Work with berkeleydb and try importing it first.

It has been removed in python 3.12

.gitignore

@@ -0,0 +1,8 @@
+*.pyc
+build/
+test/*.out
+test/*.tstout
+test/*.log
+test.db
+dist
+MANIFEST

CREDITS

@@ -1,5 +1,5 @@
 Jim Niemira (urmane@urmane.org) wrote the original C module and some quick
-and dirty python to use it.  Stuart D. Gathman (stuart@bmsi.com) took that
+and dirty python to use it.  Stuart D. Gathman (stuart@gathman.org) took that
 kludge and added threading and context objects to it, wrote a proper OO
 wrapper (Milter.py) that handles attachments, did lots of testing, packaged
 it with distutils, and generally transformed it from a quick hack to a
@@ -7,6 +7,12 @@ real, usable Python extension.
 
 Other contributors (in random order):
 
+Daniel Troeder
+  for pointing out a typo in @noreply
+arkanes@irc.freenode.net
+  for suggesting a class method to compute and cache protocol masks
+habnabit@habnabit.org
+  for suggesting function attributes and decorators for protocol negotiation
 Dwayne Litzenberger, B.A.Sc.
   for library_dirs patch to compile on Debian 
 Dave MacQuigg 
@@ -37,4 +43,4 @@ Business Management Systems - http://www.bmsi.com
   for hosting the website, and providing paying clients who need milter service
   so I can work on it as part of my day job.
 
-If I have left anybody out, send me a reminder: stuart@bmsi.com
+If I have left anybody out, send me a reminder: stuart@gathman.org

ChangeLog

@@ -1,3 +1,213 @@
+# Revision 1.35  2013/03/14 22:11:25  customdesigned
+# Release 0.9.8
+#
+# Revision 1.34  2013/03/09 05:42:14  customdesigned
+# Make TestBase members private, fix getsymlist misspelling.
+#
+# Revision 1.33  2013/03/09 00:25:23  customdesigned
+# Better untrapped exception message.  const char for doc comments.
+#
+# Revision 1.32  2013/01/13 01:46:16  customdesigned
+# Doc updates.
+#
+# Revision 1.31  2012/04/12 23:32:50  customdesigned
+# Replace redundant callback array with macros.  If this doesn't break anything,
+# macros can be eliminated with code changes.
+#
+# Revision 1.30  2012/04/12 23:08:06  customdesigned
+# Support RFC2553 on BSD
+#
+# Revision 1.29  2011/06/09 15:45:27  customdesigned
+# Print callback name for non-int return error.
+#
+# Revision 1.28  2011/06/08 23:13:48  customdesigned
+# Generate special exception when callback return not int.
+#
+# Revision 1.27  2009/07/28 21:45:54  customdesigned
+# Add getversion() to return runtime version.
+#
+# Revision 1.26  2009/07/28 21:08:20  customdesigned
+# Increment del count.
+#
+# Revision 1.25  2009/07/28 20:58:55  customdesigned
+# getdiag method
+#
+# Revision 1.24  2009/06/09 01:54:44  customdesigned
+# Forgot to initialize optional parameter.
+#
+# Revision 1.23  2009/05/29 20:44:58  customdesigned
+# Typo SMFIP_NO constants.
+#
+# Revision 1.22  2009/05/29 19:53:36  customdesigned
+# Typo SMFIS_ALL_OPTS
+#
+# Revision 1.21  2009/05/29 19:49:40  customdesigned
+# Typo calling helo instead of negotiate.
+#
+# Revision 1.20  2009/05/29 18:25:59  customdesigned
+# Null terminate keyword list.
+#
+# Revision 1.19  2009/05/28 18:36:42  customdesigned
+# Support new callbacks, including negotiate
+#
+# Revision 1.18  2009/05/21 21:53:05  customdesigned
+# First cut at support unknown, data, negotiate callbacks.
+#
+# Revision 1.17  2009/02/06 04:28:08  customdesigned
+# Oops!  Missing options argument pointer for addrcpt.
+#
+# Revision 1.16  2008/12/16 04:21:05  customdesigned
+# Fedora release
+#
+# Revision 1.15  2008/12/13 20:29:56  customdesigned
+# Split off milter applications.
+#
+# Revision 1.14  2008/12/04 19:43:00  customdesigned
+# Doc updates.
+#
+# Revision 1.13  2008/11/23 03:06:47  customdesigned
+# Milter support for chgfrom.
+#
+# Revision 1.12  2008/11/21 20:42:52  customdesigned
+# Support smfi_chgfrom and smfi_addrcpt_par.
+#
+# Revision 1.11  2007/09/25 02:26:29  customdesigned
+# Update license.
+#
+# Revision 1.10  2006/02/12 02:00:42  customdesigned
+# Resolve FIXME for wrap_close.
+#
+# Revision 1.9  2005/12/23 21:46:36  customdesigned
+# Compile on sendmail-8.12 (ifdef SMFIR_INSHEADER)
+#
+# Revision 1.8  2005/10/20 23:23:36  customdesigned
+# Include smfi_progress is SMFIR_PROGRESS defined
+#
+# Revision 1.7  2005/10/20 23:04:46  customdesigned
+# Add optional idx for position of added header.
+#
+# Revision 1.6  2005/07/15 22:18:17  customdesigned
+# Support callback exception policy
+#
+# Revision 1.5  2005/06/24 04:20:07  customdesigned
+# Report context allocation error.
+#
+# Revision 1.4  2005/06/24 04:12:43  customdesigned
+# Remove unused name argument to generic wrappers.
+#
+# Revision 1.3  2005/06/24 03:57:35  customdesigned
+# Handle close called before connect.
+#
+# Revision 1.2  2005/06/02 04:18:55  customdesigned
+# Update copyright notices after reading article on /.
+#
+# Revision 1.1.1.2  2005/05/31 18:09:06  customdesigned
+# Release 0.7.1
+#
+# Revision 2.31  2004/08/23 02:24:36  stuart
+# Support setbacklog
+#
+# Revision 2.30  2004/08/21 20:29:53  stuart
+# Support option of 11 lines max for mlreply.
+#
+# Revision 2.29  2004/08/21 04:14:29  stuart
+# mlreply support
+#
+# Revision 2.28  2004/08/21 02:45:21  stuart
+# Don't leak int constants if module unloaded.
+#
+# Revision 2.27  2004/04/06 03:19:59  stuart
+# Release 0.6.8
+#
+# Revision 2.26  2004/03/04 21:43:06  stuart
+# Fix memory leak by removing unused dynamic template buffer,
+# thanks again to Alexander Kourakos.
+#
+# Revision 2.25  2004/03/01 19:45:03  stuart
+# Release 0.6.5
+#
+# Revision 2.24  2004/03/01 18:56:50  stuart
+# Support progress reporting.
+#
+# Revision 2.23  2004/03/01 18:36:09  stuart
+# Plug memory leak.  Thanks to Alexander Kourakos.
+#
+# Revision 2.22  2003/11/02 03:01:46  stuart
+# Adjust SMTP error codes after careful reading of standard.
+#
+# Revision 2.21  2003/06/24 19:57:04  stuart
+# Allow removing a python milter callback by setting to None.
+#
+# Revision 2.20  2003/02/13 17:08:57  stuart
+# IPV6 support
+#
+# Revision 2.19  2003/02/13 16:58:29  stuart
+# Support passing None to setreply and chgheader.
+#
+# Revision 2.18  2002/12/11 16:44:06  stuart
+# Support QUARANTINE if supported by libmilter.
+#
+# Revision 2.17  2002/04/18 20:20:35  stuart
+# Fix for NULL hostaddr in connect callback from Jason Erickson.
+#
+# Revision 2.16  2001/09/26 13:29:09  stuart
+# sa_len not supported by linux.
+#
+# Revision 2.15  2001/09/25 17:28:40  stuart
+# Copyrights, documentation, release 0.3.1
+#
+# Revision 2.14  2001/09/25 00:36:57  stuart
+# Pass hostaddr to python code in format used by standard socket module.
+#
+# Revision 2.13  2001/09/24 23:44:55  stuart
+# Return old callback from setcallback functions.
+#
+# Revision 2.12  2001/09/24 20:02:30  stuart
+# Remove redundant setpriv
+#
+# Revision 2.11  2001/09/23 22:26:35  stuart
+# Update docs.  Streamline Milter.py
+# update testbms.py to reflect actual sendmail behaviour with multiple
+# messages per connection.
+#
+# Revision 2.10  2001/09/22 15:33:42  stuart
+# More doc comment updates.
+#
+# Revision 2.9  2001/09/22 14:52:27  stuart
+# Actually return retval in _generic_return.
+# Go over doc comments.
+#
+# Revision 2.8  2001/09/22 01:59:32  stuart
+# Prevent reentrant call of milter_main, which libmilter doesn't support.
+#
+# Revision 2.7  2001/09/22 01:47:37  stuart
+# Forgot to set milter interp.
+#
+# Revision 2.6  2001/09/22 01:23:53  stuart
+# Added proper threading after research in python docs.
+#
+# Revision 2.5  2001/09/21 20:08:51  stuart
+# Release 0.2.3
+#
+# Revision 2.4  2001/09/20 16:18:16  stuart
+# libmilter checks in_eom state, so we don't have to.
+#
+# Revision 2.3  2001/09/19 06:02:33  stuart
+# Make more stuff static.
+#
+# Revision 2.1  2001/09/19 04:24:13  stuart
+# Use extension type to track context in python.
+#
+# Revision 1.4  2001/09/18 18:48:28  stuart
+# clear private data reference in _clear_context
+#
+# Revision 1.3  2001/09/15  04:19:37  stuart
+# nasty off by 1 mem overwrite bugs in wrap_env
+# generic_set_callback
+#
+# Revision 1.2  2001/09/15  03:15:39  stuart
+# several bugs fixed, works smoothly
+#
 # Revision 1.69  2006/11/04 22:09:39  customdesigned
 # Another lame DSN heuristic.  Block PTR cache poisoning attack.
 #

