This commit was manufactured by cvs2svn to create tag 'pymilter-0_8_10'.

Sprout from master 2008-08-25 22:03:24 UTC Stuart Gathman <stuart@gathman.org> 'Fix /var/run/milter owner' Cherrypick from bmsi 2005-05-31 18:23:49 UTC Stuart Gathman <stuart@gathman.org> 'Development changes since 0.7.2': rejects.py rhsbl.m4 sample.py test/amazon test/big5 test/bounce test/bounce1 test/bound test/honey test/missingboundary test/samp1 test/spam44 test/spam7 test/spam8 test/test1 test/test8 test/virus1 test/virus13 test/virus2 test/virus3 test/virus4 test/virus5 test/virus6 test/virus7 testsample.py
Fix /var/run/milter owner
2008-08-25 22:03:25 +00:00 · 2008-08-25 22:03:24 +00:00 · 2008-08-25 22:02:39 +00:00 · 2008-08-25 22:00:46 +00:00 · 2008-08-25 21:41:18 +00:00 · 2008-08-25 20:00:51 +00:00
65 changed files with 6721 additions and 3516 deletions
@@ -0,0 +1,339 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
@@ -5,10 +5,18 @@ wrapper (Milter.py) that handles attachments, did lots of testing, packaged
 it with distutils, and generally transformed it from a quick hack to a
 real, usable Python extension.

-Other contributors:
+Other contributors (in random order):

+Dwayne Litzenberger, B.A.Sc.
+  for library_dirs patch to compile on Debian 
+Dave MacQuigg 
+  for noticing that smfi_insheader wasn't supported, and creating
+  a template to help first time pymilter users create their own milter.
 Terence Way
  for providing a Python port of SPF
+Scott Kitterman
+  for doing lots of testing and debugging of SPF against draft standard,
+  and for putting up a web page that validates SPF records using spf.py
 Alexander Kourakos
  for plugging several memory leaks
 George Graf at Vienna University of Economics and Business Administration
@@ -22,6 +30,9 @@ John Draper
  then pointing out that it would be easier to just write the MTA in Python.
 Eric S. Johansson
  for helpful design discussions while working on camram
+Alex Savguira
+  for finding bugs with international headers and
+  suggesting the scan_zip option.
 Business Management Systems - http://www.bmsi.com
  for hosting the website, and providing paying clients who need milter service
  so I can work on it as part of my day job.
@@ -0,0 +1,214 @@
+# Revision 1.69  2006/11/04 22:09:39  customdesigned
+# Another lame DSN heuristic.  Block PTR cache poisoning attack.
+#
+# Revision 1.68  2006/10/04 03:46:01  customdesigned
+# Fix defaults.
+#
+# Revision 1.67  2006/10/01 01:44:06  customdesigned
+# case_sensitive_localpart option, more delayed bounce heuristics,
+# optional smart_alias section.
+#
+# Revision 1.66  2006/07/26 16:42:26  customdesigned
+# Support CBV timeout
+#
+# Revision 1.65  2006/06/21 22:22:00  customdesigned
+# Handle multi-line headers in delayed dsns.
+#
+# Revision 1.64  2006/06/21 21:12:04  customdesigned
+# More delayed reject token headers.
+# Don't require HELO pass for CBV.
+#
+# Revision 1.63  2006/05/21 03:41:44  customdesigned
+# Fail dsn
+#
+# Revision 1.61  2006/05/17 21:28:07  customdesigned
+# Create GOSSiP record only when connection will procede to DATA.
+#
+# Revision 1.60  2006/05/12 16:14:48  customdesigned
+# Don't require SPF pass for white/black listing mail from trusted relay.
+# Support localpart wildcard for white and black lists.
+#
+# Revision 1.59  2006/04/06 18:14:17  customdesigned
+# Check whitelist/blacklist even when not checking SPF (e.g. trusted relay).
+#
+# Revision 1.58  2006/03/10 20:52:49  customdesigned
+# Use re to recognize failure DSNs.
+#
+# Revision 1.57  2006/03/07 20:50:54  customdesigned
+# Use signed Message-ID in delayed reject to blacklist senders
+#
+# Revision 1.56  2006/02/24 02:12:54  customdesigned
+# Properly report hard PermError (lax mode fails also) by always setting
+# perm_error attribute with PermError exception.  Improve reporting of
+# invalid domain PermError.
+#
+# Revision 1.55  2006/02/17 05:04:29  customdesigned
+# Use SRS sign domain list.
+# Accept but do not use for training whitelisted senders without SPF pass.
+# Immediate rejection of unsigned bounces.
+#
+# Revision 1.54  2006/02/16 02:16:36  customdesigned
+# User specific SPF receiver policy.
+#
+# Revision 1.53  2006/02/12 04:15:01  customdesigned
+# Remove spf dependency for iniplist
+#
+# Revision 1.52  2006/02/12 02:12:08  customdesigned
+# Use CIDR notation for internal connect list.
+#
+# Revision 1.51  2006/02/12 01:13:58  customdesigned
+# Don't check rcpt user list when signed MFROM.
+#
+# Revision 1.50  2006/02/09 20:39:43  customdesigned
+# Use CIDR notation for trusted_relay iplist
+#
+# Revision 1.49  2006/01/30 23:14:48  customdesigned
+# put back eom condition
+#
+# Revision 1.48  2006/01/12 20:31:24  customdesigned
+# Accelerate training via whitelist and blacklist.
+#
+# Revision 1.47  2005/12/29 04:49:10  customdesigned
+# Do not auto-whitelist autoreplys
+#
+# Revision 1.46  2005/12/28 20:17:29  customdesigned
+# Expire and renew AddrCache entries
+#
+# Revision 1.45  2005/12/23 22:34:46  customdesigned
+# Put guessed result in separate header.
+#
+# Revision 1.44  2005/12/23 21:47:07  customdesigned
+# Move Received-SPF header to top.
+#
+# Revision 1.43  2005/12/09 16:54:01  customdesigned
+# Select neutral DSN template for best_guess
+#
+# Revision 1.42  2005/12/01 22:42:32  customdesigned
+# improve gossip support.
+# Initialize srs_domain from srs.srs config property.  Should probably
+# always block unsigned DSN when signing all.
+#
+# Revision 1.41  2005/12/01 18:59:25  customdesigned
+# Fix neutral policy.  pobox.com -> openspf.org
+#
+# Revision 1.40  2005/11/07 21:22:35  customdesigned
+# GOSSiP support, local database only.
+#
+# Revision 1.39  2005/10/31 00:04:58  customdesigned
+# Simple implementation of trusted_forwarder list.  Inefficient for
+# more than 1 or 2 entries.
+#
+# Revision 1.38  2005/10/28 19:36:54  customdesigned
+# Don't check internal_domains for trusted_relay.
+#
+# Revision 1.37  2005/10/28 09:30:49  customdesigned
+# Do not send quarantine DSN when sender is DSN.
+#
+# Revision 1.36  2005/10/23 16:01:29  customdesigned
+# Consider MAIL FROM a match for supply_sender when a subdomain of From or Sender
+#
+# Revision 1.35  2005/10/20 18:47:27  customdesigned
+# Configure auto_whitelist senders.
+#
+# Revision 1.34  2005/10/19 21:07:49  customdesigned
+# access.db stores keys in lower case
+#
+# Revision 1.33  2005/10/19 19:37:50  customdesigned
+# Train screener on whitelisted messages.
+#
+# Revision 1.32  2005/10/14 16:17:31  customdesigned
+# Auto whitelist refinements.
+#
+# Revision 1.31  2005/10/14 01:14:08  customdesigned
+# Auto whitelist feature.
+#
+# Revision 1.30  2005/10/12 16:36:30  customdesigned
+# Release 0.8.3
+#
+# Revision 1.29  2005/10/11 22:50:07  customdesigned
+# Always check HELO except for SPF pass, temperror.
+#
+# Revision 1.28  2005/10/10 23:50:20  customdesigned
+# Use logging module to make logging threadsafe (avoid splitting log lines)
+#
+# Revision 1.27  2005/10/10 20:15:33  customdesigned
+# Configure SPF policy via sendmail access file.
+#
+# Revision 1.26  2005/10/07 03:23:40  customdesigned
+# Banned users option.  Experimental feature to supply Sender when
+# missing and MFROM domain doesn't match From.  Log cipher bits for
+# SMTP AUTH.  Sketch access file feature.
+#
+# Revision 1.25  2005/09/08 03:55:08  customdesigned
+# Handle perverse MFROM quoting.
+#
+# Revision 1.24  2005/08/18 03:36:54  customdesigned
+# Don't innoculate with SCREENED mail.
+#
+# Revision 1.23  2005/08/17 19:35:27  customdesigned
+# Send DSN before adding message to quarantine.
+#
+# Revision 1.22  2005/08/11 22:17:58  customdesigned
+# Consider SMTP AUTH connections internal.
+#
+# Revision 1.21  2005/08/04 21:21:31  customdesigned
+# Treat fail like softfail for selected (braindead) domains.
+# Treat mail according to extended processing results, but
+# report any PermError that would officially result via DSN.
+#
+# Revision 1.20  2005/08/02 18:04:35  customdesigned
+# Keep screened honeypot mail, but optionally discard honeypot only mail.
+#
+# Revision 1.19  2005/07/20 03:30:04  customdesigned
+# Check pydspam version for honeypot, include latest pyspf changes.
+#
+# Revision 1.18  2005/07/17 01:25:44  customdesigned
+# Log as well as use extended result for best guess.
+#
+# Revision 1.17  2005/07/15 20:25:36  customdesigned
+# Use extended results processing for best_guess.
+#
+# Revision 1.16  2005/07/14 03:23:33  customdesigned
+# Make SES package optional.  Initial honeypot support.
+#
+# Revision 1.15  2005/07/06 04:05:40  customdesigned
+# Initial SES integration.
+#
+# Revision 1.14  2005/07/02 23:27:31  customdesigned
+# Don't match hostnames for internal connects.
+#
+# Revision 1.13  2005/07/01 16:30:24  customdesigned
+# Always log trusted Received and Received-SPF headers.
+#
+# Revision 1.12  2005/06/20 22:35:35  customdesigned
+# Setreply for rejectvirus.
+#
+# Revision 1.11  2005/06/17 02:07:20  customdesigned
+# Release 0.8.1
+#
+# Revision 1.10  2005/06/16 18:35:51  customdesigned
+# Ignore HeaderParseError decoding header
+#
+# Revision 1.9  2005/06/14 21:55:29  customdesigned
+# Check internal_domains for outgoing mail.
+#
+# Revision 1.8  2005/06/06 18:24:59  customdesigned
+# Properly log exceptions from pydspam
+#
+# Revision 1.7  2005/06/04 19:41:16  customdesigned
+# Fix bugs from testing RPM
+#
+# Revision 1.6  2005/06/03 04:57:05  customdesigned
+# Organize config reader by section.  Create defang section.
+#
+# Revision 1.5  2005/06/02 15:00:17  customdesigned
+# Configure banned extensions.  Scan zipfile option with test case.
+#
+# Revision 1.4  2005/06/02 04:18:55  customdesigned
+# Update copyright notices after reading article on /.
+#
+# Revision 1.3  2005/06/02 02:09:00  customdesigned
+# Record timestamp in send_dsn.log
+#
+# Revision 1.2  2005/06/02 01:00:36  customdesigned
+# Support configurable templates for DSNs.
@@ -0,0 +1,154 @@
+On Sun, 11 Feb 2007, Rick Saul wrote:
+
+> Stuart I was planning to move to centos4.4 in a couple of weeks anyway... 
+> Your advice of where to go from here. 
+
+Oh - you are asking for a howto.
+
+	Step one.  Which DSPAM is right for you?
+
+The DSPAM project makes dspam part of the LDA (Local Delivery Agent).
+Pydspam puts dspam into the MTA (Mail Transfer Agent - sendmail with pymilter).
+
+The advantage of doing dspam in the LDA is that any aliasing has already been
+resolved.  You need only configure mailboxes.
+
+The advantage of doing dspam in the MTA is it can screen an entire 
+company as a gateway with multiple domains.  Unfortunately, this
+means you have to tell it about all the aliases that comprise each
+account.  (Also, pydspam is still uses dspam-2.6.5.2 - the Dspam API
+has changed for newer versions.)
+
+If the LDA is right for you, you'll want to use the official Dspam 
+package.  http://www.nuclearelephant.com/projects/dspam/
+
+If the MTA approach is what you want, then pydspam is what you want.
+
+In either case, you will still want pymilter to block forgeries, Windows 
+executables, etc.
+
+So, lets assume you want to install pymilter, and may or may not
+wish to install pydspam.
+
+	Step two.  Obtaining RPMS.
+
+For basic pymilter you'll need:
+
+python-2.4
+milter-0.8.10
+sendmail-8.13.x	(with milter support enabled)
+
+and for SPF you'll need:
+
+pydns-2.3.3-2.4
+pyspf-2.0.5-1.py24
+
+and for SRS you'll need:
+
+pysrs-0.30.11-1.py24
+
+I'm pretty sure you will want to have SPF and SRS available.
+
+	Step three.  Activate basic milter.
+
+Activate the basic milter and pysrs by editing /etc/mail/sendmail.mc and adding:
+
+define(`NO_SRS_FILE',`/etc/mail/no-srs-mailers')dnl
+dnl define(`NO_SRS_FROM_LOCAL')dnl
+HACK(`pysrs',`/var/run/milter/pysrs')dnl
+INPUT_MAIL_FILTER(`pythonfilter', `S=local:/var/run/milter/pythonsock, F=T, T=C:5m;S:20s;R:5m;E:5m')
+
+You can then "make sendmail.cf" and restart sendmail.
+
+Start milter and pysrs with "service milter start", "service pysrs start".
+
+Tail /var/log/milter/milter.log while SMTP clients connect to your
+sendmail instance.  This should show you what the milter is doing.
+
+By default, milter-0.8.10 rejects on SPF fail.
+
+	Step four.  Tweaking the basic config.
+
+Most pymilter configuration is in /etc/mail/pymilter.cfg.  To activate
+changes, "service milter restart".
+
+By default, milter scans attachments for executable extensions.  You can
+turn this off by setting banned_exts to the empty list.  There are options
+to scan ZIP attachments and rfc822 attachments.  When it finds a banned
+file type, milter saves the original message in /var/log/milter/save,
+and replaces the attachment with a plain text warning message.
+
+Configure hello_blacklist with your own helo name and domains - which
+you know cannot legitimately be used by external MTAs.
+
+Configure trusted_relay with your secondary MX servers, if any.  These
+should also run pymilter with similar policies.  (But this isn't
+needed for initial testing.)
+
+Configure internal_connect with subnets of your internal SMTP clients.
+Internal connections skip SPF testing and other policies.  You will
+likely need to set this to allow outgoing mail if you have
+an SPF policy already.
+
+Configure internal_domains with domains used by your internal SMTP clients.
+If they attempt to use any other domain, the attempt is blocked and the
+client is logged as a "zombie".  Conversely, any attempt by an external
+MTA to use one of your internal domains is treated as a forgery and
+blocked (a simplified form of local SPF).
+
+Adjust porn_words and spam_words - these block emails with a Subject
+containing the listed strings.  They can be empty to disable Subject
+string blocking.
+
+	Advanced SPF configuration.
+
+The sendmail access file, or another readonly database with that
+format, can be used for detail spf policy.  SPF access policy
+record are tagged with "SPF-{Result}:".  Results are
+Pass, Neutral, Softfail, Fail, PermError.  Currently supported
+policy keywords are OK, CBV, REJECT.  Currently, TempError always
+results in TEMPFAIL.
+
+The default policies are set in pymilter.cfg.  The defaults
+if none of the config options are set are as follows:
+
+SPF-Fail:	REJECT
+SPF-Softfail:	CBV
+SPF-Neutral:	OK
+SPF-PermError:	REJECT
+SPF-Pass:	OK
+
+The tag may be followed by a specific domain.  For instance, to
+require a Pass from aol.com:
+
+SPF-Neutral:aol.com	REJECT
+SPF-Softfail:aol.com	REJECT
+
+The CBV policy requires a valid HELO name.  If the EHLO name is 
+RFC2822 compliant, then a DSN is sent to the alleged sender.  The 
+template for the DSN is selected according to the SPF result:
+
+Fail:		fail.txt
+SoftFail:	softfail.txt
+Neutral:	neutral.txt
+PermError:	permerror.txt
+None:		strike3.txt
+
+An SPF-Pass is always accepted by the milter.  Domains can be blacklisted 
+via sendmail in the access file or via a RHS DNS blacklist.
+
+	To be continued.
+
+Forthcoming topics:
+
+SRS config
+
+
+pydspam config
+wiretap config
+
+-- 
+	      Stuart D. Gathman <stuart@bmsi.com>
+    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
+"Confutatis maledictis, flammis acribus addictis" - background song for
+a Microsoft sponsored "Where do you want to go from here?" commercial.
@@ -1,23 +1,35 @@
 include COPYING
 include TODO
 include NEWS
+include HOWTO
 include CREDITS
 include README
+include ChangeLog
 include MANIFEST.in
 include testsample.py
 include testmime.py
+include testutils.py
 include testbms.py
-include testdspam.py
 include rejects.py
+include report.py
 include bms.py
 include spf.py
+include cid2spf.py
 include spfquery.py
 include test.py
 include sample.py
+include milter-template.py
+include spfmilter.py
+include spfmilter.rc
+include spfmilter.cfg
 include test/*
+include doc/*
+include Milter/*.py
 include *.spec
 include start.sh
 include milter.rc
 include milter.rc7
 include milter.cfg
 include rhsbl.m4
+include *.txt
+include *.html
@@ -1,20 +1,23 @@
-
 # Author: Stuart D. Gathman <stuart@bmsi.com>
 # Copyright 2001 Business Management Systems, Inc.
-# This code is under GPL.  See COPYING for details.
+# This code is under the GNU General Public License.  See COPYING for details.
+
+# A thin OO wrapper for the milter module

 import os
 import milter
 import thread

 from milter import ACCEPT,CONTINUE,REJECT,DISCARD,TEMPFAIL,	\
-  set_flags, setdbg, setbacklog, settimeout, \
+  set_flags, setdbg, setbacklog, settimeout, error,	\
  ADDHDRS, CHGBODY, ADDRCPT, DELRCPT, CHGHDRS,	\
  V1_ACTS, V2_ACTS, CURR_ACTS

 try: from milter import QUARANTINE
 except: pass

+__version__ = '0.8.5'
+
 _seq_lock = thread.allocate_lock()
 _seq = 0

@@ -41,7 +44,7 @@ class Milter:
    for i in msg: print i,
    print

-  def connect(self,hostname,unused,hostaddr):
+  def connect(self,hostname,family,hostaddr):
    "Called for each connection to sendmail."
    self.log("connect from %s at %s" % (hostname,hostaddr))
    return CONTINUE
@@ -103,8 +106,8 @@ class Milter:
    return self.__ctx.setreply(rcode,xcode,msg,*ml)

  # Milter methods which can only be called from eom callback.
-  def addheader(self,field,value):
-    return self.__ctx.addheader(field,value)
+  def addheader(self,field,value,idx=-1):
+    return self.__ctx.addheader(field,value,idx)

  def chgheader(self,field,idx,value):
    return self.__ctx.chgheader(field,idx,value)
@@ -140,16 +143,28 @@ def closecallback(ctx):
  m._setctx(None)	# release milterContext
  return rc

+def dictfromlist(args):
+  "Convert ESMTP parm list to keyword dictionary."
+  kw = {}
+  for s in args:
+    pos = s.find('=')
+    if pos > 0:
+      kw[s[:pos].upper()] = s[pos+1:]
+  return kw
+
 def envcallback(c,args):
-  """Convert ESMTP parms to keyword parameters.
+  """Call function c with ESMTP parms converted to keyword parameters.
  Can be used in the envfrom and/or envrcpt callbacks to process
  ESMTP parameters as python keyword parameters."""
  kw = {}
+  pargs = [args[0]]
  for s in args[1:]:
    pos = s.find('=')
    if pos > 0:
-      kw[s[:pos]] = s[pos+1:]
-  return apply(c,args,kw)
+      kw[s[:pos].upper()] = s[pos+1:]
+    else:
+      pargs.append(s)
+  return c(*pargs,**kw)

 def runmilter(name,socketname,timeout = 0):
  # This bit is here on the assumption that you will be starting this filter
@@ -169,21 +184,22 @@ def runmilter(name,socketname,timeout = 0):
    print "Removing %s" % fname
    try:
      os.unlink(fname)
-    except:
-      pass
+    except os.error, x:
+      import errno
+      if x.errno != errno.ENOENT:
+        raise milter.error(x)

  # The default flags set include everything
  # milter.set_flags(milter.ADDHDRS)
  milter.set_connect_callback(connectcallback)
  milter.set_helo_callback(lambda ctx, host: ctx.getpriv().hello(host))
-  milter.set_envfrom_callback(lambda ctx,*str:
-  	ctx.getpriv().envfrom(*str))
-#  	envcallback(ctx.getpriv().envfrom,str))
-  milter.set_envrcpt_callback(lambda ctx,*str:
-  	ctx.getpriv().envrcpt(*str))
-#  	envcallback(ctx.getpriv().envrcpt,str))
-  milter.set_header_callback(lambda ctx,fld,val:
-  	ctx.getpriv().header(fld,val))
+  # For envfrom and envrcpt, we would like to convert ESMTP parms to keyword
+  # parms, but then all existing users would have to include **kw to accept
+  # arbitrary keywords without crashing.  We do provide envcallback and
+  # dictfromlist to make parsing the ESMTP args convenient.
+  milter.set_envfrom_callback(lambda ctx,*str: ctx.getpriv().envfrom(*str))
+  milter.set_envrcpt_callback(lambda ctx,*str: ctx.getpriv().envrcpt(*str))
+  milter.set_header_callback(lambda ctx,fld,val: ctx.getpriv().header(fld,val))
  milter.set_eoh_callback(lambda ctx: ctx.getpriv().eoh())
  milter.set_body_callback(lambda ctx,chunk: ctx.getpriv().body(chunk))
  milter.set_eom_callback(lambda ctx: ctx.getpriv().eom())
@@ -201,3 +217,8 @@ def runmilter(name,socketname,timeout = 0):
    if start_seq == _seq: raise	# couldn't start
    # milter has been running for a while, but now it can't start new threads
    raise milter.error("out of thread resources")
+
+__all__ = globals().copy()
+for priv in ('os','milter','thread','factory','_seq','_seq_lock','__version__'):
+  del __all__[priv]
+__all__ = __all__.keys()
@@ -0,0 +1,158 @@
+# Email address list with expiration
+#
+# This class acts like a map.  Entries with a value of None are persistent,
+# but disappear after a time limit.  This is useful for automatic whitelists
+# and blacklists with expiration.  The persistent store is a simple ascii
+# file with sender and timestamp on each line.  Entries can be appended
+# to the store, and will be picked up the next time it is loaded.
+#
+# Entries with other values are not persistent.  This is used to hold failed
+# CBV results.
+#
+# $Log$
+# Revision 1.8  2007/09/03 16:18:45  customdesigned
+# Delete unparseable timestamps when loading address cache.  These have
+# arisen because of failure to parse MAIL FROM properly.   Will have to
+# tighten up MAIL FROM parsing to match RFC.
+#
+# Revision 1.7  2007/01/25 22:47:26  customdesigned
+# Persist blacklisting from delayed DSNs.
+#
+# Revision 1.6  2007/01/19 23:31:38  customdesigned
+# Move parse_header to Milter.utils.
+# Test case for delayed DSN parsing.
+# Fix plock when source missing or cannot set owner/group.
+#
+# Revision 1.5  2007/01/11 19:59:40  customdesigned
+# Purge old entries in auto_whitelist and send_dsn logs.
+#
+# Revision 1.4  2007/01/11 04:31:26  customdesigned
+# Negative feedback for bad headers.  Purge cache logs on startup.
+#
+# Revision 1.3  2007/01/08 23:20:54  customdesigned
+# Get user feedback.
+#
+# Revision 1.2  2007/01/05 23:33:55  customdesigned
+# Make blacklist an AddrCache
+#
+# Revision 1.1  2007/01/05 21:25:40  customdesigned
+# Move AddrCache to Milter package.
+#
+
+# Author: Stuart D. Gathman <stuart@bmsi.com>
+# Copyright 2001,2002,2003,2004,2005 Business Management Systems, Inc.
+# This code is under the GNU General Public License.  See COPYING for details.
+
+import time
+from plock import PLock
+
+class AddrCache(object):
+  time_format = '%Y%b%d %H:%M:%S %Z'
+
+  def __init__(self,renew=7,fname=None):
+    self.age = renew
+    self.cache = {}
+    self.fname = fname
+
+  def load(self,fname,age=0):
+    "Load address cache from persistent store."
+    if not age:
+      age = self.age
+    self.fname = fname
+    cache = {}
+    self.cache = cache
+    now = time.time()
+    lock = PLock(self.fname)
+    wfp = lock.lock()
+    changed = False
+    try:
+      too_old = now - age*24*60*60	# max age in days
+      try:
+        fp = open(self.fname)
+      except OSError:
+        fp = ()
+      for ln in fp:
+	try:
+	  rcpt,ts = ln.strip().split(None,1)
+          try:
+            l = time.strptime(ts,AddrCache.time_format)
+            t = time.mktime(l)
+            if t < too_old:
+              changed = True
+              continue
+            cache[rcpt.lower()] = (t,None)
+          except:       # unparsable timestamp - likely garbage
+            changed = True
+            continue
+	except: # manual entry (no timestamp)
+	  cache[ln.strip().lower()] = (now,None)
+	wfp.write(ln)
+      if changed:
+	lock.commit(self.fname+'.old')
+      else:
+        lock.unlock()
+    except IOError:
+      lock.unlock()
+
+  def has_precise_key(self,sender):
+    """True if precise sender is cached and has not expired.  Don't
+    try looking up wildcard entries.
+    """
+    try:
+      lsender = sender and sender.lower()
+      ts,res = self.cache[lsender]
+      too_old = time.time() - self.age*24*60*60	# max age in days
+      if not ts or ts > too_old:
+        return True
+      del self.cache[lsender]
+    except KeyError: pass
+    return False
+
+  def has_key(self,sender):
+    "True if sender is cached and has not expired."
+    if self.has_precise_key(sender):
+      return True
+    try:
+      user,host = sender.split('@',1)
+      return self.has_precise_key(host)
+    except: pass
+    return False
+
+  __contains__ = has_key
+
+  def __getitem__(self,sender):
+    try:
+      lsender = sender.lower()
+      ts,res = self.cache[lsender]
+      too_old = time.time() - self.age*24*60*60	# max age in days
+      if not ts or ts > too_old:
+	return res
+      del self.cache[lsender]
+      raise KeyError, sender
+    except KeyError,x:
+      try:
+	user,host = sender.split('@',1)
+	return self.__getitem__(host)
+      except ValueError:
+        raise x
+
+  def addperm(self,sender,res=None):
+    "Add a permanent sender."
+    lsender = sender.lower()
+    if self.has_key(lsender):
+      ts,res = self.cache[lsender]
+      if not ts: return		# already permanent
+    self.cache[lsender] = (None,res)
+    if not res:
+      print >>open(self.fname,'a'),sender
+    
+  def __setitem__(self,sender,res):
+    lsender = sender.lower()
+    now = time.time()
+    self.cache[lsender] = (now,res)
+    if not res and self.fname:
+      s = time.strftime(AddrCache.time_format,time.localtime(now))
+      print >>open(self.fname,'a'),sender,s # log refreshed senders
+
+  def __len__(self):
+    return len(self.cache)
@@ -0,0 +1,59 @@
+from ConfigParser import ConfigParser
+
+class MilterConfigParser(ConfigParser):
+
+  def __init__(self,defaults={}):
+    ConfigParser.__init__(self)
+    self.defaults = defaults
+
+  # The defaults provided by ConfigParser show up in all sections,
+  # which screws up iterating over all options in a section.
+  # Worse, passing "defaults" with vars= overrides the config file!
+  # So we roll our own defaults.
+  def get(self,sect,opt):
+    if not self.has_option(sect,opt) and opt in self.defaults:
+      return self.defaults[opt]
+    return ConfigParser.get(self,sect,opt)
+    
+  def getlist(self,sect,opt):
+    if self.has_option(sect,opt):
+      return [q.strip() for q in self.get(sect,opt).split(',')]
+    return []
+
+  def getaddrset(self,sect,opt):
+    if not self.has_option(sect,opt):
+      return {}
+    s = self.get(sect,opt)
+    d = {}
+    for q in s.split(','):
+      q = q.strip()
+      if q.startswith('file:'):
+        domain = q[5:].lower()
+	d[domain] = d.setdefault(domain,[]) + open(domain,'r').read().split()
+      else:
+	user,domain = q.split('@')
+	d.setdefault(domain.lower(),[]).append(user)
+    return d
+  
+  def getaddrdict(self,sect,opt):
+    if not self.has_option(sect,opt):
+      return {}
+    d = {}
+    for q in self.get(sect,opt).split(','):
+      q = q.strip()
+      if self.has_option(sect,q):
+        l = self.get(sect,q)
+	for addr in l.split(','):
+	  addr = addr.strip()
+	  if addr.startswith('file:'):
+	    fname = addr[5:]
+	    for a in open(fname,'r').read().split():
+	      d[a] = q
+	  else:
+	    d[addr] = q
+    return d
+
+  def getdefault(self,sect,opt,default=None):
+    if self.has_option(sect,opt):
+      return self.get(sect,opt)
+    return default
@@ -0,0 +1,88 @@
+# provide a higher level interface to pydns
+
+import DNS
+from DNS import DNSError
+
+MAX_CNAME = 10
+
+def DNSLookup(name, qtype):
+    try:
+        req = DNS.DnsRequest(name, qtype=qtype)
+        resp = req.req()
+        #resp.show()
+        # key k: ('wayforward.net', 'A'), value v
+        # FIXME: pydns returns AAAA RR as 16 byte binary string, but
+        # A RR as dotted quad.  For consistency, this driver should
+        # return both as binary string.
+        return [((a['name'], a['typename']), a['data']) for a in resp.answers]
+    except IOError, x:
+        raise DNSError, str(x)
+
+class Session(object):
+  """A Session object has a simple cache with no TTL that is valid
+   for a single "session", for example an SMTP conversation."""
+  def __init__(self):
+    self.cache = {}
+
+  # We have to be careful which additional DNS RRs we cache.  For
+  # instance, PTR records are controlled by the connecting IP, and they
+  # could poison our local cache with bogus A and MX records.  
+
+  SAFE2CACHE = {
+    ('MX','A'): None,
+    ('MX','MX'): None,
+    ('CNAME','A'): None,
+    ('CNAME','CNAME'): None,
+    ('A','A'): None,
+    ('AAAA','AAAA'): None,
+    ('PTR','PTR'): None,
+    ('TXT','TXT'): None,
+    ('SPF','SPF'): None
+  }
+
+
+  def dns(self, name, qtype, cnames=None):
+    """DNS query.
+
+    If the result is in cache, return that.  Otherwise pull the
+    result from DNS, and cache ALL answers, so additional info
+    is available for further queries later.
+
+    CNAMEs are followed.
+
+    If there is no data, [] is returned.
+
+    pre: qtype in ['A', 'AAAA', 'MX', 'PTR', 'TXT', 'SPF']
+    post: isinstance(__return__, types.ListType)
+    """
+    result = self.cache.get( (name, qtype) )
+    cname = None
+
+    if not result:
+        safe2cache = Session.SAFE2CACHE
+        for k, v in DNSLookup(name, qtype):
+            if k == (name, 'CNAME'):
+                cname = v
+            if (qtype,k[1]) in safe2cache:
+                self.cache.setdefault(k, []).append(v)
+        result = self.cache.get( (name, qtype), [])
+    if not result and cname:
+        if not cnames:
+            cnames = {}
+        elif len(cnames) >= MAX_CNAME:
+            #return result    # if too many == NX_DOMAIN
+            raise DNSError('Length of CNAME chain exceeds %d' % MAX_CNAME)
+        cnames[name] = cname
+        if cname in cnames:
+            raise DNSError, 'CNAME loop'
+        result = self.dns(cname, qtype, cnames=cnames)
+    return result
+
+DNS.DiscoverNameServers()
+
+if __name__ == '__main__':
+  import sys
+  s = Session()
+  for n,t in zip(*[iter(sys.argv[1:])]*2):
+    print n,t
+    print s.dns(n,t)
@@ -0,0 +1,167 @@
+# Author: Stuart D. Gathman <stuart@bmsi.com>
+# Copyright 2005 Business Management Systems, Inc.
+# This code is under the GNU General Public License.  See COPYING for details.
+
+# Send DSNs, do call back verification,
+# and generate DSN messages from a template
+# $Log$
+# Revision 1.15  2007/09/24 20:13:26  customdesigned
+# Remove explicit spf dependency.
+#
+# Revision 1.14  2007/03/03 18:19:40  customdesigned
+# Handle DNS error sending DSN.
+#
+# Revision 1.13  2007/01/04 18:01:11  customdesigned
+# Do plain CBV when template missing.
+#
+# Revision 1.12  2006/07/26 16:37:35  customdesigned
+# Support timeout.
+#
+# Revision 1.11  2006/06/21 21:07:11  customdesigned
+# Include header fields in DSN template.
+#
+# Revision 1.10  2006/05/24 20:56:35  customdesigned
+# Remove default templates.  Scrub test.
+#
+
+import smtplib
+import socket
+from email.Message import Message
+import Milter
+import time
+import dns
+
+def send_dsn(mailfrom,receiver,msg=None,timeout=600,session=None):
+  """Send DSN.  If msg is None, do callback verification.
+     Mailfrom is original sender we are sending DSN or CBV to.
+     Receiver is the MTA sending the DSN.
+     Return None for success or (code,msg) for failure."""
+  user,domain = mailfrom.split('@')
+  if not session: session = dns.Session()
+  try:
+    mxlist = session.dns(domain,'MX')
+  except dns.DNSError:
+    return (450,'DNS Timeout: %s MX'%domain)	# temp error
+  if not mxlist:
+    mxlist = (0,domain),	# fallback to A record when no MX
+  else:
+    mxlist.sort()
+  smtp = smtplib.SMTP()
+  toolate = time.time() + timeout
+  for prior,host in mxlist:
+    try:
+      smtp.connect(host)
+      code,resp = smtp.helo(receiver)
+      # some wiley spammers have MX records that resolve to 127.0.0.1
+      a = resp.split()
+      if not a:
+        return (553,'MX for %s has no hostname in banner: %s' % (domain,host))
+      if a[0] == receiver:
+        return (553,'Fraudulent MX for %s: %s' % (domain,host))
+      if not (200 <= code <= 299):
+	raise smtplib.SMTPHeloError(code, resp)
+      if msg:
+        try:
+	  smtp.sendmail('<>',mailfrom,msg)
+	except smtplib.SMTPSenderRefused:
+	  # does not accept DSN, try postmaster (at the risk of mail loops)
+	  smtp.sendmail('<postmaster@%s>'%receiver,mailfrom,msg)
+      else:	# CBV
+	code,resp = smtp.docmd('MAIL FROM: <>')
+	if code != 250:
+	  raise smtplib.SMTPSenderRefused(code, resp, '<>')
+	code,resp = smtp.rcpt(mailfrom)
+	if code not in (250,251):
+	  return (code,resp)		# permanent error
+	smtp.quit()
+      return None			# success
+    except smtplib.SMTPRecipientsRefused,x:
+      return x.recipients[mailfrom]	# permanent error
+    except smtplib.SMTPSenderRefused,x:
+      return x.args[:2]			# does not accept DSN
+    except smtplib.SMTPDataError,x:
+      return x.args			# permanent error
+    except smtplib.SMTPException:
+      pass		# any other error, try next MX
+    except socket.error:
+      pass		# MX didn't accept connections, try next one
+    except socket.timeout:
+      pass		# MX too slow, try next one
+    smtp.close()
+    if time.time() > toolate:
+      return (450,'No MX response within %f minutes'%(timeout/60.0))
+  return (450,'No MX servers available')	# temp error
+
+class Vars: pass
+
+# NOTE: Caller can pass an object to create_msg that in a typical milter
+# collects things like heloname or sender anyway.
+def create_msg(v,rcptlist=None,origmsg=None,template=None):
+  """Create a DSN message from a template.  Template must be '\n' separated.
+     v - an object whose attributes are used for substitutions.  Must
+       have sender and receiver attributes at a minimum.
+     rcptlist - used to set v.rcpt if given
+     origmsg - used to set v.subject and v.spf_result if given
+     template - a '\n' separated string with python '%(name)s' substitutions.
+  """
+  if not template:
+    return None
+  if hasattr(v,'perm_error'):
+    # likely to be an spf.query, try translating for backward compatibility
+    q = v
+    v = Vars()
+    try:
+      v.heloname = q.h
+      v.sender = q.s
+      v.connectip = q.i
+      v.receiver = q.r
+      v.sender_domain = q.o
+      v.result = q.result
+      v.perm_error = q.perm_error
+    except: v = q
+  if rcptlist:
+    v.rcpt = '\n\t'.join(rcptlist)
+  if origmsg:
+    try: v.subject = origmsg['Subject']
+    except: v.subject = '(none)'
+    try:
+      v.spf_result = origmsg['Received-SPF']
+    except: v.spf_result = None
+
+  msg = Message()
+
+  msg.add_header('X-Mailer','PyMilter-'+Milter.__version__)
+  msg.set_type('text/plain')
+
+  hdrs,body = template.split('\n\n',1)
+  for ln in hdrs.splitlines():
+    name,val = ln.split(':',1)
+    msg.add_header(name,(val % v.__dict__).strip())
+  msg.set_payload(body % v.__dict__)
+  # add headers if missing from old template
+  if 'to' not in msg:
+    msg.add_header('To',v.sender)
+  if 'from' not in msg:
+    msg.add_header('From','postmaster@%s'%v.receiver)
+  if 'auto-submitted' not in msg:
+    msg.add_header('Auto-Submitted','auto-generated')
+  return msg
+
+if __name__ == '__main__':
+  import spf
+  q = spf.query('192.168.9.50',
+  'SRS0=pmeHL=RH==stuart@example.com',
+  'red.example.com',receiver='mail.example.com')
+  q.result = 'softfail'
+  q.perm_error = None
+  msg = create_msg(q,['charlie@example.com'],None,
+"""From: postmaster@%(receiver)s
+To: %(sender)s
+Subject: Test
+
+Test DSN template
+"""
+  )
+  print msg.as_string()
+  # print send_dsn(f,msg.as_string())
+  # print send_dsn(q.s,'mail.example.com',msg.as_string())
@@ -0,0 +1,95 @@
+# Author: Stuart D. Gathman <stuart@bmsi.com>
+# Copyright 2005 Business Management Systems, Inc.
+# This code is under the GNU General Public License.  See COPYING for details.
+
+# Heuristically determine whether a domain name is for a dynamic IP.
+
+# examples we don't yet recognize:
+#
+# wiley-268-8196.roadrunner.nf.net at ('205.251.174.46', 4810)
+# cbl-sd-02-79.aster.com.do at ('200.88.62.79', 4153)
+
+import re
+
+ip3 = re.compile('[0-9]{1,3}')
+hpats = (
+ 'h[0-9a-f]{12}[.]',
+ 'h\d*n\d*c\d*o\d*\.',
+ 'pcp\d{6,10}pcs[.]',
+ 'no-reverse',
+ 'S[0-9a-f]{16}[.][a-z]{2}[.]',
+ 'user<3>\.',
+ '[Cc]ust<3>\.',
+ '^<3>\.',
+ 'ppp[^.]*<3>\.',
+ '-ppp\d*\.',
+ '\d*-<3>\.',
+ '[0-9a-f]{1,3}-<3>\.',
+ 'p<3>\.pool',
+ 'h<3>\.',
+ 'xdsl-\d*\.',
+ '-\d*-\d*\.',
+ '\.adsl\.',
+ '\.cable\.'
+)
+rehmac = re.compile('|'.join(hpats))
+
+def is_dynip(host,addr):
+  """Return True if hostname is for a dynamic ip.
+  Examples:
+
+  >>> is_dynip('post3.fabulousdealz.com','69.60.99.112')
+  False
+  >>> is_dynip('adsl-69-208-201-177.dsl.emhril.ameritech.net','69.208.201.177')
+  True
+  >>> is_dynip('[1.2.3.4]','1.2.3.4')
+  True
+  >>> is_dynip('c-71-63-151-151.hsd1.mn.comcast.net','71.63.151.151')
+  True
+  """
+  if host.startswith('[') and host.endswith(']'):
+    return True
+  if addr:
+    if host.find(addr) >= 0: return True
+    a = addr.split('.')
+    ia = map(int,a)
+    h = host
+    m = ip3.findall(host)
+    if m:
+      g = map(int,m)[:4]
+      ia3 = (ia[1:],ia[:3])
+      if g[-3:] in ia3: return True
+      if g[0] == ia[3] and g[1:3] == ia[:2]: return True
+      if g[-2:] == ia[2:]: return True
+      g.reverse()
+      if g[:3] in ia3: return True
+      if g[:2] == ia[2:]: return True
+      if ia[2:] in (g[:2],g[-2:]): return True
+      for m in ip3.finditer(host):
+        if int(m.group()) == ia[3]:
+	  h = host[:m.start()] + '<3>' + host[m.end():]
+	  break
+    if rehmac.search(h): return True
+    if host.find(''.join(a[:3])) >= 0: return True
+    if host.find(''.join(a[1:])) >= 0: return True
+    x = "%02x%02x%02x%02x" % tuple(ia)
+    if host.lower().find(x) >= 0: return True
+  return False
+
+if __name__ == '__main__':
+  import fileinput
+  import sets
+  seen = sets.Set()
+  for ln in fileinput.input():
+    a = ln.split()
+    if a[3:5] == ['connect','from']:
+      host = a[5]
+      if host.startswith('[') and host.endswith(']'):
+	continue	# no PTR
+      ip = a[7][2:-2]
+      if ip in seen: continue
+      seen.add(ip)
+      if is_dynip(host,ip):
+        print '%s\t%s DYN' % (ip,host)
+      else:
+        print '%s\t%s' % (ip,host)
@@ -0,0 +1,66 @@
+# Author: Stuart D. Gathman <stuart@bmsi.com>
+# Copyright 2001 Business Management Systems, Inc.
+# This code is under the GNU General Public License.  See COPYING for details.
+
+import os
+from time import sleep
+
+class PLock(object):
+  "A simple /etc/passwd style lock,update,rename protocol for updating files."
+  def __init__(self,basename):
+    self.basename = basename
+    self.fp = None
+
+  def lock(self,lockname=None,mode=0660,strict_perms=False):
+    "Start an update transaction.  Return FILE to write new version."
+    self.unlock()
+    if not lockname:
+      lockname = self.basename + '.lock'
+    self.lockname = lockname
+    try:
+      st = os.stat(self.basename)
+      mode |= st.st_mode
+    except OSError: pass
+    u = os.umask(0002)
+    try:
+      fd = os.open(lockname,os.O_WRONLY+os.O_CREAT+os.O_EXCL,mode)
+    finally:
+      os.umask(u)
+    self.fp = os.fdopen(fd,'w')
+    try:
+      os.chown(self.lockname,-1,st.st_gid)
+    except:
+      if strict_perms:
+	self.unlock()
+	raise
+    return self.fp
+
+  def wlock(self,lockname=None):
+    "Wait until lock is free, then start an update transaction."
+    while True:
+      try:
+        return self.lock(lockname)
+      except OSError:
+        sleep(2)
+
+  def commit(self,backname=None):
+    "Commit update transaction with optional backup file."
+    if not self.fp:
+      raise IOError,"File not locked"
+    self.fp.close()
+    self.fp = None
+    if backname:
+      try:
+	os.remove(backname)
+      except OSError: pass
+      os.link(self.basename,backname)
+    os.rename(self.lockname,self.basename)
+
+  def unlock(self):
+    "Cancel update transaction."
+    if self.fp:
+      try:
+        self.fp.close()
+      except: pass
+      self.fp = None
+      os.remove(self.lockname)
@@ -0,0 +1,17 @@
+# Author: Stuart D. Gathman <stuart@bmsi.com>
+# Copyright 2005 Business Management Systems, Inc.
+# This code is under the GNU General Public License.  See COPYING for details.
+
+# The localpart of SMTP return addresses is often signed.  The format
+# of the signing is application specific and doesn't concern us -
+# except that we wish to extract some sort of fixed string from
+# the variable signature which represents the "source" of the message.
+
+def unsign(s):
+  """Attempt to unsign localpart and return original email.
+  No attempt is made to verify the signature.
+  >>> unsign('SRS0=8Y3CZ=3U=jsconnor.com=bills@bmsi.com')
+  'bills@jsconnor.com'
+  """
+  # not implemented yet
+  return s
@@ -0,0 +1,125 @@
+import re
+import struct
+import socket
+import email.Errors
+from fnmatch import fnmatchcase
+from email.Header import decode_header
+#import email.Utils
+import rfc822
+
+ip4re = re.compile(r'^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*$')
+
+# from spf.py
+def addr2bin(str):
+  "Convert a string IPv4 address into an unsigned integer."
+  return struct.unpack("!L", socket.inet_aton(str))[0]
+
+MASK = 0xFFFFFFFFL
+
+def cidr(i,n):
+  return ~(MASK >> n) & MASK & i
+
+def iniplist(ipaddr,iplist):
+  """Return whether ip is in cidr list
+  >>> iniplist('66.179.26.146',['127.0.0.1','66.179.26.128/26'])
+  True
+  >>> iniplist('127.0.0.1',['127.0.0.1','66.179.26.128/26'])
+  True
+  >>> iniplist('192.168.0.45',['192.168.0.*'])
+  True
+  """
+  ipnum = addr2bin(ipaddr)
+  for pat in iplist:
+    p = pat.split('/',1)
+    if ip4re.match(p[0]):
+      if len(p) > 1:
+	n = int(p[1])
+      else:
+        n = 32
+      if cidr(addr2bin(p[0]),n) == cidr(ipnum,n):
+        return True
+    elif fnmatchcase(ipaddr,pat):
+      return True
+  return False
+
+def parseaddr(t):
+  """Split email into Fullname and address.
+
+  >>> parseaddr('user@example.com')
+  ('', 'user@example.com')
+  >>> parseaddr('"Full Name" <foo@example.com>')
+  ('Full Name', 'foo@example.com')
+  >>> parseaddr('spam@spammer.com <foo@example.com>')
+  ('spam@spammer.com', 'foo@example.com')
+  >>> parseaddr('God@heaven <@hop1.org,@hop2.net:jeff@spec.org>')
+  ('God@heaven', 'jeff@spec.org')
+  >>> parseaddr('Real Name ((comment)) <addr...@example.com>')
+  ('Real Name', 'addr...@example.com')
+  >>> parseaddr('a(WRONG)@b')
+  ('WRONG', 'a@b')
+  """
+  #return email.Utils.parseaddr(t)
+  res = rfc822.parseaddr(t)
+  # dirty fix for some broken cases
+  if not res[0]:
+    pos = t.find('<')
+    if pos > 0 and t[-1] == '>':
+      addrspec = t[pos+1:-1]
+      pos1 = addrspec.rfind(':')
+      if pos1 > 0:
+        addrspec = addrspec[pos1+1:]
+      return rfc822.parseaddr('"%s" <%s>' % (t[:pos].strip(),addrspec))
+  if not res[1]:
+    pos = t.find('<')
+    if pos > 0 and t[-1] == '>':
+      addrspec = t[pos+1:-1]
+      pos1 = addrspec.rfind(':')
+      if pos1 > 0:
+        addrspec = addrspec[pos1+1:]
+      return rfc822.parseaddr('%s<%s>' % (t[:pos].strip(),addrspec))
+  return res
+    
+
+def parse_addr(t):
+  """Split email into user,domain.
+
+  >>> parse_addr('user@example.com')
+  ['user', 'example.com']
+  >>> parse_addr('"user@example.com"')
+  ['user@example.com']
+  >>> parse_addr('"user@bar"@example.com')
+  ['user@bar', 'example.com']
+  >>> parse_addr('foo')
+  ['foo']
+  """
+  if t.startswith('<') and t.endswith('>'): t = t[1:-1]
+  if t.startswith('"'):
+    if t.endswith('"'): return [t[1:-1]]
+    pos = t.find('"@')
+    if pos > 0: return [t[1:pos],t[pos+2:]]
+  return t.split('@')
+
+def parse_header(val):
+  """Decode headers gratuitously encoded to hide the content.
+  """
+  try:
+    h = decode_header(val)
+    if not len(h) or (not h[0][1] and len(h) == 1): return val
+    u = []
+    for s,enc in h:
+      if enc:
+        try:
+	  u.append(unicode(s,enc))
+	except LookupError:
+	  u.append(unicode(s))
+      else:
+	u.append(unicode(s))
+    u = ''.join(u)
+    for enc in ('us-ascii','iso-8859-1','utf8'):
+      try:
+	return u.encode(enc)
+      except UnicodeError: continue
+  except UnicodeDecodeError: pass
+  except LookupError: pass
+  except email.Errors.HeaderParseError: pass
+  return val
@@ -1,11 +1,80 @@
-Here is a history of user visible changes to Python milter.
+See pymilter.spec for recent history.

