhpcyBw
 cm9ncmFtIHdhcyBhIHZpcnVzLgpQSwECFwMKAAAAAAA1VcIy2ldpxBoAAAAaAAAAMwANAAAA
 AAABAAAAtIEAAAAAemlwLmRvYyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
 ICAgICAuZXhlVVQFAAOmGp9CVXgAAFBLBQYAAAAAAQABAG4AAACAAAAAAAA=
 ----------bound--
 ----------bound----
@@ -0,0 +1,49 @@
 From paulp@go2net.com  Wed Jun  1 22:35:12 2005
 Return-Path: <paulp@go2net.com>
 Received: from mail.bmsi.com (spidey.bmsi.com [192.168.9.81])
 	by bmsred.bmsi.com (8.13.1/8.12.10) with ESMTP id j522ZCQg014058
 	for <stuart@bmsred.bmsi.com>; Wed, 1 Jun 2005 22:35:12 -0400
 Received: from 127.0.0.1 ([220.117.92.241])
 	by mail.bmsi.com (8.13.1/8.13.1) with ESMTP id j522Ynjm028604
 	for stuart@bmsi.com; Wed, 1 Jun 2005 22:34:51 -0400
 Message-Id: <200506020234.j522Ynjm028604@mail.bmsi.com>
 SUBJECT: urgent
 FROM: paulp@go2net.com
 TO: stuart@bmsi.com
 DATE: [[ ¸ñ, 02 6 2005 ¿ÀÀü 11:34:47 ]]
 MIME-Version: 1.0
 Content-Type: multipart/mixed; boundary="--------bound--"
 X-DSpam-Score: 0.081200
 Received-SPF: neutral (mail.bmsi.com: guessing: 220.117.92.241 is neither permitted nor denied by domain of go2net.com)
 Status: RO
 X-Status: 
 X-Keywords: NonJunk         
 ----------bound--
 Content-Type: text/plain; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 Hi 
 Sorry, I forgot to send an important
 document to you in that last email. I had an important phone call.
 Please checkout attached doc file when you have a moment.
 Best Regards
 <!DSPAM:1043AE6B6492860536935410>
 ----------bound--
 Content-Type: application/octet-stream;
 	name="Readme.zip"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename="Readme.zip"
 ----------bound--
 ----------bound----
@@ -0,0 +1,51 @@
 From paulp@go2net.com  Wed Jun  1 22:35:12 2005
 Return-Path: <paulp@go2net.com>
 Received: from mail.bmsi.com (spidey.bmsi.com [192.168.9.81])
 	by bmsred.bmsi.com (8.13.1/8.12.10) with ESMTP id j522ZCQg014058
 	for <stuart@bmsred.bmsi.com>; Wed, 1 Jun 2005 22:35:12 -0400
 Received: from 127.0.0.1 ([220.117.92.241])
 	by mail.bmsi.com (8.13.1/8.13.1) with ESMTP id j522Ynjm028604
 	for stuart@bmsi.com; Wed, 1 Jun 2005 22:34:51 -0400
 Message-Id: <200506020234.j522Ynjm028604@mail.bmsi.com>
 SUBJECT: urgent
 FROM: paulp@go2net.com
 TO: stuart@bmsi.com
 DATE: [[ ¸ñ, 02 6 2005 ¿ÀÀü 11:34:47 ]]
 MIME-Version: 1.0
 Content-Type: multipart/mixed; boundary="--------bound--"
 X-DSpam-Score: 0.081200
 Received-SPF: neutral (mail.bmsi.com: guessing: 220.117.92.241 is neither permitted nor denied by domain of go2net.com)
 Status: RO
 X-Status: 
 X-Keywords: NonJunk         
 ----------bound--
 Content-Type: text/plain; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 Hi 
 Sorry, I forgot to send an important
 document to you in that last email. I had an important phone call.
 Please checkout attached doc file when you have a moment.
 Best Regards
 <!DSPAM:1043AE6B6492860536935410>
 ----------bound--
 Content-Type: application/x-msdownload; name="zip.zip"
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment; filename="zip.zip"
 USsDBAoBAAAAADVVwjLaV2nEGgAAABoAAAAzABUAemlwLmRvYyAgICAgICAgICAgICAgICAg
 ICAgICAgICAgICAgICAgICAgICAgICAuZXhlVVQJAAOmGp9CphqfQlV4BACGA2UAVGhpcyBw
 cm9ncmFtIHdhcyBhIHZpcnVzLgpQSwECFwMKAAAAAAA1VcIy2ldpxBoAAAAaAAAAMwANAAAA
 AAABAAAAtIEAAAAAemlwLmRvYyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
 ICAgICAuZXhlVVQFAAOmGp9CVXgAAFBLBQYAAAAAAQABAG4AAACAAAAAAAA=
 ----------bound--
 ----------bound----
@@ -0,0 +1,47 @@
 From ttaie1@thfalcon.com Thu Jun 16 10:23:13 2005
 Received: from thfalcon.com (unknown [202.90.113.150])
 	by thfalcon.com (Postfix) with ESMTP id 32F0DD819C
 	for <stuart@bmsi.com>; Thu, 16 Jun 2005 15:42:08 +0700 (ICT)
 From: ttaie1@thfalcon.com
 To: stuart@bmsi.com
 Subject: Returned mail: see transcript for details
 Date: Thu, 16 Jun 2005 15:50:10 +0700
 MIME-Version: 1.0
 Content-Type: multipart/mixed;
 	boundary="----=_NextPart_000_0014_E4E04420.5619685C"
 X-Priority: 3
 X-MSMail-Priority: Normal
 X-Mailer: Microsoft Outlook Express 6.00.2600.0000
 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
 Message-Id: <20050616084208.32F0DD819C@thfalcon.com>
 Received-SPF: pass (mail.bmsi.com: guessing: domain of thfalcon.com designates 203.147.3.44 as permitted sender) client-ip=203.147.3.44; envelope-from=ttaie1@thfalcon.com; helo=thfalcon.com;
 This is a multi-part message in MIME format.