MANIFEST.in

@@ -2,7 +2,7 @@ include COPYING
 include TODO
 include NEWS
 include CREDITS
-include README
+include README.md
 include ChangeLog
 include MANIFEST.in
 include testsample.py

Milter/__init__.py

@@ -1,28 +1,34 @@
-# Author: Stuart D. Gathman <stuart@bmsi.com>
-# Copyright 2001 Business Management Systems, Inc.
+## @package Milter
+# A thin OO wrapper for the milter module.
+#
+# Clients generally subclass Milter.Base and define callback
+# methods.
+#
+# @author Stuart D. Gathman <stuart@bmsi.com>
+# Copyright 2001,2009 Business Management Systems, Inc.
 # This code is under the GNU General Public License.  See COPYING for details.
 
-# A thin OO wrapper for the milter module
+from __future__ import print_function
+__version__ = '1.0.5'
 
 import os
+import re
 import milter
-import thread
+import sys
+try:
+  import thread
+except:
+  # libmilter uses posix threads
+  import _thread as thread
 
-from milter import ACCEPT,CONTINUE,REJECT,DISCARD,TEMPFAIL,	\
-  set_flags, setdbg, setbacklog, settimeout, error,	\
-  ADDHDRS, CHGBODY, ADDRCPT, DELRCPT, CHGHDRS,	\
-  V1_ACTS, V2_ACTS, CURR_ACTS
-
-try: from milter import QUARANTINE
-except: pass
-
-__version__ = '0.8.5'
+from milter import *
+from functools import wraps
 
 _seq_lock = thread.allocate_lock()
 _seq = 0
 
 def uniqueID():
-  """Return a sequence number unique to this process.
+  """Return a unique sequence number (incremented on each call).
   """
   global _seq
   _seq_lock.acquire()
@@ -30,30 +36,680 @@ def uniqueID():
   _seq_lock.release()
   return seqno
 