+Here is a history of older changes to Python milter.
+0.8.8	move AddrCache, parse_addr, iniplist, parse_header to Milter package
+	fix plock for missing source and can't change owner/group
+	add sample spfmilter.py milter
+	private_relay config option
+0.8.7	Move spf module to pyspf
+	Prevent PTR cache poisoning
+	More lame bounce heuristics
+	Do plain CBV when template is missing
+0.8.6	Support CBV timeout
+	Support fail template, headers in templates
+	Create GOSSiP record only when connection will procede to DATA.
+	More SPF lax heuristics
+	Don't require SPF pass for white/black listing mail from trusted relay.
+	Support localpart wildcard for white and black lists.
+	Delay reject of unsigned RCPT for postmaster and abuse only
+	Fix dsn reporting of hard permerror
+	Resolve FIXME for wrap_close in miltermodule.c
+	Add Message-ID to DSNs
+	Use signed Message-ID in delayed reject to blacklist senders
+	Auto-train via blacklist and auto-whitelist
+	Don't check userlist for signed MFROM
+	Accept but skip DSPAM training for whitelisted senders without SPF PASS
+	Report GC stats 
+	Support CIDR matching for IP lists
+	Support pysrs sign feature
+	Support localpart specific SPF policy in access file
+0.8.5	Simple trusted_forwarder implementation.
+	Fix access_file neutral policy
+	Move Received-SPF header to beginning of headers
+	Supply keyword info for all results in Received-SPF header.
+	Move guessed SPF result to separate header
+	Activate smfi_insheader only when SMFIR_INSHEADER defined
+	Handle NULL MX in spf.py
+	in-process GOSSiP server support (to be extended later)
+	Expire CBV cache and renew auto-whitelist entries
+0.8.4	Auto-whitelist recipients of outgoing email.
+	Fix SPF policy via sendmail access map (case insensitive keys).
+	Train screener on whitelisted messages
+	Optional idx parameter to addheader to invoke smfi_insheader
+	Activate progress API when SMFIR_PROGRESS defined
+0.8.3   Keep screened honeypot mail, but optionally discard honeypot only mail.
+	spf_accept_fail option for braindead SPF senders 
+	  (treats fail like softfail)
+	Option to set SPF policy via sendmail access map.
+	Option to supply Sender header from MAIL FROM when missing.
+	Consider SMTP AUTH connections internal.
+	Send DSN for SPF errors corrected by extended processing.
+	Send DSN before SCREENED mail is quarantined
+	Use logging package to keep log lines atomic.
+0.8.2	Strict processing limits per SPF RFC
+	Fixed several parsing bugs under RFC 
+	Support official IANA SPF record (type99)
+	Honeypot support (requires pydspam-1.1.9)
+	Extended SPF processing results beyond strict RFC limits
+	Support original SES for bounce protection (requires pysrs-0.30.10)
+	Callback exception processing option in milter module
+	Handle corrupt ZIP attachments
+0.8.1	Fix zip in zip loop in mime.py
+	Fix HeaderParseError in bms.py header callback
+	Check internal_domains for outgoing mail
+	Fix inconsistent results from send_dsn
+0.8.0	Move Milter module to subpackage.
+	DSN support for Three strikes rule and SPF SOFTFAIL
+	Move /*mime*/ and dynip to Milter subpackage
+	Fix SPF unknown mechanism list not cleared
+	Make banned extensions configurable.
+	Option to scan zipfiles for bad extensions.
+	Properly log pydspam exceptions
+0.7.3	Experimental release with python2.4 support
 0.7.2	Return unknown for invalid ip address in mechanism
 	Recognize dynamic PTR names, and don't count them as authentication.
 	Three strikes and yer out rule.
 	Block softfail by default when no PTR or HELO
 	Return unknown for null mechanism
-	Return unknown for invalid ip address in mechanism
 	Try best guess on HELO also
 	Expand setreply for common errors
 	make rhsbl.m4 hack available for sendmail.mc
@@ -42,7 +42,7 @@ Quick Installation
 1. Build and install Sendmail, enabling libmilter (see libmilter/README).
 2. Build and install Python, enabling threading.
 3. Install this module: python setup.py --help
-4. Add these two lines to sendmail.cf:
+4. Add these two lines to sendmail.cf[*]:

 O InputMailFilters=pythonfilter
 Xpythonfilter,        S=local:/home/username/pythonsock
@@ -51,9 +51,17 @@ Xpythonfilter,        S=local:/home/username/pythonsock
 Note that milters should almost certainly not run as root.

 That's it.  Incoming mail will cause the milter to print some things, and
-some email will be rejected (see the "header" method).  Edit and play.  See
-bms.py for an example milter used in production.
+some email will be rejected (see the "header" method).  Edit and play.  
+See spfmilter.py for a functional SPF milter, or see bms.py for an complex
+milter used in production.

+[*] This is for a quick test.  Your sendmail.cf in most distros will get
+overwritten whenever sendmail.mc is updated.  To make a milter permanent,
+add something like:
+
+INPUT_MAIL_FILTER(`pythonfilter', `S=local:/home/username/pythonsock, F=T, T=C:5m;S:20s;R:5m;E:5m')
+
+to sendmail.mc instead.

 Not-so-quick Installation
 -------------------------
@@ -90,9 +98,10 @@ some options associated with it.  In this case, we have the "S" option, which
 names the socket that sendmail will use to communicate with this particular
 milter.  This milter's socket is a unix-domain socket in the filesystem.
 See libmilter/README for the definitive list of options.
+
 NB: The name is specified in two places: here, in sendmail's cf file, and
 in the milter itself.  Make sure the two match.
-NB: OpenBSD must use an inet socket.  See the web page for details.
+
 NB: The above lines can be added in your .mc file with this line:

 INPUT_MAIL_FILTER(`pythonfilter', `S=local:/home/username/pythonsock')
@@ -124,16 +133,6 @@ and headers at

 http://www.bmsi.com/linux/sendmail-rh72.spec

-OpenBSD Notes
-------------
-
-Sendmail is broken on OpenBSD for unix domain sockets.  You must use an
-inet socket for milter.  The sendmail.cf 'X' config line would look like:
-
-Xpythonfilter,        S=inet:1234@localhost
-
-and the sample milter needs to be modified accordingly.
-
 IPv6 Notes
 ----------

@@ -1,58 +1,167 @@
-Checking in mime.py;
-/bms/cvs/milter/mime.py,v  <--  mime.py
-new revision: 1.56; previous revision: 1.55
-done
-Checking in spf.py;
-/bms/cvs/milter/spf.py,v  <--  spf.py
-new revision: 1.18; previous revision: 1.17
-done
-Checking in testmime.py;
-/bms/cvs/milter/testmime.py,v  <--  testmime.py
-new revision: 1.19; previous revision: 1.18
+Check ESMTP NOTIFY before sending real DSNs.  Just use CBV if DSNs are
+not wanted.

-Auto whitelist based on outgoing email - perhaps with magic subject
-or recipient prefix.
+Support CBV to local domains and cache results so that invalid users
+can be rejected without maintaining valid user lists.
+
+Now that we blacklist IPs for too many bad rcpts, delay SPF until RCPT TO.
+
+When content filtering is not installed, reject BLACKLISTed MFROM
+immediately.  There is no use waiting until EOM.
+
+Configuration is problematic when handling incoming, but not outgoing mail.
+The problem comes when alice@example.com sends mail to bill@example.com,
+and we are the MX for example.com, but alice is sending from some other
+MTA.  The mail is flagged external, so we don't list example.com in
+internal_domains (or we would get "spam from self").  But, if we try to do a
+CBV, we get "fraudulent MX", because the MX is ourself!  So we need to 
+avoid doing CBV on such domains.  Currently, we try to make sure the SPF
+policies don't do CBV.  The real solution is for users to use SMTP AUTH,
+but some of them are stubborn.
+
+We now don't check internal domains for incoming mail if there is an
+SPF record.
+
+On the other hand, if alice is sending internally, or with SMTP AUTH, she
+*does* need the domain to be in internal_domains.  The solution to that 
+is to use the new SMTP AUTH access configuration to specify which domains
+can be used by smtp AUTH (by user if desired).
+
+It would be cleaner if CBV would know which domains we have agreed to
+be MX for. Some ideas for external connections:
+
+a) check access file for To:example.com	RELAY
+b) check mailertable
+c) check mx_domains config list
+d) if there is an SPF record, don't check internal_domains
+   (let SPF block unauthorized machines)
+
+But that still doesn't handle the roaming user, who won't use SMTP
+AUTH, but sends through some hotel MTA.  Maybe we don't want to support
+him?
+
+When setting up pydspam, both sender and rcpt must resolve to dspam users
+for falsepositive recognition.  Usually, this means adding 
+honeypot@mail.example.com to alias list for honeypot in pymilter.cfg.
+This needs to be documented.  I was caught by it setting up a new site.
+
+Add signature (x-sig=AB7485f=TS) to Received-SPF, so it can be used
+to blacklist sources of delayed DSNs.
+
+rcpt-addr may let us know when a recipient is unknown.  That should count
+against reputation.
+
+Need to use wildcards in blacklist.log: *.madcowsrecord.net
+Need to exclude emails like !*-admin@example.com in whitelist_sender.
+Need to exclude robot users from autowhitelist.  Don't want to have to
+list all users, so implement something like !*-admin@bmsi.com,@bmsi.com.
+
+GOSSiP feedback from user training is ignored because UMIS has already been
+removed from queue.  Maybe keep UMIS in queue, and add method to 
+alter last feedback for ID.
+
+Generate DSNs according to RFC 3464
+
+Get temperror policy from access file.
+
+Reporting explanation for failure should show source if sender
+provided explanation.
+
+Bug in Auto-whitelist.  Recent Auto-whitelist doesn't override expired entry.
+
+SPF permerror diagnostics should include corrected mechanism.
+
+Delay SPF check until RCPT TO.  Cache result to avoid repeating
+for multiple RCPT.  This avoids overhead for invalid RCPT, and
+allows for per RCPT local policy.
+
+Check SPF for outgoing mail (including local policy for internal addresses).
+This could also solve the second part of the mail from relay problem below.
+
+Whitelisted senders from trusted relay get PROBATION.  Need to extracted
+SPF result from headers - and in the case of mail internal to relay
+(e.g. bmsi.com), supply 'pass' result.  
+
+Add auto-blacklisted senders to blacklist.log with timestamp.
+Add emails blacklisted via CBV so that they are remembered across milter
+restarts.
+
+Make all dictionaries work like honeypot.  Do not train as ham unless
+whitelisted.  Train on blacklisted messages, or spam feedback.  This
+can be called Train On Error.  Should be possible to startup
+with training on everything to get dictionary built fast, then switch
+to train on error to minimize labor.
+
+Allow unsigned DSNs from selected domains (that don't accept signed MFROM,
+e.g. verizon.net).
+
+Allow verified hostnames for trusted_relay.  E.g. HELO name that
+passes SPF.
+
+When do we get two hello calls?  STARTTLS is one reason.
+
+Option: accept mail from auto-whitelisted senders even with spf-fail,
+but do not update dspam.  This can be done for individual senders or domains 
+using the access file.
+
+pysrs: SRS doesn't get applied to proper recipients when there are
+multiple recipients.  This requires debugging cf scripts - yuk.
+
+auto_whitelist false_positives from quarantine - perhaps only when
+user selects special button (use special header to communicate
+that from dspamcgi.py to milter.)
+
+Use send_dsn.log for blacklist also.  AddrCache needs localpart
+wildcard (e.g. empty localpart).
+
+Quarantined mail is missing headers modified/added by milter after
+checking dspam.
+
+Send DSN for permerror before processing extended result.  An additional
+DSN may be sent based on extended result.  Send permerror DSN to
+postmaster@sending_domain.
+
+Rescind whitelist for banned extensions, in case sender is infected.
+
+Train honeypot on error only.
+
+Find rfc2822 policy for MFROM quoting.
+
+Support explicit errors for SPF policy in access file:
+SPF-Neutral:aol.com	ERROR:"550 AOL mail must get SPF PASS"
+
+Defer TEMPERROR in SPF evaluation - give precedence to security
+(only defer for PASS mechanisms).
+
+Create null config that does nothing - except maybe add Received-SPF
+headers.  Many admins would like to turn features on one at a time.

 Can't output messages with malformed rfc822 attachments.

-Use python exceptions in SPF to cleanly handle unknown and error results.
-
-Example malformed SPF:
-onvunvuvvx.usafisnews.org text "v=spf1 mx ptr ip4:207.44.199.970 -all"
-
 Move milter,Milter,mime,spf modules to pymilter
 milter package will have bms.py application

-Support SMTP AUTH and disable SPF checks when connection is authorized.
 Web admin interface
-Check valid domains allowed by internal senders to detect PCs infected
-with spam trojans.
-Do CBV (callback verification) for mail with no published SPF record.
 message log for automated stats and blacklisting
-Skip dspam when SPF pass?
+Skip dspam when SPF pass? NO
 Report 551 with rcpt on SPF fail?
 check spam keywords with character classes, e.g.
 	{a}=[a@ãä], {i}=[i1í], {e}=[eë], {o}=[o0ö]

 Implement RRS - a backdoor for non-SRS forwarders.  User lists non-SRS 
 forwarder accounts, and a util provides a special local alias for the
-user to give to the forwarder.  Alias only works for mail from that
+user to give to the forwarder.  (Or user just adds arbitrary alias
+unique to that forwarder to a database.)  Alias only works for mail from that
 forwarder.  Milter gets forwarder domain from alias and uses it to
 SPF check forwarder.

-Another special dspam user, 'honeypot', can be listed in innoculations.
-All email to those addresses is treated as known spam.
-
 Framework for modular Python milter components within a single VM.
 Python milters can be already be composed through sendmail by running each in
 a separate process.  However, a significant amount of memory is wasted
 for each additional Python VM, and communication between milters
 is cumbersome (e.g., adding mail headers, writing external files).

-Backup copies for outgoing/incoming mail.
-
-Allow multiple wiretap groups, each with its own destination.  Perhaps 
-also copy incoming wiretap mail, even though sendmail alias works perfectly
+Copy incoming wiretap mail, even though sendmail alias works perfectly
 for the purpose, to avoid having to change two configs for a wiretap.

 Provide a way to reload milter.cfg without stopping/restarting milter.
@@ -66,10 +175,66 @@ Keep separate ismodified flag for headers and body.  This is important
 when rejecting outgoing mail with viruses removed (so as not to
 embarrass yourself), and also removing Received headers with hidepath.

-Wrap smfi_setbacklog(int) - but it is only available in sendmail >= 8.12.3,
-  so how can we detect whether to wrap it?
-
 Need a test module to feed sample messages to a milter though a live 
 sendmail and SMTP.  The mockup currently used is probably not very accurate,
 and doesn't test the threading code.