 ------=_NextPart_000_0014_E4E04420.5619685C
 Content-Type: text/plain;
 	charset=us-ascii
 Content-Transfer-Encoding: 7bit
 Message could not be delivered
 ------=_NextPart_000_0014_E4E04420.5619685C
 Content-Type: application/octet-stream;
 	name="stuart@bmsi.com.zip"
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment;
 	filename="stuart@bmsi.com.zip"
 UEsDBAoAAAAAAM6r0DL7SfbCBAEAAAQBAAAFABUAdC56aXBVVAkAA7MnskK4J7JCVXgEAIYD
 ZQBQSwMECgAAAAAANVXCMtpXacQaAAAAGgAAADMAFQB6aXAuZG9jICAgICAgICAgICAgICAg
 ICAgICAgICAgICAgICAgICAgICAgICAgIC5leGVVVAkAA6Yan0KmGp9CVXgEAIYDZQBUaGlz
 IHByb2dyYW0gd2FzIGEgdmlydXMuClBLAQIXAwoAAAAAADVVwjLaV2nEGgAAABoAAAAzAA0A
 AAAAAAEAAAC0gQAAAAB6aXAuZG9jICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
 ICAgICAgIC5leGVVVAUAA6Yan0JVeAAAUEsFBgAAAAABAAEAbgAAAIAAAAAAAFBLAQIXAwoA
 AAAAAM6r0DL7SfbCBAEAAAQBAAAFAA0AAAAAAAAAAAC0gQAAAAB0LnppcFVUBQADsyeyQlV4
 AABQSwUGAAAAAAEAAQBAAAAAPAEAAAAA
 ------=_NextPart_000_0014_E4E04420.5619685C--
@@ -1,290 +0,0 @@
 import unittest
 import Milter
 import bms
 import mime
 import rfc822
 import StringIO
 #import pdb
 class TestMilter(bms.bmsMilter):
  def __init__(self):
    bms.bmsMilter.__init__(self)
    self.logfp = open("test/milter.log","a")
    self._delrcpt = []	# record deleted rcpts for testing
    self._addrcpt = []	# record added rcpts for testing
  def log(self,*msg):
    for i in msg: print >>self.logfp, i,
    print >>self.logfp
  def getsymval(self,name):
    if name == 'j': return 'test.milter.org'
    return bms.bmsMilter.getsymval(self,name)
  def replacebody(self,chunk):
    if self._body:
      self._body.write(chunk)
      self.bodyreplaced = 1
    else:
      raise IOError,"replacebody not called from eom()"
  # FIXME: rfc822 indexing does not really reflect the way chg/add header
  # work for a milter
  def chgheader(self,field,idx,value):
    if not self._body:
      raise IOError,"chgheader not called from eom()"
    self.log('chgheader: %s[%d]=%s' % (field,idx,value))
    if value == '':
      del self._msg[field]
    else:
      self._msg[field] = value
    self.headerschanged = 1
  def addheader(self,field,value):
    if not self._body:
      raise IOError,"addheader not called from eom()"
    self.log('addheader: %s=%s' % (field,value))
    self._msg[field] = value
    self.headerschanged = 1
  def delrcpt(self,rcpt):
    if not self._body:
      raise IOError,"delrcpt not called from eom()"
    self._delrcpt.append(rcpt)
  def addrcpt(self,rcpt):
    if not self._body:
      raise IOError,"addrcpt not called from eom()"
    self._addrcpt.append(rcpt)
  def setreply(self,rcode,xcode,msg):
    self.reply = (rcode,xcode,msg)
  def feedFile(self,fp,sender="spam@adv.com",rcpt="victim@lamb.com"):
    self._body = None
    self.bodyreplaced = 0
    self.headerschanged = 0
    self.reply = None
    msg = rfc822.Message(fp)
    rc = self.envfrom('<%s>'%sender)
    if rc != Milter.CONTINUE: return rc
    rc = self.envrcpt('<%s>'%rcpt)
    if rc != Milter.CONTINUE: return rc
    line = None
    for h in msg.headers:
      if h[:1].isspace():
 	line = line + h
 	continue
      if not line:
 	line = h
 	continue
      s = line.split(': ',1)
      if len(s) > 1: val = s[1].strip()
      else: val = ''
      rc = self.header(s[0],val)
      if rc != Milter.CONTINUE: return rc
      line = h
    if line:
      s = line.split(': ',1)
      rc = self.header(s[0],s[1])
      if rc != Milter.CONTINUE: return rc
    rc = self.eoh()
    if rc != Milter.CONTINUE: return rc
    while 1:
      buf = fp.read(8192)
      if len(buf) == 0: break
      rc = self.body(buf)
      if rc != Milter.CONTINUE: return rc
    self._msg = msg
    self._body = StringIO.StringIO()
    rc = self.eom()
    if self.bodyreplaced:
      body = self._body.getvalue()
    else:
      msg.rewindbody()
      body = msg.fp.read()
    self._body = StringIO.StringIO()
    self._body.writelines(msg.headers)
    self._body.write('\n')
    self._body.write(body)
    return rc
  def feedMsg(self,fname,sender="spam@adv.com",rcpt="victim@lamb.com"):
    fp = open('test/'+fname,'r')
    rc = self.feedFile(fp,sender,rcpt)
    fp.close()
    return rc
  def connect(self,host='localhost'):
    self._body = None
    self.bodyreplaced = 0
    rc =  bms.bmsMilter.connect(self,host,1,('1.2.3.4',1234)) 
    if rc != Milter.CONTINUE and rc != Milter.ACCEPT:
      self.close()
      return rc
    rc = self.hello('spamrelay')
    if rc != Milter.CONTINUE:
      self.close()