-class Milter:
-  """A simple class interface to the milter module.
-  """
+## @private
+OPTIONAL_CALLBACKS = {
+  'connect':(P_NR_CONN,P_NOCONNECT),
+  'hello':(P_NR_HELO,P_NOHELO),
+  'envfrom':(P_NR_MAIL,P_NOMAIL),
+  'envrcpt':(P_NR_RCPT,P_NORCPT),
+  'data':(P_NR_DATA,P_NODATA),
+  'unknown':(P_NR_UNKN,P_NOUNKNOWN),
+  'eoh':(P_NR_EOH,P_NOEOH),
+  'body':(P_NR_BODY,P_NOBODY),
+  'header':(P_NR_HDR,P_NOHDRS)
+}
+
+MACRO_CALLBACKS = {
+  'connect': M_CONNECT,
+  'hello': M_HELO, 'envfrom': M_ENVFROM, 'envrcpt': M_ENVRCPT,
+  'data': M_DATA, 'eom': M_EOM, 'eoh': M_EOH
+}
+
+## @private
+R = re.compile(r'%+')
+
+## @private
+def decode_mask(bits,names):
+  t = [ (s,getattr(milter,s)) for s in names]
+  nms = [s for s,m in t if bits & m]
+  for s,m in t: bits &= ~m
+  if bits: nms += hex(bits)
+  return nms
+
+## Class decorator to enable optional protocol steps.
+# P_SKIP is enabled by default when supported, but
+# applications may wish to enable P_HDR_LEADSPC
+# to send and receive the leading space of header continuation
+# lines unchanged, and/or P_RCPT_REJ to have recipients 
+# detected as invalid by the MTA passed to the envcrpt callback.
+#
+# Applications may want to check whether the protocol is actually
+# supported by the MTA in use.  Base._protocol
+# is a bitmask of protocol options negotiated.  So,
+# for instance, if <code>self._protocol & Milter.P_RCPT_REJ</code>
+# is true, then that feature was successfully negotiated with the MTA
+# and the application will see recipients the MTA has flagged as invalid.
+# 
+# Sample use:
+# <pre>
+# class myMilter(Milter.Base):
+#   def envrcpt(self,to,*params):
+#     return Milter.CONTINUE
+# myMilter = Milter.enable_protocols(myMilter,Milter.P_RCPT_REJ)
+# </pre>
+# @since 0.9.3
+# @param klass the %milter application class to modify
+# @param mask a bitmask of protocol steps to enable
+# @return the modified %milter class
+def enable_protocols(klass,mask):
+  klass._protocol_mask = klass.protocol_mask() & ~mask
+  return klass
+
+## Milter rejected recipients. A class decorator that calls
+# enable_protocols() with the P_RCPT_REJ flag.  By default, the MTA
+# does not pass recipients that it knows are invalid on to the milter.
+# This decorator enables a %milter app to see all recipients if supported
+# by the MTA.  Use like this with python-2.6 and later:
+# <pre>
+# @@Milter.rejected_recipients
+# class myMilter(Milter.Base):
+#   def envrcpt(self,to,*params):
+#     return Milter.CONTINUE
+# </pre>
+# @since 0.9.5
+# @param klass the %milter application class to modify
+# @return the modified %milter class
+def rejected_recipients(klass):
+  return enable_protocols(klass,P_RCPT_REJ)
+
+## Milter leading space on headers. A class decorator that calls
+# enable_protocols() with the P_HDR_LEADSPC flag.  By default,
+# header continuation lines are collected and joined before getting
+# sent to a milter.  Headers modified or added by the milter are
+# folded by the MTA as necessary according to its own standards.
+# With this flag, header continuation lines are preserved
+# with their newlines and leading space.  In addition, header folding
+# done by the milter is preserved as well.
+# Use like this with python-2.6 and later:
+# <pre>
+# @@Milter.header_leading_space
+# class myMilter(Milter.Base):
+#   def header(self,hname,value):
+#     return Milter.CONTINUE
+# </pre>
+# @since 0.9.5
+# @param klass the %milter application class to modify
+# @return the modified %milter class
+def header_leading_space(klass):
+  return enable_protocols(klass,P_HDR_LEADSPC)
+
+## Function decorator to disable callback methods.
+# If the MTA supports it, tells the MTA not to invoke this callback,
+# increasing efficiency.  All the callbacks (except negotiate)
+# are disabled in Milter.Base, and overriding them reenables the
+# callback.  An application may need to use @@nocallback when it extends
+# another %milter and wants to disable a callback again.
+# The disabled method should still return Milter.CONTINUE, in case the MTA does
+# not support protocol negotiation, and for when called from a test harness.
+# @since 0.9.2
+def nocallback(func):
+  try:
+    func.milter_protocol = OPTIONAL_CALLBACKS[func.__name__][1]
+  except KeyError:
+    raise ValueError(
+      '@nocallback applied to non-optional method: '+func.__name__)
+  @wraps(func)
+  def wrapper(self,*args):
+    if func(self,*args) != CONTINUE:
+      raise RuntimeError('%s return code must be CONTINUE with @nocallback'
+        % func.__name__)
+    return CONTINUE
+  return wrapper
+
+## Function decorator to disable callback reply.
+# If the MTA supports it, tells the MTA not to wait for a reply from
+# this callback, and assume CONTINUE.  The method should still return
+# CONTINUE in case the MTA does not support protocol negotiation.
+# The decorator arranges to change the return code to NOREPLY 
+# when supported by the MTA.
+# @since 0.9.2
+def noreply(func):
+  try:
+    nr_mask = OPTIONAL_CALLBACKS[func.__name__][0]
+  except KeyError:
+    raise ValueError(
+      '@noreply applied to non-optional method: '+func.__name__)
+  @wraps(func)
+  def wrapper(self,*args):
+    rc = func(self,*args)
+    if self._protocol & nr_mask:
+      if rc != CONTINUE:
+        raise RuntimeError('%s return code must be CONTINUE with @noreply'
+	  % func.__name__)
+      return NOREPLY
+    return rc
+  wrapper.milter_protocol = nr_mask
+  return wrapper
+
+## Function decorator to set decoding error strategy.
+# Current RFCs define UTF-8 as the standard encoding for SMTP
+# envelope and header fields.  By default, Milter.Base decodes 
+# envelope and header values with errors='surrogateescape'.
+# Applications can recover the original bytes with 