+DONE Table of sendmail macros for documentation.  In API docs on milter.org.
+
+DONE For selected domains, check rcpts via CBV before accepting mail.  Cache
+results.  This will kick out dictonary attacks against a mail domain
+behind a gateway sooner.
+
+DONE Convert DSN to REJECT unless sender gets SPF pass or best guess pass.  Make
+configurable by SPF result with NOTSPAM policy (reject or deliver without DSN).
+Maybe policy should be NODSN - still verify sender with CBV.
+
+DONE Add parseaddr test case for 'foo@bar.com <baz@barf.biz>'
+
+DONE Require signed MFROM for all incoming bounces when signing all outgoing
+mail - except from trusted relays.
+
+DONE Added Message-ID header to DSN with SRS signed sender.  When seen on
+incoming rfc ignorant failure message, blacklist sender.
+
+DONE Option to add Received-SPF header, but never reject on SPF.
+  I think the above will handle this.
+
+DONE Received-SPF header field should show identity that was checked.
+
+DONE When training with spam, REJECT after data so that mistakenly blacklisted
+senders at least get an error.
+
+DONE Milter won't start when it can't change permissions on *.lock to match
+*.log.  Should maybe ignore that error - the effect will be to set
+the permissions to default.
+
+DONE Milter won't start when a whitelist/blacklist file is missing.
+
+DONE Delayed failure detection should parse From header to find email address.
+
+DONE When bms.py can't find templates, it passes None to dsn.create_msg(),
+which uses local variable as backup, which no longer exist.  Do plain
+CBV in that case instead.
+
+DONE Find and use X-GOSSiP: header for SPAM: and FP: submissions.  Would need
+to keep tags longer.
+
+DONE Parse incoming 3464 DSNs for "Action: failed" to recognize delayed
+failures.  This works regardless of Subject.
+
+DONE Reports PROBATION even when rejecting message (works, but confusing in
+log).
+
+DONE Delayed_failure detection needs to handle multi-line header fields.  
+Also, delayed_failure should be recognized when addressed to
+postmaster@helodomain 
+
+DONE DSN for Permerror shows 'None' for error under some condition.
+
+DONE Allow blacklisted emails as well as domains in blacklist.log.  Use same
+data structure as autowhitelist.log.  
+
+DONE Backup copies for outgoing/incoming mail.
+
+DONE Don't match dynamic ptr in bestguess.
@@ -1,153 +0,0 @@
-#!/usr/bin/python2.3
-
-# Convert a MS Caller-ID entry (XML) to a SPF entry
-#
-# (c) 2004 by Ernesto Baschny
-# (c) 2004 Python version by Stuart Gathman
-#
-# Date: 2004-02-25
-# Version: 1.0
-#
-# Usage:
-#  ./cid2spf.pl "<ep xmlns='http://ms.net/1'>...</ep>"
-#
-# Note that the 'include' directives will also have to be checked and
-# "translated". Future versions of this script might be able to get a
-# domain name as an argument and "crawl" the DNS for the necessary
-# information.
-#
-# A complete reverse translation (SPF -> CID) might be impossible, since
-# there are no way to handle:
-# - PTR and EXISTS mechanism 
-# - MX mechanism with an different domain as argument
-# - macros
-# 
-# References:
-# http://www.microsoft.com/mscorp/twc/privacy/spam_callerid.mspx
-# http://spf.pobox.com/
-#
-# Known bugs:
-# - Currently it won't handle the exclusions provided in the A and R
-#   tags (prefix '!'). They will show up "as-is" in the SPF record
-# - I really haven't read the MS-CID specs in-depth, so there are probably
-#   other bugs too :)
-#
-# Ernesto Baschny <ernst@baschny.de>
-#
-
-import xml.sax
-import spf
-
-# -------------------------------------------------------------------------
-class CIDParser(xml.sax.ContentHandler):
-  "Convert a MS Caller-ID entry (XML) to a SPF entry"
-
-  def __init__(self,q=None):
-    self.spf = []
-    self.action = '-all'
-    self.has_servers = None
-    self.spf_entry = None
-    if q:
-      self.spf_query = q
-    else:
-      self.spf_query = spf.query(i='127.0.0.1', s='localhost', h='unknown')
-
-  def startElement(self,tag,attr):
-      if tag == 'm':
-	if self.has_servers != None and not self.has_servers:
-	  raise ValueError(
-    "Declared <noMailServers\> and later <m>, this CID entry is not valid."
-	  )
-	self.has_servers = True
-      elif tag == 'noMailServers':
-	if self.has_servers:
-	  raise ValueError(
-    "Declared <m> and later <noMailServers\>, this CID entry is not valid."
-	  )
-	self.has_servers = False
-      elif tag == 'ep':
-	if attr.has_key('testing') and attr.getValue('testing') == 'true':
-	  # A CID with 'testing' found:
-	  # From the MS-specs:
-	  #  "Documents in which such attribute is present with a true
-	  #  value SHOULD be entirely ignored (one should act as if the
-	  #  document were absent)"
-	  # From the SPF-specs:
-	  #  "Neutral (?): The SPF client MUST proceed as if a domain did
-	  #  not publish SPF data."
-	  # So we set SPF action to "neutral":
-	  self.action = '?all'
-      elif tag == 'mx':
-	  # The empty MX-tag, same as SPF's MX-mechanism
-	  self.spf.append('mx')
-      self.tag = tag
-
-  def characters(self,text):
-	tag = self.tag
-	# Remove starting and trailing spaces from text:
-	text = text.strip()
-
-	if tag == 'a' or tag == 'r':
-	    # The A and R tags from MS-CID are both handled by the 
-	    # ipv4/6-mechanisms from SPF:
-	    if text.find(':') < 0:
-	      mechanism = 'ip4'
-	    else:
-	      mechanism = 'ip6'
-	    self.spf.append(mechanism + ':' + text)
-	elif tag == 'indirect':
-	    # MS-CID's indirect is "sort of" the include from SPF:
-	    # Not really true, because the <indirect> tag from MS-CID also 
-	    # provides a fallback in case the included domain doesn't provide
-	    # _ep-records: The inbound MX-servers of the included domains
-	    # are added to the list of allowed outgoing mailservers for the
-	    # domain that declared the _ep-record with the <indirect> tag.
-	    # In SPF you would use the 'mx:domain' to handle this, but this
-	    # wouldn't depend on referred domain having or not SPF-records.
-	    cid_xml = self.cid_txt(text)
-	    if cid_xml:
-	      p = CIDParser()
-	      xml.sax.parseString(cid_xml,p)
-	      if p.has_servers != False:
-		self.spf += p.spf
-	    else:
-	      self.spf.append('mx:' + text)
-
-  def cid_txt(self,domain):
-    q = self.spf_query
-    domain='_ep.' + domain
-    a = q.dns_txt(domain)
-    if not a: return None
-    if a[0].lower().startswith('<ep ') and a[-1].lower().endswith('</ep>'):
-      return ''.join(a)
-    return None
-
-  def endElement(self,tag):
-      if tag == 'ep':
-	# This is the end... assemble what we've got
-	spf_entry = ['v=spf1']
-	if self.has_servers != False:
-	  spf_entry += self.spf
-	spf_entry.append(self.action)
-	self.spf_entry = ' '.join(spf_entry)
-
-  def spf_txt(self,cid_xml):
-    if not cid_xml.startswith('<'):
-      cid_xml = self.cid_txt(cid_xml)
-      if not cid_xml: return None
-    # Parse the beast. Any XML-problem will be reported by xlm.sax
-    self.spf_entry = None
-    xml.sax.parseString(cid_xml,self)
-    return self.spf_entry
-
-if __name__ == '__main__':
-  import sys
-  if len(sys.argv) < 2:
-    print >>sys.stderr, \
-      """Usage: %s "<ep xmlns='http://ms.net/1'>...</ep>" """ % sys.argv[0]
-    sys.exit(1)
-
-  cid_xml = sys.argv[1]
-
-  p = CIDParser()
-  print p.spf_txt(cid_xml)
@@ -0,0 +1,222 @@
+Title: Recent Changes
+
+<h2> Recent Changes </h2>
+
+<h3> 0.8.10 </h3>
+
+SRS rejections now log the recipient.  
+I have finally implemented plain CBV (no DSN).  The CBV policy
+will do a plain CBV from now on, and the DSN policy is required
+if you want to send a DSN.
+I started checking the MAIL FROM fullname (human readable part
+of an email) for porn keywords.  There is now a banned IP database.
+IPs are banned for too many bad MAIL FROMs or RCPT TOs, and remain banned
+for 7 days.
+
+<h3> 0.8.9 </h3>
+
+I use the <code>%ifarch</code> hack to build milter and milter-spf
+packages as noarch, while pymilter is built as native.
+
+I removed the spf dependency from dsn.py, so pymilter can be used without
+installing pyspf, and added a Milter.dns module to let python milters do
+general DNS lookups without loading pyspf.
+
+<h3> 0.8.8 </h3>
+
+Programs do not belong in the /var/log directory.  I moved the
+milter apps to /usr/lib/pymilter.  Since having the programs and
+data in the same directory is convenient for debugging, it will
+still use an executable present in the datadir.
+
+Several general utility classes and functions are now in the Milter package
+for possible use by other python milters.  In addition to the trivial example
+milter, a simple SPF only milter is included as a realistic example.
+
+The spec file now build 3 RPMs:
+
+<ul>
+<li> pymilter is the milter module and Milter package for use by all python
+     milters.
+<li> milter is the all-singing, all-dancing python milter application, with
+     supporting <code>/etc/init.d</code>, logrotate and other scripts.
+<li> milter-spf is the simple SPF only milter application.
+</ul>
+
+<h3> 0.8.7 </h3>
+
+The spf module has been moved to the 
+<a href="http://cheeseshop.python.org/pypi/pyspf">pyspf</a> package.
+Download <a href="http://sourceforge.net/project/showfiles.php?group_id=139894&package_id=191419">here</a>.
+
+<h3> 0.8.6 </h3>
+
+Python milter has been moved to 
+<a href="http://sourceforge.net/projects/pymilter/">pymilter Sourceforge
+project</a> for development and release downloads.
+
+<h3> 0.8.5 </h3>
+
+Release 0.8.5 fixes some build bugs reported by Stephen Figgins.  It
+fixes many small things, like not auto-whitelisting recipients of
+outgoing mail when the subject contains "autoreply:".  There is a 
+simple trusted forwarder implementation.  If you have more than
+2 or so forwarders, we will need a way to "compile" SPF records into an
+IP set and TTL for it to be efficient (like libspf2 does).
+
+<h3> GOSSiP </h3>
+An alpha release of <a href="pygossip.html">pygossip</a> has been commited to
+CVS, module pygossip. A version of the bms.py milter has been commited to CVS
+which supports calling GOSSiP to track domain reputation in a local database.
+
+<h3> New website design </h3>
+
+Hey, I'm no artist, so I just used the
+<a href="http://ht2html.sourceforge.net/">ht2html</a> package
+by <a href="http://barry.wooz.org/">Barry Warsaw</a>.  The mascot
+is by <a href="http://alphard.ethz.ch/hafner/lebl.htm">Christian Hafner</a>,
+or maybe his wife.  I chose Maxwell's daemon because it tirelessly
+and invisibly sorts molecules, just as milters sort mail.
+Christian has also provided a fun 
+<a href="http://alphard.ethz.ch/hafner/PPS/PPS2002/Maxwell/simulation.htm">
+simulation</a> that lets you try your hand at sorting molecules.
+
+<h3> 0.8.4 </h3>
+
+Release 0.8.4 makes configuring SPF policy via access.db actually work.
+The honeypot idea is enhanced by auto-whitelisting recipients of
+email sent from selected domains.  Whitelisted messages are then used
+to train the honeypot.  This makes the honeypot screener entirely self
+training.  The smfi_progress() API is now automatically supported when present.
+An optional idx parameter to milter.addheader() invokes smfi_insheader().
+
+<h3> 0.8.3 </h3>
+
+Release 0.8.3 uses the standard logging module, and supports configuring
+more detailed SPF policy via the sendmail access map.  SMTP AUTH connections
+are considered INTERNAL.  Preventing forgery between internal domains is
+just a matter of specifying the user-domain map - I'll define something
+for the next version.  We now send DSNs when mail is quarantined (rejecting
+if DSN fails) and for SPF syntax errors (PermError).  There is an
+experimental option to add a Sender header when it is missing and the From
+domain doesn't match the MAIL FROM domain.  Next release, we may start
+renaming and replacing an existing Sender header when neither it nor the
+From domain matches MAIL FROM.  Since bogus MAIL FROMs are rejected
+(to varying degrees depending on the configured SPF policy), and
+both Sender and From and displayed by default in many email clients,
+this provides some phishing protection without rejecting mail based
+on headers.
+
+<h3> 0.8.2 </h3>
+
+Release 0.8.2 has changes to <a href="http://openspf.net">SPF</a> to bring it
+in line with the newly official RFC.  It adds 
+<a href="http://ses.codeshare.ca/">SES</a>
+support (the original SES without body hash) for pysrs-0.30.10, and honeypot
+support for pydspam-1.1.9.  There is a new method in the base milter module.
+milter.set_exception_policy(i) lets you choose a policy of CONTINUE, REJECT, or
+TEMPFAIL (default) for untrapped exceptions encountered in a milter callback.
+
+<h3> 0.8.0 </h3>
+
+Release 0.8.0 is the first <a href="http://sourceforge.net/">Sourceforge</a>
+release.  It supports Python-2.4, and provides an option to accept mail
+that gets an SPF softfail or fails the 3 strikes rule, provided the
+alleged sender accepts a DSN explaining the problem.  Python-2.3 is
+no longer supported by the reworked mime.py module, although API changes
+could be backported.  There are too many incompatible changes to the
+python email package.
+
+<h3> Older Releases </h3>
+
+Release 0.7.2 tightens the authentication screws with a "3 strikes and
+you're out" policy.  A sender must have a valid PTR, HELO, or SPF record
+to send email.  Specific senders can be whitelisted using the
+"delegate" option in the spf configuration section by adding a
+default SPF record for them.  The PTR and HELO are required
+by RFC anyway, so this is not an unreasonable requirement.
+There is now a coherent policy for an SPF softfail result.  A softfail
+is accepted if there is a valid PTR or HELO, or if the domain
+is listed in the "accept_softfail" option of the spf configuration section.
+A neutral result is accepted by default if there is a valid PTR or
+HELO, (and the SPF record was not guessed), unless the domain is listed in the
+"reject_neutral" option.  Common forms of PTR records for dynamic IPs are
+recognized, and do not count as a valid PTR.  This does not prevent anyone
+from sending mail from a dynamic IP - they just need to configure a
+valid HELO name or publish an SPF record.
+<p>
+As SPF adoption continues to rise, forged spam is not getting through.  So
+spammers are publishing their SPF records as predicted.  The 0.7.2 RPM
+now provides the <code>rhsbl</code> sendmail hack so that spammer domains
+can be blacklisted.  With the RPM installed, add a line like the following
+to your <code>sendmail.mc</code>.
+<pre>
+HACK(rhsbl,`blackholes.example.com',"550 Rejected: " $&{RHS} " has been spamming our customers.")dnl
+</pre>
+<p>
+Of course, spammers are now starting to register
+throwaway domains.  The next thing we need is a custom DNS server,
+in Python, that
+can recognize patterns.  For instance, one spammer registers ded304.com,
+ded305.com, ded306.com, etc.  We also need the custom DNS server to
+let SPF classic clients check SES (which will be part of pysrs).  
+The <a href="http://twistedmatrix.com/products/twisted">Twisted Python</a>
+framework provides a custom DNS server - but I
+would like a smaller implementation for our use.
+<p>
+The RPM for release 0.7.0 moves the config file and socket locations to
+/etc/mail and /var/run/milter respectively.  We now parse Microsoft CID records
+- but only hotmail.com uses them.  They seem to have applied for a patent on
+the brilliant idea of examining the mail headers to see who the message is
+from.  We aren't doing that here, so not to worry - but I am not a lawyer, so
+if you are worried, change spf.py around line 626 to return None instead of
+calling CIDParser().  There is a new option to reject mail with no PTR
+and no SPF.
+<p>
+Microsoft is pushing an anti-opensource license for their pending patent
+along with their sender-ID proposal before the IETF.
+It is royalty free - but requires anyone distributing a binary they've
+compiled from source to sign a license agreement.  The Apache Software
+Foundation <a
+href="http://www.apache.org/foundation/docs/sender-id-position.html"> explains
+the problem with sender-ID</a>, and Debian <a
+href="http://www.debian.org/News/2004/20040904">concurs</a>.  Since 
+the <a href="http://download.microsoft.com/download/4/3/9/439b024b-09fd-44ee-8ff0-10e834004c36/senderid_FAQ.PDF">Microsoft license</a> is
+<a href="http://www.circleid.com/article/732_0_1_0_C/">incompatible with free
+software in general</a> and the <a
+href="http://www.imc.org/ietf-mxcomp/mail-archive/msg03678.html">GPL in
+particular</a>, Python milter will not be able to implement sender-ID in its
+current form.  This was, no doubt, Microsoft's intent all along.
+<p>
+Sender-ID attempts to do for RFC2822 headers what SPF does for RFC2821 headers.
+Unlike SPF, it has never been tried, and is encumbered by a stupid patent.  I
+recommend ignoring it and continuing to implement and improve SPF until a
+working and unencumbered proposal for RFC2822 headers surfaces.
+
+<p>
+<a href="http://openspf.com">
+<img src="SPF.gif" align=left alt="SPF logo"></a>
+Release 0.6.6 adds support for <a href="http://openspf.com/">SPF</a>,
+a protocol to prevent forging of the envelope from address.  
+SPF support requires <a href="http://pydns.sourceforge.net/">pydns</a>.
+The included spf.py module is an updated version of the original 1.6
+version at <a href="http://www.wayforward.net/spf/">wayforward.net</a>.
+The updated version tracks the draft RFC and test suite.
+<p>
+The FAQ addresses <a href="faq.html#spf">how to get started with SPF</a>.
+<p>
+Release 0.6.1 adds a full milter based dspam application.
+<p>
+I have selected the <a href="http://www.nuclearelephant.com/projects/dspam/">
+dspam bayes filter project</a> and <a href="dspam.html">
+packaged it for python</a>.
+Release 0.6.0 offers a simple application of dspam I call "header triage",
+which rejects messages with spammy headers.  
+To use header triage, you must have <a href="dspam.html">DSPAM</a> installed,
+and select a dictionary that is well moderated by someone who gets
+lots of spam.  That dictionary can be used to block spam that is 
+obvious from the headers (e.g. X-Mailer and Subject) before it ties
+up any more resources.  I have yet to see any false positives from this
+approach (check the milter log), but if there are, the sender will
+get a REJECT with the message "Your message looks spammy."
+
@@ -0,0 +1,55 @@
+Title: Credits
+
+<h1> CREDITS </h1>
+
+<a href="mailto:Jim Niemira <urmane@urmane.org>">Jim Niemira</a>
+wrote the original C module and some quick
+and dirty python to use it.  
+<a href="http://gathman.org/vitae">Stuart D. Gathman</a>
+took that kludge and added threading and context objects to it, wrote a proper
+OO wrapper (Milter.py) that handles attachments, did lots of testing, packaged
+it with distutils, and generally transformed it from a quick hack to a
+real, usable Python extension.
+
+<h2>Other contributors (in random order):</h2>
+
+<dl>
+<dt> <a href="http://alphard.ethz.ch/hafner/lebl.htm">Christian Hafner</a>
+  <dd>for the pymilter mascot image of 
+  <a href="http://maxwelld.netfirms.com/">
+  Maxwell's daemon</a>
+<dt>Stephen Figgins
+  <dd>for reporting problems building with sendmail-8.12, and when
+  building milter.so for the first time.
+<dt>Dave MacQuigg 
+  <dd>for noticing that smfi_insheader wasn't supported, and creating
+  a template to help first time pymilter users create their own milter.
+<dt>Terence Way
+  <dd>for providing a Python port of SPF
+<dt>Scott Kitterman
+  <dd>for doing lots of testing and debugging of SPF against draft standard,
+  and for putting up a <a href="http://www.kitterman.com/spf/validate.html">
+  web page that validates SPF</a> records using spf.py
+<dt>Alexander Kourakos
+  <dd>for plugging several memory leaks
+<dt>George Graf at Vienna University of Economics and Business Administration
+  <dd>for handling None passed to setreply and chgheader.
+<dt>Deron Meranda
+  <dd>for IPv6 patches
+<dt>Jason Erikson
+  <dd>for handling NULL hostaddr in connect callback.
+<dt>John Draper
+  <dd>for porting Python milter to OpenBSD, and starting to work on tutorials
+  then pointing out that it would be easier to just write the MTA in Python.
+<dt>Eric S. Johansson
+  <dd>for helpful design discussions while working on camram
+<dt>Alex Savguira
+  <dd>for finding bugs with international headers and
+  suggesting the scan_zip option.
+<dt><a href="http://www.bmsi.com">Business Management Systems</a>
+  <dd>for hosting the website, and providing paying clients who need milter
+  service so I can work on it as part of my day job.
+</dl>
+
+If I have left anybody out, send me a reminder: 
+<a href="mailto:Stuart Gathman <stuart@bmsi.com>">stuart@bmsi.com</a>
@@ -0,0 +1,293 @@
+Title: Python Milter FAQ
+
+<h1> Python Milter <a name=faq>FAQ</a> </h1>
+
+<menu>
+<li> <a href="#compiling">Compiling Python Milter</a>
+<li> <a href="#running">Running Python Milter</a>
+<li> <a href="#spf">Using SPF</a>
+<li> <a href="#srs">Using SRS</a>
+</menu>
+
+<ol>
+
+<h3> <a name="compiling">Compiling Python Milter </a> </h3>
+
+<li> Q. I have tried to download the current milter code and my virus scan
+traps several viruses in the download.
+<p>  A. The milter source includes a number of deactivated viruses in
+the test directory.  All but the first and last lines of the base64
+encoded virus data has been removed.  I suppose I should randomize
+the first and last lines as well, since pymilter just deletes executables,
+and doesn't look for signatures.
+<li> Q. I have installed sendmail from source, but Python milter won't
+compile.
+<p>  A. Even though libmilter is officially supported in sendmail-8.12, 
+you need to build and install it in separate steps.  Take a look
+at the <a href="/aix/sendmail12.spec">RPM spec file</a> for sendmail-8.12.  
+The %prep section shows you how to create
+a site.config.m4 that enables MILTER.  The %build section shows you how
+to build libmilter in a separate invocation of make.  The %install section
+shows you how to install libmilter with a separate invocation of make.
+<p>
+
+<li> Q. Why is mfapi.h not found when I try to compile Python milter on
+RedHat 7.2?
+<p>  A. RedHat forgot to include the header in the RPM.  See the
+<a href="requirements.html#rh72">RedHat 7.2 requirements</a>.
+<p>
+<li> Q. Python milter compiles ok, but I get an error like this when
+	I try to import the milter module:
+<pre>
+ImportError: /usr/lib/python2.4/site-packages/milter.so: undefined symbol: smfi_setmlreply
+</pre>
+<p>  A. Your libmilter.a is from sendmail-8.12 or earlier.  You need
+	sendmail-8.13 or later to support setmlreply.  You can disable
+	setmlreply by changing setup.py.  Change:
+<pre>
+            define_macros = [ ('MAX_ML_REPLY',32) ]
+</pre>
+in setup.py to
+<pre>
+            define_macros = [ ('MAX_ML_REPLY',1) ]
+</pre>
+
+<h3> <a name="running">Running Python Milter </a></h3>
+
+<li> Q. The sample.py milter prints a message, then just sits there.
+<pre>
+To use this with sendmail, add the following to sendmail.cf:
+
+O InputMailFilters=pythonfilter
+Xpythonfilter,        S=local:inet:1030@localhost
+
+See the sendmail README for libmilter.
+sample  milter startup
+</pre>
+<p>  A. You need to tell sendmail to connect to your milter.  The
+sample milter tells you what to add to your sendmail.cf to tell
+sendmail to use the milter.  You can also add an INPUT_MAIL_FILTER
+macro to your sendmail.mc file and rebuild sendmail.cf - see the sendmail
+README for milters.
+<p>
+
+<li> Q. I've configured sendmail properly, but still nothing happens
+when I send myself mail!
+<p>  A. Sendmail only milters SMTP mail.  Local mail is not miltered.
+You can pipe a raw message through sendmail to test your milter:
+<pre>
+$ cat rawtextmsg | sendmail myname@my.full.domain
+</pre>
+Now check your milter log.
+<p>
+
+<li> Q. Why do I get this ImportError exception?
+<pre>
+File "mime.py", line 370, in ?
+    from sgmllib import declstringlit, declname
+    ImportError: cannot import name declstringlit
+</pre>
+<p>  A. <code>declstringlit</code> is not provided by sgmllib in all versions
+of python.  For instance, python-2.2 does not have it.  Upgrade to
+milter-0.4.5 or later to remove this dependency.
+<p>
+
+<li> Q. Why do I get <code>milter.error: cannot add recipient</code>?
+<pre>
+</pre>
+<p>  A. You must tell libmilter how you might mutate the message with
+<code>set_flags()</code> before calling <code>runmilter()</code>.  For
+instance, <code>Milter.set_flags(Milter.ADDRCPT)</code>.  You must add together
+all of <code>ADDHDRS, CHGBODY, ADDRCPT, DELRCPT, CHGHDRS</code> that apply.
+<p> NOTE - recent versions default flags to enabling all features.  You
+must now call <code>set_flags()</code> if you wish to disable features for
+efficiency.
+<p>
+
+<li> Q. Why does sendmail sometimes print something like:
+"...write(D) returned -1, expected 5: Broken pipe"
+in the sendmail log?
+<p>  A. Libmilter expects "rcpt to" shortly after getting "mail from".
+"Shortly" is defined by the timeout parameter you passed to
+<code>Milter.runmilter()
+</code> or <code>milter.settimeout()</code>.  If the timeout is 10 seconds,
+and looking up the first recipient in DNS takes more than
+10 seconds, libmilter will give up and break the connection.  
+<code>Milter.runmilter()</code> defaulted to 10 seconds in 0.3.4.  In 0.3.5
+it will keep the libmilter default of 2 hours.
+<p>
+
+<li> Q. Why does milter block messages with big5 encoding?  What if I
+want to receive them?
+<p>  A. sample.py is a sample.  It is supposed to be easily modified
+for your specific needs.  We will of course continue to move generic
+code out of the sample as the project evolves.  Think of sample.py as
+an active config file.
+<p>
+If you are running bms.py, then the block_chinese option in 
+<code>/etc/mail/pymilter.cfg</code> controls this feature.
+<p>
+
+<li> Q. Why does sendmail coredump with milters on OpenBSD?
+<p>  A. Sendmail has a problem with unix sockets on old versions of OpenBSD.
+OpenBSD users report that this problem has been fixed, so upgrading
+OpenBSD will fix this.  Otherwise, you can
+use an internet domain socket instead.  For example, in
+<code>sendmail.cf</code> use
+<pre>
+Xpythonfilter, S=inet:1234@localhost
+</pre>
+and change sample.py accordingly.
+<p>
+
+<li> Q. How can I change the bounce message for an invalid recipient?
+I can only change the recipient in the eom callback, but the eom callback
+is never called when the recipient is invalid!
+<p>  A. Configure sendmail to use virtusertable, and send all unknown
+addresses to /dev/null.  For example,
+<h4>/etc/mail/virtusertable</h4>
+<pre>
+@mycorp.com	dev-null
+dan@mycorp.com	dan
+sally@mycorp.com	sally
+</pre>
+<h4>/etc/aliases</h4>
+<pre>
+dev-null:	/dev/null
+</pre>
+Now your milter will get to the eom callback, and can change the
+envelope recipient at will.  Thanks to Dredd at 
+<a href=http://www.milter.org/>milter.org</a> for this solution.
+<p>
+
+<li> Q. I am having trouble with the setreply method.  It always outputs
+	"milter.error: cannot set reply".
+<p>  A. Check the sendmail log for errors.  If sendmail is getting
+milter timeouts, then your milter is taking too long and sendmail gave
+up waiting.  You can adjust the timeouts in your sendmail config.  Here
+is a milter declaration for sendmail.cf with all timeouts specified:
+<pre>
+Xpythonfilter, S=local:/var/log/milter/pythonsock, F=T, T=C:5m;S:20s;R:60s;E:5m
+</pre>
+<li> Q. There is a Python traceback in the log file!  What happened to
+	my email?
+<p>  A. By default, when the milter fails with an untrapped exception, a
+TEMPFAIL result (451) is returned to the sender.  The sender will then retry
+every hour or so for several days.  Hopefully, someone will notice the 
+traceback, and workaround or fix the problem.  Beginning with milter-0.8.2,
+you can call <code>milter.set_exception_policy(milter.CONTINUE)</code>
+to cause an untrapped exception to continue processing with the
+next callback or milter instead.  For
+completeness, you can also set the exception policy to
+<code>milter.REJECT</code>.
+
+<li> Q. I read some notes such as "Check valid domains allowed by internal
+	senders to detect PCs infected with spam trojans." but could not
+	understand the idea. Could you clarify the content ?
+
+<p>  A. The <code>internal_domains</code> configuration specifies which
+MAIL FROM domains are used by internal connections.  If an internal
+PC tries to use some other domain, it is assumed to be a "Zombie".
+<p>
+Here is a sample log line:
+<pre>
+2005Jun22 12:01:04 [12430] REJECT: zombie PC at  192.168.100.171  sending MAIL FROM  debby@fedex.com
+</pre>
+No, fedex.com does not use pymilter, and there is no one named debby at my
+client.  But the idiot using the PC at 192.168.100.171 has downloaded and
+installed some stupid weatherbar/hotbar/aquariumscreensaver that is actually a
+spam bot.
+<p>
+The <code>internal_domains</code> option is simplistic, it assumes all
+valid senders of the domains are internal.  SPF provides a much more general
+check of IP and MAIL FROM for external email.  Pymilter should soon
+have a local policy feature for more general checking of internal mail.
+<li> Q. <code>mail_archive</code> isn't working.  Or I don't understand how
+	it's suppose to work.  I have
+	<code>mail_archive = /var/mail/mail_archive</code>
+	in <code>pymilter.cfg</code> but nothing ever gets dumped into
+	<code>/var/mail/mail_archive</code>.
+<p>  A. The 'mail' user needs to have write access.  Permission failures
+	should be logged as a traceback in milter.log if it doesn't.
+
+<h3> <a name="spf">Using SPF </a></h3>
+
+<li> Q. So how do I use the SPF support?  The sample.py milter doesn't seem
+        to use it.
+<p>  A. The bms.py milter supports spf.  The RedHat RPMs will set almost
+everything up for you.  For other systems:
+<ol type=i>
+<li> Arrange to run bms.py in the background (as a service perhaps) and
+     redirect output and errors to a logfile.  For instance, on AIX you'll want
+     to use SRC (System Resource Controller).  
+<li> Copy pymilter.cfg to the /etc/mail or the directory you run bms.py in,
+     and edit it.  The comments should explain the options. 
+<li> Start bms.py in the background as arranged.
+<li> Add Xpythonfilter to sendmail.cf or add an INPUT_MAIL_FILTER to
+     sendmail.mc.  Regen sendmail.cf if you use sendmail.mc and restart 
+     sendmail.
+<li> Arrange to rotate log files and remove old defang files in 
+     <code>tempdir</code>.  The RedHat RPM uses <code>logrotate</code> for
+     logfiles and a simple cron script using <code>find</code> to clean
+     <code>tempdir</code>.
+</ol>
+	In CVS, there is <code>spfmilter.py</code>.  Run that as a service,
+	and it does just SPF.  It uses the sendmail <code>access</code>
+	file to configure SPF responses just like <code>bms.py</code>, but
+	supports only REJECT and OK.
+<li> Q. The SPF DSN is sent at least once for domains that don't publish a SPF.
+	How do I stop this behavior?
+<p>  A. The SPF response is controlled by <code>/etc/mail/access</code>
+	(actually the file you specify with <code>access_file</code> in
+	the <code>[spf]</code> section of <code>pymilter.cfg</code>).  
+	Responses are OK, CBV, and REJECT.  CBV sends the DSN.
+<p>
+You can change the defaults.  For instance, I have:
+<pre>
+SPF-None:	REJECT
+SPF-Neutral:	CBV
+SPF-Softfail:	CBV
+SPF-Permerror:	CBV
+</pre>
+I have best_guess = 1, so SPF none is converted to PASS/NEUTRAL for policy
+lookup, and 3 strikes (no PTR, no HELO, no SPF) becomes "SPF NONE" for local
+policy purposes (the Received-SPF header always shows the official SPF
+result.)
+<p>
+You can change the default for specific domains:
+<pre>
+# these guys aren't going to pay attention to CBVs anyway...
+SPF-None:cia.gov	REJECT
+SPF-None:fbi.gov	REJECT
+SPF-Neutral:aol.com	REJECT
+SPF-Softfail:ebay.com	REJECT
+</pre>
+
+<h3> <a name="srs">Using SRS </a></h3>
+
+<li> Q. The SRS part doesn't seem to work as whenever I try to start
+	<code>/etc/init.d/pysrs</code>, I get this in
+	<code>/var/log/milter/pysrs.log</code>:
+<pre>
+ConfigParser.NoOptionError: No option 'fwdomain' in section: 'srs'
+</pre>
+<p>  A. You need to specify the forward domain - i.e. the domain you want
+	SRS to rewrite stuff too.
+<p>
+For instance, I have:
+<pre>
+# sample SRS configuration
+[srs]
+secret = don't you wish
+maxage = 8
+hashlength = 5
+;database=/var/log/milter/srs.db
+fwdomain = bmsi.com
+sign=bmsi.com,mail.bmsi.com,gathman.org
+srs=bmsaix.bmsi.com,bmsred.bmsi.com,stl.gathman.org,bampa.gathman.org
+</pre>
+The <code>sign</code> is for local domains which are signed.
+The <code>srs</code> list is for other domains which you are relaying,
+and which need to have SRS checked/undone for bounces.
+
+</ol>
@@ -0,0 +1,23 @@
+<!-- -*- html -*- -->
+<h3>Subsections</h3>
+<li><a href="milter.html">Introduction</a>
+<li><a href="changes.html">Changes</a>
+<li><a href="requirements.html">Requirements</a>
+<li><a href="http://sourceforge.net/project/showfiles.php?group_id=139894">Download</a>
+<li><a href="faq.html">FAQ</a>
+<li><a href="policy.html">Policies</a>
+<li><a href="logmsgs.html">Log&nbsp;Messages</a>
+<li><a href="http://bmsi.com/mailman/listinfo/pymilter">Mailing&nbsp;List</a>
+<li><a href="credits.html">CREDITS</a>
+<li><a href="http://sourceforge.net"><img src="http://sflogo.sourceforge.net/sflogo.php?group_id=139894&amp;type=1" width="88" height="31" border="0" alt="SourceForge.net Logo" /></a>
+<h3>Links</h3>
+<li><a href="http://www.milter.org/milter_api/api.html">C&nbsp;API</a>
+<li><a href="http://www.milter.org/">Milter.Org</a>
+<li><a href="http://www.python.org/">Python.Org</a>
+<li><a href="http://www.sendmail.org/">Sendmail.Org</a>
+<li><a href="http://www.openspf.org/">SPF</a>
+<li><a href="pysrs.html">pysrs</a>
+<li><a href="http://cheeseshop.python.org/pypi/pyspf">pyspf</a>
+<li><a href="http://bmsi.com/python/pygossip.html">pygossip</a>
+<li><a href="http://bmsi.com/python/dspam.html">pydspam</a>
+<li><a href="http://bmsi.com/libdspam/dspam.html">libdspam</a>
@@ -0,0 +1,91 @@
+Title: Python Milter Log Documentation
+<style>
+DT              { font-weight: bolder; padding-top: 1em }
+</style>
+
+<h1> Milter Log Documentation </h1>
+
+The milter log from the bms.py application has a variety of "tags" in it that
+indicate what it did.
+
+<dl>
+<dt> DSPAM: honeypot SCREENED
+<dd> message was quarantined to the honeypot quarantine
+
+<dt> REJECT: hello SPF: fail 550 access denied
+<dt> REJECT: hello SPF: softfail 550 domain in transition
+<dt> REJECT: hello SPF: neutral 550 access neither permitted nor denied
+<dd> message was rejected because there was an SPF policy for the
+HELO name, and it did not pass.
+
+<dt> CBV: sender-17-44662668-643@bluepenmagic.com
+<dd> we performed a call back verification
+
+<dt> dspam
+<dd> dspam identifier was added to the message
+
+<dt> REJECT: spam from self: jsconnor.com
+<dd> message was reject because HELO was us (jsconnor.com)
+
+<dt> INNOC: richh
+<dd> message was used to update richh's dspam dictionary
+
+<dt> HONEYPOT: pooh@bwicorp.com
+<dd> message was sent to a honeypot address (pooh@bwicorp.com), the 
+message was added to the honeypot dspam dictionary as spam
+
+<dt> REJECT: numeric hello name: 63.217.19.146
+<dd> message was rejected because helo name was invalid (numeric)
+
+<dt> eom
+<dd> message was successfully received
+
+<dt> TEMPFAIL: CBV: 450 No MX servers available
+<dd> we tried to do a call back verification but could not look up 
+MX record, we told the sender to try again later
+
+<dt> CBV: info@emailpizzahut.com (cached)
+<dd> call back verification was needed, we had already done it recently
+
+<dt> abort after 0 body chars
+<dd> sender hung up on us
+
+<dt> REJECT: SPF fail 550 SPF fail: see 
+  http://openspf.com/why.html?sender=m.hendersonxk@163.net&ip=213.47.161.100
+<dd> message was reject because its sender's spf policy said to
+
+<dt> REJECT: Subject: Cialis - No prescription needed!
+<dd> message was rejected because its subject contained a bad expression
+
+<dt> REJECT: zombie PC at  192.168.3.37  sending MAIL FROM  seajdr@amritind.com
+<dd> message was rejected because the connect ip was internal, but the
+sender was not.  This is usually because a Windows PC is infected with
+malware.
+
+<dt> X-Guessed-SPF: pass
+<dd> When the SPF result is NONE, we guess a result based on the generic
+SPF policy "v=spf1 a/24 mx/24 ptr".
+
+<dt> DSPAM: tonyc tonyc@example.com
+<dd> message was sent to tonyc@example.com and it was identified as spam 
+and placed in the tonyc dspam quarantine
+
+<dt> REJECT: CBV: 550 calvinalstonis@ix.netcom.com...User unknown
+<dt> REJECT: CBV: 553 sorry, that domain isn't in my list
+<dt> REJECT: CBV: 554 delivery error: dd This user doesn't have an account 
+<dd> message was rejected because call back verification gave us a fatal
+error
+<dt> Auto-Whitelist: user@example.com
+<dd> recipient has been added to auto_whitelist.log because the message
+was sent from an internal IP and the recipient is not internal.
+<dt> WHITELIST user@example.com
+<dd> message is whitelisted because sender appears in auto_whitelist.log
+<dt> BLACKLIST user@example.com
+<dd> message is blacklisted because sender appears in blacklist.log or
+     failed a CBV test.
+<dt> TRAINSPAM: honeypot X-Dspam-Score: 0.002278
+<dd> message was used to train screener dictionary as spam
+<dt> TRAIN: honeypot X-Dspam-Score: 0.980203
+<dd> message was used to train screener dictionary as ham
+</dl>
+<br>
@@ -0,0 +1,307 @@
+Title: Python Milters
+
+<P ALIGN="CENTER"><A HREF="http://www.anybrowser.org/campaign/">
+<IMG SRC="http://bmsi.com/art/brain1.gif"
+ALT="Viewable With Any Browser" BORDER="0"></A>
+
+<img src="http://bmsi.com/art/banner_4.gif" width="468" height="60" border="0"
+	usemap="#banner_4" alt="Your vote?">
+<map name="banner_4">
+  <area shape="rect" coords="330,25,426,59"
+  	href="http://education-survey.org/" alt="I Disagree">
+  <area shape="rect" coords="234,28,304,57" href="http://www.honestEd.com/" alt="I Agree">
+</map>
+</P>
+
+<img src="Maxwells.gif" alt="Maxwell's Daemon: pymilter mascot" align=left>
+<h1 align=center>Sendmail Milters in Python</h1>
+<h4 align=center>by <a href="mailto:%75%72%6D%61%6E%65%40%6E%65%75%72%61l%61%63%63%65%73%73%2E%63%6F%6D">Jim Niemira</a>
+  and <a href="mailto:%73%74%75%61%72%74%40%62%6D%73%69%2E%63%6F%6D">
+  Stuart D. Gathman</a><br>
+This web page is written by Stuart D. Gathman<br>and<br>sponsored by
+<a href="http://www.bmsi.com">Business Management Systems, Inc.</a> <br>
+Last updated Mar 30, 2007</h4>
+
+See the <a href="faq.html">FAQ</a> | <a href="http://sourceforge.net/project/showfiles.php?group_id=139894">Download now</a> |
+<a href="http://bmsi.com/mailman/listinfo/pymilter">Subscribe to mailing list</a> |
+<a href="#overview">Overview</a> |
+<a href="/python/dspam.html">pydspam</a> |
+<a href="/libdspam/dspam.html">libdspam</a>
+<p>
+<a href="//www.python.org">
+<img src="python55.gif" align=left alt="A Python"></a>
+<a href="//www.sendmail.org/">Sendmail</a> introduced a
+<a href="http://www.milter.org/milter_api/api.html"> new API</a> beginning with version 8.10 -
+libmilter.  The milter module for <a href="//www.python.org">Python</a>
+provides a python interface to libmilter that exploits all its features.
+<p>
+Sendmail 8.12 officially releases libmilter.  
+Version 8.12 seems to be more robust, and includes new privilege
+separation features to enhance security.  Even better, sendmail 8.13
+supports socket maps, which makes <a href="pysrs.html">pysrs</a> much more
+efficient and secure.  I recommend upgrading.
+
+<h3><a name=overview>Overview</a></h3>
+
+This package provides a robust toolkit for Python <a
+href="#milter">milters</a>, and the beginnings of a general purpose mail
+filtering system written in Python.
+<p>
+At the lowest level, the 'milter' module provides a thin wrapper around the
+<a href="http://www.milter.org/milter_api/api.html">
+sendmail libmilter API</a>.  This API lets you register callbacks for 
+a number of events in the
+<a href="http://www.cs.concordia.ca/~group/fig/public/email/relay/milter+ruleset-checks.html">process of sendmail receiving a message via SMTP</a>.  
+These events include the initial connection from a MTA,
+the envelope sender and recipients, the top level mail headers, and
+the message body.  There are options to mangle all of these components
+of the message as it passes through the milter.
+<p>
+At the next level, the 'Milter' module (note the case difference) provides a
+Python friendly object oriented wrapper for the low level API.  To use the
+Milter module, an application registers a 'factory' to create an object
+for each connection from a MTA to sendmail.  These connection objects
+must provide methods corresponding to the libmilter callback events.
+<p>
+Each event method returns a code to tell sendmail whether to proceed
+with processing the message.  This is a big advantage of milters over
+other mail filtering systems.  Unwanted mail can be stopped in its
+tracks at the earliest possible point.
+<p>
+The Milter.Milter class provides default implementations for event
+methods that
+do nothing, and also provides wrappers for the libmilter methods to mutate
+the message.
+<p>
+The 'spf' module provides an implementation of <a href="http://openspf.com">
+SPF</a> useful for detecting email forgery.
+<p>
+The 'mime' module provides a wrapper for the Python email package that
+fixes some bugs, and simplifies modifying selected parts of a MIME message.
+<p>
+Finally, the bms.py application is both a sample of how to use the
+Milter and spf modules, and the beginnings of a general purpose SPAM filtering,
+wiretapping, SPF checking, and Win32 virus protecting milter.  It can
+make use of the <a href="pysrs.html">pysrs</a> package when available for
+SRS/SES checking and the <a href="dspam.html">pydspam</a> package for Bayesian
+content filtering.  SPF checking
+requires <a href="http://pydns.sourceforge.net/">
+pydns</a>.  Configuration documentation is currently included as comments
+in the <a href="milter.cfg">sample config file</a> for the bms.py milter.
+See also the <a href="HOWTO">HOWTO</a> and <a href="logmsgs.html">
+Milter Log Message Tags</a>.
+<p>
+Python milter is under GPL.  The authors can probably be convinced to
+change this to LGPL if needed.
+
+<h3>What is a <a name="milter">milter</a>?</h3>
+
+Milters can run on the same machine as sendmail, or another machine.  The
+milter can even run with a different operating system or processor than
+sendmail.
+Sendmail talks to the milter via a local or internet socket.
+Sendmail keeps the
+milter informed of events as it processes a mail connection.  At any 
+point, the milter can cut the conversation short by telling sendmail
+to ACCEPT, REJECT, or DISCARD the message.  After receiving a complete
+message from sendmail, the milter can again REJECT or DISCARD it, but it
+can also ACCEPT it with changes to the headers or body.
+
+<h3> What can you do with a milter? </h3>
+
+<menu>
+<li> A milter can DISCARD or REJECT spam based based on algorithms scripted
+in python rather than sendmail's cryptic "cf" language.
+<li> A milter can alter or remove attachments from mail that are poisonous to
+Windows.
+<li> A milter can scan for viruses and clean them when detected.
+<li> A milter scans outgoing as well as incoming mail.
+<li> A milter can add and delete recipients to forward or secretly
+copy mail.
+<li> For more ideas, check the <a href="//www.milter.org">Milter Web Page</a>.
+</menu>
+
+<a href="http://www.milter.org/milter_api/api.html">
+Documentation</a> for the C API is provided with sendmail.  Miltermodule
+provides a thin python wrapper for the C API.  Milter.py provides a simple
+OO wrapper on top of that.
+<p>
+The Python milter package includes a sample milter that replaces dangerous 
+attachments with a warning message, discards mail addressed to
+MAILER-DAEMON, and demonstrates several SPAM abatement strategies.  
+The MimeMessage class to do this used to be based on the
+<code>mimetools</code> and <code>multifile</code> standard python packages.  
+As of milter version 0.6.0, it is based on the email standard
+python packages, which were derived from the 
+<a href="http://sourceforge.net/projects/mimelib">mimelib</a> project.
+The MimeMessage class patches several bugs in the email package,
+and provides some backward compatibility.
+
+<p>
+The "defang" function of the sample milter was inspired by
+<a href="http://www.roaringpenguin.com/mimedefang/">MIMEDefang</a>,
+a Perl milter with flexible attachment processing options.  The latest
+version of MIMEDefang uses an apache style process pool to avoid reloading
+the Perl interpreter for each message.  This makes it fast enough for
+production without using Perl threading.
+<p>
+<a href="http://sourceforge.net/projects/mailchecker">mailchecker</a> is
+a Python project to provide flexible attachment processing for mail.  I
+will be looking at plugging mailchecker into a milter.
+<p>
+<a href="http://software.libertine.org/tmda/">TMDA</a> is a Python project
+to require confirmation the first time someone tries to send to your
+mailbox.  This would be a nice feature to have in a milter.
+<p>
+There is also a <a href="http://www.milter.org/">Milter community website</a>
+where milter software and gory details of the API are discussed.
+
+<h3> Is a milter written in python efficient? </h3>
+
+The python milter process is multi-threaded and startup cost is incurred
+only once.  This is much more efficient than some implementations that
+start a new interpreter for each connection.  Testing in a production
+environment did not use a significant percentage of the CPU.  Furthermore,
+python is easily extended in C for any step requiring expensive CPU
+processing.
+<p>
+For example, the HTML parsing feature to remove scripts from HTML attachments
+is rather CPU intensive in pure python.  Using the C replacement for sgmllib
+greatly speeds things up.
+
+<h3> Goals </h3>
+
+<menu>
+<li> Implement RRS - a backdoor for non-SRS forwarders.  User lists non-SRS 
+     forwarder accounts (perhaps in <code>~/.forwarders</code>), and a util
+     provides a special local alias for the user to give to the forwarder.
+     Alias only works for mail from that forwarder.  Milter gets forwarder
+     domain from alias and uses it to SPF check forwarder.  Requires
+     milter to have read access to <code>~/.forwarders</code> or else
+     a way for user to submit entries to milter database.
+<li> The bms.py milter has too many features.  Create a framework where
+     numerous small feature modules can be plugged together in the
+     configuration.
+<li> Create a pure python substitute for miltermodule and libmilter that
+     implements the <a
+href="http://www.duh.org/cvsweb.cgi/~checkout~/pmilter/doc/milter-protocol.txt?rev=1">
+     libmilter protocol</a> in python. 
+<li> Find or write a faster implementation of sgmllib.  The 
+     <a href="http://www.effbot.org/zone/sgmlop-index.htm">sgmlop package</a>
+     is not very compatible with 
+     <a href="http://www.python.org/doc/2.1.3/lib/module-sgmllib.html">
+     Python-2.1 sgmllib</a>, but it is a start, and is supported in
+     milter-0.4.5 or later.
+<li> Implement all or most of the features of 
+     <a href="http://www.roaringpenguin.com/mimedefang/">MIMEDefang</a>.
+<li> Follow the official <a href="http://www.python.org/peps/pep-0008.html">
+     Python coding standards</a> more closely.
+<li> Make unit test code more like other python modules.
+</menu>
+
+<h3> Confirmed Installations </h3>
+
+Please <a href="mailto:%73%74%75%61%72%74%40%62%6D%73%69%2E%63%6F%6D">email</a>
+me if you successfully install milter on a system not mentioned below.
+<p>
+<table>
+<tr>
+<th>Operating System</th> <th>Compiler</th> <th>Python</th> <th>Sendmail</th>
+<th>milter</th>
+<tr>
+<td>Mandrake 8.0</td><td>gcc-3.0.1</td><td>2.1.1</td><td>8.12.0</td>
+<td>0.3.3</td><tr>
+<td>Mandrake 8.0</td><td>gcc-2.96</td><td>2.0</td><td>8.11.2</td>
+<td>0.3.6</td><tr>
+<td>RedHat 6.2</td><td>egcs-1.1.2</td><td>2.2.2</td><td>8.11.6</td>
+<td>0.5.4</td><tr>
+<td>RedHat 7.1</td><td>gcc-2.96</td><td>?</td><td>8.12.1</td>
+<td>0.3.5</td><tr>
+<td>RedHat 7.3</td><td>gcc-2.96</td><td>2.2.2</td><td>8.11.6</td>
+<td>0.5.5</td><tr>
+<td>RedHat 7.3</td><td>gcc-2.96</td><td>2.3.3</td><td>8.13.1</td>
+<td>0.7.2</td><tr>
+<td>RedHat 7.3</td><td>gcc-2.96</td><td>2.4.1</td><td>8.13.5</td>
+<td>0.8.4</td><tr>
+<td>RedHat 8.0</td><td>gcc-3.2</td><td>2.2.1</td><td>8.12.6</td>
+<td>0.5.2</td><tr>
+<td>RedHat 9.0</td><td>gcc-3.2.2</td><td>2.4.1</td><td>8.13.1</td>
+<td>0.8.2</td><tr>
+<td>RedHat EL3</td><td>gcc-3.2.3</td><td>2.4.1</td><td>8.13.5</td>
+<td>0.8.4</td><tr>
+<td>Debian Linux</td><td>gcc-2.95.2</td><td>2.1.1</td><td>8.12.0</td>
+<td>0.3.7</td><tr>
+<td>Debian Linux</td><td>gcc-3.2.2</td><td>2.2.2</td><td>8.12.7</td>
+<td>0.5.4</td><tr>
+<td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.1.1</td><td>8.11.5</td>
+<td>0.3.3</td><tr>
+<td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.1.1</td><td>8.12.1</td>
+<td>0.3.4</td><tr>
+<td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.1.3</td><td>8.12.3</td>
+<td>0.4.2</td><tr>
+<td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.4.1</td><td>8.13.1</td>
+<td>0.8.4</td><tr>
+<td>Slackware 7.1</td><td>?</td><td>?</td><td>8.12.1</td>
+<td>0.3.8</td><tr>
+<td>Slackware 9.0</td><td>gcc-3.2.2</td><td>2.2.3</td><td>8.12.9</td>
+<td>0.5.4</td><tr>
+<td>OpenBSD</td><td>?</td><td>2.3.3?</td><td>8.13.1?</td>
+<td>0.7.2</td><tr>
+<td>SuSE 7.3</td><td>gcc-2.95.3</td><td>2.1.1</td><td>8.12.2</td>
+<td>0.3.9</td><tr>
+<td>FreeBSD</td><td>gcc-2.95.3</td><td>2.2.1</td><td>8.12.3</td>
+<td>0.4.0</td><tr>
+<td>FreeBSD</td><td>gcc-2.95.3</td><td>2.2.2</td><td>?</td>
+<td>0.5.5</td><tr>
+<td>FreeBSD 4.4</td><td>gcc-2.95.3</td><td>?</td><td>8.12.10</td>
+<td>0.6.6</td>
+</table>
+
+<h2> Enough Already! </h2>
+
+Nearly a dozen people have emailed me begging for a feature to copy
+outgoing and/or incoming mail to a backup directory by user.  Ok, it
+looks like this is a most requested feature for 0.5.6.  In the meantime,
+here are some things to consider:
+<ul>
+<li> If you want to equivalent of a Bcc added to each message, this
+is very easy to do in the python code for bms.py.   See below.
+<li> If you want to copy to a file in a directory (thus avoiding having to
+set up aliases), this is slightly more involved.  The bms.py milter already
+copies the message to a temporary file for use in replacing the message body
+when banned attachments are found.  You have to open a file, and copy the
+Mesage object to it in eom().
+<li> Finally, you are probably aware that most email clients already
+keep a copy of outgoing mail?  Presumably there is a good reason for
+keeping another copy on the server.
+</ul>
+<p>
+To Bcc a message, call <code>self.add_recipient(rcpt)</code> in envfrom after
+determining whether you want to copy (e.g. whether the sender is local).  For
+example,
+<pre>
+  def envfrom(...
+    ...
+    if len(t) == 2:
+      self.rejectvirus = t[1] in reject_virus_from
+      if t[0] in wiretap_users.get(t[1],()):
+	self.add_recipient(wiretap_dest)
+      if t[1] == 'mydomain.com':
+        self.add_recipient('&lt;copy-%s&gt;' % t[0])
+      ...
+</pre>
+<p>
+To make this a generic feature requires thinking about how the configuration
+would look.  Feel free to make specific suggestions about config file
+entries.  Be sure to handle both Bcc and file copies, and designating what
+mail should be copied.  How should "outgoing" be defined?  Implementing it is
+easy once the configuration is designed.
+
+
+<hr>
+<p>
+<a href="http://validator.w3.org/check/referer">
+<img border=0 src="http://bmsi.com/vh32.png" alt=" [ Valid HTML 3.2! ] " height=31 width=88></a>
+<a href="http://www.redhat.com">
+<img src="http://bmsi.com/art/powered_by.gif" width="88" height="31" alt=" [ Powered By Red Hat Linux ] " border="0"></a>
+</p>
@@ -0,0 +1,194 @@
+Title: Python Milter Mail Policy
+
+<h1> Python Milter Mail Policy </h1>
+
+These are the policies implemented by the <code>bms.py</code> milter
+application.  The milter and Milter modules do not implement any policies
+by themselves.  
+
+<h3> Classify connection </h3>
+
+When the SMTP client connects, the connection IP address is
+saved for later verification, and the connection
+is classified as INTERNAL or EXTERNAL by matching the ip
+address against the <code>internal_connect</code> configuration.
+IP addresses with no PTR, and PTR names that look like
+the kind assigned to dynamic IPs (as determined by a heuristic
+algorithm) are flagged as DYNAMIC.  IPs that match the
+<code>trusted_relay</code> configuration are flagged as TRUSTED.
+<p>
+Examples from the log file (<i>not</i> the SMTP error message returned):
+<pre>
+2005Jul29 13:56:53 [71207] connect from p50863492.dip0.t-ipconnect.de at ('80.134.52.146', 1858) EXTERNAL DYN
+2005Jul29 18:10:15 [74511] connect from foopub at ('1.2.3.4', 46513) EXTERNAL TRUSTED
+2005Jul29 14:41:00 [71805] connect from foobar at ('192.168.0.1', 41205) INTERNAL
+2005Jul29 14:41:15 [71806] connect from cncln.online.ln.cn at ('218.25.240.137', 35992) EXTERNAL
+</pre>
+<p>
+Certain obviously evil PTR names are blocked at this point:
+"localhost" (when IP is not 127.*) and ".".
+<pre>
+2005Jul29 14:49:50 [71918] connect from localhost at ('221.132.0.6', 50507) EXTERNAL
+2005Jul29 14:49:50 [71918] REJECT: PTR is localhost
+</pre>
+
+<h3> HELO Check </h3>
+
+The HELO name provided by the client is saved for later verification
+(for example by SPF).  We could validate the HELO at this point
+by verifying that an A record for the HELO name matches the connect ip.
+However, currently we only block certain obvious problems.  
+HELO names that look like an IP4 address 
+and ones that match the <code>hello_blacklist</code> configuration
+are immediately rejected.  The hello_blacklist typically contains
+the current MTAs own HELO name or email domains.
+Clients that attempt to skip HELO are immediately rejected.
+<pre>
+2005Jul29 18:10:15 [74512] hello from example.com
+2005Jul29 18:10:15 [74512] REJECT: spam from self: example.com
+2005Jul29 18:17:09 [74581] hello from 80.191.244.69
+2005Jul29 18:17:09 [74581] REJECT: numeric hello name: 80.191.244.69
+</pre>
+
+<h3> MAIL FROM Check </h3>
+
+Before calling our milter, sendmail checks a DNS blacklist to 
+block banned sender domains.  We never see a blocked domain.
+<p>
+The MAIL FROM address is saved for possible use by the smart-alias
+feature.  First, the <code>internal_domains</code> is used for
+a simple screening if defined.  If the MAIL FROM for an INTERNAL connection 
+is NOT in <code>internal_domains</code>, then it is rejected (the
+PC is most likely infected and attempting to send out spam).
+If the MAIL FROM for an EXTERNAL connection IS in
+<code>internal_domains</code>, then the message is immediately rejected.
+This is quick and effective for most small company MTAs.  For more
+complex mail networks, it is too simplistic, and should not be defined.
+SPF will handle the complex cases.
+
+<h4> wiretap </h4>
+
+The wiretap feature can screen and/or monitor mail to/from certain
+users.  If the MAIL FROM is being wiretapped, the recipients are
+altered accordingly.
+
+<!--table-stop-->
+
+<h2> SPF check </h2>
+
+The MAIL FROM, connect IP, and HELO name are checked against
+any SPF records published via DNS for the alleged sender (MAIL FROM)
+to determine the official SPF policy result.
+The offical SPF result is then logged in the Received-SPF header field,
+but certain results are subjected to further processing to create
+an effective result for policy purposes.
+
+If the official result is 'none', we try to turn it into an effective result of
+'pass' or 'fail'.  First, we check for a local substitute SPF record
+under the domain defined in the <code>[spf]delegate</code> configuration.  
+It is often useful to add local SPF records for correspondents that are
+too clueless to add their own.  If there is no local substitute, we use a "best
+guess" SPF record of "v=spf1 a/24 mx/24 ptr" for MAIL FROM or "v=spf1 a/24
+mx/24" for HELO.  In addition, a HELO that is a subdomain of MAIL FROM and
+resolves to the connect IP results in an effective result of 'pass'.
+
+If there is no local SPF record, and the effective result is still not
+'pass', we check for either a valid HELO name or a valid PTR record for
+the connect IP.  A valid HELO or PTR cannot look like a dynamic name
+as determined by the heuristic in <code>Milter.dynip</code>.
+
+If HELO has an SPF record, and the result is anything but pass, we reject
+the connection:
+<pre>
+2005Jul30 19:45:16 [93991] connect from [221.200.41.54] at ('221.200.41.54', 3581) EXTERNAL DYN
+2005Jul30 19:45:18 [93991] hello from adelphia.net
+2005Jul30 19:45:19 [93991] mail from <wendy.stubbsua@link-it.com> ()
+2005Jul30 19:45:19 [93991] REJECT: hello SPF: fail 550 access denied
+</pre>
+Note that HELO does not have any forwarding issues like MAIL FROM, and so
+any result other than 'pass' or 'none' should be treated like 'fail'.
+
+Only if nothing about the SMTP envelope can be validated does the effective
+result remain 'none.  I call this the "3 strikes" rule.
+
+If the official result is 'permerror' (a syntax error in the sender's
+policy), we use the 'lax' option in pyspf to try various heuristics to guess 
+what they really meant.  For instance, the invalid mechanism "ip:1.2.3.4" is
+treated as "ip4:1.2.3.4".  The result of lax processing is then used
+as the effective result for policy purposes.
+
+With an effective SPF result in hand, we consult the sendmail access
+database to find our receiver policy for the sender.  
+
+<table border=1>
+<tr><th>REJECT</th><td>
+Reject the sender with a 550 5.7.1 SMTP code.  The SMTP rejection
+includes a detailed description of the problem.
+</td></tr>
+<tr><th>CBV</th><td>
+Do a Call Back Validation by connecting to an MX of the sender
+and checking that using the sender as the RCPT TO is not rejected.
+We quit the CBV connection before actualling sending a message.
+If the CBV is rejected, our SMTP connection is rejected with the
+same error code and message.  CBV results are cached.
+</td></tr>
+<tr><th>DSN</th><td>
+Do a Call Back Validation by connecting to an MX of the sender
+and checking that using the sender as the RCPT TO is not rejected.
+Unlike a CBV, we continue on to data and send a detailed message
+explaining the problem.  This can be useful for reporting PermError
+or SoftFail to the sender.  Keep in mind that for any result other
+than 'pass', the sender could be forged, and your DSN could annoy the
+wrong person.  However, a SoftFail result is requesting such feedback
+for debugging and a PermError result needs to be fixed by the sender ASAP
+whether forged or not.  DSN results are cached so that senders are
+annoyed only weekly.
+</td></tr>
+<tr><th>OK</th><td>
+Accept the sender.  The message may still be rejected via reputation
+or content filtering.
+</td></tr>
+</table>
+
+<h3> SPF policy syntax </h3>
+
+First, the full sender is checked:
+<pre>
+SPF-Fail:abeb@adelphia.net     DSN
+</pre>
+This says to accept mail from that adelphia.net user despite the
+SPF fail, but only after annoying them with a DSN about their ISP's broken
+policy. 
+
+If there is no match on the full sender, the domain is checked:
+<pre>
+SPF-Neutral:aol.com     REJECT
+</pre>
+This says to reject mail from AOL with an SPF result of neutral.
+This means AOL users can't use their AOL address with another mail service
+to send us mail.  This is good because the other mail service is 
+likely a badly configured greeting card site or a virus.
+
+Finally, a default policy for the result is checked.  While there are program
+defaults, you should have defaults in the access database for SPF results:
+<pre>
+SPF-Neutral:            CBV
+SPF-Softfail:           DSN
+SPF-PermError:          DSN
+SPF-TempError:          REJECT
+SPF-None:               REJECT
+SPF-Fail:               REJECT
+SPF-Pass:               OK
+</pre>
+
+<h2> Reputation </h2>
+
+If the sender has not been rejected by this point, and if a GOSSiP server is
+configured, we consult GOSSiP for the reputation score of the sender and
+SPF result.  The score is a number from -100 to 100 with a confidence
+percentage from 0 to 100.  A really bad reputation (less than -50 with
+confidence greater than 3) is rejected.  Note that the reputation is tracked
+independently for each SPF result and sender combination.  So aol.com:neutral
+might have a really bad reputation, while aol.com:pass would be ok.
+Furthermore, when a sender finally publishes an SPF policy and starts
+getting SPF pass, their reputation is effectively reset.
@@ -0,0 +1,99 @@
+Title: Requirements
+
+<h2> Requirements </h2>
+
+<menu>
+<li> While the miltermodule will work with python 1.5, you probably
+want to use python 2.0 or better.  The python code uses a number of
+python 2 features.  The email support requires python 2.4.
+<li> Python must be configured with thread support.  This is because
+pymilter uses sendmail's libmilter which requires thread support.
+<li> You must compile sendmail with libmilter enabled.  In versions of
+sendmail prior to 8.12 libmilter is marked FFR (For Future Release) and
+is not installed by default.  
+Sendmail 8.12 still does not enable libmilter by default.  You must 
+explicitly select the "MILTER" option when compiling.  
+<li> When compiling Python milter against sendmail versions earlier than
+8.13, you must set MAX_ML_REPLY to 1 in setup.py.  There is no way to tell from
+the libmilter includes that smfi_setmlreply is not supported.
+<li> You probably want to use sendmail-8.13, since that supports multi-line
+SMTP error descriptions and SOCKETMAP.  You want SOCKETMAP for use with
+pysrs.
+<li> Python milter has been tested against sendmail-8.11 through sendmail-8.13.
+<li> Python milter must be compiled for the specific version of sendmail
+it will run with.  (Since the result is dynamically loaded, there could 
+conceivably be multiple versions available and selected at startup - but
+that will have to wait.)  This situation may only exist for sendmail
+versions prior to 8.12.  The protocol seems designed for backward 
+compatibility - and 8.12 is the first official milter release.
+<li> Mea Culpa!  After reading the Python Style guide, I realize that
+my Python code is not up to snuff.  Apparently mixed tabs and spaces
+are anathema to those using Windows editors, where tabs can be expanded using
+any arbitrary algorithm.  Other than that, my
+intuition matched Guido's pretty well - although I like to indent by 2
+rather than 4.  I will arrange to have tabs expanded to spaces when
+exporting new versions.  Until then, beware!
+</menu>
+
+<h3> <a name="aix4"> AIX 4.1.5 Requirements </a> </h3>
+To create sendmail RPMs for AIX, you can download my AIX 4.1.5 spec files 
+for <a href="/aix/sendmail.spec">sendmail-8.11.5</a> 
+or <a href="/aix/sendmail12.spec">sendmail-8.12.3</a>.  If you have
+not already set it up, I use a <a href="/aix/aix.spec">dummy RPM package</a>
+to represent the stuff that comes with AIX.  You might also want
+my <a href="/aix/python.spec">python-2.1.1</a> spec file for AIX.  It
+does not include Tk or curses modules, sorry.  If y'all trust me, you can
+download rpms for AIX 4.x from my <a href="/aix">AIX RPM directory</a>.
+<p>
+Sendmail-8.12 renames 
+libsmutil.a to libsm.a.  Unfortunately, libsm.a is an important AIX system
+shared library.  Therefore, I rename libsm.a back to libsmutil.a for
+AIX.  This presents a problem for setup.py.
+
+<h3> <a name="rh72"> RedHat 7.2 Requirements </a> </h3>
+
+If you are running Redhat 7.2, the distributed version of sendmail
+now enables libmilter by default.  RedHat 7.2 bundles
+the development libraries with the main sendmail package, so
+there is no sendmail-devel package.  However, they forgot to include the
+headers!  So you'll have to get the SRPM and modify it.  I suggest
+moving the static libs to a devel package and adding the headers.  If
+this is too much trouble, you can get the <a href="mfapi.h">mfapi.h</a>
+header for sendmail-8.6.11 from here and manually install it as
+<code>/usr/include/libmilter/mfapi.h</code>.
+<p>
+If you do modify the SRPM, I suggest renaming libsmutil.a
+to libsm.a - just like sendmail-8.12 will.  If you manually install
+mfapi.h or don't rename libsmutil.a, you'll
+need to force <code>libs = ["milter", "smutil"]</code> in setup.py.
+<p>
+If you have installed python2, and want
+python-milter to use python2, add <code>python=python2</code> to setup.cfg
+and build with <code>python2 setup.py bdist_rpm</code>.   
+
+<h3> <a name="rh62"> Redhat 6.2 Requirements </a> </h3>
+
+If you are running Redhat 6.2, the distributed version of sendmail
+does not enable libmilter.  You can download the Redhat 7.2 sendmail.spec
+modified to compile on RedHat 6.2:
+<a href="http://www.bmsi.com/linux/rh62/sendmail-rhmilter.spec">
+sendmail-rhmilter.spec</a>.  The <a
+href="ftp://updates.redhat.com/7.0/en/os/SRPMS/sendmail-8.11.6-1.7.0.src.rpm">
+SRPM for sendmail-8.11.6</a> is available from
+<a href="http://www.redhat.com">Redhat</a> under 
+<a href="http://www.redhat.com/support/errata/RHSA-2001-106.html">
+Errata for RH6.2</a>.  But that doesn't include the latest security
+patches since RH6.2 is no longer supported.
+<p>
+If y'all trust me, you can pick up source and binary sendmail RPMs for RH6.2
+from my <a href="http://www.bmsi.com/linux/rh62">linux downloads</a> directory.
+The lastest RPMs were built by taking a RH7.2 SRPMS and removing some
+RPM features from the spec file that RH6.2 doesn't support, then
+recompiling on RH6.2.  You can check this by installing the RH7.2 SRPM,
+then diffing my sendmail.spec with theirs.  Then run
+"rpm -bb sendmail-rhmilter.spec" when you are satisfied.
+<p>
+If you have installed python2, and want
+python-milter to use python2, add <code>python=python2</code> to setup.cfg
+and build with <code>python2 setup.py bdist_rpm</code>.
+You'll need to install the sendmail-devel package to compile milter.
@@ -1,159 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-<title>Python Milter FAQ</title>
-</head><body>
-
-<h1> Python Milter <a name=faq>FAQ</a> </h1>
-
-<ol>
-<h3> Compiling Python Milter </h3>
-<li> Q. I have installed sendmail from source, but Python milter won't
-compile.
-<p>  A. Even though libmilter is officially supported in sendmail-8.12, 
-you need to build and install it in separate steps.  Take a look
-at the <a href="/aix/sendmail12.spec">RPM spec file</a> for sendmail-8.12.  
-The %prep section shows you how to create
-a site.config.m4 that enables MILTER.  The %build section shows you how
-to build libmilter in a separate invocation of make.  The %install section
-shows you how to install libmilter with a separate invocation of make.
-<p>
-
-<li> Q. Why is mfapi.h not found when I try to compile Python milter on
-RedHat 7.2?
-<p>  A. RedHat forgot to include the header in the RPM.  See the
-<a href="milter.html#rh72">RedHat 7.2 requirements</a>.
-<p>
-
-<h3> Running Python Milter </h3>
-
-<li> Q. The sample.py milter prints a message, then just sits there.
-<pre>
-To use this with sendmail, add the following to sendmail.cf:
-
-O InputMailFilters=pythonfilter
-Xpythonfilter,        S=local:inet:1030@localhost
-
-See the sendmail README for libmilter.
-sample  milter startup
-</pre>
-<p>  A. You need to tell sendmail to connect to your milter.  The
-sample milter tells you what to add to your sendmail.cf to tell
-sendmail to use the milter.  You can also add an INPUT_MAIL_FILTER
-macro to your sendmail.mc file and rebuild sendmail.cf - see the sendmail
-README for milters.
-<p>
-
-<li> Q. I've configured sendmail properly, but still nothing happens
-when I send myself mail!
-<p>  A. Sendmail only milters SMTP mail.  Local mail is not miltered.
-You can pipe a raw message through sendmail to test your milter:
-<pre>
-$ cat rawtextmsg | sendmail myname@my.full.domain
-</pre>
-Now check your milter log.
-<p>
-
-<li> Q. Why do I get this ImportError exception?
-<pre>
-File "mime.py", line 370, in ?
-    from sgmllib import declstringlit, declname
-    ImportError: cannot import name declstringlit
-</pre>
-<p>  A. <code>declstringlit</code> is not provided by sgmllib in all versions
-of python.  For instance, python-2.2 does not have it.  Upgrade to
-milter-0.4.5 or later to remove this dependency.
-<p>
-
-<li> Q. Why do I get <code>milter.error: cannot add recipient</code>?
-<pre>
-</pre>
-<p>  A. You must tell libmilter how you might mutate the message with
-<code>set_flags()</code> before calling <code>runmilter()</code>.  For
-instance, <code>Milter.set_flags(Milter.ADDRCPT)</code>.  You must add together
-all of <code>ADDHDRS, CHGBODY, ADDRCPT, DELRCPT, CHGHDRS</code> that apply.
-<p>
-
-<li> Q. Why does sendmail sometimes print something like:
-"...write(D) returned -1, expected 5: Broken pipe"
-in the sendmail log?
-<p>  A. Libmilter expects "rcpt to" shortly after getting "mail from".
-"Shortly" is defined by the timeout parameter you passed to
-<code>Milter.runmilter()
-</code> or <code>milter.settimeout()</code>.  If the timeout is 10 seconds,
-and looking up the first recipient in DNS takes more than
-10 seconds, libmilter will give up and break the connection.  
-<code>Milter.runmilter()</code> defaulted to 10 seconds in 0.3.4.  In 0.3.5
-it will keep the libmilter default of 2 hours.
-<p>
-
-<li> Q. Why does milter block messages with big5 encoding?  What if I
-want to receive them?
-<p>  A. sample.py is a sample.  It is supposed to be easily modified
-for your specific needs.  We will of course continue to move generic
-code out of the sample as the project evolves.  Think of sample.py as
-an active config file.
-<p>
-
-<li> Q. Why does sendmail coredump with milters on OpenBSD?
-<p>  A. Sendmail has a problem with unix sockets on OpenBSD.  Use
-an internet domain socket instead.  For example, in <code>sendmail.cf</code> use
-<pre>
-Xpythonfilter, S=inet:1234@localhost
-</pre>
-and change sample.py accordingly.
-<p>
-
-<li> Q. How can I change the bounce message for an invalid recipient?
-I can only change the recipient in the eom callback, but the eom callback
-is never called when the recipient is invalid!
-<p>  A. Configure sendmail to use virtusertable, and send all unknown
-addresses to /dev/null.  For example,
-<h4>/etc/mail/virtusertable</h4>
-<pre>
-@mycorp.com	dev-null
-dan@mycorp.com	dan
-sally@mycorp.com	sally
-</pre>
-<h4>/etc/aliases</h4>
-<pre>
-dev-null:	/dev/null
-</pre>
-Now your milter will get to the eom callback, and can change the
-envelope recipient at will.  Thanks to Dredd at 
-<a href=http://www.milter.org/>milter.org</a> for this solution.
-<p>
-
-<li> Q. I am having trouble with the setreply method.  It always outputs
-	"milter.error: cannot set reply".
-<p>  A. Check the sendmail log for errors.  If sendmail is getting
-milter timeouts, then your milter is taking too long and sendmail gave
-up waiting.  You can adjust the timeouts in your sendmail config.  Here
-is a milter declaration for sendmail.cf with all timeouts specified:
-<pre>
-Xpythonfilter, S=local:/var/log/milter/pythonsock, F=T, T=C:5m;S:20s;R:60s;E:5m
-</pre>
-
-<a name="spf">
-<li> Q. So how do I use the SPF support?  The sample.py milter doesn't seem
-        to use it.
-<p>  A. The bms.py milter supports spf.  The RedHat RPMs will set almost
-everything up for you.  For other systems:
-<ol type=i>
-<li> Arrange to run bms.py in the background (as a service perhaps) and
-     redirect output and errors to a logfile.  For instance, on AIX you'll want
-     to use SRC (System Resource Controller).  
-<li> Copy milter.cfg to the directory you run bms.py in, and edit it.  The
-     comments should explain the options. 
-<li> Start bms.py in the background as arranged.
-<li> Add Xpythonfilter to sendmail.cf or add an INPUT_MAIL_FILTER to
-     sendmail.mc.  Regen sendmail.cf if you use sendmail.mc and restart 
-     sendmail.
-<li> Arrange to rotate log files and remove old defang files in 
-     <code>tempdir</code>.  The RedHat RPM uses <code>logrotate</code> for
-     logfiles and a simple cron script using <code>find</code> to clean
-     <code>tempdir</code>.
-</ol>
-
-</ol>
-</html>
@@ -0,0 +1,155 @@
+## To roll your own milter, create a class that extends Milter.  
+#  See the pymilter project at http://bmsi.com/python/milter.html
+#  based on Sendmail's milter API http://www.milter.org/milter_api/api.html
+#  This code is open-source on the same terms as Python.
+
+## Milter calls methods of your class at milter events.
+## Return REJECT,TEMPFAIL,ACCEPT to short circuit processing for a message.
+## You can also add/del recipients, replacebody, add/del headers, etc.
+
+import Milter
+import StringIO
+import time
+import email
+from socket import AF_INET, AF_INET6
+
+def parse_addr(t):
+  """Split email into user,domain.
+
+  >>> parse_addr('user@example.com')
+  ['user', 'example.com']
+  >>> parse_addr('"user@example.com"')
+  ['user@example.com']
+  >>> parse_addr('"user@bar"@example.com')
+  ['user@bar', 'example.com']
+  >>> parse_addr('foo')
+  ['foo']
+  """
+  if t.startswith('<') and t.endswith('>'): t = t[1:-1]
+  if t.startswith('"'):
+    if t.endswith('"'): return [t[1:-1]]
+    pos = t.find('"@')
+    if pos > 0: return [t[1:pos],t[pos+2:]]
+  return t.split('@')
+
+class myMilter(Milter.Milter):
+
+  def __init__(self):  # A new instance with each new connection.
+    self.id = Milter.uniqueID()  # Integer incremented with each call.
+
+  # each connection runs in its own thread and has its own myMilter
+  # instance.  Python code must be thread safe.  This is trivial if only stuff
+  # in myMilter instances is referenced.
+  def connect(self, IPname, family, hostaddr):
+    # (self, 'ip068.subnet71.example.com', AF_INET, ('215.183.71.68', 4720) )
+    # (self, 'ip6.mxout.example.com', AF_INET6,
+    #	('3ffe:80e8:d8::1', 4720, 1, 0) )
+    self.IP = hostaddr[0]
+    self.port = hostaddr[1]
+    if family == AF_INET6:
+      self.flow = hostaddr[2]
+      self.scope = hostaddr[3]
+    else:
+      self.flow = None
+      self.scope = None
+    self.IPname = IPname  # Name from a reverse IP lookup
+    self.H = None
+    self.fp = None
+    self.receiver = self.getsymval('j')
+    self.log("connect from %s at %s" % (IPname, hostaddr) )
+    
+    return Milter.CONTINUE
+
+
+  ##  def hello(self,hostname):
+  def hello(self, heloname):
+    # (self, 'mailout17.dallas.texas.example.com')
+    self.H = heloname
+    self.log("HELO %s" % heloname)
+    if heloname.find('.') < 0:	# illegal helo name
+      # NOTE: example only - too many real braindead clients to reject on this
+      self.setreply('550','5.7.1','Sheesh people!  Use a proper helo name!')
+      return Milter.REJECT
+      
+    return Milter.CONTINUE
+
+  ##  def envfrom(self,f,*str):
+  def envfrom(self, mailfrom, *str):
+    self.F = mailfrom
+    self.R = []  # list of recipients
+    self.fromparms = Milter.dictfromlist(str)	# ESMTP parms
+    self.user = self.getsymval('{auth_authen}')	# authenticated user
+    self.log("mail from:", mailfrom, *str)
+    self.fp = StringIO.StringIO()
+    self.canon_from = '@'.join(parse_addr(mailfrom))
+    self.fp.write('From %s %s\n' % (self.canon_from,time.ctime()))
+    return Milter.CONTINUE
+
+
+  ##  def envrcpt(self, to, *str):
+  def envrcpt(self, recipient, *str):
+    rcptinfo = to,Milter.dictfromlist(str)
+    self.R.append(rcptinfo)
+    
+    return Milter.CONTINUE
+
+
+  def header(self, name, hval):
+    self.fp.write("%s: %s\n" % (name,hval))	# add header to buffer
+    return Milter.CONTINUE
+
+
+  def eoh(self):
+    self.fp.write("\n")				# terminate headers
+    return Milter.CONTINUE
+
+
+  def body(self, chunk):
+    self.fp.write(chunk)
+    return Milter.CONTINUE
+
+
+  def eom(self):
+    self.fp.seek(0)
+    msg = email.message_from_file(self.fp)
+    self.setreply('250','2.5.1','Grokked by pymilter')
+    # many milter functions can only be called from eom()
+    # example of adding a Bcc:
+    self.addrcpt('<%s>' % 'spy@example.com')
+    return Milter.ACCEPT
+
+
+  def close(self):
+    # always called, even when abort is called.  Clean up
+    # any external resources here.
+    return Milter.CONTINUE
+
+  def abort(self):
+    # client disconnected prematurely
+    return Milter.CONTINUE
+
+  ## === Support Functions ===
+
+  def log(self,*msg):
+    print "%s [%d]" % (time.strftime('%Y%b%d %H:%M:%S'),self.id),
+    # 2005Oct13 02:34:11 [1] msg1 msg2 msg3 ...
+    for i in msg: print i,
+    print
+
+
+## ===
+    
+def main():
+  # Register to have the Milter factory create instances of your class:
+  Milter.factory = myMilter
+  flags = Milter.CHGBODY + Milter.CHGHDRS + Milter.ADDHDRS
+  flags += Milter.ADDRCPT
+  flags += Milter.DELRCPT
+  Milter.set_flags(flags)       # tell Sendmail which features we use
+  print "%s milter startup" % time.strftime('%Y%b%d %H:%M:%S')
+  sys.stdout.flush()
+  Milter.runmilter("pythonfilter",socketname,timeout)
+  print "%s bms milter shutdown" % time.strftime('%Y%b%d %H:%M:%S')
+
+if __name__ == "__main__":
+  main()
@@ -1,50 +1,75 @@
-# features intended to filter or block incoming mail
 [milter]
+# the directory with log and data files
+datadir = /var/log/milter
 # the socket used to communicate with sendmail.  Must match sendmail.cf
-;socket=/var/run/milter/pythonsock
+socket=/var/run/milter/pythonsock
 # where to save original copies of defanged and failed messages
 tempdir = /var/log/milter/save
 # how long to wait for a response from sendmail before giving up 
 ;timeout=600
+log_headers = 0
+# Connection ips and hostnames are matched against this glob style list
+# to recognize internal senders.  You probably need to change this.
+# The default is a good guess to try and prevent newbie frustration.
+internal_connect = 192.168.0.0/16,127.*
+
+# mail that is not an internal_connect and claims to be from an
+# internal domain is rejected.  Furthermore, internal mail that
+# does not claim to be from an internal domain is rejected.
+# You should enable SPF instead if you can.  SPF is much more comprehensive and
+# flexible.  However, SPF is not currently checked for outgoing
+# (internal_connect) mail because it doesn't yet handle authorizing 
+# internal IPs locally.
+;internal_domains = mycorp.com,localhost.localdomain
+
+# connections from a trusted relay can trust the first Received header
+# SPF checks are bypassed for internal connections and trusted relays.
+;trusted_relay = 1.2.3.4, 66.12.34.56
+
+# Relaying to these domains is allowed from internal connections only.
+# You might want to restrict aol.com, for instance, so that stupid
+# users don't forward their spam to aol for filtering and get your MTA 
+# blacklisted by aol.
+;private_relay = aol.com, yahoo.com
+
+# Reject external senders with hello names no legit external sender would use.
+# SPF will do this also, but listing your own domain and mailserver here
+# will save some DNS lookups when rejecting certain viruses.
+;hello_blacklist = mycorp.com, 66.12.34.56
+
+# Reject mail for domains mentioned unless user is mentioned here also
+;check_user = joe@mycorp.com, mary@mycorp.com, file:bigcorp.com
+
+# Treat localparts in milter.cfg as case-insensitive
+case_sensitive_localpart = true
+
+# features intended to filter or block incoming mail
+[defang]