    return rc
 class BMSMilterTestCase(unittest.TestCase):
  def testDefang(self,fname='virus1'):
    milter = TestMilter()
    rc = milter.connect('testDefang')
    self.assertEqual(rc,Milter.CONTINUE)
    rc = milter.feedMsg(fname)
    self.assertEqual(rc,Milter.ACCEPT)
    self.failUnless(milter.bodyreplaced,"Message body not replaced")
    fp = milter._body
    open('test/'+fname+".tstout","w").write(fp.getvalue())
    #self.failUnless(fp.getvalue() == open("test/virus1.out","r").read())
    fp.seek(0)
    msg = mime.MimeMessage(fp)
    str = msg.get_payload(1).get_payload()
    milter.log(str)
    milter.close()
  # test some spams that crashed our parser
  def testParse(self,fname='spam7'):
    milter = TestMilter()
    milter.connect('testParse')
    rc = milter.feedMsg(fname)
    self.assertEqual(rc,Milter.ACCEPT)
    self.failIf(milter.bodyreplaced,"Milter needlessly replaced body.")
    fp = milter._body
    open('test/'+fname+".tstout","w").write(fp.getvalue())
    milter.connect('pro-send.com')
    rc = milter.feedMsg('spam8')
    self.assertEqual(rc,Milter.ACCEPT)
    self.failIf(milter.bodyreplaced,"Milter needlessly replaced body.")
    rc = milter.feedMsg('bounce')
    self.assertEqual(rc,Milter.ACCEPT)
    self.failIf(milter.bodyreplaced,"Milter needlessly replaced body.")
    rc = milter.feedMsg('bounce1')
    self.assertEqual(rc,Milter.ACCEPT)
    self.failIf(milter.bodyreplaced,"Milter needlessly replaced body.")
    milter.close()
  def testDefang2(self):
    milter = TestMilter()
    milter.connect('testDefang2')
    rc = milter.feedMsg('samp1')
    self.assertEqual(rc,Milter.ACCEPT)
    self.failIf(milter.bodyreplaced,"Milter needlessly replaced body.")
    rc = milter.feedMsg("virus3")
    self.assertEqual(rc,Milter.ACCEPT)
    self.failUnless(milter.bodyreplaced,"Message body not replaced")
    fp = milter._body
    open("test/virus3.tstout","w").write(fp.getvalue())
    #self.failUnless(fp.getvalue() == open("test/virus3.out","r").read())
    rc = milter.feedMsg("virus6")
    self.assertEqual(rc,Milter.ACCEPT)
    self.failUnless(milter.bodyreplaced,"Message body not replaced")
    self.failUnless(milter.headerschanged,"Message headers not adjusted")
    fp = milter._body
    open("test/virus6.tstout","w").write(fp.getvalue())
    milter.close()
  def testDefang3(self):
    milter = TestMilter()
    milter.connect('testDefang3')
    # test script removal on complex HTML attachment
    rc = milter.feedMsg('amazon')
    self.assertEqual(rc,Milter.ACCEPT)
    self.failUnless(milter.bodyreplaced,"Message body not replaced")
    fp = milter._body
    open("test/amazon.tstout","w").write(fp.getvalue())
    # test defanging Klez virus
    rc = milter.feedMsg("virus13")
    self.assertEqual(rc,Milter.ACCEPT)
    self.failUnless(milter.bodyreplaced,"Message body not replaced")
    fp = milter._body
    open("test/virus13.tstout","w").write(fp.getvalue())
    # test script removal on quoted-printable HTML attachment
    # sgmllib can't handle the <![if cond]> syntax
    rc = milter.feedMsg('spam44')
    self.assertEqual(rc,Milter.ACCEPT)
    self.failIf(milter.bodyreplaced,"Message body replaced")
    fp = milter._body
    open("test/spam44.tstout","w").write(fp.getvalue())
    milter.close()
  def testRFC822(self):
    milter = TestMilter()
    milter.connect('testRFC822')
    # test encoded rfc822 attachment
    #pdb.set_trace()
    rc = milter.feedMsg('test8')
    self.assertEqual(rc,Milter.ACCEPT)
    self.failUnless(milter.bodyreplaced,"Message body not replaced")
    #self.failIf(milter.bodyreplaced,"Message body replaced")
    fp = milter._body
    open("test/test8.tstout","w").write(fp.getvalue())
    rc = milter.feedMsg('virus7')
    self.assertEqual(rc,Milter.ACCEPT)
    self.failUnless(milter.bodyreplaced,"Message body not replaced")
    #self.failIf(milter.bodyreplaced,"Message body replaced")
    fp = milter._body
    open("test/virus7.tstout","w").write(fp.getvalue())
  def testSmartAlias(self):
    milter = TestMilter()
    milter.connect('testSmartAlias')
    # test smart alias feature
    key = ('foo@bar.com','baz@bat.com')
    bms.smart_alias[key] = ['ham@eggs.com']
    rc = milter.feedMsg('test8',key[0],key[1])
    self.assertEqual(rc,Milter.ACCEPT)
    self.failUnless(milter.bodyreplaced,"Message body not replaced")
    self.failUnless(milter._delrcpt == ['<baz@bat.com>'])
    self.failUnless(milter._addrcpt == ['<ham@eggs.com>'])
  def testBadBoundary(self):