+# <pre>
+# b = s.encode(errors='surrogateescape')
+# </pre>
+# This preserves information, but can lead to unexpected exceptions
+# as you cannot, e.g. print strings with surrogates.
+# Illegal bytes occur quite often in real life, so there must
+# be a way to deal with them.
+# This decorator can change the error strategy to
+# <ul>
+# <li> bytes    - original bytes are passed unmodified
+# <li> strict   - pass bytes if illegal bytes are present, string otherwise
+# <li> ignore   - illegal bytes are removed
+# <li> replace  - illegal bytes are replaced with a unicode error symbol
+# </ul> 
+# 
+def decode(strategy):
+  def setstrategy(func):
+    func.error_strategy = strategy
+    return func
+  return setstrategy
+
+## Function decorator to set macros used in a callback.
+# By default, the MTA sends all macros defined for a callback.
+# If some or all of these are unused, the bandwidth can be saved
+# by listing the ones that are used.
+# @since 1.0.2
+def symlist(*syms):
+  def setsyms(func):
+    if len(syms) > 5:
+      raise ValueError('@symlist limited to 5 macros by MTA: '+func.__name__)
+    if func.__name__ not in MACRO_CALLBACKS:
+      raise ValueError('@symlist applied to non-symlist method: '+func.__name__)
+    func._symlist = syms
+    return func
+  return setsyms
+
+## Disabled action exception.
+# set_flags() can tell the MTA that this application will not use certain
+# features (such as CHGFROM).  This can also be negotiated for each
+# connection in the negotiate callback.  If the application then calls
+# the feature anyway via an instance method, this exception is
+# thrown.
+# @since 0.9.2
+class DisabledAction(RuntimeError):
+  pass
+
+## A do "nothing" Milter base class representing an SMTP connection.
+#
+# Python milters should derive from this class
+# unless they are using the low level milter module directly.  
+#
+# Most of the methods are either "actions" or "callbacks".  Callbacks
+# are invoked by the MTA at certain points in the SMTP protocol.  For
+# instance when the HELO command is seen, the MTA calls the helo
+# callback before returning a response code.  All callbacks must
+# return one of these constants: CONTINUE, TEMPFAIL, REJECT, ACCEPT,
+# DISCARD, SKIP.  The NOREPLY response is supplied automatically by
+# the @@noreply decorator if negotiation with the MTA is successful.
+# @@noreply and @@nocallback methods should return CONTINUE for two reasons:
+# the MTA may not support negotiation, and the class may be running in a test
+# harness.
+# 
+# Optional callbacks are disabled with the @@nocallback decorator, and
+# automatically reenabled when overridden.  Disabled callbacks should
+# still return CONTINUE for testing and MTAs that do not support
+# negotiation.  
+
+# Each SMTP connection to the MTA calls the factory method you provide to
+# create an instance derived from this class.  This is typically the
+# constructor for a class derived from Base.  The _setctx() method attaches
+# the instance to the low level milter.milterContext object.  When the SMTP
+# connection terminates, the close callback is called, the low level connection
+# object is destroyed, and this normally causes instances of this class to be
+# garbage collected as well.  The close() method should release any global
+# resources held by instances.
+# @since 0.9.2
+class Base(object):
+  "The core class interface to the %milter module."
+
+  ## Attach this Milter to the low level milter.milterContext object.
   def _setctx(self,ctx):
-    self.__ctx = ctx
+    ## The low level @ref milter.milterContext object.
+    self._ctx = ctx
+    ## A bitmask of actions this connection has negotiated to use.
+    # By default, all actions are enabled.  High throughput milters
+    # may want to disable unused actions to increase efficiency.
+    # Some optional actions may be disabled by calling milter.set_flags(), or
+    # by overriding the negotiate callback.  The bits include:
+    # <code>ADDHDRS,CHGBODY,MODBODY,ADDRCPT,ADDRCPT_PAR,DELRCPT
+    #  CHGHDRS,QUARANTINE,CHGFROM,SETSYMLIST</code>.
+    # The <code>Milter.CURR_ACTS</code> bitmask is all actions
+    # known when the milter module was compiled.
+    # Application code can also inspect this field to determine
+    # which actions are available.  This is especially useful in
+    # generic library code designed to work in multiple milters.
+    # @since 0.9.2
+    #
+    self._actions = CURR_ACTS         # all actions enabled by default
+    ## A bitmask of protocol options this connection has negotiated.
+    # An application may inspect this
+    # variable to determine which protocol steps are supported.  Options
+    # of interest to applications: the SKIP result code is allowed
+    # only if the P_SKIP bit is set, rejected recipients are passed to the
+    # %milter application only if the P_RCPT_REJ bit is set, and
+    # header values are sent and received with leading spaces (in the
+    # continuation lines) intact if the P_HDR_LEADSPC bit is set (so
+    # that the application can customize indenting).  
+    #
+    # The P_N* bits should be negotiated via the @@noreply and @@nocallback
+    # method decorators, and P_RCPT_REJ, P_HDR_LEADSPC should
+    # be enabled using the enable_protocols class decorator.
+    #
+    # The bits include: <code>
+    # P_RCPT_REJ P_NR_CONN P_NR_HELO P_NR_MAIL P_NR_RCPT P_NR_DATA P_NR_UNKN
+    # P_NR_EOH P_NR_BODY P_NR_HDR P_NOCONNECT P_NOHELO P_NOMAIL P_NORCPT
+    # P_NODATA P_NOUNKNOWN P_NOEOH P_NOBODY P_NOHDRS P_HDR_LEADSPC P_SKIP
+    # </code> (all under the Milter namespace).
+    # @since 0.9.2
+    self._protocol = 0                # no protocol options by default
     if ctx:
       ctx.setpriv(self)
 