 # do virus scanning on attached messages also
-scan_rfc822 = 1
+scan_rfc822 = 0
+# do virus scanning on attached zipfiles also
+scan_zip = 0
 # Comment out scripts in HTML attachments.  Can be CPU intensive.
 scan_html = 0
 # reject messages with asian fonts because we can't read them
-block_chinese = 1
+block_chinese = 0
 # list users who hate forwarded mail
 ;block_forward = egghead@mycorp.com, busybee@mycorp.com
-log_headers = 0
-# Reject mail for domains mentioned unless user is mentioned here also
-;check_user = joe@mycorp.com, mary@mycorp.com, file:bigcorp.com
 # reject mail with these case insensitive strings in the subject
 porn_words = penis, breast, pussy, horse cock, porn, xenical, diet pill, d1ck,
 	vi*gra, vi-a-gra, viag, tits, p0rn, hunza, horny, sexy, c0ck, xanaax,
 	p-e-n-i-s, hydrocodone, vicodin, xanax, vicod1n, x@nax, diazepam,
 	v1@gra, xan@x, cialis, ci@lis, frëe, xãnax, valíum, vãlium, via-gra,
 	x@n3x, vicod3n, penís, c0d1n, phentermine, en1arge, dip1oma, v1codin,
-	valium, rolex
+	valium, rolex, sexual, fuck, adv1t, vgaira, medz, acai berry
 # reject mail with these case sensitive strings in the subject
 spam_words = $$$, !!!, XXX, FREE, HGH
-
-# connection ips and hostnames are matched against this glob style list
-# to recognize internal senders
-;internal_connect = 192.168.*.*
-
-# mail that is not an internal_connect and claims to be from an
-# internal domain is rejected.  You should enable SPF instead if you can.
-# SPF is much more comprehensive and flexible.
-;internal_domains = mycorp.com
-
-# connections from a trusted relay can trust the first Received header
-# SPF checks are bypassed for internal connections and trusted relays.
-;trusted_relay = 1.2.3.4, 66.12.34.56
-
-# reject external senders with hello names no legit external sender would use
-# SPF will do this also, but listing your own domain and mailserver here
-# will save some DNS lookups when rejecting certain viruses.
-;hello_blacklist = mycorp.com, 66.12.34.56
+# attachments with these extensions will be replaced with a warning
+# message.  A copy of the original will be saved. 
+banned_exts = ade,adp,asd,asx,asp,bas,bat,chm,cmd,com,cpl,crt,dll,exe,hlp,hta,
+	inf,ins,isp,js,jse,lnk,mdb,mde,msc,msi,msp,mst,ocx,pcd,pif,reg,scr,sct,
+	shs,url,vb,vbe,vbs,wsc,wsf,wsh 

 # See http://bmsi.com/python/pysrs.html for details
 [srs]
@@ -57,8 +82,12 @@ config=/etc/mail/pysrs.cfg
 ;fwdomain = mydomain.com
 # turn this on after a grace period to reject spoofed DSNs
 reject_spoofed = 0
+# Many braindead MTAs send DSNs with a non-DSN MFROM (e.g. to report that
+# some virus claiming to be sent by you).  This heuristic
+# refuses mail from user names commonly abused in that way.
+;banned_users = postmaster, mailer-daemon, clamav

-# See http://spf.pobox.com for more info on SPF.
+# See http://www.openspf.com for more info on SPF.
 [spf]
 # namespace where SPF records can be supplied for domains without one
 # records are searched for under _spf.domain.com
@@ -67,10 +96,26 @@ reject_spoofed = 0
 ;reject_neutral = aol.com
 # use a default (v=spf1 a/24 mx/24 ptr) when no SPF records are published
 ;best_guess = 0
-# reject senders that have neither PTR nor SPF records
+# Reject senders that have neither PTR nor valid HELO nor SPF records, or send
+# DSN otherwise
 ;reject_noptr = 0
-# always accept softfail from these domains
+# always accept softfail from these domains, or send DSN otherwise
 ;accept_softfail = bounces.amazon.com
+# Treat fail from these domains like softfail: because their SPF record
+# or an important sender is screwed up.  Must have valid HELO, however.
+;accept_fail = custhelp.com
+# Use sendmail access map or similar format for detailed spf policy.
+# SPF entries in the access map will override any defaults set above.
+;access_file = /etc/mail/access.db
+# Add MAIL FROM as Sender when Sender is missing and From domain
+# doesn't match MAIL FROM.  Outlook and other email clients will then display
+# something like: "Sent by sender@domain.com on behalf of from@example.com"
+;supply_sender = 0
+# Connections that get an SPF pass for a pretend MAIL FROM of 
+# postmaster@sometrustedforwarder.com skip SPF checks for the real MAIL FROM.
+# This is for non-SRS forwarders.  It is a simple implementation that
+# is inefficient for more than a few entries.
+;trusted_forwarder = careerbuilder.com

 # features intended to clean up outgoing mail
 [scrub]
@@ -87,14 +132,22 @@ blind = 1
 # (sendmail aliases let you monitor incoming mail)
 #
 ;users = disloyal@bigcorp.com, bigmouth@bigcorp.com
+# multiple destinations can use smart_alias
 ;dest = spy@bigcorp.com
 # discard outgoing mail without alerting sender
 # can be used in conjunction with wiretap to censor outgoing mail
 ;discard_users = canned@bigcorp.com
+# archive copies all delivered mail to a file
+;mail_archive = /var/log/mail_archive
+
 #
 # smart aliases trigger on both sender and recipient
+#   alias = sender, recipient[, destination]
 #
-;smart_alias = copycust,walter
+[smart_alias]
+# multiple wiretap monitors.  Smart aliases are applied after wiretap.
+;spy1 = disloyal@bigcorp.com,spy@bigcorp.com
+;spy2 = bigmouth@bigcorp.com,spy@bigcorp.com
 # mail from client@clientcorp.com to sue@bigcorp.com is redirected to 
 # local alias copycust
 ;copycust = client@clientcorp.com,sue@bigcorp.com
@@ -104,6 +157,8 @@ blind = 1
 # additional copies can be added
 ;walter1 = cust@othercorp.com,walter@bigcorp.com,boss@bigcorp.com,
 ;	walter@bigcorp.com
+;bulk = soruce@telex.com,bob@jsconnor.com
+;bulk1 = soruce@telex.com,larry@jsconnor.com,bulk

 # See http://bmsi.com/python/dspam.html
 [dspam]
@@ -112,12 +167,20 @@ blind = 1
 # only EXTERNAL messages are dspam filtered
 ;dspam_dict=/var/lib/dspam/moderator.dict

-# Opt-opt recipients from dspam screening and header triage
+# Recipients of mail sent from these senders are added to the auto_whitelist.
+# Auto_whitelisted senders with an SPF PASS are never rejected by dspam, and
+# messages from auto_whitelisted senders will be used to train screener
+# dictionaries as innocent mail.
+;whitelist_senders = @mycorp.com
+
+# Opt-out recipients entirely from dspam screening and header triage
 ;dspam_exempt=getitall@mycorp.com
 # Do not scan mail (ostensibly) from these senders
 ;dspam_whitelist=getitall@sender.com
 # Reject spam to these domains instead of quarantining it.
 ;dspam_reject=othercorp.com
+# Scan internal mail - often a good source of stats on legit mail.
+;dspam_internal=1

 # directory for dspam user quarantine, signature db, and dictionaries
 # defining this activates the dspam application
@@ -128,15 +191,39 @@ blind = 1