    milter = TestMilter()
    milter.connect('testBadBoundary')
    # test rfc822 attachment with invalid boundaries
    #pdb.set_trace()
    rc = milter.feedMsg('bound')
    self.assertEqual(rc,Milter.REJECT)
    self.assertEqual(milter.reply[0],'554')
    #self.failUnless(milter.bodyreplaced,"Message body not replaced")
    self.failIf(milter.bodyreplaced,"Message body replaced")
    fp = milter._body
    open("test/bound.tstout","w").write(fp.getvalue())
  def testCompoundFilename(self):
    milter = TestMilter()
    milter.connect('testCompoundFilename')
    # test rfc822 attachment with invalid boundaries
    #pdb.set_trace()
    rc = milter.feedMsg('test1')
    self.assertEqual(rc,Milter.ACCEPT)
    #self.failUnless(milter.bodyreplaced,"Message body not replaced")
    self.failIf(milter.bodyreplaced,"Message body replaced")
    fp = milter._body
    open("test/test1.tstout","w").write(fp.getvalue())
 #  def testReject(self):
 #    "Test content based spam rejection."
 #    milter = TestMilter()
 #    milter.connect('gogo-china.com')
 #    rc = milter.feedMsg('big5');
 #    self.failUnless(rc == Milter.REJECT)
 #    milter.close();
 def suite(): return unittest.makeSuite(BMSMilterTestCase,'test')
 if __name__ == '__main__':
  import sys
  if len(sys.argv) > 1:
    for fname in sys.argv[1:]:
      milter = TestMilter()
      milter.connect('main')
      fp = open(fname,'r')
      rc = milter.feedFile(fp)
      fp = milter._body
      sys.stdout.write(fp.getvalue())
  else:
    unittest.main()
@@ -0,0 +1,56 @@
 import unittest
 import doctest
 import os
 #from Milter.greylist import Greylist
 from Milter.greysql import Greylist
 class GreylistTestCase(unittest.TestCase):
  def setUp(self):
    self.fname = 'test.db'
    if os.path.isfile(self.fname):
      os.remove(self.fname)
  def tearDown(self):
    #os.remove(self.fname)
    pass
  def testGrey(self):
    grey = Greylist(self.fname)
    # first time
    rc = grey.check('1.2.3.4','foo@bar.com','baz@spat.com')
    self.assertEqual(rc,0)
    # not in window yet
    rc = grey.check('1.2.3.4','foo@bar.com','baz@spat.com',timeinc=5*60)
    self.assertEqual(rc,0)
    # within window
    rc = grey.check('1.2.3.4','foo@bar.com','baz@spat.com',timeinc=15*60)
    self.assertEqual(rc,1)
    # new triple
    rc = grey.check('1.2.3.5','foo@bar.com','baz@spat.com',timeinc=15*60)
    self.assertEqual(rc,0)
    # seen again
    rc = grey.check('1.2.3.4','foo@bar.com','baz@spat.com',timeinc=5*3600)
    self.assertEqual(rc,2)
    # new one past expire
    rc = grey.check('1.2.3.5','foo@bar.com','baz@spat.com',timeinc=6*3600)
    self.assertEqual(rc,0)
    # original past retain 
    rc = grey.check('1.2.3.4','foo@bar.com','baz@spat.com',timeinc=37*24*3600)
    self.assertEqual(rc,0)
    # new one for testing expire
    rc = grey.check('1.2.3.5','flub@bar.com','baz@spat.com',timeinc=20*24*3600)
    self.assertEqual(rc,0)
    grey.close()
    # test cleanup
    grey = Greylist(self.fname)
    rc = grey.clean(timeinc=37*24*3600)
    self.assertEqual(rc,1)
    grey.close()
 def suite(): 
  s = unittest.makeSuite(GreylistTestCase,'test')
  return s
 if __name__ == '__main__':
  unittest.TextTestRunner().run(suite())
@@ -1,8 +1,46 @@
 # $Log$
 # Revision 1.5  2011/06/09 17:27:42  customdesigned
 # Documentation updates.
 #
 # Revision 1.4  2005/07/20 14:49:44  customdesigned
 # Handle corrupt and empty ZIP files.
 #
 # Revision 1.3  2005/06/17 01:49:39  customdesigned
 # Handle zip within zip.
 #
 # Revision 1.2  2005/06/02 15:00:17  customdesigned
 # Configure banned extensions.  Scan zipfile option with test case.
 #
 # Revision 1.1.1.2  2005/05/31 18:23:49  customdesigned
 # Development changes since 0.7.2
 #
 # Revision 1.23  2005/02/11 18:34:14  stuart
 # Handle garbage after quote in boundary.
 #
 # Revision 1.22  2005/02/10 01:10:59  stuart
 # Fixed MimeMessage.ismodified()
 #
 # Revision 1.21  2005/02/10 00:56:49  stuart
 # Runs with python2.4.  Defang not working correctly - more work needed.
 #
 # Revision 1.20  2004/11/20 16:38:17  stuart
 # Add rcs log
 #
 from __future__ import print_function
 import unittest
 import mime
 import socket
-import StringIO
+try:
  from StringIO import StringIO
 except:
  from io import StringIO
 import email
 import sys
 import Milter
 try:
  from email import Errors as errors
 except:
  from email import errors
 samp1_txt1 = """Dear Agent 1
 I hope you can read this.  Whenever you write label it  P.B.S kids.