-  # user replaceable callbacks
-  def log(self,*msg):
-    print 'Milter:',
-    for i in msg: print i,
-    print
+  ## Defined by subclasses to write log messages.
+  def log(self,*msg): pass
+  ## Called for each connection to the MTA.  Called by the
+  # <a href="milter_api/xxfi_connect.html">
+  # xxfi_connect</a> callback.  
+  # The <code>hostname</code> provided by the local MTA is either
+  # the PTR name or the IP in the form "[1.2.3.4]" if no PTR is available.
+  # The format of hostaddr depends on the socket family:
+  # <dl>
+  # <dt><code>socket.AF_INET</code>
+  # <dd>A tuple of (IP as string in dotted quad form, integer port)
+  # <dt><code>socket.AF_INET6</code>
+  # <dd>A tuple of (IP as a string in standard representation,
+  # integer port, integer flow info, integer scope id)
+  # <dt><code>socket.AF_UNIX</code>
+  # <dd>A string with the socketname
+  # </dl>
+  # To vary behavior based on what port the client connected to,
+  # for example skipping blacklist checks for port 587 (which must 
+  # be authenticated), use @link #getsymval getsymval('{daemon_port}') @endlink.
+  # The <code>{daemon_port}</code> macro must be enabled in sendmail.cf
+  # <pre>
+  # O Milter.macros.connect=j, _, {daemon_name}, {daemon_port}, {if_name}, {if_addr}
+  # </pre>
+  # or sendmail.mc
+  # <pre>
+  # define(`confMILTER_MACROS_CONNECT', ``j, _, {daemon_name}, {daemon_port}, {if_name}, {if_addr}'')dnl
+  # </pre>
+  # @param hostname the PTR name or bracketed IP of the SMTP client
+  # @param family <code>socket.AF_INET</code>, <code>socket.AF_INET6</code>,
+  #     or <code>socket.AF_UNIX</code>
+  # @param hostaddr a tuple or string with peer IP or socketname
+  @nocallback
+  def connect(self,hostname,family,hostaddr): return CONTINUE
+  ## Called when the SMTP client says HELO.
+  # Returning REJECT prevents progress until a valid HELO is provided;
+  # this almost always results in terminating the connection.
+  @nocallback
+  def hello(self,hostname): return CONTINUE
+  ## Called with bytes by default global envfrom callback.
+  # @since 1.0.5
+  # Converts from utf-8 to unicode with surrogate escape.  Can be overriden 
+  # to pass bytes to @link #header the header callback @endlink instead,
+  # or trap utf-8 conversion exception, etc.
+  def envfrom_bytes(self,*b):
+    try:
+      e = getattr(self.envfrom,'error_strategy','surrogateescape')
+      if e == 'bytes':
+        #self.envfrom_bytes = self.envfrom
+        return self.envfrom(*b)
+      s = [v.decode(encoding='utf-8',errors=e) for v in b]
+    except UnicodeDecodeError: s = b
+    return self.envfrom(s[0],*s[1:])
+  ## Called when the SMTP client says MAIL FROM. Called by the
+  # <a href="milter_api/xxfi_envfrom.html">
+  # xxfi_envfrom</a> callback.  
+  # Returning REJECT rejects the message, but not the connection.
+  # The sender is the "envelope" from as defined by
+  # <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+  # For the From: header (author) defined in 
+  # <a href="http://tools.ietf.org/html/rfc5322">RFC 5322</a>,
+  # see @link #header the header callback @endlink.
+  @nocallback
+  def envfrom(self,f,*s): return CONTINUE
+  ## Called with bytes by default global envrcpt callback.
+  # @since 1.0.5
+  # Converts from utf-8 to unicode with surrogate escape.  Can be overriden 
+  # to pass bytes to @link #header the header callback @endlink instead,
+  # or trap utf-8 conversion exception, etc.
+  def envrcpt_bytes(self,*b):
+    try:
+      e = getattr(self.envrcpt,'error_strategy','surrogateescape')
+      if e == 'bytes':
+        #self.envrcpt_bytes = self.envrcpt
+        return self.envrcpt(*b)
+      s = [v.decode(encoding='utf-8',errors=e) for v in b]
+    except UnicodeDecodeError: s = b
+    return self.envrcpt(s[0],*s[1:])
+  ## Called when the SMTP client says RCPT TO. Called by the
+  # <a href="milter_api/xxfi_envrcpt.html">
+  # xxfi_envrcpt</a> callback.
+  # Returning REJECT rejects the current recipient, not the entire message.
+  # The recipient is the "envelope" recipient as defined by 
+  # <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+  # For recipients defined in 
+  # <a href="http://tools.ietf.org/html/rfc5322">RFC 5322</a>, 
+  # for example To: or Cc:, see @link #header the header callback @endlink.
+  @nocallback
+  def envrcpt(self,to,*str): return CONTINUE
+  ## Called when the SMTP client says DATA.
+  # Returning REJECT rejects the message without wasting bandwidth
+  # on the unwanted message.
+  # @since 0.9.2
+  @nocallback
+  def data(self): return CONTINUE
+  ## Called with bytes by default global header callback.
+  # @param fld name decoded as ascii
+  # @param val field value as bytes
+  # @since 1.0.5
+  # Converts from utf-8 to unicode with surrogate escape.  Can be overriden 
+  # to pass bytes to @link #header the header callback @endlink instead,
+  # e.g. by assignment:
+  # <pre>
+  #  mymilter.header_bytes = mymilter.header
+  # </pre>
+  # The <code>@decode('bytes')</code> decorator will also do this.
+  # 
+  def header_bytes(self,fld,val):
+    try:
+      e = getattr(self.header,'error_strategy','surrogateescape')
+      if e == 'bytes':
+        self.header_bytes = self.header
+        return self.header(fld,val)
+      s = val.decode(encoding='utf-8',errors=e)
+    except UnicodeDecodeError: s = val
+    return self.header(fld,s)
+  ## Called for each header field in the message body.
+  # @param field name decoded as ascii
+  # @param value field value decoded as utf-8 on python3
+  @nocallback
+  def header(self,field,value): return CONTINUE
+  ## Called at the blank line that terminates the header fields.
+  @nocallback
+  def eoh(self): return CONTINUE
+  ## Called to supply the body of the message to the Milter by chunks.
+  # @param blk a block of message bytes
+  @nocallback
+  def body(self,blk): return CONTINUE
+  ## Called when the SMTP client issues an unknown command.
+  # @param cmd the unknown command
+  # @since 0.9.2
+  @nocallback
+  def unknown(self,cmd): return CONTINUE
+  ## Called at the end of the message body.
+  # Most of the message manipulation actions can only take place from
+  # the eom callback.
+  def eom(self): return CONTINUE
+  ## Called when the connection is abnormally terminated.
+  # The close callback is still called also.
+  def abort(self): return CONTINUE
+  ## Called when the connection is closed.
+  def close(self): return CONTINUE
 