 # Map email addresses and aliases to dspam users
 ;dspam_users=david,goliath,spam,falsepositive
+# List dspam users which train on all delivered messages, as opposed to
+# "train on error" which trains only when a spam or falsepositive is reported.
+# Training mode will build the dictionary faster, but requires close attention
+# so as not to miss any spam or false positives.
+;dspam_train=goliath
 ;david=david@foocorp.com,david.yelnetz@foocorp.com,david@bar.foocorp.com
 ;goliath=giant@foocorp.com,goliath.philistine@foocorp.com
 # address to forward spam to.  milter will process these and not deliver
 ;spam=spam@foocorp.com
 # address to forward false positives to.  milter will process and not deliver
 ;falsepositive=ham@foocorp.com
+# account which receives only spam: all received messages are marked as spam.
+;honeypot=spam-me@example.com
 # the dspam_screener is a list of dspam users who screen mail for all
 # recipients who are not dspam_users.  Spam goes to the screeners quarantine,
 # and the original recipients are saved so that false positives can be properly
 # delivered.
 ;dspam_screener=david,goliath
 # The dspam CGI can also be used: logins must match dspam users
+
+# Optional pygossip interface
+#
+# GOSSiP tracks reputation of domain:qualifier pairs.  For instance,
+# the reputation of example.com:SPF is tracked separately from
+# example.com:neutral.  Currently qualifiers are
+# SPF,neutral,softfail,fail,permerror,GUESS,HELO
+[gossip]
+# Use a dedicated GOSSiP server.  If not specified, a local database
+# will be used.
+;server=host:11900
+# To include peers of a peer in reputation, set ttl=2
+;ttl=1
+# If a local database is used, also consult these GOSSiP servers about 
+# domains.  Peer reputation is also tracked as to how often they
+# agree with us, and weighted accordingly.
+;peers=host1:port,host2
@@ -1,755 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>Python Milters</title>
-</head><body>
-
-<P ALIGN="CENTER"><A HREF="http://www.anybrowser.org/campaign/">
-<IMG SRC="/art/brain1.gif"
-ALT="Viewable With Any Browser" BORDER="0"></A>
-
-<img src="/art/banner_4.gif" width="468" height="60" border="0"
-	usemap="#banner_4" alt="Your vote?">
-<map name="banner_4">
-  <area shape="rect" coords="330,25,426,59"
-  	href="http://education-survey.org/" alt="I Disagree">
-  <area shape="rect" coords="234,28,304,57" href="http://www.honestEd.com/" alt="I Agree">
-</map>
-
-</P>
-<h1 align=center>Sendmail Milters in Python</h1>
-<h4 align=center>by <a href="mailto:%75%72%6D%61%6E%65%40%6E%65%75%72%61l%61%63%63%65%73%73%2E%63%6F%6D">Jim Niemira</a>
-  and <a href="mailto:%73%74%75%61%72%74%40%62%6D%73%69%2E%63%6F%6D">
-  Stuart D. Gathman</a><br>
-This web page is written by Stuart D. Gathman<br>and<br>sponsored by
-<a href="http://www.bmsi.com">Business Management Systems, Inc.</a> <br>
-Last updated Nov 24, 2004</h4>
-
-See the <a href="faq.html">FAQ</a> | <a href="#download">Download now</a> |
-<a href="/mailman/listinfo/pymilter">Subscribe to mailing list</a> |
-<a href="#overview">Overview</a>
-<p>
-<a href="//www.python.org">
-<img src="python55.gif" align=left alt="A Python"></a>
-<a href="//www.sendmail.org/">Sendmail</a> introduced a
-<a href="http://www.milter.org/milter_api/api.html"> new API</a> beginning with version 8.10 -
-libmilter.  The milter module for <a href="//www.python.org">Python</a>
-provides a python interface to libmilter that exploits all its features.
-<p>
-Sendmail 8.12 officially releases libmilter.  
-Version 8.12 seems to be more robust, and includes new privilege
-separation features to enhance security.
-I recommend upgrading.
-
-<h2> Recent Changes </h2>
-
-Release 0.7.2 tightens the authentication screws with a "3 strikes and
-your out" policy.  A sender must have a valid PTR, HELO, or SPF record
-to send email.  Specific senders can be whitelisted using the
-"delegate" option in the spf configuration section by adding a
-default SPF record for them.  The PTR and HELO are required
-by RFC anyway, so this is not an unreasonable requirement.
-There is now a coherent policy for an SPF softfail result.  A softfail
-is accepted if there is a valid PTR or HELO, or if the domain
-is listed in the "accept_softfail" option of the spf configuration section.
-A neutral result is accepted by default if there is a valid PTR or
-HELO, (and the SPF record was not guessed), unless the domain is listed in the
-"reject_neutral" option.  Common forms of PTR records for dynamic IPs are
-recognized, and do not count as a valid PTR.  This does not prevent anyone
-from sending mail from a dynamic IP - they just need to configure a
-valid HELO name or publish an SPF record.
-<p>
-The RPM for release 0.7.0 moves the config file and socket locations to
-/etc/mail and /var/run/milter respectively.  We now parse Microsoft CID records
- but only hotmail.com uses them.  They seem to have applied for a patent on
-the brilliant idea of examining the mail headers to see who the message is
-from.  We aren't doing that here, so not to worry - but I am not a lawyer, so
-if you are worried, change spf.py around line 626 to return None instead of
-calling CIDParser().  There is a new option to reject mail with no PTR
-and no SPF.
-<p>
-Microsoft is pushing an anti-opensource license for their pending patent
-along with their sender-ID proposal before the IETF.
-It is royalty free - but requires anyone distributing a binary they've
-compiled from source to sign a license agreement.  The Apache Software
-Foundation <a
-href="http://www.apache.org/foundation/docs/sender-id-position.html"> explains
-the problem with sender-ID</a>, and Debian <a
-href="http://www.debian.org/News/2004/20040904">concurs</a>.  Since 
-the <a href="http://download.microsoft.com/download/4/3/9/439b024b-09fd-44ee-8ff0-10e834004c36/senderid_FAQ.PDF">Microsoft license</a> is
-<a href="http://www.circleid.com/article/732_0_1_0_C/">incompatible with free
-software in general</a> and the <a
-href="http://www.imc.org/ietf-mxcomp/mail-archive/msg03678.html">GPL in
-particular</a>, Python milter will not be able to implement sender-ID in its
-current form.  This was, no doubt, Microsoft's intent all along.
-<p>
-Sender-ID attempts to do for RFC2822 headers what SPF does for RFC2821 headers.
-Unlike SPF, it has never been tried, and is encumbered by a stupid patent.  I
-recommend ignoring it and continuing to implement and improve SPF until a
-working and unencumbered proposal for RFC2822 headers surfaces.
-
-<p>
-<a href="http://spf.pobox.com">
-<img src="SPF.gif" align=left alt="SPF logo"></a>
-Release 0.6.6 adds support for <a href="http://spf.pobox.com/">SPF</a>,
-a protocol to prevent forging of the envelope from address.  
-SPF support requires <a href="http://pydns.sourceforge.net/">pydns</a>.
-The included spf.py module is an updated version of the original 1.6
-version at <a href="http://www.wayforward.net/spf/">wayforward.net</a>.
-The updated version tracks the draft RFC and test suite.
-<p>
-The FAQ addresses <a href="faq.html#spf">how to get started with SPF</a>.
-<p>
-Release 0.6.1 adds a full milter based dspam application.
-<p>
-I have selected the <a href="http://www.nuclearelephant.com/projects/dspam/">
-dspam bayes filter project</a> and <a href="dspam.html">
-packaged it for python</a>.
-Release 0.6.0 offers a simple application of dspam I call "header triage",
-which rejects messages with spammy headers.  
-To use header triage, you must have <a href="dspam.html">DSPAM</a> installed,
-and select a dictionary that is well moderated by someone who gets
-lots of spam.  That dictionary can be used to block spam that is 
-obvious from the headers (e.g. X-Mailer and Subject) before it ties
-up any more resources.  I have yet to see any false positives from this
-approach (check the milter log), but if there are, the sender will
-get a REJECT with the message "Your message looks spammy."
-
-<h2> Enough Already! </h2>
-
-Nearly a dozen people have emailed me begging for a feature to copy
-outgoing and/or incoming mail to a backup directory by user.  Ok, it
-looks like this is a most requested feature for 0.5.6.  In the meantime,
-here are some things to consider:
-<ul>
-<li> If you want to equivalent of a Bcc added to each message, this
-is very easy to do in the python code for bms.py.   See below.
-<li> If you want to copy to a file in a directory (thus avoiding having to
-set up aliases), this is slightly more involved.  The bms.py milter already
-copies the message to a temporary file for use in replacing the message body
-when banned attachments are found.  You have to open a file, and copy the
-Mesage object to it in eom().
-<li> Finally, you are probably aware that most email clients already
-keep a copy of outgoing mail?  Presumably there is a good reason for
-keeping another copy on the server.
-</ul>
-<p>
-To Bcc a message, call <code>self.add_recipient(rcpt)</code> in envfrom after
-determining whether you want to copy (e.g. whether the sender is local).  For
-example,
-<pre>
-  def envfrom(...
-    ...
-    if len(t) == 2:
-      self.rejectvirus = t[1] in reject_virus_from
-      if t[0] in wiretap_users.get(t[1],()):
-	self.add_recipient(wiretap_dest)
-      if t[1] == 'mydomain.com':
-        self.add_recipient('&lt;copy-%s&gt;' % t[0])
-      ...
-</pre>
-<p>
-To make this a generic feature requires thinking about how the configuration
-would look.  Feel free to make specific suggestions about config file
-entries.  Be sure to handle both Bcc and file copies, and designating what
-mail should be copied.  How should "outgoing" be defined?  Implementing it is
-easy once the configuration is designed.
-
-<h3><a name=overview>Overview</a></h3>
-
-This package provides a robust toolkit for Python <a
-href="#milter">milters</a>, and the beginnings of a general purpose mail
-filtering system written in Python.
-<p>
-At the lowest level, the 'milter' module provides a thin wrapper around the
-<a href="http://www.milter.org/milter_api/api.html">
-sendmail libmilter API</a>.  This API lets you register callbacks for 
-a number of events in the
-<a href="http://www.cs.concordia.ca/~group/fig/public/email/relay/milter+ruleset-checks.html">process of sendmail receiving a message via SMTP</a>.  
-These events include the initial connection from a MTA,
-the envelope sender and recipients, the top level mail headers, and
-the message body.  There are options to mangle all of these components
-of the message as it passes through the milter.
-<p>
-At the next level, the 'Milter' module (note the case difference) provides a
-Python friendly object oriented wrapper for the low level API.  To use the
-Milter module, an application registers a 'factory' to create an object
-for each connection from a MTA to sendmail.  These connection objects
-must provide methods corresponding to the libmilter callback events.
-<p>
-Each event method returns a code to tell sendmail whether to proceed
-with processing the message.  This is a big advantage of milters over
-other mail filtering systems.  Unwanted mail can be stopped in its
-tracks at the earliest possible point.
-<p>
-The Milter.Milter class provides default implementations for event
-methods that
-do nothing, and also provides wrappers for the libmilter methods to mutate
-the message.
-<p>
-The 'spf' module provides an implementation of <a href="http://spf.pobox.com">
-SPF</a> useful for detecting email forgery.
-<p>
-The 'mime' module provides a wrapper for the Python email package that
-fixes some bugs, and simplifies modifying selected parts of a MIME message.
-<p>
-Finally, the bms.py application is both a sample of how to use the
-Milter and spf modules, and the beginnings of a general purpose SPAM filtering,
-wiretapping, SPF checking, and Win32 virus protecting milter.  It can
-make use of the <a href="pysrs.html">pysrs</a> package when available for
-SRS/SES checking and the <a href="dspam.html">pydspam</a> package for Bayesian
-content filtering.  SPF checking
-requires <a href="http://pydns.sourceforge.net/">
-pydns</a>.  Configuration documentation is currently included as comments
-in the <a href="milter.cfg">sample config file</a> for the bms.py milter.
-
-<h3><a name=download>Downloading</a></h3>
-
-The latest stable release is <a href="#stable">0.7.2</a>. A stable
-release is one which has been installed (and working correctly) on
-production systems long enough to convince me that it is stable.  As
-the package gains more features and complexity, stable will mean no
-bug reports from outside users either.
-<p>
-The latest version is 0.7.2-2.  See the <a href=NEWS>Change Log</a>.
-PLEASE NOTE - if you are using the modules, but not the bms milter application,
-then ignore the RPMs and milter.spec.  Use 'python setup.py bdist_rpm' to 
-build source and binary rpms that do not include the milter application.
-<p>
-I want to split the bms milter application to a new project once I figure
-out the renaming.  The current plan is to rename 'milter' to 'pymilter', which
-will have the Python modules.  The bms milter application will still be named
-'milter' and depend on pymilter (so that my installs won't notice anything).
-<p>
-<a name="stable"><b>Stable</b></a>
-<a href="http://bmsi.com/python/milter-0.7.2.tar.gz">
-milter-0.7.2.tar.gz</a> Three strikes and your out policy.  Some SPF fixes.
-Recognizes PTR records for dynamic IPs.
-<p>
-<a href="http://bmsi.com/python/milter-0.7.1.tar.gz">
-milter-0.7.1.tar.gz</a> Support setmlreply, handle some more exceptions
-for malformed spam.  Compiling pymilter with sendmail-8.12.10, requires
-sendmail-devel with _FFR_MULTILINE set.  The binary will work with older
-sendmails.  The _FFR_MULTILINE option only affects libmilter.a.
-<br>
-<a href="http://bmsi.com/linux/rh72/milter-0.7.1-1.i386.rpm">
-milter-0.7.1-1.i386.rpm</a> Binary RPM for Redhat 7.x, now requires 
-	sendmail-8.12 and <a href="http://www.python.org/2.3.3/rpms.html">
-	python2.3</a>.
-<br>
-<a href="http://bmsi.com/linux/rh9/milter-0.7.1-1.src.rpm">
-milter-0.7.1-1.src.rpm</a> Source RPM for Redhat 9,7.x. 
-<p>
-<a name="stable"><b>Stable</b></a>
-<a href="http://bmsi.com/python/milter-0.7.0.tar.gz">
-milter-0.7.0.tar.gz</a> Move config file and default socket location.
-Parse M$ CID records.
-<br>
-<a href="http://bmsi.com/linux/rh72/milter-0.7.0-1.i386.rpm">
-milter-0.7.0-1.i386.rpm</a> Binary RPM for Redhat 7.x, now requires 
-	sendmail-8.12 and <a href="http://www.python.org/2.3.3/rpms.html">
-	python2.3</a>.
-<br>
-<a href="http://bmsi.com/linux/rh9/milter-0.7.0-1rh9.i386.rpm">
-milter-0.7.0-1rh9.i386.rpm</a> Binary RPM for Redhat 9, requires 
-	sendmail-8.12 and <a href="http://www.python.org/2.3.3/rpms.html">
-	python2.3</a>.
-<br>
-<a href="http://bmsi.com/aix/milter-0.7.0-1.ppc.rpm">
-milter-0.7.0-1.ppc.rpm</a> Binary RPM for AIX, requires sendmail-8.13.1.
-<br>
-<a href="http://bmsi.com/linux/rh9/milter-0.7.0-1.src.rpm">
-milter-0.7.0-1.src.rpm</a> Source RPM for Redhat 9,7.x.  
-<p>
-<a href="http://bmsi.com/python/milter-0.6.9.tar.gz">
-milter-0.6.9.tar.gz</a> Add SPF test suite driver, and validate
-spf.py against test suite.  Add best_guess and get_header to spf.py.
-Libmilter timeout option in config.
-<br>
-<a href="http://bmsi.com/linux/rh72/milter-0.6.9-1.i386.rpm">
-milter-0.6.9-1.i386.rpm</a> Binary RPM for Redhat 7.x, now requires 
-	sendmail-8.12 and <a href="http://www.python.org/2.3.3/rpms.html">
-	python2.3</a>.
-<br>
-<a href="http://bmsi.com/linux/rh9/milter-0.6.9-1.src.rpm">
-milter-0.6.9-1.src.rpm</a> Source RPM for Redhat 9,7.x.  
-<p>
-<a href="http://bmsi.com/python/milter-0.6.8.tar.gz">
-milter-0.6.8.tar.gz</a> Include Received-SPF headers in Dspam analysis.
-Fix sysv init for Redhat 9 and later.  Reject bounces with multiple
-recipients.
-<br>
-<a href="http://bmsi.com/python/milter-0.6.8.patch">milter-0.6.8.patch</a>
-Last minutes fixes from production testing.
-<p>
-<a href="http://bmsi.com/linux/rh72/milter-0.6.8-3.i386.rpm">
-milter-0.6.8-3.i386.rpm</a> Binary RPM for Redhat 7.x, now requires 
-	sendmail-8.12 and <a href="http://www.python.org/2.3.3/rpms.html">
-	python2.3</a>. 
-<br>
-<a href="http://bmsi.com/linux/rh9/milter-0.6.8-3.src.rpm">
-milter-0.6.8-3.src.rpm</a> Source RPM for Redhat 9,7.x.  
-<p>
-<a href="http://bmsi.com/python/milter-0.6.7.tar.gz">
-milter-0.6.7.tar.gz</a> Explicit local socket bug,
-<a href="http://spf.pobox.com/srs.html">SRS</a> forgery detection,
-thread resource starvation detection.
-SRS support requires <a href="http://bmsi.com/python/pysrs.html">pysrs</a>.
-<p>
-<a href="http://bmsi.com/linux/rh72/milter-0.6.7-3.i386.rpm">
-milter-0.6.7-3.i386.rpm</a> Binary RPM for Redhat 7.x, now requires 
-	sendmail-8.12 and <a href="http://www.python.org/2.3.3/rpms.html">
-	python2.3</a>. 
-<br>
-<a href="http://bmsi.com/linux/rh72/milter-0.6.7-3.src.rpm">
-milter-0.6.7-3.src.rpm</a> Source RPM for Redhat 7.x. 
-Release 0.6.7-3 patches:
-<ul>
-<li> Defang message/rfc822 content_type with boundary 
-<li> Support SPF delegation
-<li> Reject neutral SPF result for selected domains
-</ul>
-<p>
-<a href="http://bmsi.com/python/milter-0.6.6.tar.gz">
-milter-0.6.6.tar.gz</a> Plug another memory leak, 
-<a href="http://spf.pobox.com/">SPF</a> support, hello blacklist.
-SPF support requires <a href="http://pydns.sourceforge.net/">pydns</a>.
-NOTE - the spf.py module included is modified from the official 1.6
-version at <a href="http://www.wayforward.net/spf/">wayforward.net</a>.
-I neglected to add the CVS log.  The changes are expanded result codes
-and tolerating common method misspellings in SPF records.  I have notified the
-author, but haven't heard back.  At some point, the RPM will
-include the official pyspf tarball and apply patches.
-<p>
-<a href="http://bmsi.com/linux/rh72/milter-0.6.6-2.i386.rpm">
-milter-0.6.6-2.i386.rpm</a> Binary RPM for Redhat 7.x, now requires 
-	sendmail-8.12 and <a href="http://www.python.org/2.3.3/rpms.html">
-	python2.3</a>.  Release 2 fixes sysv init script bug for python2.3.
-<br>
-<a href="http://bmsi.com/linux/rh72/milter-0.6.6-2.src.rpm">
-milter-0.6.6-2.src.rpm</a> Source RPM for Redhat 7.x
-<p>
-<a href="http://bmsi.com/python/milter-0.6.5.tar.gz">
-milter-0.6.5.tar.gz</a> Plug memory leak, progress reporting, trusted relay.
-Redhat RPM now requires sendmail-8.12.
-<p>
-<a href="http://bmsi.com/linux/rh72/milter-0.6.5-2.i386.rpm">
-milter-0.6.5-2.i386.rpm</a> Binary RPM for Redhat 7.x
-<br>
-<a href="http://bmsi.com/linux/rh72/milter-0.6.5-2.src.rpm">
-milter-0.6.5-2.src.rpm</a> Source RPM for Redhat 7.x
-<p>
-<a href="http://bmsi.com/python/milter-0.6.4.tar.gz">
-milter-0.6.4.tar.gz</a> Numerous Dspam fixes.  Requires
-<a href="dspam.html">pydspam-1.1.5</a> and 
-<a href="/libdspam/dspam.html">dspam-2.6.5.2</a>
-for Dspam features.  The dspam-python RPM has been replaced by pydspam.
-<p>
-<a href="http://bmsi.com/linux/rh72/milter-0.6.4-1.i386.rpm">
-milter-0.6.4-1.i386.rpm</a> Binary RPM for Redhat 7.x
-<p>
-<a href="http://bmsi.com/python/milter-0.6.3.1.tar.gz">
-milter-0.6.3.1.tar.gz</a> New dspam SCREENER feature with pydspam-1.1.4.
-Don't save a defang copy of false positives.  Fixed an oops from last fix,
-rejecting false positives.  BUG: sendmail-8.11 doesn't invoke milter
-when sending mail via sendmail from command line (8.12 works).  Therefore,
-the supplied falsepositive script for milter based dspam doesn't work
-with stock RedHat 7.x.  I am writing a HOWTO for configuring milter
-based dspam that will address this (and a fix in the next version).
-<p>
-<a href="http://bmsi.com/linux/rh72/milter-0.6.3-1.i386.rpm">
-milter-0.6.3-1.i386.rpm</a> Binary RPM for Redhat 7.x
-<p>
-<a href="http://bmsi.com/python/milter-0.6.2.tar.gz">
-milter-0.6.2.tar.gz</a> work around email.Message.get_filename bug,
-dspam_exempt list, REJECT messages with missing MIME boundaries (which
-are almost always spam),
-DISCARD messages which any dspam user flags as spam,
-start.sh was calling python instead of python2 on Linux.
-<p>
-<a href="http://bmsi.com/linux/rh72/milter-0.6.2-1.src.rpm">
-milter-0.6.2-1.src.rpm</a> Source RPM for Redhat 7.x (and likely
-higher versions)
-<p>
-<a href="http://bmsi.com/python/milter-0.6.1.tar.gz">
-milter-0.6.1.tar.gz</a> dspam milter application, python-2.2.3 support.
-<p>
-You must have <a href=dspam.html>dspam and dspam-python</a> loaded for
-the dspam feature to work.  Brief instructions for configuring are
-in the default config file.  This is working at a customer, but I'm
-sure a few more iterations will be required to make setup as smooth
-as possible.
-<p>
-NOTE: Outlook destroys dspam tags when forwarding mail (while converting
-HTML to text).  Perhaps some config option will turn this abominable
-"feature" off.  Working around this by making dspam tags visble on
-HTML mail is ugly.  My suggestion is to not use Outlook, for this and
-many other reasons - especially security.  Any other suggestions for
-those married to Microsoft are welcome.  The DSPAM LDA works around this
-by making the tags visible in HTML attachments.  This is ugly, and
-occasionally corrupts attachments.
-<p>
-We have to supply workarounds for bugs in the email module (reported
-to sourceforge).  The workarounds reference some internal variables
-which change with python versions.
-<p>
-<a href="http://bmsi.com/linux/rh72/milter-0.6.1-1.i386.rpm">
-milter-0.6.1-1.i386.rpm</a> Binary RPM for Redhat 7.x
-<p>
-<a href="http://bmsi.com/linux/rh72/milter-0.6.1-1.src.rpm">
-milter-0.6.1-1.src.rpm</a> Source RPM for Redhat 7.x (and likely
-higher versions)
-<p>
-<a href="http://bmsi.com/python/milter-0.6.0.tar.gz">
-milter-0.6.0.tar.gz</a> simple dspam pre-filtering, use email module,
-requires python &gt;= 2.2.2.  
-<ul>
-<li> The milter.so module from 0.5.4
-is needed to run this release on AIX.  Haven't tracked this down yet.
-<li> The patches to fix the email packages in mime.py don't work
-on python-2.2.3.  The email package is still broken in 2.3, and patches
-required for that will likely be different still.
-</ul>
-
-<p>
-<a href="http://bmsi.com/linux/rh72/milter-0.6.0-1.i386.rpm">
-milter-0.6.0-1.i386.rpm</a> Binary RPM for Redhat 7.x
-<p>
-<a href="http://bmsi.com/linux/rh72/milter-0.6.0-1.src.rpm">
-milter-0.6.0-1.src.rpm</a> Source RPM for Redhat 7.x (and likely
-higher versions)
-<p>
-<a href="http://www.bmsi.com/python/milter-0.5.5.tar.gz">
-milter-0.5.5.tar.gz</a> IPV6 support, passing None to set_XXX_callback,
-set_reply, chg_header, detect internal connections.  Note, this release
-did not work on AIX4.1.5, probably due to IPV6 support breaking something.
-The milter.so module from 0.5.4 can be installed to use this release 
-with AIX.
-<p>
-<a href="http://www.bmsi.com/python/milter-0.5.4.tar.gz">
-milter-0.5.4.tar.gz</a> wiretap, smart alias features, quarantine support.
-<p>
-The name of the production "sample" milter "bms.py" now
-stands for "Basic Milter System" until someone suggests a better name.
-The test coverage is rather
-  sparse at present.  
-  Please <a href="mailto:%73%74%75%61%72%74%40%62%6D%73%69%2E%63%6F%6D">email</a> with proposals for what
-  to name the milter application.
-<h4>NOTES</h4>
-<ul>
-<li>
-  Quarantine support requires that you define _FFR_QUARANTINE 
-  when compiling miltermodule.c.  I am not sure how to make setup.py
-  do that for you iff sendmail was actually compiled with _FFR_QUARANTINE.
-<li>
-  While 0.6.0 will use the new email package in Python-2.2, that
-  package seems to be buggy in Python-2.2.1.  The list example in the docs
-  doesn't find all MIME parts.  Update: Python-2.2.2 has fixed the email
-  package.  It can now parse my test cases.
-<li>
-  Preliminary testing with python-2.2 shows that most things work after
-  adding <code>self.readahead = ""</code> to <code>mimepart.seek</code>.
-  Python-2.2 <code>multifile</code> reads one less newline per section than
-  2.1.  I'm not not sure which is correct.  After adding some calls to
-  <code>rstrip()</code> in testmime.py, all milter modules pass unit testing
-  with python-2.2.  Python-2.2 patches have been released since 0.5.3.
-<li>
-  sgmlop-1.1a3 has a memory leak (at least Python milter has a
-  memory leak when using sgmlop instead of sgmllib).  Do not make Python
-  milter use sgmlop-1.1a2 or a3 in a production
-  system unless you can restart your milter periodically.  The amount
-  of memory leaked seems roughly proportional to the amount of HTML
-  parsed.
-<li>
-  There are a number of ways that malformed MIME attachments
-  can cause a python traceback.  Uncaught exceptions cause a 415
-  error to be returned to sendmail.  So far, all the malformed messages
-  I've investigated have been SPAM - so good riddance.  I would prefer,
-  however, that the mime handling libraries were more precise.  Beginning
-  with 0.5.1, bms.py will save messages that cause a traceback during
-  scanning in the tempfile directory with a ".fail" extension.  This
-  makes it easier to get samples of mail that causes parsing problems
-  for incorporation into the unit tests.
-</ul>
-<p>
-<a href="http://www.bmsi.com/python/milter-0.5.2.tar.gz">
-milter-0.5.2.tar.gz</a> Fix and unittest another HTML parsing bug.<br>
-<a href="http://www.bmsi.com/python/milter-0.5.1.tar.gz">
-milter-0.5.1.tar.gz</a> Handle encoded rfc822 attachments.<br>
-<a href="http://www.bmsi.com/python/milter-0.5.0.tar.gz">
-milter-0.5.0.tar.gz</a> Use a config file so users don't have to
-keep syncing with bms.py.  <br>
-<a href="http://www.bmsi.com/python/milter-0.4.5.tar.gz">
-milter-0.4.5.tar.gz</a> Work with sgmlop. Reduce local hacks to config variables.
-<p>
-Python milter is under GPL.  The authors can probably be convinced to
-change this to LGPL.
-
-<h3>What is a <a name="milter">milter</a>?</h3>
-
-Milters can run on the same machine as sendmail, or another machine.  The
-milter can even run with a different operating system or processor than
-sendmail.
-Sendmail talks to the milter via a local or internet socket.
-Sendmail keeps the
-milter informed of events as it processes a mail connection.  At any 
-point, the milter can cut the conversation short by telling sendmail
-to ACCEPT, REJECT, or DISCARD the message.  After receiving a complete
-message from sendmail, the milter can again REJECT or DISCARD it, but it
-can also ACCEPT it with changes to the headers or body.
-
-<h3> What can you do with a milter? </h3>
-
-<menu>
-<li> A milter can DISCARD or REJECT spam based based on algorithms scripted
-in python rather than sendmail's cryptic "cf" language.
-<li> A milter can alter or remove attachments from mail that are poisonous to
-Windows.
-<li> A milter can scan for viruses and clean them when detected.
-<li> A milter scans outgoing as well as incoming mail.
-<li> A milter can add and delete recipients to forward or secretly
-copy mail.
-<li> For more ideas, check the <a href="//www.milter.org">Milter Web Page</a>.
-</menu>
-
-<a href="http://www.milter.org/milter_api/api.html">
-Documentation</a> for the C API is provided with sendmail.  Miltermodule
-provides a thin python wrapper for the C API.  Milter.py provides a simple
-OO wrapper on top of that.
-<p>
-The Python milter package includes a sample milter that replaces dangerous 
-attachments with a warning message, discards mail addressed to
-MAILER-DAEMON, and demonstrates several SPAM abatement strategies.  
-The MimeMessage class to do this used to be based on the
-<code>mimetools</code> and <code>multifile</code> standard python packages.  
-As of milter version 0.6.0, it is based on the email standard
-python packages, which were derived from the 
-<a href="http://sourceforge.net/projects/mimelib">mimelib</a> project.
-The MimeMessage class patches several bugs in the email package,
-and provides some backward compatibility.
-
-<p>
-The "defang" function of the sample milter was inspired by
-<a href="http://www.roaringpenguin.com/mimedefang/">MIMEDefang</a>,
-a Perl milter with flexible attachment processing options.  The latest
-version of MIMEDefang uses an apache style process pool to avoid reloading
-the Perl interpreter for each message.  This makes it fast enough for
-production and does not use Perl threading.
-<p>
-<a href="http://sourceforge.net/projects/mailchecker">mailchecker</a> is
-a Python project to provide flexible attachment processing for mail.  I
-will be looking at plugging mailchecker into a milter.
-<p>
-<a href="http://software.libertine.org/tmda/">TMDA</a> is a Python project
-to require confirmation the first time someone tries to send to your
-mailbox.  This would be a nice feature to have in a milter.
-<p>
-There is also a <a href="http://www.milter.org/">Milter community website</a>
-where milter software and gory details of the API are discussed.
-
-<h3> Is a milter written in python efficient? </h3>
-
-The python milter process is multi-threaded and startup cost is incurred
-only once.  This is much more efficient than some implementations that
-start a new interpreter for each connection.  Testing in a production
-environment did not use a significant percentage of the CPU.  Furthermore,
-python is easily extended in C for any step requiring expensive CPU
-processing.
-<p>
-For example, the HTML parsing feature to remove scripts from HTML attachments
-is rather CPU intensive in pure python.  Using the C replacement for sgmllib
-greatly speeds things up.
-
-<h3> Goals </h3>
-
-<menu>
-<li> Implement RRS - a backdoor for non-SRS forwarders.  User lists non-SRS 
-     forwarder accounts (perhaps in <code>~/.forwarders</code>), and a util
-     provides a special local alias for the user to give to the forwarder.
-     Alias only works for mail from that forwarder.  Milter gets forwarder
-     domain from alias and uses it to SPF check forwarder.  Requires
-     milter to have read access to <code>~/.forwarders</code> or else
-     a way for user to submit entries to milter database.
-<li> The bms.py milter has too many features.  Create a framework where
-     numerous small feature modules can be plugged together in the
-     configuration.
-<li> Create a pure python substitute for miltermodule and libmilter that
-     implements the <a
-href="http://www.duh.org/cvsweb.cgi/~checkout~/pmilter/doc/milter-protocol.txt?rev=1">
-     libmilter protocol</a> in python. 
-<li> Find or write a faster implementation of sgmllib.  The 
-     <a href="http://www.effbot.org/zone/sgmlop-index.htm">sgmlop package</a>
-     is not very compatible with 
-     <a href="http://www.python.org/doc/2.1.3/lib/module-sgmllib.html">
-     Python-2.1 sgmllib</a>, but it is a start, and is supported in
-     milter-0.4.5 or later.
-<li> Implement all or most of the features of 
-     <a href="http://www.roaringpenguin.com/mimedefang/">MIMEDefang</a>.
-<li> Follow the official <a href="http://www.python.org/peps/pep-0008.html">
-     Python coding standards</a> more closely.
-<li> Make unit test code more like other python modules.
-</menu>
-
-<h3> Confirmed Installations </h3>
-
-Please <a href="mailto:%73%74%75%61%72%74%40%62%6D%73%69%2E%63%6F%6D">email</a>
-me if you successfully install milter on a system not mentioned below.
-<p>
-<table>
-<tr>
-<th>Operating System</th> <th>Compiler</th> <th>Python</th> <th>Sendmail</th>
-<th>milter</th>
-<tr>
-<td>Mandrake 8.0</td><td>gcc-3.0.1</td><td>2.1.1</td><td>8.12.0</td>
-<td>0.3.3</td><tr>
-<td>Mandrake 8.0</td><td>gcc-2.96</td><td>2.0</td><td>8.11.2</td>
-<td>0.3.6</td><tr>
-<td>RedHat 6.2</td><td>egcs-1.1.2</td><td>2.2.2</td><td>8.11.6</td>
-<td>0.5.4</td><tr>
-<td>RedHat 7.1</td><td>gcc-2.96</td><td>?</td><td>8.12.1</td>
-<td>0.3.5</td><tr>
-<td>RedHat 7.2</td><td>gcc-2.96</td><td>2.1.1</td><td>8.11.6</td>
-<td>0.4.1</td><tr>
-<td>RedHat 7.2</td><td>gcc-2.96</td><td>2.2.1</td><td>8.11.6</td>
-<td>0.4.5</td><tr>
-<td>RedHat 7.2</td><td>gcc-2.96</td><td>2.2.2</td><td>8.11.6</td>
-<td>0.5.5</td><tr>
-<td>RedHat 7.2</td><td>gcc-2.96</td><td>2.3.3</td><td>8.12.10</td>
-<td>0.6.6</td><tr>
-<td>RedHat 7.3</td><td>gcc-2.96</td><td>2.2.2</td><td>8.11.6</td>
-<td>0.5.5</td><tr>
-<td>RedHat 7.3</td><td>gcc-2.96</td><td>2.3.3</td><td>8.12.10</td>
-<td>0.6.6</td><tr>
-<td>RedHat 8.0</td><td>gcc-3.2</td><td>2.2.1</td><td>8.12.6</td>
-<td>0.5.2</td><tr>
-<td>Debian Linux</td><td>gcc-2.95.2</td><td>2.1.1</td><td>8.12.0</td>
-<td>0.3.7</td><tr>
-<td>Debian Linux</td><td>gcc-3.2.2</td><td>2.2.2</td><td>8.12.7</td>
-<td>0.5.4</td><tr>
-<td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.1.1</td><td>8.11.5</td>
-<td>0.3.3</td><tr>
-<td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.1.1</td><td>8.12.1</td>
-<td>0.3.4</td><tr>
-<td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.1.3</td><td>8.12.3</td>
-<td>0.4.2</td><tr>
-<td>AIX-4.1.5</td><td>gcc-2.95.2</td><td>2.2.2</td><td>8.12.6</td>
-<td>0.5.4</td><tr>
-<td>Slackware 7.1</td><td>?</td><td>?</td><td>8.12.1</td>
-<td>0.3.8</td><tr>
-<td>Slackware 9.0</td><td>gcc-3.2.2</td><td>2.2.3</td><td>8.12.9</td>
-<td>0.5.4</td><tr>
-<td>OpenBSD</td><td>?</td><td>2.1.1</td><td>8.11.6</td>
-<td>0.3.9</td><tr>
-<td>SuSE 7.3</td><td>gcc-2.95.3</td><td>2.1.1</td><td>8.12.2</td>
-<td>0.3.9</td><tr>
-<td>FreeBSD</td><td>gcc-2.95.3</td><td>2.2.1</td><td>8.12.3</td>
-<td>0.4.0</td><tr>
-<td>FreeBSD</td><td>gcc-2.95.3</td><td>2.2.2</td><td>?</td>
-<td>0.5.5</td><tr>
-<td>FreeBSD 4.4</td><td>gcc-2.95.3</td><td>?</td><td>8.12.10</td>
-<td>0.6.6</td><tr>
-
-</table>
-
-<h3> Requirements </h3>
-
-<menu>
-<li> While the miltermodule will work with python 1.5, you probably
-want to use python 2.0 or better.  The python code uses a number of
-python 2 features.
-<li> Python must be configured with thread support.  This is because
-sendmail's libmilter requires thread support.
-<li> You must compile sendmail with libmilter enabled.  In versions of
-sendmail prior to 8.12 libmilter is marked FFR (For Future Release) and
-is not installed by default.  
-Sendmail 8.12 still does not enable libmilter by default.  You must 
-explicitly select the "MILTER" option when compiling.  
-<li> Python milter has been tested against sendmail-8.11 and sendmail-8.12.
-<li> Python milter must be compiled for the specific version of sendmail
-it will run with.  (Since the result is dynamically loaded, there could 
-conceivably be multiple versions available and selected at startup - but
-that will have to wait.)  This situation may only exist for sendmail
-versions prior to 8.12.  The protocol seems designed for backward 
-compatibility - and 8.12 is the first official milter release.
-<li> Mea Culpa!  After reading the Python Style guide, I realize that
-my Python code is not up to snuff.  Apparently mixed tabs and spaces
-are anathema to those using Windows editors, where tabs can be expanded using
-any arbitrary algorithm.  Other than that, my
-intuition matched Guido's pretty well - although I like to indent by 2
-rather than 4.  I will arrange to have tabs expanded to spaces when
-exporting new versions.  Until then, beware!
-</menu>
-
-<h3> <a name="aix4"> AIX 4.1.5 Requirements </a> </h3>
-To create sendmail RPMs for AIX, you can download my AIX 4.1.5 spec files 
-for <a href="/aix/sendmail.spec">sendmail-8.11.5</a> 
-or <a href="/aix/sendmail12.spec">sendmail-8.12.3</a>.  If you have
-not already set it up, I use a <a href="/aix/aix.spec">dummy RPM package</a>
-to represent the stuff that comes with AIX.  You might also want
-my <a href="/aix/python.spec">python-2.1.1</a> spec file for AIX.  It
-does not include Tk or curses modules, sorry.  If y'all trust me, you can
-download rpms for AIX 4.x from my <a href="/aix">AIX RPM directory</a>.
-<p>
-Sendmail-8.12 renames 
-libsmutil.a to libsm.a.  Unfortunately, libsm.a is an important AIX system
-shared library.  Therefore, I rename libsm.a back to libsmutil.a for
-AIX.  This presents a problem for setup.py.
-
-<h3> <a name="rh72"> RedHat 7.2 Requirements </a> </h3>
-
-If you are running Redhat 7.2, the distributed version of sendmail
-now enables libmilter by default.  RedHat 7.2 bundles
-the development libraries with the main sendmail package, so
-there is no sendmail-devel package.  However, they forgot to include the
-headers!  So you'll have to get the SRPM and modify it.  I suggest
-moving the static libs to a devel package and adding the headers.  If
-this is too much trouble, you can get the <a href="mfapi.h">mfapi.h</a>
-header for sendmail-8.6.11 from here and manually install it as
-<code>/usr/include/libmilter/mfapi.h</code>.
-<p>
-If you do modify the SRPM, I suggest renaming libsmutil.a
-to libsm.a - just like sendmail-8.12 will.  If you manually install
-mfapi.h or don't rename libsmutil.a, you'll
-need to force <code>libs = ["milter", "smutil"]</code> in setup.py.
-<p>
-If you have installed python2, and want
-python-milter to use python2, add <code>python=python2</code> to setup.cfg
-and build with <code>python2 setup.py bdist_rpm</code>.   
-
-<h3> <a name="rh62"> Redhat 6.2 Requirements </a> </h3>
-
-If you are running Redhat 6.2, the distributed version of sendmail
-does not enable libmilter.  You can download the Redhat 7.2 sendmail.spec
-modified to compile on RedHat 6.2:
-<a href="http://www.bmsi.com/linux/rh62/sendmail-rhmilter.spec">
-sendmail-rhmilter.spec</a>.  The <a
-href="ftp://updates.redhat.com/7.0/en/os/SRPMS/sendmail-8.11.6-1.7.0.src.rpm">
-SRPM for sendmail-8.11.6</a> is available from
-<a href="http://www.redhat.com">Redhat</a> under 
-<a href="http://www.redhat.com/support/errata/RHSA-2001-106.html">
-Errata for RH6.2</a>.  But that doesn't include the latest security
-patches since RH6.2 is no longer supported.
-<p>
-If y'all trust me, you can pick up source and binary sendmail RPMs for RH6.2
-from my <a href="http://www.bmsi.com/linux/rh62">linux downloads</a> directory.
-The lastest RPMs were built by taking a RH7.2 SRPMS and removing some
-RPM features from the spec file that RH6.2 doesn't support, then
-recompiling on RH6.2.  You can check this by installing the RH7.2 SRPM,
-then diffing my sendmail.spec with theirs.  Then run
-"rpm -bb sendmail-rhmilter.spec" when you are satisfied.
-<p>
-If you have installed python2, and want
-python-milter to use python2, add <code>python=python2</code> to setup.cfg
-and build with <code>python2 setup.py bdist_rpm</code>.
-You'll need to install the sendmail-devel package to compile milter.
-
-<hr>
-<p>
-<a href="http://validator.w3.org/check/referer">
-<img border=0 src="/vh32.png" alt=" [ Valid HTML 3.2! ] " height=31 width=88></a>
-<a href="http://www.redhat.com">
-<img src="/art/powered_by.gif" width="88" height="31" alt=" [ Powered By Red Hat Linux ] " border="0"></a>
-</p>
-
-</body></html>
@@ -5,10 +5,10 @@
 # chkconfig: 2345 80 30
 # description: Milter is a process that filters messages sent through sendmail.
 # processname: milter
-# config: /var/log/milter/bms.py
+# config: /etc/mail/pymilter.cfg
 # pidfile: /var/run/milter/milter.pid

-python="python2.3"
+python="python2.4"

 pidof() {
 	set - ""
@@ -23,7 +23,7 @@ pidof() {
 # Source function library.
 . /etc/rc.d/init.d/functions

-[ -x /var/log/milter/start.sh ] || exit 0
+[ -x /usr/lib/pymilter/start.sh ] || exit 0

 RETVAL=0
 prog="milter"
@@ -32,7 +32,11 @@ start() {
 	# Start daemons.

 	echo -n "Starting $prog: "
-	daemon --check milter --user mail /var/log/milter/start.sh
+        if ! test -d /var/run/milter; then
+		mkdir -p /var/run/milter
+		chown mail:mail /var/run/milter
+	fi
+	daemon --check milter --user mail /usr/lib/pymilter/start.sh milter bms
 	RETVAL=$?
 	echo
 	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/milter
@@ -42,7 +46,7 @@ start() {
 stop() {
 	# Stop daemons.
 	echo -n "Shutting down $prog: "
-	killproc milter
+	killproc -d 9 milter
 	RETVAL=$?
 	echo
 	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/milter
@@ -5,10 +5,10 @@
 # chkconfig: 2345 80 30
 # description: Milter is a process that filters messages sent through sendmail.
 # processname: milter
-# config: /var/log/milter/bms.py
+# config: /etc/mail/pymilter.cfg
 # pidfile: /var/run/milter/milter.pid

-python="python2.3"
+python="python2.4"

 pidof() {
 	set - ""
@@ -23,7 +23,7 @@ pidof() {
 # Source function library.
 . /etc/rc.d/init.d/functions

-[ -x /var/log/milter/start.sh ] || exit 0
+[ -x /usr/lib/pymilter/start.sh ] || exit 0

 RETVAL=0
 prog="milter"
@@ -32,7 +32,11 @@ start() {
 	# Start daemons.