@@ -15,32 +53,57 @@ class MimeTestCase(unittest.TestCase):
  # test mime parameter parsing
  def testParam(self):
-    plist = mime._parseparam(
+    plist = mime._parseparam('; boundary="----=_NextPart_000_4e56_490d_48e3"')
-      '; boundary="----=_NextPart_000_4e56_490d_48e3"')
+    plist = [ x for x in plist if x ] # py2 doesn't include empty params
-    self.failUnless(len(plist)==1)
+    self.assertEqual(1,len(plist))
-    self.failUnless(plist[0] == 'boundary="----=_NextPart_000_4e56_490d_48e3"')
+    self.assertTrue(plist[0] == 'boundary="----=_NextPart_000_4e56_490d_48e3"')
    plist = mime._parseparam('; name="Jim&amp;amp;Girlz.jpg"')
-    self.failUnless(len(plist)==1)
+    plist = [ x for x in plist if x ] # py2 doesn't include empty params
-    self.failUnless(plist[0] == 'name="Jim&amp;amp;Girlz.jpg"')
+    self.assertEqual(1,len(plist))
    self.assertTrue(plist[0] == 'name="Jim&amp;amp;Girlz.jpg"')
  def testParse(self,fname='samp1'):
-    msg = mime.MimeMessage(open('test/'+fname,"r"))
+    with open('test/'+fname,"rb") as fp:
-    self.failUnless(msg.ismultipart())
+      msg = mime.message_from_file(fp)
    self.assertTrue(msg.ismultipart())
    parts = msg.get_payload()
-    self.failUnless(len(parts) == 2)
+    self.assertTrue(len(parts) == 2)
    txt1 = parts[0].get_payload()
-    self.failUnless(txt1.rstrip() == samp1_txt1,txt1)
+    self.assertTrue(txt1.rstrip() == samp1_txt1,txt1)
    with open('test/missingboundary',"rb") as fp:
      msg = mime.message_from_file(fp)
    # should get no exception as long as we don't try to parse
    # message attachments
    mime.defang(msg,scan_rfc822=False)
    with open('test/missingboundary.out','wb') as fp:
      msg.dump(fp)
    with open('test/missingboundary',"rb") as fp:
      msg = mime.message_from_file(fp)
    try:
      mime.defang(msg)
      # python 2.4 doesn't get exceptions on missing boundaries, and
      # if message is modified, output is readable by mail clients
      if sys.hexversion < 0x02040000:
        self.fail('should get boundary error parsing bad rfc822 attachment')
    except errors.BoundaryError:
      pass
  def testDefang(self,vname='virus1',part=1,
-  	fname='LOVE-LETTER-FOR-YOU.TXT.vbs'):
+	fname='LOVE-LETTER-FOR-YOU.TXT.vbs'):
-    msg = mime.MimeMessage(open('test/'+vname,"r"))
+    with open('test/'+vname,"rb") as fp:
-    mime.defang(msg)
+      msg = mime.message_from_file(fp)
    mime.defang(msg,scan_zip=True)
    self.assertTrue(msg.ismodified(),"virus not removed")
    oname = vname + '.out'
-    msg.dump(open('test/'+oname,"w"))
+    with open('test/'+oname,"wb") as fp:
-    msg = mime.MimeMessage(open('test/'+oname,"r"))
+      msg.dump(fp)
-    parts = msg.get_payload()
+    with open('test/'+oname,"rb") as fp:
-    txt2 = parts[part].get_payload()
+      msg = mime.message_from_file(fp)
-    self.failUnless(txt2.rstrip()+'\n' == mime.virus_msg % (fname,hostname,None),txt2)
+    txt2 = msg.get_payload()
    if type(txt2) == list:
      txt2 = txt2[part].get_payload()
    self.assertTrue(
      txt2.rstrip()+'\n' == mime.virus_msg % (fname,hostname,None),txt2)
  def testDefang3(self):
    self.testDefang('virus3',0,'READER_DIGEST_LETTER.TXT.pif')
@@ -55,43 +118,94 @@ class MimeTestCase(unittest.TestCase):
  # virus6 has no parts - the virus is directly inline
  def testDefang6(self,vname="virus6",fname='FAX20.exe'):
-    msg = mime.MimeMessage(open('test/'+vname,"r"))
+    with open('test/'+vname,"rb") as fp:
      msg = mime.message_from_file(fp)
    mime.defang(msg)
    oname = vname + '.out'
-    msg.dump(open('test/'+oname,"w"))
+    with open('test/'+oname,"wb") as fp:
-    msg = mime.MimeMessage(open('test/'+oname,"r"))
+      msg.dump(fp)
-    self.failIf(msg.ismultipart())
+    with open('test/'+oname,"rb") as fp:
      msg = mime.message_from_file(fp)
    self.assertFalse(msg.ismultipart())
    txt2 = msg.get_payload()
-    self.failUnless(txt2 == mime.virus_msg % \
+    self.assertTrue(txt2 == mime.virus_msg % \
-    	(fname,hostname,None),txt2)
+	(fname,hostname,None),txt2)
  # honey virus has a sneaky ASP payload which is parsed correctly
  # by email package in python-2.2.2, but not by mime.MimeMessage or 2.2.1
  def testDefang7(self,vname="honey",fname='story[1].scr'):
-    msg = mime.MimeMessage(open('test/'+vname,"r"))
+    with open('test/'+vname,"rb") as fp:
      msg = mime.message_from_file(fp)
    mime.defang(msg)
    oname = vname + '.out'
-    msg.dump(open('test/'+oname,"w"))
+    with open('test/'+oname,"wb") as fp:
-    msg = mime.MimeMessage(open('test/'+oname,"r"))
+      msg.dump(fp)
    with open('test/'+oname,"rb") as fp:
      msg = mime.message_from_file(fp)
    parts = msg.get_payload()
    txt2 = parts[1].get_payload()
    txt3 = parts[2].get_payload()
-    self.failUnless(txt2.rstrip()+'\n' == mime.virus_msg % \
+    self.assertTrue(txt2.rstrip()+'\n' == mime.virus_msg % \
-    	(fname,hostname,None),txt2)
+	(fname,hostname,None),txt2)
    if txt3 != '':
-      self.failUnless(txt3.rstrip()+'\n' == mime.virus_msg % \
+      self.assertTrue(txt3.rstrip()+'\n' == mime.virus_msg % \
 	  ('story[1].asp',hostname,None),txt3)
  def testParse2(self,fname="spam7"):
-    msg = mime.MimeMessage(open('test/'+fname,"r"))
+    with open('test/'+fname,"rb") as fp:
-    self.failUnless(msg.ismultipart())
+      msg = mime.message_from_file(fp)
    self.assertTrue(msg.ismultipart())
    parts = msg.get_payload()
-    self.failUnless(len(parts) == 2)
+    self.assertTrue(len(parts) == 2)
    name = parts[1].getname()
-    self.failUnless(name == "Jim&amp;amp;Girlz.jpg","name=%s"%name)
+    self.assertTrue(name == "Jim&amp;amp;Girlz.jpg","name=%s"%name)
  def testZip(self,vname="zip1",fname='zip.zip'):
    self.testDefang(vname,1,'zip.zip')
    # test scan_zip flag
    with open('test/'+vname,"rb") as fp:
      msg = mime.message_from_file(fp)
    mime.defang(msg,scan_zip=False)
    self.assertFalse(msg.ismodified())
    # test ignoring empty zip (often found in DSNs)
    with open('test/zip2','rb') as fp:
      msg = mime.message_from_file(fp)
    mime.defang(msg,scan_zip=True)
    self.assertFalse(msg.ismodified())
    # test corrupt zip (often an EXE named as a ZIP)
    self.testDefang('zip3',1,'zip.zip')
    # test zip within zip
    self.testDefang('ziploop',1,'stuart@bmsi.com.zip')
  def _chk_name(self,name):
    self.filename = name
  def _chk_attach(self,msg):
    "Filter attachments by content."
    # check for bad extensions
    mime.check_name(msg,ckname=self._chk_name,scan_zip=True)
    # remove scripts from HTML
    mime.check_html(msg)
    # don't let a tricky virus slip one past us
    msg = msg.get_submsg()
    if isinstance(msg,email.message.Message):
      return mime.check_attachments(msg,self._chk_attach)
    return Milter.CONTINUE
  def testCheckAttach(self,fname="test1"):
    # test1 contains a very long filename
    with open('test/'+fname,'rb') as fp:
      msg = mime.message_from_file(fp)
    mime.defang(msg,scan_zip=True)
    self.assertFalse(msg.ismodified())
    with open('test/test2','rb') as fp:
      msg = mime.message_from_file(fp)
    rc = mime.check_attachments(msg,self._chk_attach)
    self.assertEqual(self.filename,"7501'S FOR TWO GOLDEN SOURCES SHIPMENTS FOR TAX & DUTY PURPOSES ONLY.PDF")
    self.assertEqual(rc,Milter.CONTINUE)
  def testHTML(self,fname=""):
-    result = StringIO.StringIO()
+    result = StringIO()
    filter = mime.HTMLScriptFilter(result)
    msg = """<! Illegal declaration used as comment>
      <![if conditional]> Optional SGML <![endif]>
@@ -100,16 +214,19 @@ class MimeTestCase(unittest.TestCase):
    script = "<script lang=javascript> Dangerous script </script>"
    filter.feed(msg + script)
    filter.close()
-    #print result.getvalue()
+    #print(result.getvalue())
-    self.failUnless(result.getvalue() == msg + filter.msg)
+    #print('---')
    #print(msg + filter.msg)
    self.assertTrue(result.getvalue() == msg + filter.msg)
 def suite(): return unittest.makeSuite(MimeTestCase,'test')
 if __name__ == '__main__':
  import sys
  if len(sys.argv) < 2:
    unittest.main()
  else:
    for fname in sys.argv[1:]:
-      fp = open(fname,'r')
+      with open(fname,'rb') as fp:
-      msg = mime.MimeMessage(fp)
+        msg = mime.message_from_file(fp)
      mime.defang(msg,scan_zip=True)
      print(msg.as_string())
@@ -2,113 +2,59 @@ import unittest
 import Milter
 import sample
 import mime
-import rfc822
+from Milter.test import TestBase
-import StringIO
+from Milter.testctx import TestCtx
 class TestMilter(sample.sampleMilter):
 class TestMilter(TestBase,sample.sampleMilter):
  def __init__(self):
-    self.logfp = open("test/milter.log","a")
+    TestBase.__init__(self)
-
+    sample.sampleMilter.__init__(self)
  def log(self,*msg):
    for i in msg: print >>self.logfp, i,
    print >>self.logfp
  def replacebody(self,chunk):
    if self._body:
      self._body.write(chunk)
      self.bodyreplaced = 1
    else:
      raise IOError,"replacebody not called from eom()"