+  ## Return mask of SMFIP_N* protocol option bits to clear for this class
+  # The @@nocallback and @@noreply decorators set the
+  # <code>milter_protocol</code> function attribute to the protocol mask bit to
+  # pass to libmilter, causing that callback or its reply to be skipped.
+  # Overriding a method creates a new function object, so that 
+  # <code>milter_protocol</code> defaults to 0.
+  # Libmilter passes the protocol bits that the current MTA knows
+  # how to skip.  We clear the ones we don't want to skip.
+  # The negation is somewhat mind bending, but it is simple.
+  # @since 0.9.2
+  @classmethod
+  def protocol_mask(klass):
+    try:
+      return klass._protocol_mask
+    except AttributeError:
+      p = P_RCPT_REJ | P_HDR_LEADSPC    # turn these new features off by default
+      for func,(nr,nc) in OPTIONAL_CALLBACKS.items():
+        func = getattr(klass,func)
+        ca = getattr(func,'milter_protocol',0)
+        #print(func,hex(nr),hex(nc),hex(ca))
+        p |= (nr|nc) & ~ca
+      klass._protocol_mask = p
+      return p
+    
+  ## Negotiate milter protocol options.  Called by the
+  # <a href="milter_api/xxfi_negotiate.html">
+  # xffi_negotiate</a> callback.  This is an advanced callback,
+  # do not override unless you know what you are doing.  Most
+  # negotiation can be done simply by using the supplied 
+  # class and function decorators.
+  # Options are passed as 
+  # a list of 4 32-bit ints which can be modified and are passed
+  # back to libmilter on return.
+  # Default negotiation sets P_NO* and P_NR* for callbacks
+  # marked @@nocallback and @@noreply respectively, leaves all
+  # actions enabled, and enables Milter.SKIP.  The @@enable_protocols
+  # class decorator can customize which protocol steps are implemented.
+  # @param opts a modifiable list of 4 ints with negotiated options
+  # @since 0.9.2
+  def negotiate(self,opts):
+    try:
+      self._actions,p,f1,f2 = opts
+      for func,stage in MACRO_CALLBACKS.items():
+        func = getattr(self,func)
+        syms = getattr(func,'_symlist',None)
+        if syms is not None:
+          self.setsymlist(stage,*syms)
+      opts[1] = self._protocol = p & ~self.protocol_mask()
+      opts[2] = 0
+      opts[3] = 0
+      #self.log("Negotiated:",opts)
+    except Exception as x:
+      # don't change anything if something went wrong
+      return ALL_OPTS 
+    return CONTINUE
+
+  # Milter methods which can be invoked from most callbacks
+
+  ## Return the value of an MTA macro.  Sendmail macro names
+  # are either single chars (e.g. "j") or multiple chars enclosed
+  # in braces (e.g. "{auth_type}").  Macro names are MTA dependent.
+  # See <a href="milter_api/smfi_getsymval.html">
+  # smfi_getsymval</a> for default sendmail macros.
+  # @param sym the macro name
+  def getsymval(self,sym):
+    return self._ctx.getsymval(sym)
+
+  ## Set the SMTP reply code and message.
+  # If the MTA does not support setmlreply, then only the
+  # first msg line is used.  Any '%%' in a message line
+  # must be doubled, or libmilter will silently ignore the setreply.
+  # Beginning with 0.9.6, we test for that case and throw ValueError to avoid
+  # head scratching.  What will <i>really</i> irritate you, however,
+  # is that if you carefully double any '%%', your message will be
+  # sent - but with the '%%' still doubled!
+  # See <a href="milter_api/smfi_setreply.html">
+  # smfi_setreply</a> for more information.
+  # @param rcode The three-digit (RFC 821/2821) SMTP reply code as a string. 
+  # rcode cannot be None, and <b>must be a valid 4XX or 5XX reply code</b>.
+  # @param xcode The extended (RFC 1893/2034) reply code. If xcode is None,
+  # no extended code is used. Otherwise, xcode must conform to RFC 1893/2034.
+  # @param msg The text part of the SMTP reply. If msg is None,
+  # an empty message is used.
+  # @param ml  Optional additional message lines.
+  def setreply(self,rcode,xcode=None,msg=None,*ml):
+    for m in (msg,)+ml:
+      if 1 in [len(s)&1 for s in R.findall(m)]:
+        raise ValueError("'%' must be doubled: "+m)
+    return self._ctx.setreply(rcode,xcode,msg,*ml)
+
+  ## Tell the MTA which macro names will be used.
+  # This information can reduce the size of messages received from sendmail,
+  # and hence could reduce bandwidth between sendmail and your milter where
+  # that is a factor.  The <code>Milter.SETSYMLIST</code> action flag must be
+  # set.  The protocol stages are M_CONNECT, M_HELO, M_ENVFROM, M_ENVRCPT,
+  # M_DATA, M_EOM, M_EOH.
+  #
+  # May only be called from negotiate callback.  Hence, this is an advanced
+  # feature.  Use the @@symlist function decorator to conviently set
+  # the macros used by a callback.
+  # @since 0.9.8, previous version was misspelled!
+  # @param stage the protocol stage to set to macro list for, 
+  # one of the M_* constants defined in Milter
+  # @param macros space separated and/or lists of strings
+  def setsymlist(self,stage,*macros):
+    if not self._actions & SETSYMLIST: raise DisabledAction("SETSYMLIST")
+    if len(macros) > 5:
+      raise ValueError('setsymlist limited to 5 macros by MTA')
+    a = []
+    for m in macros:
+      try:
+        m = m.encode('utf8')
+      except: pass
+      try:
+        m = m.split(b' ')
+        a += m
+      except: pass
+    return self._ctx.setsymlist(stage,b' '.join(a))
+
+  # Milter methods which can only be called from eom callback.
+
+  ## Add a mail header field.
+  # Calls <a href="milter_api/smfi_addheader.html">