 	echo -n "Starting $prog: "
-	daemon --check milter --user mail /var/log/milter/start.sh
+        if ! test -d /var/run/milter; then
+		mkdir -p /var/run/milter
+		chown mail:mail /var/run/milter
+	fi
+	daemon --check milter --user mail /usr/lib/pymilter/start.sh milter bms
 	RETVAL=$?
 	echo
 	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/milter
@@ -1,223 +0,0 @@
-%define name milter
-%define version 0.7.2
-%define release 2
-# Redhat 7.x and earlier (multiple ps lines per thread)
-%define sysvinit milter.rc7
-# RH9, other systems (single ps line per process)
-#define sysvinit milter.rc
-%ifos Linux
-%define python python2.3
-%else
-%define python python
-%endif
-
-Summary: Python interface to sendmail milter API
-Name: %{name}
-Version: %{version}
-Release: %{release}
-Source: %{name}-%{version}.tar.gz
-#Patch: %{name}-%{version}.patch
-Copyright: GPL
-Group: Development/Libraries
-BuildRoot: %{_tmppath}/%{name}-buildroot
-Prefix: %{_prefix}
-Vendor: Stuart D. Gathman <stuart@bmsi.com>
-Packager: Stuart D. Gathman <stuart@bmsi.com>
-Url: http://www.bmsi.com/python/milter.html
-Requires: %{python} >= 2.2.2, sendmail >= 8.12.10
-%ifnos aix4.1
-Requires: chkconfig
-%endif
-BuildRequires: %{python}-devel >= 2.2.2, sendmail-devel >= 8.12.10
-
-%description
-This is a python extension module to enable python scripts to
-attach to sendmail's libmilter functionality.  Additional python
-modules provide for navigating and modifying MIME parts.
-
-%prep
-%setup
-#%patch -p1
-
-%build
-env CFLAGS="$RPM_OPT_FLAGS" %{python} setup.py build
-
-%install
-rm -rf $RPM_BUILD_ROOT
-%{python} setup.py install --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES
-mkdir -p $RPM_BUILD_ROOT/var/log/milter
-mkdir -p $RPM_BUILD_ROOT/etc/mail
-mkdir $RPM_BUILD_ROOT/var/log/milter/save
-cp bms.py $RPM_BUILD_ROOT/var/log/milter
-cp milter.cfg $RPM_BUILD_ROOT/etc/mail/pymilter.cfg
-
-# logfile rotation
-mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
-cat >$RPM_BUILD_ROOT/etc/logrotate.d/milter <<'EOF'
-/var/log/milter/milter.log {
-  copytruncate
-  compress
-}
-EOF
-
-# purge saved defanged message copies
-mkdir -p $RPM_BUILD_ROOT/etc/cron.daily
-%ifos aix4.1
-R=
-%else
-R='-r'
-%endif
-cat >$RPM_BUILD_ROOT/etc/cron.daily/milter <<'EOF'
-#!/bin/sh
-
-find /var/log/milter/save -mtime +7 | xargs $R rm
-EOF
-chmod a+x $RPM_BUILD_ROOT/etc/cron.daily/milter
-
-%ifos aix4.1
-cat >$RPM_BUILD_ROOT/var/log/milter/start.sh <<'EOF'
-#!/bin/sh
-cd /var/log/milter
-# uncomment to enable sgmlop if installed
-#export PYTHONPATH=/usr/local/lib/python2.1/site-packages
-exec /usr/local/bin/python bms.py >>milter.log 2>&1
-EOF
-%else
-cat >$RPM_BUILD_ROOT/var/log/milter/start.sh <<'EOF'
-#!/bin/sh
-cd /var/log/milter
-exec >>milter.log 2>&1
-%{python} bms.py &
-echo $! >/var/run/milter/milter.pid
-EOF
-mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
-cp %{sysvinit} $RPM_BUILD_ROOT/etc/rc.d/init.d/milter
-ed $RPM_BUILD_ROOT/etc/rc.d/init.d/milter <<'EOF'
-/^python=/
-c
-python="%{python}"
-.
-w
-q
-EOF
-%endif
-chmod a+x $RPM_BUILD_ROOT/var/log/milter/start.sh
-
-mkdir -p $RPM_BUILD_ROOT/var/run/milter
-mkdir -p $RPM_BUILD_ROOT/usr/share/sendmail-cf/hack
-cp -p rhsbl.m4 $RPM_BUILD_ROOT/usr/share/sendmail-cf/hack
-
-%ifos aix4.1
-%post
-mkssys -s milter -p /var/log/milter/start.sh -u 25 -S -n 15 -f 9 -G mail || :
-
-%preun
-if [ $1 = 0 ]; then
-  rmssys -s milter || :
-fi
-%else
-%post
-#echo "pythonsock has moved to /var/run/milter, update /etc/mail/sendmail.cf"
-/sbin/chkconfig --add milter
-
-%preun
-if [ $1 = 0 ]; then
-  /sbin/chkconfig --del milter
-fi
-%endif
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files -f INSTALLED_FILES
-%defattr(-,root,root)
-%doc README NEWS TODO CREDITS sample.py
-/etc/logrotate.d/milter
-/etc/cron.daily/milter
-%ifos aix4.1
-%defattr(-,smmsp,mail)
-%else
-/etc/rc.d/init.d/milter
-%defattr(-,mail,mail)
-%endif
-%dir /var/log/milter
-%dir /var/run/milter
-%dir /var/log/milter/save
-%config /var/log/milter/start.sh
-%config /var/log/milter/bms.py
-%config(noreplace) /etc/mail/pymilter.cfg
-/usr/share/sendmail-cf/hack/rhsbl.m4
-
-%changelog
-* Mon Aug 30 2004 Stuart Gathman <stuart@bmsi.com> 0.7.2-1
- Fix various SPF bugs
- Recognize dynamic PTR names, and don't count them as authentication.
- Three strikes and yer out rule.
- Block softfail by default unless valid PTR or HELO
- Return unknown for null mechanism
- Return unknown for invalid ip address in mechanism
- Try best guess on HELO also
- Expand setreply for common errors
- make rhsbl.m4 hack available for sendmail.mc
-* Sun Aug 22 2004 Stuart Gathman <stuart@bmsi.com> 0.7.1-1
- Handle modifying mislabeled multipart messages without an exception
- Support setbacklog, setmlreply
- allow multi-recipient CBV
- return TEMPFAIL for SPF softfail
-* Fri Jul 23 2004 Stuart Gathman <stuart@bmsi.com> 0.7.0-1
- SPF check hello name
- Move pythonsock to /var/run/milter
- Move milter.cfg to /etc/mail/pymilter.cfg
- Check M$ style XML CID records by converting to SPF
- Recognize, but never match ip6 until we properly support it.
- Option to reject when no PTR and no SPF
-* Fri Apr 09 2004 Stuart Gathman <stuart@bmsi.com> 0.6.9-1
- Validate spf.py against test suite, and add Received-SPF support to spf.py
- Support best_guess for SPF
- Reject numeric hello names
- Preserve case of local part in sender
- Make libmilter timeout a config option
- Fix setup.py to work with python < 2.2.3
-* Tue Apr 06 2004 Stuart Gathman <stuart@bmsi.com> 0.6.8-3
- Reject invalid SRS immediately for benefit of callback verifiers
- Fix include bug in spf.py
-* Tue Apr 06 2004 Stuart Gathman <stuart@bmsi.com> 0.6.8-2
- Bug in check_header
-* Mon Apr 05 2004 Stuart Gathman <stuart@bmsi.com> 0.6.8-1
- Don't report spoofed unless rcpt looks like SRS
- Check for bounce with multiple rcpts
- Make dspam see Received-SPF headers
- Make sysv init work with RH9
-* Thu Mar 25 2004 Stuart Gathman <stuart@bmsi.com> 0.6.7-3
- Forgot to make spf_reject_neutral global in bms.py
-* Wed Mar 24 2004 Stuart Gathman <stuart@bmsi.com> 0.6.7-2
- Defang message/rfc822 content_type with boundary 
- Support SPF delegation
- Reject neutral SPF result for selected domains
-* Tue Mar 23 2004 Stuart Gathman <stuart@bmsi.com> 0.6.7-1
- SRS forgery check.  Detect thread resource starvation.
- Properly remove local socket with explicit type.
- Decode obfuscated subject headers.
-* Wed Mar 11 2004 Stuart Gathman <stuart@bmsi.com> 0.6.6-2
- init script bug with python2.3
-* Wed Mar 10 2004 Stuart Gathman <stuart@bmsi.com> 0.6.6-1
- SPF checking, hello blacklist
-* Mon Mar 08 2004 Stuart Gathman <stuart@bmsi.com> 0.6.5-2
- memory leak in envfrom and envrcpt
-* Mon Mar 01 2004 Stuart Gathman <stuart@bmsi.com> 0.6.5-1
- progress notification
- memory leak in connect
- trusted relay
-* Thu Feb 19 2004 Stuart Gathman <stuart@bmsi.com> 0.6.4-2
- smart alias wildcard patch, compile for sendmail-8.12
-* Thu Dec 04 2003 Stuart Gathman <stuart@bmsi.com> 0.6.4-1
- many fixes for dspam support
-* Wed Oct 22 2003 Stuart Gathman <stuart@bmsi.com> 0.6.3
- dspam SCREEN feature
- streamline dspam false positive handling
-* Mon Sep 01 2003 Stuart Gathman <stuart@bmsi.com> 0.6.1
- Full dspam support added
-* Mon Aug 26 2003 Stuart Gathman <stuart@bmsi.com>
- Use New email module
-* Fri Jun 27 2003 Stuart Gathman <stuart@bmsi.com>
- Add dspam module
@@ -1,18 +1,20 @@
 /* Copyright (C) 2001  James Niemira (niemira@colltech.com, urmane@urmane.org)
+ * Portions Copyright (C) 2001,2002,2003,2004,2005,2006,2007
+ *   Stuart Gathman (stuart@bmsi.com)
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
+ * This program is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 2 of the License, or (at your
+ * option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * milterContext object and thread interface contributed by
 * 	Stuart D. Gathman <stuart@bmsi.com>
@@ -33,6 +35,36 @@ $ python setup.py help
     libraries=["milter","smutil","resolv"]

 * $Log$
+ * Revision 1.10  2006/02/12 02:00:42  customdesigned
+ * Resolve FIXME for wrap_close.
+ *
+ * Revision 1.9  2005/12/23 21:46:36  customdesigned
+ * Compile on sendmail-8.12 (ifdef SMFIR_INSHEADER)
+ *
+ * Revision 1.8  2005/10/20 23:23:36  customdesigned
+ * Include smfi_progress is SMFIR_PROGRESS defined
+ *
+ * Revision 1.7  2005/10/20 23:04:46  customdesigned
+ * Add optional idx for position of added header.
+ *
+ * Revision 1.6  2005/07/15 22:18:17  customdesigned
+ * Support callback exception policy
+ *
+ * Revision 1.5  2005/06/24 04:20:07  customdesigned
+ * Report context allocation error.
+ *
+ * Revision 1.4  2005/06/24 04:12:43  customdesigned
+ * Remove unused name argument to generic wrappers.
+ *
+ * Revision 1.3  2005/06/24 03:57:35  customdesigned
+ * Handle close called before connect.
+ *
+ * Revision 1.2  2005/06/02 04:18:55  customdesigned
+ * Update copyright notices after reading article on /.
+ *
+ * Revision 1.1.1.2  2005/05/31 18:09:06  customdesigned
+ * Release 0.7.1
+ *
 * Revision 2.31  2004/08/23 02:24:36  stuart
 * Support setbacklog
 *
@@ -190,7 +222,7 @@ $ python setup.py help


 /* Yes, these are static.  If you need multiple different callbacks, */
-/* it's cleaner to use multiple filters. */
+/* it's cleaner to use multiple filters, or convert to OO method calls. */
 static PyObject *connect_callback = NULL;
 static PyObject *helo_callback    = NULL;
 static PyObject *envfrom_callback = NULL;
@@ -235,8 +267,11 @@ _get_context(SMFICTX *ctx) {
    PyEval_AcquireThread(t);	/* lock interp */
    self = PyObject_New(milter_ContextObject,&milter_ContextType);
    if (!self) {
-      /* Can't pass on exception since we are called from libmilter */
+      /* Report and clear exception since we are called from libmilter */
+      if (PyErr_Occurred()) {
+	PyErr_Print();
 	PyErr_Clear();
+      }
      PyThreadState_Clear(t);
      PyEval_ReleaseThread(t);
      PyThreadState_Delete(t);
@@ -258,7 +293,7 @@ _find_context(PyObject *c) {
  if (c->ob_type == &milter_ContextType) {
    milter_ContextObject *self = (milter_ContextObject *)c;
    ctx = self->ctx;
-    if (smfi_getpriv(ctx) != self)
+    if (ctx != NULL && smfi_getpriv(ctx) != self)
      ctx = NULL;
  }
  if (ctx == NULL)
@@ -266,23 +301,6 @@ _find_context(PyObject *c) {
  return ctx;
 }

-/* Release the Python Context for a SMFICTX.  */
-static void
-_clear_context(SMFICTX *ctx) {
-  milter_ContextObject *self = smfi_getpriv(ctx);
-  if (self) {
-    PyThreadState *t = self->t;
-    PyEval_AcquireThread(t);
-    self->t = 0;
-    self->ctx = 0;
-    smfi_setpriv(ctx,0);
-    Py_DECREF(self);
-    PyThreadState_Clear(t);
-    PyEval_ReleaseThread(t);
-    PyThreadState_Delete(t);
-  }
-}
-
 static void
 milter_Context_dealloc(PyObject *s) {
  milter_ContextObject *self = (milter_ContextObject *)s;
@@ -327,7 +345,8 @@ CHGHDRS - filter may change/delete headers";

 static PyObject *
 milter_set_flags(PyObject *self, PyObject *args) {
-  if (!PyArg_ParseTuple(args, "i", &description.xxfi_flags)) return NULL;
+  if (!PyArg_ParseTuple(args, "i:set_flags", &description.xxfi_flags))
+    return NULL;
  Py_INCREF(Py_None);
  return Py_None;
 }
@@ -493,17 +512,52 @@ milter_set_close_callback(PyObject *self, PyObject *args) {
  return generic_set_callback(args, "O:set_close_callback", &close_callback);
 }

+static int exception_policy = SMFIS_TEMPFAIL;
+
+static char milter_set_exception_policy__doc__[] =
+"set_exception_policy(i) -> None\n\
+Sets the policy for untrapped Python exceptions during a callback.\n\
+Must be one of TEMPFAIL,REJECT,CONTINUE";
+
+static PyObject *
+milter_set_exception_policy(PyObject *self, PyObject *args) {
+  int i;
+  if (!PyArg_ParseTuple(args, "i:set_exception_policy", &i))
+    return NULL;
+  switch (i) {
+  case SMFIS_REJECT: case SMFIS_TEMPFAIL: case SMFIS_CONTINUE:
+    exception_policy = i;
+    Py_INCREF(Py_None);
+    return Py_None;
+  }
+  PyErr_SetString(MilterError,"invalid exception policy");
+  return NULL;
+}
+
+static void
+_release_thread(PyThreadState *t) {
+  if (t != NULL)
+    PyEval_ReleaseThread(t);
+}
+
 /** Report and clear any python exception before returning to libmilter. 
  The interpreter is locked when we are called, and we unlock it.  */
 static int _report_exception(milter_ContextObject *self) {
  if (PyErr_Occurred()) {
    PyErr_Print();
    PyErr_Clear();	/* must clear since not returning to python */
-    PyEval_ReleaseThread(self->t);
+    _release_thread(self->t);
+    switch (exception_policy) {
+      case SMFIS_REJECT:
+	smfi_setreply(self->ctx, "554", "5.3.0", "Filter failure");
+	return SMFIS_REJECT;
+      case SMFIS_TEMPFAIL:
 	smfi_setreply(self->ctx, "451", "4.3.0", "Filter failure");
 	return SMFIS_TEMPFAIL;
    }
-  PyEval_ReleaseThread(self->t);
+    return SMFIS_CONTINUE;
+  }
+  _release_thread(self->t);
  return SMFIS_CONTINUE;
 }

@@ -522,7 +576,7 @@ _generic_wrapper(milter_ContextObject *self, PyObject *cb, PyObject *arglist) {
  retval = PyInt_AsLong(result);
  Py_DECREF(result);
  if (PyErr_Occurred()) return _report_exception(self);
-  PyEval_ReleaseThread(self->t);
+  _release_thread(self->t);
  return retval;
 }

@@ -612,7 +666,7 @@ milter_wrap_helo(SMFICTX *ctx, char *helohost) {
 }

 static int
-generic_env_wrapper(SMFICTX *ctx, PyObject*cb, char **argv, const char *name) {
+generic_env_wrapper(SMFICTX *ctx, PyObject*cb, char **argv) {
   PyObject *arglist;
   milter_ContextObject *self;
   int count = 0;
@@ -649,12 +703,12 @@ generic_env_wrapper(SMFICTX *ctx, PyObject*cb, char **argv, const char *name) {

 static int
 milter_wrap_envfrom(SMFICTX *ctx, char **argv) {
-  return generic_env_wrapper(ctx,envfrom_callback,argv,"milter_wrap_envfrom");
+  return generic_env_wrapper(ctx,envfrom_callback,argv);
 }

 static int
 milter_wrap_envrcpt(SMFICTX *ctx, char **argv) {
-  return generic_env_wrapper(ctx,envrcpt_callback,argv,"milter_wrap_envrcpt");
+  return generic_env_wrapper(ctx,envrcpt_callback,argv);
 }    
  
 static int
@@ -670,7 +724,7 @@ milter_wrap_header(SMFICTX *ctx, char *headerf, char *headerv) {
 }

 static int
-generic_noarg_wrapper(SMFICTX *ctx,PyObject *cb,const char *name) {
+generic_noarg_wrapper(SMFICTX *ctx,PyObject *cb) {
   PyObject *arglist;
   milter_ContextObject *c;
   if (cb == NULL) return SMFIS_CONTINUE;
@@ -682,7 +736,7 @@ generic_noarg_wrapper(SMFICTX *ctx,PyObject *cb,const char *name) {

 static int
 milter_wrap_eoh(SMFICTX *ctx) {
-  return generic_noarg_wrapper(ctx,eoh_callback,"milter_wrap_eoh");
+  return generic_noarg_wrapper(ctx,eoh_callback);
 }   

 static int
@@ -700,23 +754,42 @@ milter_wrap_body(SMFICTX *ctx, u_char *bodyp, size_t bodylen) {

 static int
 milter_wrap_eom(SMFICTX *ctx) {
-  return generic_noarg_wrapper(ctx,eom_callback,"milter_wrap_eom");
+  return generic_noarg_wrapper(ctx,eom_callback);
 }

 static int
 milter_wrap_abort(SMFICTX *ctx) {
  /* libmilter still calls close after abort */
-  return generic_noarg_wrapper(ctx,abort_callback,"milter_wrap_abort");
+  return generic_noarg_wrapper(ctx,abort_callback);
 }

 static int
 milter_wrap_close(SMFICTX *ctx) {
-  int r = generic_noarg_wrapper(ctx,close_callback,"milter_wrap_close");
-  /* FIXME: It is inefficient to have released the interp lock only to
-     acquire it again in _clear_context.  We can tell _generic_return and
-     friends not to release the lock by, for instance, setting self->t to NULL.
-     However, first we make it work. */
-  _clear_context(ctx);
+  /* xxfi_close can be called out of order - even before connect.  
+   * There may not yet be a private context pointer.  To avoid
+   * creating a ThreadContext and allocating a milter context only
+   * to destroy them, and to avoid invoking the python close_callback when
+   * connect has never been called, we don't use generic_noarg_wrapper here. */
+  PyObject *cb = close_callback;
+  milter_ContextObject *self = smfi_getpriv(ctx);
+  int r = SMFIS_CONTINUE;
+  if (self != NULL) {
+    PyThreadState *t = self->t;
+    PyEval_AcquireThread(t);
+    self->t = 0;
+    if (cb != NULL && self->ctx == ctx) {
+      PyObject *arglist = Py_BuildValue("(O)", self);
+      /* Call python close callback, but do not ReleaseThread, because
+       * self->t is NULL */
+      r = _generic_wrapper(self, cb, arglist);
+    }
+    self->ctx = 0;
+    smfi_setpriv(ctx,0);
+    Py_DECREF(self);
+    PyThreadState_Clear(t);
+    PyEval_ReleaseThread(t);
+    PyThreadState_Delete(t);
+  }
  return r;
 }

@@ -905,28 +978,39 @@ milter_setreply(PyObject *self, PyObject *args) {
 }

 static char milter_addheader__doc__[] =
-"addheader(field, value) -> None\n\
+"addheader(field, value, idx=-1) -> None\n\
 Add a header to the message. This header is not passed to other\n\
 filters. It is not checked for standards compliance;\n\
 the mail filter must ensure that no protocols are violated\n\
 as a result of adding this header.\n\
 field - header field name\n\
 value - header field value\n\
+idx - optional position in internal header list to insert new header\n\
 Both are strings.  This function can only be called from the EOM callback.";

 static PyObject *
 milter_addheader(PyObject *self, PyObject *args) {
  char *headerf;
  char *headerv;
+  int idx = -1;
  SMFICTX *ctx;
  PyThreadState *t;

-  if (!PyArg_ParseTuple(args, "ss:addheader", &headerf, &headerv)) return NULL;
+  if (!PyArg_ParseTuple(args, "ss|i:addheader", &headerf, &headerv, &idx))
+    return NULL;
  ctx = _find_context(self);
  if (ctx == NULL) return NULL;
  t = PyEval_SaveThread();
+#ifdef SMFIR_INSHEADER
+  return _thread_return(t, (idx < 0) ? smfi_addheader(ctx, headerf, headerv) :
+      smfi_insheader(ctx, idx, headerf, headerv), "cannot add header");
+#else
+  if (idx < 0)
    return _thread_return(t, smfi_addheader(ctx, headerf, headerv),
 	"cannot add header");
+  PyErr_SetString(MilterError, "insheader not supported");
+  return NULL;
+#endif
 }

 static char milter_chgheader__doc__[] =
@@ -1081,7 +1165,7 @@ milter_quarantine(PyObject *self, PyObject *args) {
 }
 #endif

-#if _FFR_SMFI_PROGRESS
+#ifdef SMFIR_PROGRESS
 static char milter_progress__doc__[] =
 "progress() -> None\n\
 Notify the MTA that we are working on a message so it will reset timeouts.";
@@ -1112,7 +1196,7 @@ static PyMethodDef context_methods[] = {
 #ifdef SMFIF_QUARANTINE
  { "quarantine",  milter_quarantine,  METH_VARARGS, milter_quarantine__doc__},
 #endif
-#if _FFR_SMFI_PROGRESS
+#ifdef SMFIR_PROGRESS
  { "progress",  milter_progress,  METH_VARARGS, milter_progress__doc__},
 #endif
  { NULL, NULL }
@@ -1151,6 +1235,8 @@ static PyMethodDef milter_methods[] = {
   { "set_eom_callback",     milter_set_eom_callback,     METH_VARARGS, milter_set_eom_callback__doc__},
   { "set_abort_callback",   milter_set_abort_callback,   METH_VARARGS, milter_set_abort_callback__doc__},
   { "set_close_callback",   milter_set_close_callback,   METH_VARARGS, milter_set_close_callback__doc__},
+   { "set_exception_policy",   milter_set_exception_policy,METH_VARARGS, milter_set_exception_policy__doc__},
+   { "register",             milter_register,             METH_VARARGS, milter_register__doc__},
   { "register",             milter_register,             METH_VARARGS, milter_register__doc__},
   { "main",                 milter_main,                 METH_VARARGS, milter_main__doc__},
   { "setdbg",               milter_setdbg,               METH_VARARGS, milter_setdbg__doc__},
@@ -1,4 +1,41 @@
 # $Log$
+# Revision 1.4  2005/06/17 01:49:39  customdesigned
+# Handle zip within zip.
+#
+# Revision 1.3  2005/06/02 15:00:17  customdesigned
+# Configure banned extensions.  Scan zipfile option with test case.
+#
+# Revision 1.2  2005/06/02 04:18:55  customdesigned
+# Update copyright notices after reading article on /.
+#
+# Revision 1.1.1.4  2005/05/31 18:23:49  customdesigned
+# Development changes since 0.7.2
+#
+# Revision 1.62  2005/02/14 22:31:17  stuart
+# _parseparam replacement not needed for python2.4
+#
+# Revision 1.61  2005/02/12 02:11:11  stuart
+# Pass unit tests with python2.4.
+#
+# Revision 1.60  2005/02/11 18:34:14  stuart
+# Handle garbage after quote in boundary.
+#
+# Revision 1.59  2005/02/10 01:10:59  stuart
+# Fixed MimeMessage.ismodified()
+#
+# Revision 1.58  2005/02/10 00:56:49  stuart
+# Runs with python2.4.  Defang not working correctly - more work needed.
+#
+# Revision 1.57  2004/11/20 16:37:52  stuart
+# fix regex for splitting header and body
+#
+# Revision 1.56  2004/11/09 20:33:51  stuart
+# Recognize more dynamic PTR variations.
+#
+# Revision 1.55  2004/10/06 21:39:20  stuart
+# Handle message attachments with boundary errors by not parsing them
+# until needed.
+#
 # Revision 1.54  2004/08/18 01:59:46  stuart
 # Handle mislabeled multipart messages
 #
@@ -37,29 +74,34 @@
 # with a warning message.

 # Author: Stuart D. Gathman <stuart@bmsi.com>
-# Copyright 2001 Business Management Systems, Inc.
-# This code is under GPL.  See COPYING for details.
+# Copyright 2001,2002,2003,2004,2005 Business Management Systems, Inc.
+# This code is under the GNU General Public License.  See COPYING for details.

 import StringIO
 import socket
 import Milter
+import zipfile
+
 import email
 import email.Message
 from email.Message import Message
 from email.Generator import Generator
 from email.Utils import quote
 from email import Utils
+from email.Parser import Parser
+from email import Errors

 from types import ListType,StringType

-# Enhance email.Parser
-# - Fix _parsebody to decode message attachments before parsing
-
-from email.Parser import Parser
-try: from email.Parser import NLCRE
-except: from email.Parser import nlcre as NLCRE
-
-from email import Errors
+def zipnames(txt):
+  fp =  StringIO.StringIO(txt)
+  zipf = zipfile.ZipFile(fp,'r')
+  names = []
+  for nm in zipf.namelist():
+    names.append(('zipname',nm))
+    if nm.lower().endswith('.zip'):
+      names += zipnames(zipf.read(nm))
+  return names

 class MimeGenerator(Generator):
    def _dispatch(self, msg):
@@ -73,146 +115,6 @@ class MimeGenerator(Generator):
 	else:
 	  Generator._dispatch(self,msg)

-class MimeParser(Parser):
-
-    # This is a copy of _parsebody from email.Parser, with a fix
-    # for message attachments.  I couldn't find a smaller way to patch it
-    # in a subclass.
-
-    def _parsebody(self, container, fp, firstbodyline=None):
-        # Parse the body, but first split the payload on the content-type
-        # boundary if present.
-        boundary = container.get_boundary()
-        isdigest = (container.get_content_type() == 'multipart/digest')
-        # If there's a boundary, split the payload text into its constituent
-        # parts and parse each separately.  Otherwise, just parse the rest of
-        # the body as a single message.  Note: any exceptions raised in the
-        # recursive parse need to have their line numbers coerced.
-        if boundary:
-            preamble = epilogue = None
-            # Split into subparts.  The first boundary we're looking for won't
-            # always have a leading newline since we're at the start of the
-            # body text, and there's not always a preamble before the first
-            # boundary.
-            separator = '--' + boundary
-            payload = fp.read()
-            if firstbodyline is not None:
-                payload = firstbodyline + '\n' + payload
-            # We use an RE here because boundaries can have trailing
-            # whitespace.
-            mo = re.search(
-                r'(?P<sep>' + re.escape(separator) + r')(?P<ws>[ \t]*)',
-                payload)
-            if not mo:
-                if self._strict:
-                    raise Errors.BoundaryError(
-                        "Couldn't find starting boundary: %s" % boundary)
-                container.set_payload(payload)
-                return
-            start = mo.start()
-            if start > 0:
-                # there's some pre-MIME boundary preamble
-                preamble = payload[0:start]
-            # Find out what kind of line endings we're using
-            start += len(mo.group('sep')) + len(mo.group('ws'))
-            mo = NLCRE.search(payload, start)
-            if mo:
-                start += len(mo.group(0))
-            # We create a compiled regexp first because we need to be able to
-            # specify the start position, and the module function doesn't
-            # support this signature. :(
-            cre = re.compile('(?P<sep>\r\n|\r|\n)' +
-                             re.escape(separator) + '--')
-            mo = cre.search(payload, start)
-            if mo:
-                terminator = mo.start()
-                linesep = mo.group('sep')
-                if mo.end() < len(payload):
-                    # There's some post-MIME boundary epilogue
-                    epilogue = payload[mo.end():]
-            elif self._strict:
-                raise Errors.BoundaryError(
-                        "Couldn't find terminating boundary: %s" % boundary)
-            else:
-                # Handle the case of no trailing boundary.  Check that it ends
-                # in a blank line.  Some cases (spamspamspam) don't even have
-                # that!
-                mo = re.search('(?P<sep>\r\n|\r|\n){2}$', payload)
-                if not mo:
-                    mo = re.search('(?P<sep>\r\n|\r|\n)$', payload)
-                    if not mo:
-                        raise Errors.BoundaryError(
-                          'No terminating boundary and no trailing empty line')
-                linesep = mo.group('sep')
-                terminator = len(payload)
-            # We split the textual payload on the boundary separator, which
-            # includes the trailing newline. If the container is a
-            # multipart/digest then the subparts are by default message/rfc822
-            # instead of text/plain.  In that case, they'll have a optional
-            # block of MIME headers, then an empty line followed by the
-            # message headers.
-            parts = re.split(
-                linesep + re.escape(separator) + r'[ \t]*' + linesep,
-                payload[start:terminator])
-            for part in parts:
-                if isdigest:
-                    if part.startswith(linesep):
-                        # There's no header block so create an empty message
-                        # object as the container, and lop off the newline so
-                        # we can parse the sub-subobject
-                        msgobj = self._class()
-                        part = part[len(linesep):]
-                    else:
-                        parthdrs, part = part.split(linesep+linesep, 1)
-                        # msgobj in this case is the "message/rfc822" container
-                        msgobj = self.parsestr(parthdrs, headersonly=1)
-                    # while submsgobj is the message itself
-                    msgobj.set_default_type('message/rfc822')
-                    maintype = msgobj.get_content_maintype()
-                    if maintype in ('message', 'multipart'):
-                        submsgobj = self.parsestr(part)
-                        msgobj.attach(submsgobj)
-                    else:
-                        msgobj.set_payload(part)
-                else:
-                    msgobj = self.parsestr(part)
-                container.preamble = preamble
-                container.epilogue = epilogue
-                container.attach(msgobj)
-        elif container.get_main_type() == 'multipart':
-            # Very bad.  A message is a multipart with no boundary!
-            raise Errors.BoundaryError(
-                'multipart message with no defined boundary')
-        elif container.get_type() == 'message/delivery-status':
-            # This special kind of type contains blocks of headers separated
-            # by a blank line.  We'll represent each header block as a
-            # separate Message object
-            blocks = []
-            while True:
-                blockmsg = self._class()
-                self._parseheaders(blockmsg, fp)
-                if not len(blockmsg):
-                    # No more header blocks left
-                    break
-                blocks.append(blockmsg)
-            container.set_payload(blocks)
-        elif container.get_main_type() == 'message':
-            # Create a container for the payload, but watch out for there not
-            # being any headers left
-            container.set_payload(fp.read())
-	    fp = StringIO.StringIO(container.get_payload(decode=True))
-            try:
-                msg = self.parse(fp)
-            except Errors.HeaderParseError:
-                msg = self._class()
-                self._parsebody(msg, fp)
-            container.set_payload([msg])
-        else:
-            text = fp.read()
-            if firstbodyline is not None:
-                text = firstbodyline + '\n' + text
-            container.set_payload(text)
-
 def unquote(s):
    """Remove quotes from a string."""
    if len(s) > 1:
@@ -221,7 +123,8 @@ def unquote(s):
            s = s[1:-1]
 	  else: # remove garbage after trailing quote
 	    try: s = s[1:s[1:].index('"')+1]
-	    except: return s
+	    except:
+	      return s
 	  return s.replace('\\\\', '\\').replace('\\"', '"')
        if s.startswith('<') and s.endswith('>'):
 	  return s[1:-1]
@@ -235,27 +138,11 @@ def _unquotevalue(value):
  else:
      return unquote(value)

-email.Message._unquotevalue = _unquotevalue
+#email.Message._unquotevalue = _unquotevalue

-def _parseparam(s):
-    plist = []
-    while s[:1] == ';':
-	s = s[1:]
-	end = s.find(';')
-	while end > 0 and (s.count('"',0,end) & 1):
-	  end = s.find(';',end + 1)
-	if end < 0: end = len(s)
-	f = s[:end]
-	if '=' in f:
-	    i = f.index('=')
-	    f = f[:i].strip().lower() + \
-		    '=' + f[i+1:].strip()
-	plist.append(f.strip())
-	s = s[end:]
-    return plist
+from email.Message import _parseparam

 # Enhance email.Message 
-# - Fix getparam to parse attributes IE style
 # - Provide a headerchange event for integration with Milter
 #   Headerchange attribute can be assigned a function to be called when
 #   changing headers.  The signature is:
@@ -266,64 +153,19 @@ class MimeMessage(Message):
  """Version of email.Message.Message compatible with old mime module
  """
  def __init__(self,fp=None,seekable=1):
+    Message.__init__(self)
    self.headerchange = None
    self.submsg = None
-    Message.__init__(self)
-    self.fp = fp
-    if fp:
-      parser = MimeParser(MimeMessage)
-      self.startofheaders = fp.tell()
-      parser._parseheaders(self,fp)
-      self.startofbody = fp.tell()
-      parser._parsebody(self,fp)
-    for part in self.walk():
-      part.modified = False
+    self.modified = False

-  def rewindbody(self):
-    return self.fp.seek(self.startofbody)
+  def get_param(self, param, failobj=None, header='content-type', unquote=True):
+    val = Message.get_param(self,param,failobj,header,unquote)
+    if val != failobj and param == 'boundary' and unquote:
+      # unquote boundaries an extra time, test case testDefang5
+      return _unquotevalue(val)
+    return val

-  # override param parsing to handle quotes
-  def _get_params_preserve(self,failobj=None,header='content-type'):
-    "Return all parameter names and values. Use parser that handles quotes."
-    missing = []
-    value = self.get(header, missing)
-    if value is missing:
-	return failobj
-    params = []
-    for p in _parseparam(';' + value):
-	  try:
-	      name, val = p.split('=', 1)
-	      name = name.strip()
-	      val = val.strip()
-	  except ValueError:
-	      # Must have been a bare attribute
-	      name = p.strip()
-	      val = ''
-	  params.append((name, val))
-    params = Utils.decode_params(params)
-    return params
-
-  def get_filename(self, failobj=None):
-      """Return the filename associated with the payload if present.
-
-      The filename is extracted from the Content-Disposition header's
-      `filename' parameter, and it is unquoted.
-      """
-      missing = []
-      filename = self.get_param('filename', missing, 'content-disposition')
-      if filename is missing:
-	  return failobj
-      if isinstance(filename, TupleType):
-	  # It's an RFC 2231 encoded parameter
-	  newvalue = _unquotevalue(filename)
-	  if newvalue[0]:
-	    return unicode(newvalue[2], newvalue[0])
-	  return unicode(newvalue[2])
-      else:
-	  newvalue = _unquotevalue(filename.strip())
-	  return newvalue
-
-  getfilename = get_filename
+  getfilename = Message.get_filename
  ismultipart = Message.is_multipart
  getheaders = Message.get_all
  gettype = Message.get_content_type
@@ -334,11 +176,11 @@ class MimeMessage(Message):
  def getname(self):
    return self.get_param('name')

-  def getnames(self):
+  def getnames(self,scan_zip=False):
    """Return a list of (attr,name) pairs of attributes that IE might
       interpret as a name - and hence decide to execute this message."""
    names = []
-    for attr,val in self.get_params([]):
+    for attr,val in self._get_params_preserve([],'content-type'):
      if isinstance(val, TupleType):
 	  # It's an RFC 2231 encoded parameter
 	  newvalue = _unquotevalue(val)
@@ -349,12 +191,19 @@ class MimeMessage(Message):
      else:
 	  val = _unquotevalue(val.strip())
      names.append((attr,val))
-    return names + [("filename",self.get_filename())]
+    names += [("filename",self.get_filename())]
+    if scan_zip:
+      for key,name in tuple(names):	# copy by converting to tuple
+	if name and name.lower().endswith('.zip'):
+	  txt = self.get_payload(decode=True)
+	  if txt.strip():
+	    names += zipnames(txt)
+    return names

  def ismodified(self):
    "True if this message or a subpart has been modified."
    if not self.is_multipart():
-      if self.submsg:
+      if isinstance(self.submsg,Message):
        return self.submsg.ismodified()
      return self.modified
    if self.modified: return True
@@ -401,7 +250,7 @@ class MimeMessage(Message):

  def get_payload(self,i=None,decode=False):
    msg = self.submsg
-    if msg and msg.ismodified():
+    if isinstance(msg,Message) and msg.ismodified():
      self.set_payload([msg])
    return Message.get_payload(self,i,decode)

@@ -415,18 +264,27 @@ class MimeMessage(Message):
    self.submsg = None

  def get_submsg(self):
-    if self.get_content_type().lower() == 'message/rfc822':
+    t = self.get_content_type().lower()
+    if t == 'message/rfc822' or t.startswith('multipart/'):
      if not self.submsg:
        txt = self.get_payload()
 	if type(txt) == str:
 	  txt = self.get_payload(decode=True)
-	  parser = MimeParser(MimeMessage)
-	  self.submsg = parser.parsestr(txt)
+	  self.submsg = email.message_from_string(txt,MimeMessage)
+	  for part in self.submsg.walk():
+	    part.modified = False
 	else:
 	  self.submsg = txt[0]
      return self.submsg
    return None

+def message_from_file(fp):
+  msg = email.message_from_file(fp,MimeMessage)
+  for part in msg.walk():
+    part.modified = False
+  assert not msg.ismodified()
+  return msg
+
 extlist = ''.join("""
 ade,adp,asd,asx,asp,bas,bat,chm,cmd,com,cpl,crt,dll,exe,hlp,hta,inf,ins,isp,js,
 jse,lnk,mdb,mde,msc,msi,msp,mst,ocx,pcd,pif,reg,scr,sct,shs,url,vb,vbe,vbs,wsc,
@@ -448,11 +306,20 @@ A copy of your original message was saved as '%s:%s'.
 See your administrator.
 """

-def check_name(msg,savname=None,ckname=check_ext):
+def check_name(msg,savname=None,ckname=check_ext,scan_zip=False):
  "Replace attachment with a warning if its name is suspicious."
-  for key,name in msg.getnames():
+  try:
+    for key,name in msg.getnames(scan_zip):
      badname = ckname(name)
      if badname:
+        if key == 'zipname':
+          badname = msg.get_filename()
+	break
+    else:
+      return Milter.CONTINUE
+  except zipfile.BadZipfile:
+    # a ZIP that is not a zip is very suspicious
+    badname = msg.get_filename()
  hostname = socket.gethostname()
  msg.set_payload(virus_msg % (badname,hostname,savname))
  del msg["content-type"]
@@ -460,7 +327,6 @@ def check_name(msg,savname=None,ckname=check_ext):
  del msg["content-transfer-encoding"]
  name = "WARNING.TXT"
  msg["Content-Type"] = "text/plain; name="+name
-      break
  return Milter.CONTINUE

 import email.Iterators
@@ -471,7 +337,7 @@ msg	MimeMessage
 check	function(MimeMessage): int
 	Return CONTINUE, REJECT, ACCEPT
  """
-  if msg.ismultipart() and not msg.get_content_type() == 'message/rfc822':
+  if msg.is_multipart():
    for i in msg.get_payload():
      rc = check_attachments(i,check)
      if rc != Milter.CONTINUE: return rc
@@ -480,28 +346,35 @@ check	function(MimeMessage): int