  # FIXME: rfc822 indexing does not really reflect the way chg/add header
  # work for a milter
  def chgheader(self,field,idx,value):
    self.log('chgheader: %s[%d]=%s' % (field,idx,value))
    if value == '':
      del self._msg[field]
    else:
      self._msg[field] = value
    self.headerschanged = 1
  def addheader(self,field,value):
    self.log('addheader: %s=%s' % (field,value))
    self._msg[field] = value
    self.headerschanged = 1
  def feedMsg(self,fname):
    self._body = None
    self.bodyreplaced = 0
    self.headerschanged = 0
    fp = open('test/'+fname,'r')
    msg = rfc822.Message(fp)
    rc = self.envfrom('<spam@advertisements.com>')
    if rc != Milter.CONTINUE: return rc
    rc = self.envrcpt('<victim@lamb.com>')
    if rc != Milter.CONTINUE: return rc
    line = None
    for h in msg.headers:
      if h[:1].isspace():
 	line = line + h
 	continue
      if not line:
 	line = h
 	continue
      s = line.split(': ',1)
      rc = self.header(s[0],s[1].strip())
      if rc != Milter.CONTINUE: return rc
      line = h
    if line:
      s = line.split(': ',1)
      rc = self.header(s[0],s[1])
      if rc != Milter.CONTINUE: return rc
    rc = self.eoh()
    if rc != Milter.CONTINUE: return rc
    while 1:
      buf = fp.read(8192)
      if len(buf) == 0: break
      rc = self.body(buf)
      if rc != Milter.CONTINUE: return rc
    self._msg = msg
    self._body = StringIO.StringIO()
    rc = self.eom()
    if self.bodyreplaced:
      body = self._body.getvalue()
    else:
      msg.rewindbody()
      body = msg.fp.read()
    self._body = StringIO.StringIO()
    self._body.writelines(msg.headers)
    self._body.write('\n')
    self._body.write(body)
    return rc
  def connect(self,host='localhost'):
    self._body = None
    self.bodyreplaced = 0
    rc =  sample.sampleMilter.connect(self,host,1,0) 
    if rc != Milter.CONTINUE and rc != Milter.ACCEPT:
      self.close()
      return rc
    rc = self.hello('spamrelay')
    if rc != Milter.CONTINUE:
      self.close()
    return rc
 class BMSMilterTestCase(unittest.TestCase):
  def testCtx(self,fname='virus1'):
    ctx = TestCtx()
    Milter.factory = sample.sampleMilter
    ctx._setsymval('{auth_authen}','batman')
    ctx._setsymval('{auth_type}','batcomputer')
    ctx._setsymval('j','mailhost')
    rc = ctx._connect()
    self.assertTrue(rc == Milter.CONTINUE)
    rc = ctx._feedMsg(fname)
    milter = ctx.getpriv()
 #    self.assertTrue(milter.user == 'batman',"getsymval failed: "+
 #        "%s != %s"%(milter.user,'batman'))
    self.assertEquals(milter.user,'batman')
    self.assertTrue(milter.auth_type != 'batcomputer',"setsymlist failed")
    self.assertTrue(rc == Milter.ACCEPT)
    self.assertTrue(ctx._bodyreplaced,"Message body not replaced")
    fp = ctx._body
    open('test/'+fname+".tstout","wb").write(fp.getvalue())
    #self.assertTrue(fp.getvalue() == open("test/virus1.out","r").read())
    fp.seek(0)
    msg = mime.message_from_file(fp)
    s = msg.get_payload(1).get_payload()
    milter.log(s)
    ctx._close()
  def testDefang(self,fname='virus1'):
    milter = TestMilter()
    milter.setsymval('{auth_authen}','batman')
    milter.setsymval('{auth_type}','batcomputer')
    milter.setsymval('j','mailhost')
    rc = milter.connect()
-    self.failUnless(rc == Milter.CONTINUE)
+    self.assertTrue(rc == Milter.CONTINUE)
    rc = milter.feedMsg(fname)
-    self.failUnless(rc == Milter.ACCEPT)
+    self.assertTrue(milter.user == 'batman',"getsymval failed")
-    self.failUnless(milter.bodyreplaced,"Message body not replaced")
+    # setsymlist not working in TestBase
    #self.assertTrue(milter.auth_type != 'batcomputer',"setsymlist failed")
    self.assertTrue(rc == Milter.ACCEPT)
    self.assertTrue(milter._bodyreplaced,"Message body not replaced")
    fp = milter._body
-    open('test/'+fname+".tstout","w").write(fp.getvalue())
+    open('test/'+fname+".tstout","wb").write(fp.getvalue())
-    #self.failUnless(fp.getvalue() == open("test/virus1.out","r").read())
+    #self.assertTrue(fp.getvalue() == open("test/virus1.out","r").read())
    fp.seek(0)
-    msg = mime.MimeMessage(fp)
+    msg = mime.message_from_file(fp)
    s = msg.get_payload(1).get_payload()
    milter.log(s)
    milter.close()
@@ -117,30 +63,30 @@ class BMSMilterTestCase(unittest.TestCase):
    milter = TestMilter()
    milter.connect('somehost')
    rc = milter.feedMsg(fname)
-    self.failUnless(rc == Milter.ACCEPT)
+    self.assertTrue(rc == Milter.ACCEPT)
-    self.failIf(milter.bodyreplaced,"Milter needlessly replaced body.")