+  # smfi_addheader</a>.  
+  # The <code>Milter.ADDHDRS</code> action flag must be set.
+  #
+  # May be called from eom callback only.
+  # @param field        the header field name
+  # @param value        the header field value
+  # @param idx header field index from the top of the message to insert at
+  # @throws DisabledAction if ADDHDRS is not enabled
+  def addheader(self,field,value,idx=-1):
+    if not self._actions & ADDHDRS: raise DisabledAction("ADDHDRS")
+    return self._ctx.addheader(field,value,idx)
+
+  ## Change the value of a mail header field.
+  # Calls <a href="milter_api/smfi_chgheader.html">
+  # smfi_chgheader</a>.  
+  # The <code>Milter.CHGHDRS</code> action flag must be set.
+  #
+  # May be called from eom callback only.
+  # @param field the name of the field to change
+  # @param idx index of the field to change when there are multiple instances
+  # @param value the new value of the field
+  # @throws DisabledAction if CHGHDRS is not enabled
+  def chgheader(self,field,idx,value):
+    if not self._actions & CHGHDRS: raise DisabledAction("CHGHDRS")
+    return self._ctx.chgheader(field,idx,value)
+
+  ## Add a recipient to the message.  
+  # Calls <a href="milter_api/smfi_addrcpt.html">
+  # smfi_addrcpt</a>.  
+  # If no corresponding mail header is added, this is like a Bcc.
+  # The syntax of the recipient is the same as used in the SMTP
+  # RCPT TO command (and as delivered to the envrcpt callback), for example
+  # "self.addrcpt('<foo@example.com>')".  
+  # The <code>Milter.ADDRCPT</code> action flag must be set.
+  # If the optional <code>params</code> argument is used, then
+  # the <code>Milter.ADDRCPT_PAR</code> action flag must be set.
+  #
+  # May be called from eom callback only.
+  # @param rcpt the message recipient 
+  # @param params an optional list of ESMTP parameters
+  # @throws DisabledAction if ADDRCPT or ADDRCPT_PAR is not enabled 
+  def addrcpt(self,rcpt,params=None):
+    if not self._actions & ADDRCPT: raise DisabledAction("ADDRCPT")
+    if params and not self._actions & ADDRCPT_PAR:
+        raise DisabledAction("ADDRCPT_PAR")
+    return self._ctx.addrcpt(rcpt,params)
+  ## Delete a recipient from the message.
+  # Calls <a href="milter_api/smfi_delrcpt.html">
+  # smfi_delrcpt</a>.  
+  # The recipient should match one passed to the envrcpt callback.
+  # The <code>Milter.DELRCPT</code> action flag must be set.
+  #
+  # May be called from eom callback only.
+  # @param rcpt the message recipient to delete
+  # @throws DisabledAction if DELRCPT is not enabled
+  def delrcpt(self,rcpt):
+    if not self._actions & DELRCPT: raise DisabledAction("DELRCPT")
+    return self._ctx.delrcpt(rcpt)
+
+  ## Replace the message body.
+  # Calls <a href="milter_api/smfi_replacebody.html">
+  # smfi_replacebody</a>.  
+  # The entire message body must be replaced.  
+  # Call repeatedly with blocks of data until the entire body is transferred.
+  # The <code>Milter.MODBODY</code> action flag must be set.
+  #
+  # May be called from eom callback only.
+  # @param body a chunk of body data
+  # @throws DisabledAction if MODBODY is not enabled
+  def replacebody(self,body):
+    if not self._actions & MODBODY: raise DisabledAction("MODBODY")
+    return self._ctx.replacebody(body)
+
+  ## Change the SMTP envelope sender address.
+  # Calls <a href="milter_api/smfi_chgfrom.html">
+  # smfi_chgfrom</a>.  
+  # The syntax of the sender is that same as used in the SMTP
+  # MAIL FROM command (and as delivered to the envfrom callback),
+  # for example <code>self.chgfrom('<bar@example.com>')</code>.
+  # The <code>Milter.CHGFROM</code> action flag must be set.
+  #
+  # May be called from eom callback only.
+  # @since 0.9.1
+  # @param sender the new sender address
+  # @param params an optional list of ESMTP parameters
+  # @throws DisabledAction if CHGFROM is not enabled
+  def chgfrom(self,sender,params=None):
+    if not self._actions & CHGFROM: raise DisabledAction("CHGFROM")
+    return self._ctx.chgfrom(sender,params)
+
+  ## Quarantine the message.
+  # Calls <a href="milter_api/smfi_quarantine.html">
+  # smfi_quarantine</a>.  
+  # When quarantined, a message goes into the mailq as if to be delivered,
+  # but delivery is deferred until the message is unquarantined.
+  # The <code>Milter.QUARANTINE</code> action flag must be set.
+  #
+  # May be called from eom callback only.
+  # @param reason a string describing the reason for quarantine
+  # @throws DisabledAction if QUARANTINE is not enabled
+  def quarantine(self,reason):
+    if not self._actions & QUARANTINE: raise DisabledAction("QUARANTINE")
+    return self._ctx.quarantine(reason)
+
+  ## Tell the MTA to wait a bit longer.
+  # Calls <a href="milter_api/smfi_progress.html">
+  # smfi_progress</a>.  
+  # Resets timeouts in the MTA that detect a "hung" milter.
+  def progress(self):
+    return self._ctx.progress()
+  
+## A logging but otherwise do nothing Milter base class.
+# This is included for compatibility with previous versions of pymilter.
+# The logging callbacks are marked @@noreply.
+class Milter(Base):
+  "A simple class interface to the milter module."
+
+  ## Provide simple logging to sys.stdout
+  def log(self,*msg):
+    print('Milter:',end=None)
+    for i in msg: print(i,end=None)
+    print()
+
+  @noreply
   def connect(self,hostname,family,hostaddr):
     "Called for each connection to sendmail."
     self.log("connect from %s at %s" % (hostname,hostaddr))
     return CONTINUE
 