 # save call context for Python without nested_scopes
 class _defang:
-  def __init__(self,savname,check):
-    self._savname = savname
-    self._check = check
-    self.scan_rfc822 = True
-    self.scan_html = True
+
+  def __init__(self,scan_html=True):
+    self.scan_html = scan_html
+
  def _chk_name(self,msg):
-    rc = check_name(msg,self._savname,self._check)
+    rc = check_name(msg,self._savname,self._check,self.scan_zip)
    if self.scan_html:
      check_html(msg,self._savname)	# remove scripts from HTML
    if self.scan_rfc822:
      msg = msg.get_submsg()
-      if msg: return check_attachments(msg,self._chk_name)
+      if isinstance(msg,Message):
+        return check_attachments(msg,self._chk_name)
    return rc

-# emulate old defang function
-def defang(msg,savname=None,check=check_ext):
+  def __call__(self,msg,savname=None,check=check_ext,scan_rfc822=True,
+  		scan_zip=False):
    """Compatible entry point.
    Replace all attachments with dangerous names."""
-  check_attachments(msg,_defang(savname,check)._chk_name)
+    self._savname = savname
+    self._check = check
+    self.scan_rfc822 = scan_rfc822
+    self.scan_zip = scan_zip
+    check_attachments(msg,self._chk_name)
    if msg.ismodified():
-    return 1;
-  return 0
+      return True
+    return False
+
+# emulate old defang function
+defang = _defang()

 import sgmllib

@@ -631,3 +504,20 @@ def check_html(msg,savname=None):
      del msg["content-transfer-encoding"]
      email.Encoders.encode_quopri(msg)
  return Milter.CONTINUE
+
+if __name__ == '__main__':
+  import sys
+  def _list_attach(msg):
+    t = msg.get_content_type()
+    p = msg.get_payload(decode=True)
+    print msg.get_filename(),msg.get_content_type(),type(p)
+    msg = msg.get_submsg()
+    if isinstance(msg,Message):
+      return check_attachments(msg,_list_attach)
+    return Milter.CONTINUE
+
+  for fname in sys.argv[1:]:
+    fp = open(fname)
+    msg = message_from_file(fp)
+    email.Iterators._structure(msg)
+    check_attachments(msg,_list_attach)
@@ -0,0 +1,39 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
+Subject: SPF %(result)s (POSSIBLE FORGERY)
+Auto-Submitted: auto-generated (sender verification)
+
+This is an automatically generated Delivery Status Notification.
+
+THIS IS A WARNING MESSAGE ONLY.
+
+YOU DO *NOT* NEED TO RESEND YOUR MESSAGE.
+
+Delivery to the following recipients has been delayed.
+
+       %(rcpt)s
+
+Subject: %(subject)s
+Received-SPF: %(spf_result)s
+
+Your sender policy (or lack thereof) indicated that the above email was not
+sent via an authorized SMTP server, but may still be legitimate.  Since there
+is no positive confirmation that the message is really from you, we have
+to give it extra scrutiny - including verifying that the sender really
+exists by sending you this DSN.  We will remember this sender and not
+bother you again for a while.  You can avoid this message entirely for
+legitimate mail by using an authorized SMTP server.  Contact your mail
+administrator and ask how to configure your email client to use an
+authorized server.
+
+If you never sent the above message, then your domain has been forged.
+Your mail admin needs to publish a strict SPF record so that I can reject
+those forgeries instead of bugging you about them.  
+
+See http://openspf.org for details.
+
+If you need further assistance, please do not hesitate to contact me.
+
+Kind regards,
+
+postmaster@%(receiver)s
@@ -0,0 +1,35 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
+Subject: Critical SPF configuration error
+Auto-Submitted: auto-generated (configuration error)
+
+This is an automatically generated Delivery Status Notification.
+
+THIS IS A WARNING MESSAGE ONLY.
+
+YOU DO *NOT* NEED TO RESEND YOUR MESSAGE.
+
+Delivery to the following recipients has been delayed.
+
+	%(rcpt)s
+
+Subject: %(subject)s 
+Received-SPF: %(spf_result)s
+
+Your spf record has a permanent error.  The error was:
+
+	%(perm_error)s
+
+We will reinterpret your record using "lax" processing heuristics
+which may result in your mail being accepted anyway.  But you or your
+mail administrator need to fix your SPF record as soon as possible.
+
+We are sending you this message to alert you to the fact that
+you have problems with your email configuration.
+
+If you need further assistance, please do not hesitate to
+contact me again.
+
+Kind regards,
+
+postmaster@%(receiver)s
@@ -0,0 +1,454 @@
+# This spec file contains 2 noarch packages in addition to the pymilter
+# module.  To compile all three on 32-bit Intel, use:
+# rpmbuild -ba --target=i386,noarch pymilter.spec
+
+%define __python python2.4
+%define version 0.8.10
+%define release 2%{?dist}.py24
+# what version of RH are we building for?
+%define redhat7 0
+
+# Options for Redhat version 6.x:
+# rpm -ba|--rebuild --define "rh7 1"
+%{?rh7:%define redhat7 1}
+
+# some systems dont have initrddir defined
+%{?_initrddir:%define _initrddir /etc/rc.d/init.d}
+
+%if %{redhat7} 
+# Redhat 7.x and earlier (multiple ps lines per thread)
+%define sysvinit milter.rc7
+%else	
+%define sysvinit milter.rc
+%endif
+# RH9, other systems (single ps line per process)
+%ifos aix4.1
+%define libdir /var/log/milter
+%else
+%define libdir /usr/lib/pymilter
+%endif
+
+%ifarch noarch
+Name: milter
+Group: Applications/System
+Summary:  BMS spam and reputation milter
+Version: %{version}
+Release: %{release}
+Source: pymilter-%{version}.tar.gz
+#Patch: %{name}-%{version}.patch
+License: GPL
+Group: Development/Libraries
+BuildRoot: %{_tmppath}/%{name}-buildroot
+Prefix: %{_prefix}
+Vendor: Stuart D. Gathman <stuart@bmsi.com>
+Packager: Stuart D. Gathman <stuart@bmsi.com>
+Url: http://www.bmsi.com/python/milter.html
+Requires: %{__python} >= 2.4, pyspf >= 2.0.4, pymilter
+%ifos Linux
+Requires: chkconfig
+%endif
+
+%description -n milter
+A complex but effective spam filtering, SPF checking, and reputation tracking
+mail application.  It uses pydspam if installed for bayesian filtering.
+
+%package spf
+Group: Applications/System
+Summary:  BMS spam and reputation milter
+Requires: pyspf >= 2.0.4, pymilter
+Obsoletes: pymilter-spf
+
+%description spf
+A simple mail filter to add Received-SPF headers and reject forged mail.
+Rejection policy is configured via sendmail access file.
+
+%prep
+%setup -n pymilter-%{version}
+#patch -p0 -b .bms
+
+%install
+rm -rf $RPM_BUILD_ROOT
+mkdir -p $RPM_BUILD_ROOT/var/log/milter
+mkdir -p $RPM_BUILD_ROOT/etc/mail
+mkdir $RPM_BUILD_ROOT/var/log/milter/save
+mkdir -p $RPM_BUILD_ROOT%{libdir}
+cp *.txt $RPM_BUILD_ROOT/var/log/milter
+cp bms.py spfmilter.py $RPM_BUILD_ROOT%{libdir}
+cp milter.cfg $RPM_BUILD_ROOT/etc/mail/pymilter.cfg
+cp spfmilter.cfg $RPM_BUILD_ROOT/etc/mail
+
+# logfile rotation
+mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
+cat >$RPM_BUILD_ROOT/etc/logrotate.d/milter <<'EOF'
+/var/log/milter/milter.log {
+  copytruncate
+  compress
+}
+/var/log/milter/banned_ips {
+  rotate 7
+  daily
+  copytruncate
+}
+EOF
+
+# purge saved defanged message copies
+mkdir -p $RPM_BUILD_ROOT/etc/cron.daily
+%ifos aix4.1
+R=
+%else
+R='-r'
+%endif
+cat >$RPM_BUILD_ROOT/etc/cron.daily/milter <<'EOF'
+#!/bin/sh
+
+find /var/log/milter/save -mtime +7 | xargs $R rm
+# work around memory leak
+/etc/init.d/milter condrestart
+EOF
+chmod a+x $RPM_BUILD_ROOT/etc/cron.daily/milter
+
+%ifnos aix4.1
+mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
+cp %{sysvinit} $RPM_BUILD_ROOT/etc/rc.d/init.d/milter
+cp spfmilter.rc $RPM_BUILD_ROOT/etc/rc.d/init.d/spfmilter
+ed $RPM_BUILD_ROOT/etc/rc.d/init.d/milter <<'EOF'
+/^python=/
+c
+python="%{__python}"
+.
+w
+q
+EOF
+ed $RPM_BUILD_ROOT/etc/rc.d/init.d/spfmilter <<'EOF'
+/^python=/
+c
+python="%{__python}"
+.
+w
+q
+EOF
+%endif	# aix4.1
+
+mkdir -p $RPM_BUILD_ROOT/usr/share/sendmail-cf/hack
+cp -p rhsbl.m4 $RPM_BUILD_ROOT/usr/share/sendmail-cf/hack
+
+%ifos aix4.1
+%post
+mkssys -s milter -p %{libdir}/start.sh -u 25 -S -n 15 -f 9 -G mail || :
+
+%preun
+if [ $1 = 0 ]; then
+  rmssys -s milter || :
+fi
+%else # not aix4.1
+%post -n milter
+#echo "pythonsock has moved to /var/run/milter, update /etc/mail/sendmail.cf"
+/sbin/chkconfig --add milter
+
+%preun -n milter
+if [ $1 = 0 ]; then
+  /sbin/chkconfig --del milter
+fi
+%post spf
+#echo "pythonsock has moved to /var/run/milter, update /etc/mail/sendmail.cf"
+/sbin/chkconfig --add spfmilter
+
+%preun spf
+if [ $1 = 0 ]; then
+  /sbin/chkconfig --del spfmilter
+fi
+%endif # aix4.1
+
+%files 
+%defattr(-,root,root)
+/etc/logrotate.d/milter
+/etc/cron.daily/milter
+%ifos aix4.1
+%defattr(-,smmsp,mail)
+%else
+/etc/rc.d/init.d/milter
+%defattr(-,mail,mail)
+%endif
+%dir /var/log/milter
+%dir /var/log/milter/save
+%config %{libdir}/bms.py
+%config(noreplace) /var/log/milter/strike3.txt
+%config(noreplace) /var/log/milter/softfail.txt
+%config(noreplace) /var/log/milter/fail.txt
+%config(noreplace) /var/log/milter/neutral.txt
+%config(noreplace) /var/log/milter/quarantine.txt
+%config(noreplace) /var/log/milter/permerror.txt
+%config(noreplace) /var/log/milter/temperror.txt
+%config(noreplace) /etc/mail/pymilter.cfg
+/usr/share/sendmail-cf/hack/rhsbl.m4
+
+%files spf
+%defattr(-,root,root)
+%dir /var/log/milter
+%{libdir}/spfmilter.py*
+%config(noreplace) /etc/mail/spfmilter.cfg
+/etc/rc.d/init.d/spfmilter
+
+%else # not noarch
+
+%define name pymilter
+Summary: Python interface to sendmail milter API
+Name: %{name}
+Version: %{version}
+Release: %{release}
+Source: %{name}-%{version}.tar.gz
+#Patch: %{name}-%{version}.patch
+License: GPL
+Group: Development/Libraries
+BuildRoot: %{_tmppath}/%{name}-buildroot
+Prefix: %{_prefix}
+Vendor: Stuart D. Gathman <stuart@bmsi.com>
+Packager: Stuart D. Gathman <stuart@bmsi.com>
+Url: http://www.bmsi.com/python/milter.html
+Requires: %{__python} >= 2.4, sendmail >= 8.13
+BuildRequires: %{__python}-devel >= 2.4, sendmail-devel >= 8.13
+
+%description
+This is a python extension module to enable python scripts to
+attach to sendmail's libmilter functionality.  Additional python
+modules provide for navigating and modifying MIME parts, sending
+DSNs, and doing CBV.
+
+%prep
+%setup
+#patch -p0 -b .bms
+
+%build
+%if %{redhat7} 
+  LDFLAGS="-s"
+%else # Redhat builds debug packages after 7.3
+  LDFLAGS="-g"
+%endif
+env CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$LDFLAGS" %{__python} setup.py build
+
+%install
+rm -rf $RPM_BUILD_ROOT
+%{__python} setup.py install --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES
+mkdir -p $RPM_BUILD_ROOT/var/run/milter
+mkdir -p $RPM_BUILD_ROOT%{libdir}
+%ifos aix4.1
+cat >$RPM_BUILD_ROOT%{libdir}/start.sh <<'EOF'
+#!/bin/sh
+cd /var/log/milter
+# uncomment to enable sgmlop if installed
+#export PYTHONPATH=/usr/local/lib/python2.1/site-packages
+exec /usr/local/bin/python bms.py >>milter.log 2>&1
+EOF
+%else # not aix4.1
+cp start.sh $RPM_BUILD_ROOT%{libdir}
+ed $RPM_BUILD_ROOT%{libdir}/start.sh <<'EOF'
+/^python=/
+c
+python="%{__python}"
+.
+w
+q
+EOF
+%endif
+chmod a+x $RPM_BUILD_ROOT%{libdir}/start.sh
+%if !%{redhat7}
+#grep '.pyc$' INSTALLED_FILES | sed -e 's/c$/o/' >>INSTALLED_FILES
+%endif
+
+# start.sh is used by spfmilter and milter, and could be used by
+# other milters running on redhat
+%files -f INSTALLED_FILES
+%defattr(-,root,root)
+%doc README HOWTO ChangeLog NEWS TODO CREDITS sample.py milter-template.py
+%config %{libdir}/start.sh
+%dir %attr(0755,mail,mail) /var/run/milter
+
+%endif # noarch
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%changelog
+* Mon Aug 25 2008 Stuart Gathman <stuart@bmsi.com> 0.8.10-2
+- /var/run/milter directory must be owned by mail
+* Mon Aug 25 2008 Stuart Gathman <stuart@bmsi.com> 0.8.10-1
+- log rcpt for SRS rejections
+- improved parsing into email and fullname (still 2 self test failures)
+- implement no-DSN CBV, reduce full DSNs
+- check for porn words in MAIL FROM fullname
+- ban IP for too many bad MAIL FROMs or RCPT TOs
+- temperror policy in access
+- no CBV for whitelisted MAIL FROM except permerror, softfail
+- Allow explicitly whitelisted email from banned_users.
+- configure gossip TTL
+* Mon Sep 24 2007 Stuart Gathman <stuart@bmsi.com> 0.8.9-1
+- Use %ifarch hack to build milter and milter-spf packages as noarch
+- Remove spf dependency from dsn.py, add dns.py
+* Fri Jan 05 2007 Stuart Gathman <stuart@bmsi.com> 0.8.8-1
+- move AddrCache, parse_addr, iniplist to Milter package
+- move parse_header to Milter.utils
+- fix plock for missing source and can't change owner/group
+- add sample spfmilter.py milter
+- private_relay config option
+- persist delayed DSN blacklisting
+- handle gossip server restart without disabling gossip
+- split out pymilter and pymilter-spf packages
+- move milter apps to /usr/lib/pymilter
+* Sat Nov 04 2006 Stuart Gathman <stuart@bmsi.com> 0.8.7-1
+- More lame bounce heuristics
+- SPF moved to pyspf RPM
+- wiretap archive option
+- Do plain CBV if missing template
+- SMTP AUTH policy in access
+* Tue May 23 2006 Stuart Gathman <stuart@bmsi.com> 0.8.6-2
+- Support CBV timeout
+- Support fail template, headers in templates
+- Create GOSSiP record only when connection will procede to DATA.
+- More SPF lax heuristics
+- Don't require SPF pass for white/black listing mail from trusted relay.
+- Support localpart wildcard for white and black lists.
+* Thu Feb 23 2006 Stuart Gathman <stuart@bmsi.com> 0.8.6-1
+- Delay reject of unsigned RCPT for postmaster and abuse only
+- Fix dsn reporting of hard permerror
+- Resolve FIXME for wrap_close in miltermodule.c
+- Add Message-ID to DSNs
+- Use signed Message-ID in delayed reject to blacklist senders
+- Auto-train via blacklist and auto-whitelist
+- Don't check userlist for signed MFROM
+- Accept but skip DSPAM and training for whitelisted senders without SPF PASS
+- Report GC stats 
+- Support CIDR matching for IP lists
+- Support pysrs sign feature
+- Support localpart specific SPF policy in access file
+* Thu Dec 29 2005 Stuart Gathman <stuart@bmsi.com> 0.8.5-1
+- Simple trusted_forwarder implementation.
+- Fix access_file neutral policy
+- Move Received-SPF header to beginning of headers
+- Supply keyword info for all results in Received-SPF header.
+- Move guessed SPF result to separate header
+- Activate smfi_insheader only when SMFIR_INSHEADER defined
+- Handle NULL MX in spf.py
+- in-process GOSSiP server support (to be extended later)
+- Expire CBV cache and renew auto-whitelist entries
+* Fri Oct 21 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-2
+- Don't supply sender when MFROM is subdomain of header from/sender.
+- Don't send quarantine DSN for DSNs
+- Skip dspam for replies/DSNs to signed MFROM
+* Thu Oct 20 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-1
+- Fix SPF policy via sendmail access map (case insensitive keys).
+- Auto whitelist senders, train screener on whitelisted messages
+- Optional idx parameter to addheader to invoke smfi_insheader
+- Activate progress when SMFIR_PROGRESS defined
+* Wed Oct 12 2005 Stuart Gathman <stuart@bmsi.com> 0.8.3-1
+- Keep screened honeypot mail, but optionally discard honeypot only mail.
+- spf_accept_fail option for braindead SPF senders (treats fail like softfail)
+- Consider SMTP AUTH connections internal.
+- Send DSN for SPF errors corrected by extended processing.
+- Send DSN before SCREENED mail is quarantined
+- Option to set SPF policy via sendmail access map.
+- Option to supply Sender header from MAIL FROM when missing.
+- Use logging package to keep log lines atomic.
+* Fri Jul 15 2005 Stuart Gathman <stuart@bmsi.com> 0.8.2-4
+- Limit each CNAME chain independently like PTR and MX
+* Fri Jul 15 2005 Stuart Gathman <stuart@bmsi.com> 0.8.2-3
+- Limit CNAME lookups (regression)
+* Fri Jul 15 2005 Stuart Gathman <stuart@bmsi.com> 0.8.2-2
+- Handle corrupt ZIP attachments
+* Fri Jul 15 2005 Stuart Gathman <stuart@bmsi.com> 0.8.2-1
+- Strict processing limits per SPF RFC
+- Fixed several parsing bugs under RFC 
+- Support official IANA SPF record (type99)
+- Honeypot support (requires pydspam-1.1.9)
+- Extended SPF processing results beyond strict RFC limits
+- Support original SES for local bounce protection (requires pysrs-0.30.10)
+- Callback exception processing option in milter module
+* Thu Jun 16 2005 Stuart Gathman <stuart@bmsi.com> 0.8.1-1
+- Fix zip in zip loop in mime.py
+- Fix HeaderParseError in bms.py header callback
+- Check internal_domains for outgoing mail
+- Fix inconsistent results from send_dsn
+* Mon Jun 06 2005 Stuart Gathman <stuart@bmsi.com> 0.8.0-3
+- properly log pydspam exceptions
+* Sat Jun 04 2005 Stuart Gathman <stuart@bmsi.com> 0.8.0-2
+- Include default softfail, strike3 templates
+* Wed May 25 2005 Stuart Gathman <stuart@bmsi.com> 0.8.0-1
+- Move Milter module to subpackage.
+- DSN support for Three strikes rule and SPF SOFTFAIL
+- Move /*mime*/ and dynip to Milter subpackage
+- Fix SPF unknown mechanism list not cleared
+- Make banned extensions configurable.
+- Option to scan zipfiles for bad extensions.
+* Tue Feb 08 2005 Stuart Gathman <stuart@bmsi.com> 0.7.3-1.EL3
+- Support EL3 and Python2.4 (some scanning/defang support broken)
+* Mon Aug 30 2004 Stuart Gathman <stuart@bmsi.com> 0.7.2-1
+- Fix various SPF bugs
+- Recognize dynamic PTR names, and don't count them as authentication.
+- Three strikes and yer out rule.
+- Block softfail by default unless valid PTR or HELO
+- Return unknown for null mechanism
+- Return unknown for invalid ip address in mechanism
+- Try best guess on HELO also
+- Expand setreply for common errors
+- make rhsbl.m4 hack available for sendmail.mc
+* Sun Aug 22 2004 Stuart Gathman <stuart@bmsi.com> 0.7.1-1
+- Handle modifying mislabeled multipart messages without an exception
+- Support setbacklog, setmlreply
+- allow multi-recipient CBV
+- return TEMPFAIL for SPF softfail
+* Fri Jul 23 2004 Stuart Gathman <stuart@bmsi.com> 0.7.0-1
+- SPF check hello name
+- Move pythonsock to /var/run/milter
+- Move milter.cfg to /etc/mail/pymilter.cfg
+- Check M$ style XML CID records by converting to SPF
+- Recognize, but never match ip6 until we properly support it.
+- Option to reject when no PTR and no SPF
+* Fri Apr 09 2004 Stuart Gathman <stuart@bmsi.com> 0.6.9-1
+- Validate spf.py against test suite, and add Received-SPF support to spf.py
+- Support best_guess for SPF
+- Reject numeric hello names
+- Preserve case of local part in sender
+- Make libmilter timeout a config option
+- Fix setup.py to work with python < 2.2.3
+* Tue Apr 06 2004 Stuart Gathman <stuart@bmsi.com> 0.6.8-3
+- Reject invalid SRS immediately for benefit of callback verifiers
+- Fix include bug in spf.py
+* Tue Apr 06 2004 Stuart Gathman <stuart@bmsi.com> 0.6.8-2
+- Bug in check_header
+* Mon Apr 05 2004 Stuart Gathman <stuart@bmsi.com> 0.6.8-1
+- Don't report spoofed unless rcpt looks like SRS
+- Check for bounce with multiple rcpts
+- Make dspam see Received-SPF headers
+- Make sysv init work with RH9
+* Thu Mar 25 2004 Stuart Gathman <stuart@bmsi.com> 0.6.7-3
+- Forgot to make spf_reject_neutral global in bms.py
+* Wed Mar 24 2004 Stuart Gathman <stuart@bmsi.com> 0.6.7-2
+- Defang message/rfc822 content_type with boundary 
+- Support SPF delegation
+- Reject neutral SPF result for selected domains
+* Tue Mar 23 2004 Stuart Gathman <stuart@bmsi.com> 0.6.7-1
+- SRS forgery check.  Detect thread resource starvation.
+- Properly remove local socket with explicit type.
+- Decode obfuscated subject headers.
+* Wed Mar 11 2004 Stuart Gathman <stuart@bmsi.com> 0.6.6-2
+- init script bug with python2.3
+* Wed Mar 10 2004 Stuart Gathman <stuart@bmsi.com> 0.6.6-1
+- SPF checking, hello blacklist
+* Mon Mar 08 2004 Stuart Gathman <stuart@bmsi.com> 0.6.5-2
+- memory leak in envfrom and envrcpt
+* Mon Mar 01 2004 Stuart Gathman <stuart@bmsi.com> 0.6.5-1
+- progress notification
+- memory leak in connect
+- trusted relay
+* Thu Feb 19 2004 Stuart Gathman <stuart@bmsi.com> 0.6.4-2
+- smart alias wildcard patch, compile for sendmail-8.12
+* Thu Dec 04 2003 Stuart Gathman <stuart@bmsi.com> 0.6.4-1
+- many fixes for dspam support
+* Wed Oct 22 2003 Stuart Gathman <stuart@bmsi.com> 0.6.3
+- dspam SCREEN feature
+- streamline dspam false positive handling
+* Mon Sep 01 2003 Stuart Gathman <stuart@bmsi.com> 0.6.1
+- Full dspam support added
+* Mon Aug 26 2003 Stuart Gathman <stuart@bmsi.com>
+- Use New email module
+* Fri Jun 27 2003 Stuart Gathman <stuart@bmsi.com>
+- Add dspam module
@@ -0,0 +1,29 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
+Subject: DELIVERY STATUS (POSSIBLE SPAM)
+Auto-Submitted: auto-generated (content analysis)
+
+This is an automatically generated Delivery Status Notification.
+
+THIS IS A WARNING MESSAGE ONLY.
+
+YOU DO *NOT* NEED TO RESEND YOUR MESSAGE.
+
+Delivery to the following recipients has been delayed.
+
+       %(rcpt)s
+
+Subject: %(subject)s
+Received-SPF: %(spf_result)s
+
+A statistical analysis of your message has classified it as junk mail,
+and it has been quarantined.  Eventually, the recipients will review
+their quarantined mail and may notice your message.  If your message is
+important, please contact them via other means.  You may also try sending
+them a simple plain text message.
+
+If you need further assistance, please do not hesitate to contact me.
+
+Kind regards,
+
+postmaster@%(receiver)s
@@ -0,0 +1,138 @@
+# Analyze milter log to find abusers
+import traceback
+import sys
+
+def parse_addr(a):
+  beg = a.find('<')
+  end = a.find('>')
+  if beg >= 0:
+    if end > beg: return a[beg+1:end]
+  return a
+
+class Connection(object):
+  def __init__(self,dt,tm,id,ip=None,conn=None):
+    self.dt = dt
+    self.tm = tm
+    self.id = id
+    if ip:
+      _,self.host,self.ip = ip.split(None,2)
+    elif conn:
+      self.ip = conn.ip
+      self.host = conn.host
+      self.helo = conn.helo
+    self.subject = None
+    self.rcpt = []
+    self.mfrom = None
+    self.helo = None
+    self.innoc = []
+    self.whitelist = False
+
+def connections(fp):
+  conndict = {}
+  termdict = {}
+  for line in fp:
+    if line.startswith('{'): continue
+    a = line.split(None,4)
+    if len(a) < 4: continue
+    dt,tm,id,op = a[:4]
+    if (id,op) == ('bms','milter'):
+      # FIXME: optionally yield all partial connections in conndict
+      conndict = {}
+      termdict = {}
+      continue
+    if id[0] == '[' and id[-1] == ']':
+      try:
+	key = int(id[1:-1])
+      except:
+        print >>sys.stderr,'bad id:',line.rstrip()
+	continue
+    else: continue
+    if op == 'connect':
+      ip = a[4].rstrip()
+      conn = Connection(dt,tm,id,ip=ip)
+      conndict[key] = conn
+    elif op in (
+	'DISCARD:','TAG:','CBV:','Large','No',
+	'NOTE:','From:','Sender:','TRAIN:'):
+      continue
+    else:
+      op = op.lower()
+      try:
+	conn = conndict[key]
+      except KeyError:
+        try:
+	  conn = termdict[key]
+	  del termdict[key]
+	  conndict[key] = conn
+	except KeyError:
+	  print >>sys.stderr,'key error:',line.rstrip()
+	  continue
+      try:
+	if op == 'subject:':
+	  if len(a) > 4:
+	    conn.subject = a[4].rstrip()
+	elif op == 'innoc:':
+	  conn.innoc.append(a[4].rstrip())
+	elif op == 'whitelist':
+	  conn.whitelist = True
+	elif op == 'x-mailer:':
+	  if len(a) > 4:
+	    conn.mailer = a[4].rstrip()
+        elif op == 'x-guessed-spf:':
+          conn.spfguess = a[4]
+	elif op == 'received-spf:':
+	  conn.spfres,conn.spfmsg = a[4].rstrip().split(None,1)
+	elif op == 'received:':
+	  conn.received = a[4].rstrip()
+	elif op == 'temp':
+	  _,conn.tempfile = a[4].rstrip().split(None,1)
+	elif op == 'srs':
+	  _,conn.srsrcpt = a[4].rstrip().split(None,1)
+	elif op == 'mail':
+	  _,conn.mfrom = a[4].rstrip().split(None,1)
+	elif op == 'rcpt':
+	  _,rcpt = a[4].rstrip().split(None,1)
+	  conn.rcpt.append(rcpt)
+	elif op == 'hello':
+	  _,conn.helo = a[4].rstrip().split(None,1)
+	elif op in ('eom','dspam','abort'):
+	  del conndict[key]
+	  conn.enddt = dt
+	  conn.endtm = tm
+	  conn.result = op
+	  yield conn
+	  termdict[key] = Connection(conn.dt,conn.tm,conn.id,conn=conn)
+	elif op in ('reject:','dspam:','tempfail:','reject','fail:','honeypot:'):
+	  del conndict[key]
+	  conn.enddt = dt
+	  conn.endtm = tm
+	  conn.result = op
+	  conn.resmsg = a[4].rstrip()
+	  yield conn
+	  termdict[key] = Connection(conn.dt,conn.tm,conn.id,conn=conn)
+	elif op in ('fp:','spam:'):
+	  del conndict[key]
+	  termdict[key] = Connection(conn.dt,conn.tm,conn.id,conn=conn)
+	else:
+	  print >>sys.stderr,'unknown op:',line.rstrip()
+      except Exception:
+	print >>sys.stderr,'error:',line.rstrip()
+        traceback.print_exc()
+
+if __name__ == '__main__':
+  import gzip
+  for fn in sys.argv[1:]:
+    if fn.endswith('.gz'):
+      fp = gzip.open(fn)
+    else:
+      fp = open(fn)
+    for conn in connections(fp):
+      if conn.rcpt and conn.mfrom:
+        for r in conn.rcpt:
+	  if r.lower().find('iancarter') > 0: break
+	else:
+	  if conn.mfrom.lower().find('iancarter') < 0: continue
+	print >>sys.stderr,conn.result,conn.dt,conn.tm,conn.id,conn.subject,parse_addr(conn.mfrom),
+	for a in conn.rcpt:
+	  print parse_addr(a),
+	print
@@ -126,7 +126,7 @@ class sampleMilter(Milter.Milter):
  def eom(self):
    if not self.fp: return Milter.ACCEPT
    self.fp.seek(0)
-    msg = mime.MimeMessage(self.fp)
+    msg = mime.message_from_file(self.fp)
    msg.headerchange = self._headerChange
    if not mime.defang(msg,self.tempname):
      os.remove(self.tempname)
@@ -1,4 +1,5 @@
 [bdist_rpm]
-python=python2
+python=python2.4
 doc_files=README NEWS TODO
 packager=Stuart D. Gathman <stuart@bmsi.com>
+release=1
@@ -3,7 +3,10 @@ import sys
 from distutils.core import setup, Extension

 # FIXME: on some versions of sendmail, smutil is renamed to sm
+# on slackware and debian, leave it out entirely.  It depends
+# on how libmilter was built by the sendmail package.
 libs = ["milter", "smutil"]
+libdirs = ["/usr/lib/libmilter"]    # needed for Debian

 # patch distutils if it can't cope with the "classifiers" or
 # "download_url" keywords
@@ -12,13 +15,14 @@ if sys.version < '2.2.3':
  DistributionMetadata.classifiers = None
  DistributionMetadata.download_url = None