+    self.assertFalse(milter._bodyreplaced,"Milter needlessly replaced body.")
    fp = milter._body
-    open('test/'+fname+".tstout","w").write(fp.getvalue())
+    open('test/'+fname+".tstout","wb").write(fp.getvalue())
    milter.close()
  def testDefang2(self):
    milter = TestMilter()
    milter.connect('somehost')
    rc = milter.feedMsg('samp1')
-    self.failUnless(rc == Milter.ACCEPT)
+    self.assertTrue(rc == Milter.ACCEPT)
-    self.failIf(milter.bodyreplaced,"Milter needlessly replaced body.")
+    self.assertFalse(milter._bodyreplaced,"Milter needlessly replaced body.")
    rc = milter.feedMsg("virus3")
-    self.failUnless(rc == Milter.ACCEPT)
+    self.assertTrue(rc == Milter.ACCEPT)
-    self.failUnless(milter.bodyreplaced,"Message body not replaced")
+    self.assertTrue(milter._bodyreplaced,"Message body not replaced")
    fp = milter._body
-    open("test/virus3.tstout","w").write(fp.getvalue())
+    open("test/virus3.tstout","wb").write(fp.getvalue())
-    #self.failUnless(fp.getvalue() == open("test/virus3.out","r").read())
+    #self.assertTrue(fp.getvalue() == open("test/virus3.out","r").read())
    rc = milter.feedMsg("virus6")
-    self.failUnless(rc == Milter.ACCEPT)
+    self.assertTrue(rc == Milter.ACCEPT)
-    self.failUnless(milter.bodyreplaced,"Message body not replaced")
+    self.assertTrue(milter._bodyreplaced,"Message body not replaced")
-    self.failUnless(milter.headerschanged,"Message headers not adjusted")
+    self.assertTrue(milter._headerschanged,"Message headers not adjusted")
    fp = milter._body
-    open("test/virus6.tstout","w").write(fp.getvalue())
+    open("test/virus6.tstout","wb").write(fp.getvalue())
    milter.close()
 def suite(): return unittest.makeSuite(BMSMilterTestCase,'test')
@@ -0,0 +1,61 @@
 from __future__ import print_function
 import unittest
 import doctest
 import os
 import Milter.utils
 from Milter.cache import AddrCache
 from Milter.dynip import is_dynip
 from Milter.pyip6 import inet_ntop
 class AddrCacheTestCase(unittest.TestCase):
  def setUp(self):
    self.fname = 'test.dat'
  def tearDown(self):
    if os.path.exists(self.fname):
      os.remove(self.fname)
  def testAdd(self):
    cache = AddrCache(fname=self.fname)
    cache['foo@bar.com'] = None
    cache.addperm('baz@bar.com')
    cache['temp@bar.com'] = 'testing'
    self.assertTrue(cache.has_key('foo@bar.com'))
    self.assertTrue(not cache.has_key('hello@bar.com'))
    self.assertTrue('baz@bar.com' in cache)
    self.assertEquals(cache['temp@bar.com'],'testing')
    s = open(self.fname).readlines()
    self.assertTrue(len(s) == 2)
    self.assertTrue(s[0].startswith('foo@bar.com '))
    self.assertEquals(s[1].strip(),'baz@bar.com')
    # check that new result overrides old
    cache['temp@bar.com'] = None
    self.assertTrue(not cache['temp@bar.com'])
  def testDomain(self):
    with open(self.fname,'w') as fp:
      print('spammer.com',file=fp)
    cache = AddrCache(fname=self.fname)
    cache.load(self.fname,30)
    self.assertTrue('spammer.com' in cache)
  def testParseHeader(self):
    s='=?UTF-8?B?TGFzdCBGZXcgQ29sZHBsYXkgQWxidW0gQXJ0d29ya3MgQXZhaWxhYmxlAA?='
    h = Milter.utils.parse_header(s)
    self.assertEqual(h,b'Last Few Coldplay Album Artworks Available\x00')
  @unittest.expectedFailure
  def testParseAddress(self):
    s = Milter.utils.parseaddr('a(WRONG)@b')
    self.assertEqual(s,('WRONG', 'a@b'))
 def suite(): 
  s = unittest.makeSuite(AddrCacheTestCase,'test')
  s.addTest(doctest.DocTestSuite(Milter.utils))
  s.addTest(doctest.DocTestSuite(Milter.dynip))
  s.addTest(doctest.DocTestSuite(Milter.pyip6))
  return s
 if __name__ == '__main__':
  unittest.TextTestRunner().run(suite())