-setup(name = "milter", version = "0.7.2",
+# NOTE: importing Milter to obtain version fails when milter.so not built
+setup(name = "pymilter", version = '0.8.10',
 	description="Python interface to sendmail milter API",
 	long_description="""\
 This is a python extension module to enable python scripts to
 attach to sendmail's libmilter functionality.  Additional python
 modules provide for navigating and modifying MIME parts, and
-querying SPF records.
+sending DSNs or doing CBVs.
 """,
 	author="Jim Niemira",
 	author_email="urmane@urmane.org",
@@ -26,10 +30,13 @@ querying SPF records.
 	maintainer_email="stuart@bmsi.com",
 	license="GPL",
 	url="http://www.bmsi.com/python/milter.html",
-	py_modules=["Milter","mime","spf"],
+	py_modules=["mime"],
+	packages = ['Milter'],
 	ext_modules=[
 	  Extension("milter", ["miltermodule.c"],
+            library_dirs=libdirs,
 	    libraries=libs,
+	    # set MAX_ML_REPLY to 1 for sendmail < 8.13
 	    define_macros = [ ('MAX_ML_REPLY',32) ]
 	  ),
 	],
@@ -42,6 +49,7 @@ querying SPF records.
 	  'Natural Language :: English',
 	  'Operating System :: POSIX',
 	  'Programming Language :: Python',
-	  'Topic :: Communications :: Email :: Mail Transport Agents'
+	  'Topic :: Communications :: Email :: Mail Transport Agents',
+	  'Topic :: Communications :: Email :: Filters'
 	]
 )
@@ -0,0 +1,28 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
+Subject: SPF %(result)s (POSSIBLE FORGERY)
+Auto-Submitted: auto-generated (configuration error)
+
+This is an automatically generated Delivery Status Notification.
+
+THIS IS A WARNING MESSAGE ONLY.
+
+YOU DO *NOT* NEED TO RESEND YOUR MESSAGE.
+
+Delivery to the following recipients has been delayed.
+
+       %(rcpt)s
+
+Subject: %(subject)s
+Received-SPF: %(spf_result)s
+
+Your sender policy indicated that the above email was likely forged and that
+feedback was desired for debugging.  If you are sending from a foreign ISP,
+then you may need to follow your home ISPs instructions for configuring
+your outgoing mail server.
+
+If you need further assistance, please do not hesitate to contact me.
+
+Kind regards,
+
+postmaster@%(receiver)s
@@ -0,0 +1,20 @@
+[milter]
+# The socket used to communicate with sendmail
+socketname = /var/run/milter/spfmiltersock
+# Name of the milter given to sendmail
+name = pyspffilter
+# Trusted relays such as secondary MXes that should not have SPF checked.
+;trusted_relay =
+# Internal networks that should not have SPF checked.
+internal_connect = 127.0.0.1,192.168.0.0/16,10.0.0.0/8
+
+# See http://www.openspf.com for more info on SPF.
+[spf]
+# Use sendmail access map or similar format for detailed spf policy.
+# SPF entries in the access map will override defaults.
+access_file = /etc/mail/access.db
+# Connections that get an SPF pass for a pretend MAIL FROM of 
+# postmaster@sometrustedforwarder.com skip SPF checks for the real MAIL FROM.
+# This is for non-SRS forwarders.  It is a simple implementation that
+# is inefficient for more than a few entries.
+;trusted_forwarder = careerbuilder.com
@@ -0,0 +1,253 @@
+# A simple SPF milter.
+# You must install pyspf for this to work.
+
+# http://www.sendmail.org/doc/sendmail-current/libmilter/docs/installation.html
+
+# Author: Stuart D. Gathman <stuart@bmsi.com>
+# Copyright 2007 Business Management Systems, Inc.
+# This code is under GPL.  See COPYING for details.
+
+import sys
+import Milter
+import spf
+import syslog
+import anydbm
+from Milter.config import MilterConfigParser
+from Milter.utils import iniplist,parse_addr
+
+syslog.openlog('spfmilter',0,syslog.LOG_MAIL)
+
+class Config(object):
+  "Hold configuration options."
+  pass
+
+def read_config(list):
+  "Return new config object."
+  cp = MilterConfigParser()
+  cp.read(list)
+  if cp.has_option('milter','datadir'):
+        os.chdir(cp.get('milter','datadir'))
+  conf = Config()
+  conf.socketname = cp.getdefault('milter','socketname', '/tmp/spfmiltersock')
+  conf.miltername = cp.getdefault('milter','name','pyspffilter')
+  conf.trusted_relay = cp.getlist('milter','trusted_relay')
+  conf.internal_connect = cp.getlist('milter','internal_connect')
+  conf.trusted_forwarder = cp.getlist('spf','trusted_relay')
+  conf.access_file = cp.getdefault('spf','access_file',None)
+  return conf
+
+class SPFPolicy(object):
+  "Get SPF policy by result from sendmail style access file."
+  def __init__(self,sender,access_file=None):
+    self.sender = sender
+    self.domain = sender.split('@')[-1].lower()
+    if access_file:
+      try: acf = anydbm.open(access_file,'r')
+      except: acf = None
+    else: acf = None
+    self.acf = acf
+
+  def getPolicy(self,pfx):
+    acf = self.acf
+    if not acf: return None
+    try:
+      return acf[pfx + self.sender]
+    except KeyError:
+      try:
+	return acf[pfx + self.domain]
+      except KeyError:
+	try:
+	  return acf[pfx]
+	except KeyError:
+	  return None
+  
+class spfMilter(Milter.Milter):
+  "Milter to check SPF.  Each connection gets its own instance."
+
+  def log(self,*msg):
+    syslog.syslog('[%d] %s' % (self.id,' '.join([str(m) for m in msg])))
+
+  def __init__(self):
+    self.mailfrom = None
+    self.id = Milter.uniqueID()
+    # we don't want config used to change during a connection
+    self.conf = config
+
+  # addheader can only be called from eom().  This accumulates added headers
+  # which can then be applied by alter_headers()
+  def add_header(self,name,val,idx=-1):
+    self.new_headers.append((name,val,idx))
+    self.log('%s: %s' % (name,val))
+
+  def connect(self,hostname,unused,hostaddr):
+    self.internal_connection = False
+    self.trusted_relay = False
+    self.hello_name = None
+    # sometimes people put extra space in sendmail config, so we strip
+    self.receiver = self.getsymval('j').strip()
+    if hostaddr and len(hostaddr) > 0:
+      ipaddr = hostaddr[0]
+      if iniplist(ipaddr,self.conf.internal_connect):
+	self.internal_connection = True
+      if iniplist(ipaddr,self.conf.trusted_relay):
+        self.trusted_relay = True
+    else: ipaddr = ''
+    self.connectip = ipaddr
+    if self.internal_connection:
+      connecttype = 'INTERNAL'
+    else:
+      connecttype = 'EXTERNAL'
+    if self.trusted_relay:
+      connecttype += ' TRUSTED'
+    self.log("connect from %s at %s %s" % (hostname,hostaddr,connecttype))
+    return Milter.CONTINUE
+
+  def hello(self,hostname):
+    self.hello_name = hostname
+    self.log("hello from %s" % hostname)
+    return Milter.CONTINUE
+
+  # multiple messages can be received on a single connection
+  # envfrom (MAIL FROM in the SMTP protocol) seems to mark the start
+  # of each message.
+  def envfrom(self,f,*str):
+    self.log("mail from",f,str)
+    if not self.hello_name:
+      self.log('REJECT: missing HELO')
+      self.setreply('550','5.7.1',"It's polite to say helo first.")
+      return Milter.REJECT
+    self.mailfrom = f
+    self.new_headers = []
+    t = parse_addr(f)
+    if len(t) == 2: t[1] = t[1].lower()
+    self.canon_from = '@'.join(t)
+    if not (self.internal_connection or self.trusted_relay) and self.connectip:
+      rc = self.check_spf()
+      if rc != Milter.CONTINUE: return rc
+    return Milter.CONTINUE
+
+  def envrcpt(self,f,*str):
+    return Milter.CONTINUE
+
+  def header(self,name,hval):
+    return Milter.CONTINUE
+
+  def eoh(self):
+    return Milter.CONTINUE
+
+  def eom(self):
+    for name,val,idx in self.new_headers:
+      try:
+	self.addheader(name,val,idx)
+      except:
+	self.addheader(name,val)	# older sendmail can't insheader
+    return Milter.CONTINUE
+
+  def close(self):
+    return Milter.CONTINUE
+
+  def check_spf(self):
+    receiver = self.receiver
+    for tf in self.conf.trusted_forwarder:
+      q = spf.query(self.connectip,'',tf,receiver=receiver,strict=False)
+      res,code,txt = q.check()
+      if res == 'pass':
+        self.log("TRUSTED_FORWARDER:",tf)
+        break
+    else:
+      q = spf.query(self.connectip,self.canon_from,self.hello_name,
+	  receiver=receiver,strict=False)
+      q.set_default_explanation(
+	'SPF fail: see http://openspf.org/why.html?sender=%s&ip=%s' % (q.s,q.i))
+      res,code,txt = q.check()
+    if res not in ('pass','temperror'):
+      if self.mailfrom != '<>':
+	# check hello name via spf unless spf pass
+	h = spf.query(self.connectip,'',self.hello_name,receiver=receiver)
+	hres,hcode,htxt = h.check()
+	if hres in ('deny','fail','neutral','softfail'):
+	  self.log('REJECT: hello SPF: %s 550 %s' % (hres,htxt))
+	  self.setreply('550','5.7.1',htxt,
+	    "The hostname given in your MTA's HELO response is not listed",
+	    "as a legitimate MTA in the SPF records for your domain.  If you",
+	    "get this bounce, the message was not in fact a forgery, and you",
+	    "should IMMEDIATELY notify your email administrator of the problem."
+	  )
+	  return Milter.REJECT
+      else:
+        hres,hcode,htxt = res,code,txt
+    else: hres = None
+
+    p = SPFPolicy(q.s,self.conf.access_file)
+
+    if res == 'fail':
+      policy = p.getPolicy('spf-fail:')
+      if not policy or policy == 'REJECT':
+	self.log('REJECT: SPF %s %i %s' % (res,code,txt))
+	self.setreply(str(code),'5.7.1',txt)
+	# A proper SPF fail error message would read:
+	# forger.biz [1.2.3.4] is not allowed to send mail with the domain
+	# "forged.org" in the sender address.  Contact <postmaster@forged.org>.
+	return Milter.REJECT
+    if res == 'softfail':
+      policy = p.getPolicy('spf-softfail:')
+      if policy and policy == 'REJECT':
+	self.log('REJECT: SPF %s %i %s' % (res,code,txt))
+	self.setreply(str(code),'5.7.1',txt)
+	# A proper SPF fail error message would read:
+	# forger.biz [1.2.3.4] is not allowed to send mail with the domain
+	# "forged.org" in the sender address.  Contact <postmaster@forged.org>.
+	return Milter.REJECT
+    elif res == 'permerror':
+      policy = p.getPolicy('spf-permerror:')
+      if not policy or policy == 'REJECT':
+	self.log('REJECT: SPF %s %i %s' % (res,code,txt))
+	# latest SPF draft recommends 5.5.2 instead of 5.7.1
+	self.setreply(str(code),'5.5.2',txt,
+	  'There is a fatal syntax error in the SPF record for %s' % q.o,
+	  'We cannot accept mail from %s until this is corrected.' % q.o
+	)
+	return Milter.REJECT
+    elif res == 'temperror':
+      policy = p.getPolicy('spf-temperror:')
+      if not policy or policy == 'REJECT':
+	self.log('TEMPFAIL: SPF %s %i %s' % (res,code,txt))
+	self.setreply(str(code),'4.3.0',txt)
+	return Milter.TEMPFAIL
+    elif res == 'neutral' or res == 'none':
+      policy = p.getPolicy('spf-neutral:')
+      if policy and policy == 'REJECT':
+        self.log('REJECT NEUTRAL:',q.s)
+	self.setreply('550','5.7.1',
+  "%s requires and SPF PASS to accept mail from %s. [http://openspf.org]"
+	  % (receiver,q.s))
+	return Milter.REJECT
+    elif res == 'pass':
+      policy = p.getPolicy('spf-pass:')
+      if policy and policy == 'REJECT':
+        self.log('REJECT PASS:',q.s)
+	self.setreply('550','5.7.1',
+		"%s has been blacklisted by %s." % (q.s,receiver))
+	return Milter.REJECT
+    self.add_header('Received-SPF',q.get_header(res,receiver),0)
+    if hres and q.h != q.o:
+      self.add_header('X-Hello-SPF',hres,0)
+    return Milter.CONTINUE
+
+if __name__ == "__main__":
+  Milter.factory = spfMilter
+  Milter.set_flags(Milter.CHGHDRS + Milter.ADDHDRS)
+  global config
+  config = read_config(['spfmilter.cfg','/etc/mail/spfmilter.cfg'])
+  miltername = config.miltername
+  socketname = config.socketname
+  print """To use this with sendmail, add the following to sendmail.cf:
+
+O InputMailFilters=%s
+X%s,        S=local:%s
+
+See the sendmail README for libmilter.
+sample spfmilter startup""" % (miltername,miltername,socketname)
+  sys.stdout.flush()
+  Milter.runmilter("pyspffilter",socketname,240)
+  print "sample spfmilter shutdown"
@@ -0,0 +1,85 @@
+#!/bin/bash
+#
+# spfmilter	This shell script takes care of starting and stopping spfmilter.
+#
+# chkconfig: 2345 80 30
+# description: a process that checks SPF for messages sent through sendmail.
+# processname: spfmilter
+# config: /etc/mail/spfmilter.cfg
+# pidfile: /var/run/milter/spfmilter.pid
+
+python="python2.4"
+
+pidof() {
+	set - ""
+	if set - `ps -e -o pid,cmd | grep "${python} spfmilter.py"` &&
+	  [ "$2" != "grep" ]; then
+	  echo $1
+	  return 0
+	fi
+	return 1
+}
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+[ -x /usr/lib/pymilter/start.sh ] || exit 0
+
+RETVAL=0
+prog="spfmilter"
+
+start() {
+	# Start daemons.
+
+	echo -n "Starting $prog: "
+        if ! test -d /var/run/milter; then
+		mkdir -p /var/run/milter
+		chown mail:mail /var/run/milter
+	fi
+	daemon --check milter --user mail /usr/lib/pymilter/start.sh spfmilter
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/spfmilter
+	return $RETVAL
+}
+
+stop() {
+	# Stop daemons.
+	echo -n "Shutting down $prog: "
+	killproc milter
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/spfmilter
+	return $RETVAL
+}
+
+# See how we were called.
+case "$1" in
+  start)
+	start
+	;;
+  stop)
+	stop
+	;;
+  restart|reload)
+	stop
+	start
+	RETVAL=$?
+	;;
+  condrestart)
+	if [ -f /var/lock/subsys/spfmilter ]; then
+	    stop
+	    start
+	    RETVAL=$?
+	fi
+	;;
+  status)
+	status spfmilter
+	RETVAL=$?
+	;;
+  *)
+	echo "Usage: $0 {start|stop|restart|condrestart|status}"
+	exit 1
+esac
+
+exit $RETVAL
@@ -1,91 +0,0 @@
-#!/usr/bin/python2.3
-# $Log$
-# Revision 2.3  2004/04/19 22:12:11  stuart
-# Release 0.6.9
-#
-# Revision 2.2  2004/04/18 03:29:35  stuart
-# Pass most tests except -local and -rcpt-to
-#
-# Revision 2.1  2004/04/08 18:41:15  stuart
-# Reject numeric hello names
-#
-# Driver for SPF test system
-
-import spf
-import sys
-
-from optparse import OptionParser
-
-class PerlOptionParser(OptionParser):
-    def _process_args (self, largs, rargs, values):
-        """_process_args(largs : [string],
-                         rargs : [string],
-                         values : Values)
-
-        Process command-line arguments and populate 'values', consuming
-        options and arguments from 'rargs'.  If 'allow_interspersed_args' is
-        false, stop at the first non-option argument.  If true, accumulate any
-        interspersed non-option arguments in 'largs'.
-        """
-        while rargs:
-            arg = rargs[0]
-            # We handle bare "--" explicitly, and bare "-" is handled by the
-            # standard arg handler since the short arg case ensures that the
-            # len of the opt string is greater than 1.
-            if arg == "--":
-                del rargs[0]
-                return
-            elif arg[0:2] == "--":
-                # process a single long option (possibly with value(s))
-                self._process_long_opt(rargs, values)
-            elif arg[:1] == "-" and len(arg) > 1:
-                # process a single perl style long option
-		rargs[0] = '-' + arg
-                self._process_long_opt(rargs, values)
-            elif self.allow_interspersed_args:
-                largs.append(arg)
-                del rargs[0]
-            else:
-		return
-
-def format(q):
-  res,code,txt = q.check()
-  print res
-  if res in ('pass','neutral','unknown'): print
-  else: print txt
-  print 'spfquery:',q.get_header_comment(res)
-  print 'Received-SPF:',q.get_header(res,'spfquery')
-
-def main(argv):
-  parser = PerlOptionParser()
-  parser.add_option("--file",dest="file")
-  parser.add_option("--ip",dest="ip")
-  parser.add_option("--sender",dest="sender")
-  parser.add_option("--helo",dest="hello_name")
-  parser.add_option("--local",dest="local_policy")
-  parser.add_option("--rcpt-to",dest="rcpt")
-  parser.add_option("--default-explanation",dest="explanation")
-  parser.add_option("--sanitize",type="int",dest="sanitize")
-  parser.add_option("--debug",type="int",dest="debug")
-  opts,args = parser.parse_args(argv)
-  if opts.ip:
-    q = spf.query(opts.ip,opts.sender,opts.hello_name,local=opts.local_policy)
-    if opts.explanation:
-      q.set_default_explanation(opts.explanation)
-    format(q)
-  if opts.file:
-    if opts.file == '0':
-      fp = sys.stdin
-    else:
-      fp = open(opts.file,'r')
-    for ln in fp:
-      ip,sender,helo,rcpt = ln.split(None,3)
-      q = spf.query(ip,sender,helo,local=opts.local_policy)
-      if opts.explanation:
-	q.set_default_explanation(opts.explanation)
-      format(q)
-    fp.close()
-    
-if __name__ == "__main__":
-  import sys
-  main(sys.argv[1:])
@@ -0,0 +1,14 @@
+#!/bin/sh
+appname="$1"
+script="${2:-${appname}}"
+datadir=/var/log/milter
+python="python2.4"
+exec >>${datadir}/${appname}.log 2>&1
+if test -s ${datadir}/${script}.py; then
+  cd ${datadir} # use version in log dir if it exists for debugging
+else
+  cd /usr/lib/pymilter
+fi
+
+${python} ${script}.py &
+echo $! >/var/run/milter/${appname}.pid
@@ -0,0 +1,69 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
+Subject: Critical mail server configuration error
+Auto-Submitted: auto-generated (configuration error)
+
+This is an automatically generated Delivery Status Notification.
+
+THIS IS A WARNING MESSAGE ONLY.
+
+YOU DO *NOT* NEED TO RESEND YOUR MESSAGE.
+
+Delivery to the following recipients has been delayed.
+
+	%(rcpt)s
+
+Subject: %(subject)s 
+
+Someone at IP address %(connectip)s sent an email claiming
+to be from %(sender)s.  
+
+If that wasn't you, then your domain, %(sender_domain)s,
+was forged - i.e. used without your knowlege or authorization by
+someone attempting to steal your mail identity.  This is a very
+serious problem, and you need to provide authentication for your
+SMTP (email) servers to prevent criminals from forging your
+domain.  The simplest step is usually to publish an SPF record
+with your Sender Policy.  
+
+For more information, see: http://openspf.org
+
+I hate to annoy you with a DSN (Delivery Status
+Notification) from a possibly forged email, but since you
+have not published a sender policy, there is no other way
+of bringing this to your attention.
+
+If it *was* you that sent the email, then your email domain
+or configuration is in error.  If you don't know anything
+about mail servers, then pass this on to your SMTP (mail)
+server administrator.  We have accepted the email anyway, in
+case it is important, but we couldn't find anything about
+the mail submitter at %(connectip)s to distinguish it from a
+zombie (compromised/infected computer - usually a Windows
+PC).  There was no PTR record for its IP address (PTR names
+that contain the IP address don't count).  RFC2821 requires
+that your hello name be a FQN (Fully Qualified domain Name,
+i.e. at least one dot) that resolves to the IP address of
+the mail sender.  In addition, just like for PTR, we don't
+accept a helo name that contains the IP, since this doesn't
+help to identify you.  The hello name you used,
+%(heloname)s, was invalid.
+
+Furthermore, there was no SPF record for the sending domain
+%(sender_domain)s.  We even tried to find its IP in any A or
+MX records for your domain, but that failed also.  We really
+should reject mail from anonymous mail clients, but in case
+it is important, we are accepting it anyway.
+
+We are sending you this message to alert you to the fact that
+
+Either - Someone is forging your domain.
+Or - You have problems with your email configuration.
+Or - Possibly both.
+
+If you need further assistance, please do not hesitate to
+contact me again.
+
+Kind regards,
+
+postmaster@%(receiver)s
@@ -0,0 +1,33 @@
+To: %(sender)s
+From: postmaster@%(receiver)s
+Subject: Critical DNS configuration error
+Auto-Submitted: auto-generated (configuration error)
+
+This is an automatically generated Delivery Status Notification.
+
+THIS IS A WARNING MESSAGE ONLY.
+
+YOU DO *NOT* NEED TO RESEND YOUR MESSAGE.
+
+Delivery to the following recipients has been delayed.
+
+	%(rcpt)s
+
+Subject: %(subject)s 
+Received-SPF: %(spf_result)s
+
+Your DNS server is not responding to TXT queries.  In other words,
+it is BROKEN.  You need to get somebody to fix it ASAP.  We
+are attempting to do TXT queries to see if you have an SPF record.
+
+See http://openspf.org
+
+We are sending you this message to alert you to the fact that
+you have problems with your DNS.
+
+If you need further assistance, please do not hesitate to
+contact me again.
+
+Kind regards,
+
+postmaster@%(receiver)s
@@ -2,6 +2,7 @@ import unittest
 import testbms
 import testmime
 import testsample
+import testutils
 import os

 def suite(): 
@@ -9,6 +10,7 @@ def suite():
  s.addTest(testbms.suite())
  s.addTest(testmime.suite())
  s.addTest(testsample.suite())
+  s.addTest(testutils.suite())
  return s

 if __name__ == '__main__':
@@ -0,0 +1,51 @@
+From paulp@go2net.com  Wed Jun  1 22:35:12 2005
+Return-Path: <paulp@go2net.com>
+Received: from mail.bmsi.com (spidey.bmsi.com [192.168.9.81])
+	by bmsred.bmsi.com (8.13.1/8.12.10) with ESMTP id j522ZCQg014058
+	for <stuart@bmsred.bmsi.com>; Wed, 1 Jun 2005 22:35:12 -0400
+Received: from 127.0.0.1 ([220.117.92.241])
+	by mail.bmsi.com (8.13.1/8.13.1) with ESMTP id j522Ynjm028604
+	for stuart@bmsi.com; Wed, 1 Jun 2005 22:34:51 -0400
+Message-Id: <200506020234.j522Ynjm028604@mail.bmsi.com>
+SUBJECT: urgent
+FROM: paulp@go2net.com
+TO: stuart@bmsi.com
+DATE: [[ ¸ñ, 02 6 2005 ¿ÀÀü 11:34:47 ]]
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="--------bound--"
+X-DSpam-Score: 0.081200
+Received-SPF: neutral (mail.bmsi.com: guessing: 220.117.92.241 is neither permitted nor denied by domain of go2net.com)
+Status: RO
+X-Status: 
+X-Keywords: NonJunk         
+
+----------bound--
+Content-Type: text/plain; charset=us-ascii
+Content-Transfer-Encoding: 7bit
+
+Hi 
+
+Sorry, I forgot to send an important
+document to you in that last email. I had an important phone call.
+Please checkout attached doc file when you have a moment.
+
+Best Regards
+
+<!DSPAM:1043AE6B6492860536935410>
+
+
+----------bound--
+Content-Type: application/x-msdownload; name="zip.zip"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="zip.zip"
+
+UEsDBAoAAAAAADVVwjLaV2nEGgAAABoAAAAzABUAemlwLmRvYyAgICAgICAgICAgICAgICAg
+ICAgICAgICAgICAgICAgICAgICAgICAuZXhlVVQJAAOmGp9CphqfQlV4BACGA2UAVGhpcyBw
+cm9ncmFtIHdhcyBhIHZpcnVzLgpQSwECFwMKAAAAAAA1VcIy2ldpxBoAAAAaAAAAMwANAAAA
+AAABAAAAtIEAAAAAemlwLmRvYyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
+ICAgICAuZXhlVVQFAAOmGp9CVXgAAFBLBQYAAAAAAQABAG4AAACAAAAAAAA=
+----------bound--
+
+
+----------bound----
+
@@ -0,0 +1,49 @@
+From paulp@go2net.com  Wed Jun  1 22:35:12 2005
+Return-Path: <paulp@go2net.com>
+Received: from mail.bmsi.com (spidey.bmsi.com [192.168.9.81])
+	by bmsred.bmsi.com (8.13.1/8.12.10) with ESMTP id j522ZCQg014058
+	for <stuart@bmsred.bmsi.com>; Wed, 1 Jun 2005 22:35:12 -0400
+Received: from 127.0.0.1 ([220.117.92.241])
+	by mail.bmsi.com (8.13.1/8.13.1) with ESMTP id j522Ynjm028604
+	for stuart@bmsi.com; Wed, 1 Jun 2005 22:34:51 -0400
+Message-Id: <200506020234.j522Ynjm028604@mail.bmsi.com>
+SUBJECT: urgent
+FROM: paulp@go2net.com
+TO: stuart@bmsi.com
+DATE: [[ ¸ñ, 02 6 2005 ¿ÀÀü 11:34:47 ]]
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="--------bound--"
+X-DSpam-Score: 0.081200
+Received-SPF: neutral (mail.bmsi.com: guessing: 220.117.92.241 is neither permitted nor denied by domain of go2net.com)
+Status: RO
+X-Status: 
+X-Keywords: NonJunk         
+
+----------bound--
+Content-Type: text/plain; charset=us-ascii
+Content-Transfer-Encoding: 7bit
+
+Hi 
+
+Sorry, I forgot to send an important
+document to you in that last email. I had an important phone call.
+Please checkout attached doc file when you have a moment.
+
+Best Regards
+
+<!DSPAM:1043AE6B6492860536935410>
+
+
+----------bound--
+Content-Type: application/octet-stream;
+	name="Readme.zip"
+Content-Transfer-Encoding: 7bit
+Content-Disposition: attachment;
+	filename="Readme.zip"
+
+
+----------bound--
+
+
+----------bound----
+
@@ -0,0 +1,51 @@
+From paulp@go2net.com  Wed Jun  1 22:35:12 2005
+Return-Path: <paulp@go2net.com>
+Received: from mail.bmsi.com (spidey.bmsi.com [192.168.9.81])
+	by bmsred.bmsi.com (8.13.1/8.12.10) with ESMTP id j522ZCQg014058
+	for <stuart@bmsred.bmsi.com>; Wed, 1 Jun 2005 22:35:12 -0400
+Received: from 127.0.0.1 ([220.117.92.241])
+	by mail.bmsi.com (8.13.1/8.13.1) with ESMTP id j522Ynjm028604
+	for stuart@bmsi.com; Wed, 1 Jun 2005 22:34:51 -0400
+Message-Id: <200506020234.j522Ynjm028604@mail.bmsi.com>
+SUBJECT: urgent
+FROM: paulp@go2net.com
+TO: stuart@bmsi.com
+DATE: [[ ¸ñ, 02 6 2005 ¿ÀÀü 11:34:47 ]]
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="--------bound--"
+X-DSpam-Score: 0.081200
+Received-SPF: neutral (mail.bmsi.com: guessing: 220.117.92.241 is neither permitted nor denied by domain of go2net.com)
+Status: RO
+X-Status: 
+X-Keywords: NonJunk         
+
+----------bound--
+Content-Type: text/plain; charset=us-ascii
+Content-Transfer-Encoding: 7bit
+
+Hi 
+
+Sorry, I forgot to send an important
+document to you in that last email. I had an important phone call.
+Please checkout attached doc file when you have a moment.
+
+Best Regards
+
+<!DSPAM:1043AE6B6492860536935410>
+
+
+----------bound--
+Content-Type: application/x-msdownload; name="zip.zip"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="zip.zip"
+
+USsDBAoBAAAAADVVwjLaV2nEGgAAABoAAAAzABUAemlwLmRvYyAgICAgICAgICAgICAgICAg
+ICAgICAgICAgICAgICAgICAgICAgICAuZXhlVVQJAAOmGp9CphqfQlV4BACGA2UAVGhpcyBw
+cm9ncmFtIHdhcyBhIHZpcnVzLgpQSwECFwMKAAAAAAA1VcIy2ldpxBoAAAAaAAAAMwANAAAA
+AAABAAAAtIEAAAAAemlwLmRvYyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
+ICAgICAuZXhlVVQFAAOmGp9CVXgAAFBLBQYAAAAAAQABAG4AAACAAAAAAAA=
+----------bound--
+
+
+----------bound----
+
@@ -0,0 +1,47 @@
+From ttaie1@thfalcon.com Thu Jun 16 10:23:13 2005
+Received: from thfalcon.com (unknown [202.90.113.150])
+	by thfalcon.com (Postfix) with ESMTP id 32F0DD819C
+	for <stuart@bmsi.com>; Thu, 16 Jun 2005 15:42:08 +0700 (ICT)
+From: ttaie1@thfalcon.com
+To: stuart@bmsi.com
+Subject: Returned mail: see transcript for details
+Date: Thu, 16 Jun 2005 15:50:10 +0700
+MIME-Version: 1.0
+Content-Type: multipart/mixed;
+	boundary="----=_NextPart_000_0014_E4E04420.5619685C"
+X-Priority: 3
+X-MSMail-Priority: Normal
+X-Mailer: Microsoft Outlook Express 6.00.2600.0000
+X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
+Message-Id: <20050616084208.32F0DD819C@thfalcon.com>
+Received-SPF: pass (mail.bmsi.com: guessing: domain of thfalcon.com designates 203.147.3.44 as permitted sender) client-ip=203.147.3.44; envelope-from=ttaie1@thfalcon.com; helo=thfalcon.com;
+
+This is a multi-part message in MIME format.
+
+------=_NextPart_000_0014_E4E04420.5619685C
+Content-Type: text/plain;
+	charset=us-ascii
+Content-Transfer-Encoding: 7bit
+
+Message could not be delivered
+
+
+------=_NextPart_000_0014_E4E04420.5619685C
+Content-Type: application/octet-stream;
+	name="stuart@bmsi.com.zip"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment;
+	filename="stuart@bmsi.com.zip"
+
+UEsDBAoAAAAAAM6r0DL7SfbCBAEAAAQBAAAFABUAdC56aXBVVAkAA7MnskK4J7JCVXgEAIYD
+ZQBQSwMECgAAAAAANVXCMtpXacQaAAAAGgAAADMAFQB6aXAuZG9jICAgICAgICAgICAgICAg
+ICAgICAgICAgICAgICAgICAgICAgICAgIC5leGVVVAkAA6Yan0KmGp9CVXgEAIYDZQBUaGlz
+IHByb2dyYW0gd2FzIGEgdmlydXMuClBLAQIXAwoAAAAAADVVwjLaV2nEGgAAABoAAAAzAA0A
+AAAAAAEAAAC0gQAAAAB6aXAuZG9jICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
+ICAgICAgIC5leGVVVAUAA6Yan0JVeAAAUEsFBgAAAAABAAEAbgAAAIAAAAAAAFBLAQIXAwoA
+AAAAAM6r0DL7SfbCBAEAAAQBAAAFAA0AAAAAAAAAAAC0gQAAAAB0LnppcFVUBQADsyeyQlV4
+AABQSwUGAAAAAAEAAQBAAAAAPAEAAAAA
+
+------=_NextPart_000_0014_E4E04420.5619685C--
+
+
@@ -1,9 +1,12 @@
 import unittest
+import doctest
 import Milter
 import bms
 import mime
 import rfc822
 import StringIO
+import email
+import sys
 #import pdb

 class TestMilter(bms.bmsMilter):
@@ -20,12 +23,12 @@ class TestMilter(bms.bmsMilter):

  def getsymval(self,name):
    if name == 'j': return 'test.milter.org'
-    return bms.bmsMilter.getsymval(self,name)
+    return ''

  def replacebody(self,chunk):
    if self._body:
      self._body.write(chunk)
-      self.bodyreplaced = 1
+      self.bodyreplaced = True
    else:
      raise IOError,"replacebody not called from eom()"

@@ -39,14 +42,14 @@ class TestMilter(bms.bmsMilter):
      del self._msg[field]
    else:
      self._msg[field] = value
-    self.headerschanged = 1
+    self.headerschanged = True

-  def addheader(self,field,value):
+  def addheader(self,field,value,idx=-1):
    if not self._body:
      raise IOError,"addheader not called from eom()"
    self.log('addheader: %s=%s' % (field,value))
    self._msg[field] = value
-    self.headerschanged = 1
+    self.headerschanged = True

  def delrcpt(self,rcpt):
    if not self._body:
@@ -63,8 +66,8 @@ class TestMilter(bms.bmsMilter):

  def feedFile(self,fp,sender="spam@adv.com",rcpt="victim@lamb.com"):
    self._body = None
-    self.bodyreplaced = 0
-    self.headerschanged = 0
+    self.bodyreplaced = False
+    self.headerschanged = False
    self.reply = None
    msg = rfc822.Message(fp)
    rc = self.envfrom('<%s>'%sender)
@@ -118,7 +121,7 @@ class TestMilter(bms.bmsMilter):

  def connect(self,host='localhost'):
    self._body = None
-    self.bodyreplaced = 0
+    self.bodyreplaced = False
    rc =  bms.bmsMilter.connect(self,host,1,('1.2.3.4',1234)) 
    if rc != Milter.CONTINUE and rc != Milter.ACCEPT:
      self.close()
@@ -141,7 +144,7 @@ class BMSMilterTestCase(unittest.TestCase):
    open('test/'+fname+".tstout","w").write(fp.getvalue())
    #self.failUnless(fp.getvalue() == open("test/virus1.out","r").read())
    fp.seek(0)
-    msg = mime.MimeMessage(fp)
+    msg = mime.message_from_file(fp)
    str = msg.get_payload(1).get_payload()
    milter.log(str)
    milter.close()
@@ -218,6 +221,8 @@ class BMSMilterTestCase(unittest.TestCase):
    #pdb.set_trace()
    rc = milter.feedMsg('test8')
    self.assertEqual(rc,Milter.ACCEPT)
+    # python2.4 doesn't scan encoded message attachments
+    if sys.hexversion < 0x02040000:
      self.failUnless(milter.bodyreplaced,"Message body not replaced")
    #self.failIf(milter.bodyreplaced,"Message body replaced")
    fp = milter._body
@@ -233,13 +238,16 @@ class BMSMilterTestCase(unittest.TestCase):
    milter = TestMilter()
    milter.connect('testSmartAlias')
    # test smart alias feature
-    key = ('foo@bar.com','baz@bat.com')
+    key = ('foo@example.com','baz@bat.com')
    bms.smart_alias[key] = ['ham@eggs.com']
    rc = milter.feedMsg('test8',key[0],key[1])
    self.assertEqual(rc,Milter.ACCEPT)
-    self.failUnless(milter.bodyreplaced,"Message body not replaced")
    self.failUnless(milter._delrcpt == ['<baz@bat.com>'])
    self.failUnless(milter._addrcpt == ['<ham@eggs.com>'])
+    # python2.4 email does not decode message attachments, so script
+    # is not replaced
+    if sys.hexversion < 0x02040000:
+      self.failUnless(milter.bodyreplaced,"Message body not replaced")

  def testBadBoundary(self):
    milter = TestMilter()
@@ -247,6 +255,9 @@ class BMSMilterTestCase(unittest.TestCase):
    # test rfc822 attachment with invalid boundaries
    #pdb.set_trace()
    rc = milter.feedMsg('bound')
+    if sys.hexversion < 0x02040000:
+      # python2.4 adds invalid boundaries to decects list and makes
+      # payload a str
      self.assertEqual(rc,Milter.REJECT)
      self.assertEqual(milter.reply[0],'554')
    #self.failUnless(milter.bodyreplaced,"Message body not replaced")
@@ -266,6 +277,25 @@ class BMSMilterTestCase(unittest.TestCase):
    fp = milter._body
    open("test/test1.tstout","w").write(fp.getvalue())

+  def testFindsrs(self):
+    if not bms.srs:
+      import SRS
+      bms.srs = SRS.new(secret='test')
+    sender = bms.srs.forward('foo@bar.com','mail.example.com')
+    sndr = bms.findsrs(StringIO.StringIO(
+"""Received: from [1.16.33.86] (helo=mail.example.com)
+	by bastion4.mail.zen.co.uk with smtp (Exim 4.50) id 1H3IBC-00013b-O9
+	for foo@bar.com; Sat, 06 Jan 2007 20:30:17 +0000
+X-Mailer: "PyMilter-0.8.5"
+	<%s> foo
+MIME-Version: 1.0
+Content-Type: text/plain
+To: foo@bar.com
+From: postmaster@mail.example.com
+""" % sender
+    ))
+    self.assertEqual(sndr,'foo@bar.com')
+
 #  def testReject(self):
 #    "Test content based spam rejection."
 #    milter = TestMilter()
@@ -274,10 +304,12 @@ class BMSMilterTestCase(unittest.TestCase):
 #    self.failUnless(rc == Milter.REJECT)
 #    milter.close();

-def suite(): return unittest.makeSuite(BMSMilterTestCase,'test')
+def suite(): 
+  s = unittest.makeSuite(BMSMilterTestCase,'test')
+  s.addTest(doctest.DocTestSuite(bms))
+  return s

 if __name__ == '__main__':
-  import sys
  if len(sys.argv) > 1:
    for fname in sys.argv[1:]:
      milter = TestMilter()
@@ -287,4 +319,5 @@ if __name__ == '__main__':
      fp = milter._body
      sys.stdout.write(fp.getvalue())
  else:
-    unittest.main()
+    #unittest.main()
+    unittest.TextTestRunner().run(suite())
@@ -1,8 +1,32 @@
+# $Log$
+# Revision 1.3  2005/06/17 01:49:39  customdesigned
+# Handle zip within zip.
+#
+# Revision 1.2  2005/06/02 15:00:17  customdesigned
+# Configure banned extensions.  Scan zipfile option with test case.
+#
+# Revision 1.1.1.2  2005/05/31 18:23:49  customdesigned
+# Development changes since 0.7.2
+#
+# Revision 1.23  2005/02/11 18:34:14  stuart
+# Handle garbage after quote in boundary.
+#
+# Revision 1.22  2005/02/10 01:10:59  stuart
+# Fixed MimeMessage.ismodified()
+#
+# Revision 1.21  2005/02/10 00:56:49  stuart
+# Runs with python2.4.  Defang not working correctly - more work needed.
+#
+# Revision 1.20  2004/11/20 16:38:17  stuart
+# Add rcs log
+#
 import unittest
 import mime
 import socket
 import StringIO
 import email
+import sys
+from email import Errors

 samp1_txt1 = """Dear Agent 1
 I hope you can read this.  Whenever you write label it  P.B.S kids.
@@ -24,23 +48,40 @@ class MimeTestCase(unittest.TestCase):
    self.failUnless(plist[0] == 'name="Jim&amp;amp;Girlz.jpg"')

  def testParse(self,fname='samp1'):
-    msg = mime.MimeMessage(open('test/'+fname,"r"))
+    msg = mime.message_from_file(open('test/'+fname,"r"))
    self.failUnless(msg.ismultipart())
    parts = msg.get_payload()
    self.failUnless(len(parts) == 2)
    txt1 = parts[0].get_payload()
    self.failUnless(txt1.rstrip() == samp1_txt1,txt1)
+    msg = mime.message_from_file(open('test/missingboundary',"r"))
+    # should get no exception as long as we don't try to parse
+    # message attachments
+    mime.defang(msg,scan_rfc822=False)
+    msg.dump(open('test/missingboundary.out','w'))
+    msg = mime.message_from_file(open('test/missingboundary',"r"))
+    try:
+      mime.defang(msg)
+      # python 2.4 doesn't get exceptions on missing boundaries, and
+      # if message is modified, output is readable by mail clients
+      if sys.hexversion < 0x02040000:
+	self.fail('should get boundary error parsing bad rfc822 attachment')
+    except Errors.BoundaryError:
+      pass
  
  def testDefang(self,vname='virus1',part=1,
  	fname='LOVE-LETTER-FOR-YOU.TXT.vbs'):
-    msg = mime.MimeMessage(open('test/'+vname,"r"))
-    mime.defang(msg)
+    msg = mime.message_from_file(open('test/'+vname,"r"))
+    mime.defang(msg,scan_zip=True)
+    self.failUnless(msg.ismodified(),"virus not removed")
    oname = vname + '.out'
    msg.dump(open('test/'+oname,"w"))
-    msg = mime.MimeMessage(open('test/'+oname,"r"))
-    parts = msg.get_payload()
-    txt2 = parts[part].get_payload()
-    self.failUnless(txt2.rstrip()+'\n' == mime.virus_msg % (fname,hostname,None),txt2)
+    msg = mime.message_from_file(open('test/'+oname,"r"))
+    txt2 = msg.get_payload()
+    if type(txt2) == list:
+      txt2 = txt2[part].get_payload()
+    self.failUnless(
+      txt2.rstrip()+'\n' == mime.virus_msg % (fname,hostname,None),txt2)

  def testDefang3(self):
    self.testDefang('virus3',0,'READER_DIGEST_LETTER.TXT.pif')
@@ -55,11 +96,11 @@ class MimeTestCase(unittest.TestCase):

  # virus6 has no parts - the virus is directly inline
  def testDefang6(self,vname="virus6",fname='FAX20.exe'):
-    msg = mime.MimeMessage(open('test/'+vname,"r"))
+    msg = mime.message_from_file(open('test/'+vname,"r"))
    mime.defang(msg)
    oname = vname + '.out'
    msg.dump(open('test/'+oname,"w"))
-    msg = mime.MimeMessage(open('test/'+oname,"r"))
+    msg = mime.message_from_file(open('test/'+oname,"r"))
    self.failIf(msg.ismultipart())
    txt2 = msg.get_payload()
    self.failUnless(txt2 == mime.virus_msg % \
@@ -68,11 +109,11 @@ class MimeTestCase(unittest.TestCase):
  # honey virus has a sneaky ASP payload which is parsed correctly
  # by email package in python-2.2.2, but not by mime.MimeMessage or 2.2.1
  def testDefang7(self,vname="honey",fname='story[1].scr'):
-    msg = mime.MimeMessage(open('test/'+vname,"r"))
+    msg = mime.message_from_file(open('test/'+vname,"r"))
    mime.defang(msg)
    oname = vname + '.out'
    msg.dump(open('test/'+oname,"w"))
-    msg = mime.MimeMessage(open('test/'+oname,"r"))
+    msg = mime.message_from_file(open('test/'+oname,"r"))
    parts = msg.get_payload()
    txt2 = parts[1].get_payload()
    txt3 = parts[2].get_payload()
@@ -83,13 +124,28 @@ class MimeTestCase(unittest.TestCase):
 	  ('story[1].asp',hostname,None),txt3)

  def testParse2(self,fname="spam7"):
-    msg = mime.MimeMessage(open('test/'+fname,"r"))
+    msg = mime.message_from_file(open('test/'+fname,"r"))
    self.failUnless(msg.ismultipart())
    parts = msg.get_payload()
    self.failUnless(len(parts) == 2)
    name = parts[1].getname()
    self.failUnless(name == "Jim&amp;amp;Girlz.jpg","name=%s"%name)

+  def testZip(self,vname="zip1",fname='zip.zip'):
+    self.testDefang(vname,1,'zip.zip')
+    # test scan_zip flag
+    msg = mime.message_from_file(open('test/'+vname,"r"))
+    mime.defang(msg,scan_zip=False)
+    self.failIf(msg.ismodified())
+    # test ignoring empty zip (often found in DSNs)
+    msg = mime.message_from_file(open('test/zip2','r'))
+    mime.defang(msg,scan_zip=True)
+    self.failIf(msg.ismodified())
+    # test corrupt zip (often an EXE named as a ZIP)
+    self.testDefang('zip3',1,'zip.zip')
+    # test zip within zip
+    self.testDefang('ziploop',1,'stuart@bmsi.com.zip')
+
  def testHTML(self,fname=""):
    result = StringIO.StringIO()
    filter = mime.HTMLScriptFilter(result)
@@ -106,10 +162,11 @@ class MimeTestCase(unittest.TestCase):
 def suite(): return unittest.makeSuite(MimeTestCase,'test')

 if __name__ == '__main__':
-  import sys
  if len(sys.argv) < 2:
    unittest.main()
  else:
    for fname in sys.argv[1:]:
      fp = open(fname,'r')
-      msg = mime.MimeMessage(fp)
+      msg = mime.message_from_file(fp)
+      mime.defang(msg,scan_zip=True)
+      print msg.as_string()
@@ -17,7 +17,7 @@ class TestMilter(sample.sampleMilter):
  def replacebody(self,chunk):
    if self._body:
      self._body.write(chunk)
-      self.bodyreplaced = 1
+      self.bodyreplaced = True
    else:
      raise IOError,"replacebody not called from eom()"

@@ -29,16 +29,16 @@ class TestMilter(sample.sampleMilter):
      del self._msg[field]
    else:
      self._msg[field] = value
-    self.headerschanged = 1
+    self.headerschanged = True

  def addheader(self,field,value):
    self.log('addheader: %s=%s' % (field,value))
    self._msg[field] = value
-    self.headerschanged = 1
+    self.headerschanged = True

  def feedMsg(self,fname):
    self._body = None
-    self.bodyreplaced = 0
+    self.bodyreplaced = False
    self.headerschanged = 0
    fp = open('test/'+fname,'r')
    msg = rfc822.Message(fp)
@@ -85,7 +85,7 @@ class TestMilter(sample.sampleMilter):

  def connect(self,host='localhost'):
    self._body = None
-    self.bodyreplaced = 0
+    self.bodyreplaced = False
    rc =  sample.sampleMilter.connect(self,host,1,0) 
    if rc != Milter.CONTINUE and rc != Milter.ACCEPT:
      self.close()
@@ -108,7 +108,7 @@ class BMSMilterTestCase(unittest.TestCase):
    open('test/'+fname+".tstout","w").write(fp.getvalue())
    #self.failUnless(fp.getvalue() == open("test/virus1.out","r").read())
    fp.seek(0)
-    msg = mime.MimeMessage(fp)
+    msg = mime.message_from_file(fp)
    s = msg.get_payload(1).get_payload()
    milter.log(s)
    milter.close()
@@ -0,0 +1,48 @@
+import unittest
+import doctest
+import os
+import Milter.utils
+from Milter.cache import AddrCache
+from Milter.dynip import is_dynip
+
+class AddrCacheTestCase(unittest.TestCase):
+
+  def setUp(self):
+    self.fname = 'test.dat'
+
+  def tearDown(self):
+    os.remove(self.fname)
+
+  def testAdd(self):
+    cache = AddrCache(fname=self.fname)
+    cache['foo@bar.com'] = None
+    cache.addperm('baz@bar.com')
+    cache['temp@bar.com'] = 'testing'
+    self.failUnless(cache.has_key('foo@bar.com'))
+    self.failUnless(not cache.has_key('hello@bar.com'))
+    self.failUnless('baz@bar.com' in cache)
+    self.assertEquals(cache['temp@bar.com'],'testing')
+    s = open(self.fname).readlines()
+    self.failUnless(len(s) == 2)
+    self.failUnless(s[0].startswith('foo@bar.com '))
+    self.assertEquals(s[1].strip(),'baz@bar.com')
+    # check that new result overrides old
+    cache['temp@bar.com'] = None
+    self.failUnless(not cache['temp@bar.com'])
+
+  def testDomain(self):
+    fp = open(self.fname,'w')
+    print >>fp,'spammer.com'
+    fp.close()
+    cache = AddrCache(fname=self.fname)
+    cache.load(self.fname,30)
+    self.failUnless('spammer.com' in cache)
+
+def suite(): 
+  s = unittest.makeSuite(AddrCacheTestCase,'test')
+  s.addTest(doctest.DocTestSuite(Milter.utils))
+  s.addTest(doctest.DocTestSuite(Milter.dynip))
+  return s
+
+if __name__ == '__main__':
+  unittest.TextTestRunner().run(suite())