+  @noreply
   def hello(self,hostname):
     "Called after the HELO command."
     self.log("hello from %s" % hostname)
     return CONTINUE
 
+  @noreply
   def envfrom(self,f,*str):
     """Called to begin each message.
     f -> string		message sender
@@ -62,25 +718,24 @@ class Milter:
     self.log("mail from",f,str)
     return CONTINUE
 
+  @noreply
   def envrcpt(self,to,*str):
     "Called for each message recipient."
     self.log("rcpt to",to,str)
     return CONTINUE
 
+  @noreply
   def header(self,field,value):
     "Called for each message header."
     self.log("%s: %s" % (field,value))
     return CONTINUE
 
+  @noreply
   def eoh(self):
     "Called after all headers are processed."
     self.log("eoh")
     return CONTINUE
 
-  def body(self,unused):
-    "Called to transfer the message body."
-    return CONTINUE
-
   def eom(self):
     "Called at the end of message."
     self.log("eom")
@@ -96,58 +751,49 @@ class Milter:
     self.log("close")
     return CONTINUE
 
-  # Milter methods which can be invoked from callbacks
-  def getsymval(self,sym):
-    return self.__ctx.getsymval(sym)
-
-  # If sendmail does not support setmlreply, then only the
-  # first msg line is used.
-  def setreply(self,rcode,xcode=None,msg=None,*ml):
-    return self.__ctx.setreply(rcode,xcode,msg,*ml)
-
-  # Milter methods which can only be called from eom callback.
-  def addheader(self,field,value,idx=-1):
-    return self.__ctx.addheader(field,value,idx)
-
-  def chgheader(self,field,idx,value):
-    return self.__ctx.chgheader(field,idx,value)
-
-  def addrcpt(self,rcpt,params=None):
-    return self.__ctx.addrcpt(rcpt,params)
-
-  def delrcpt(self,rcpt):
-    return self.__ctx.delrcpt(rcpt)
-
-  def replacebody(self,body):
-    return self.__ctx.replacebody(body)
-
-  def chgfrom(self,sender,params=None):
-    return self.__ctx.chgfrom(sender,params)
-
-  # When quarantined, a message goes into the mailq as if to be delivered,
-  # but delivery is deferred until the message is unquarantined.
-  def quarantine(self,reason):
-    return self.__ctx.quarantine(reason)
-
-  def progress(self):
-    return self.__ctx.progress()
-
+## The milter connection factory
+# This factory method is called for each connection to create the
+# python object that tracks the connection.  It should return
+# an object derived from Milter.Base.
+#
+# Note that since python is dynamic, this variable can be changed while
+# the milter is running: for instance, to a new subclass based on a 
+# change in configuration.
 factory = Milter
 
-def connectcallback(ctx,hostname,family,hostaddr):
+## @private
+# @brief Connect context to connection instance and return enabled callbacks.
+def negotiate_callback(ctx,opts):
   m = factory()
   m._setctx(ctx)
+  return m.negotiate(opts)
+
+## @private
+# @brief Connect context if needed and invoke connect method.
+def connect_callback(ctx,hostname,family,hostaddr,nr_mask=P_NR_CONN):
+  m = ctx.getpriv()
+  if not m:     
+    # If not already created (because the current MTA doesn't support
+    # xmfi_negotiate), create the connection object.
+    m = factory()
+    m._setctx(ctx)
   return m.connect(hostname,family,hostaddr)
 
-def closecallback(ctx):
+## @private
+# @brief Disconnect milterContext and call close method.
+def close_callback(ctx):
   m = ctx.getpriv()
   if not m: return CONTINUE
-  rc = m.close()
-  m._setctx(None)	# release milterContext
+  try:
+    rc = m.close()
+  finally:
+    m._setctx(None)	# release milterContext
   return rc
 
+## Convert ESMTP parameters with values to a keyword dictionary.
+# @deprecated You probably want Milter.param2dict instead.
 def dictfromlist(args):
-  "Convert ESMTP parm list to keyword dictionary."
+  "Convert ESMTP parms with values to keyword dictionary."
   kw = {}
   for s in args:
     pos = s.find('=')
@@ -155,6 +801,18 @@ def dictfromlist(args):
       kw[s[:pos].upper()] = s[pos+1:]
   return kw
 
+## Convert ESMTP parm list to keyword dictionary.
+# Params with no value are set to None in the dictionary.
+# @since 0.9.3
+# @param str list of param strings of the form "NAME" or "NAME=VALUE"
+# @return a dictionary of ESMTP param names and values
+def param2dict(str): 
+  "Convert ESMTP parm list to keyword dictionary."
+  pairs = [x.split('=',1) for x in str]
+  for e in pairs:
+    if len(e) < 2: e.append(None)
+  return dict([(k.upper(),v) for k,v in pairs])
+  
 def envcallback(c,args):
   """Call function c with ESMTP parms converted to keyword parameters.
   Can be used in the envfrom and/or envrcpt callbacks to process
@@ -169,50 +827,55 @@ def envcallback(c,args):
       pargs.append(s)
   return c(*pargs,**kw)
 
-def runmilter(name,socketname,timeout = 0):
-  # This bit is here on the assumption that you will be starting this filter
-  # before sendmail.  If sendmail is not running and the socket already exists,
-  # libmilter will throw a warning.  If sendmail is running, this is still
-  # safe if there are no messages currently being processed.  It's safer to
-  # shutdown sendmail, kill the filter process, restart the filter, and then
-  # restart sendmail.
-  pos = socketname.find(':')
-  if pos > 1:
-    s = socketname[:pos]
-    fname = socketname[pos+1:]
-  else:
-    s = "unix"
-    fname = socketname
-  if s == "unix" or s == "local":
-    print "Removing %s" % fname
-    try:
-      os.unlink(fname)
-    except os.error, x:
-      import errno
-      if x.errno != errno.ENOENT:
-        raise milter.error(x)
+## Run the %milter.
+# @param name the name of the %milter known to the MTA
+# @param socketname the socket to be passed to milter.setconn()
+# @param timeout the time in secs the MTA should wait for a response before 
+#	considering this %milter dead
+def runmilter(name,socketname,timeout = 0,rmsock=True):
 
   # The default flags set include everything
   # milter.set_flags(milter.ADDHDRS)
-  milter.set_connect_callback(connectcallback)
+  milter.set_connect_callback(connect_callback)
   milter.set_helo_callback(lambda ctx, host: ctx.getpriv().hello(host))
   # For envfrom and envrcpt, we would like to convert ESMTP parms to keyword
   # parms, but then all existing users would have to include **kw to accept
   # arbitrary keywords without crashing.  We do provide envcallback and
   # dictfromlist to make parsing the ESMTP args convenient.
-  milter.set_envfrom_callback(lambda ctx,*str: ctx.getpriv().envfrom(*str))
-  milter.set_envrcpt_callback(lambda ctx,*str: ctx.getpriv().envrcpt(*str))
-  milter.set_header_callback(lambda ctx,fld,val: ctx.getpriv().header(fld,val))
+  if sys.version < '3.0.0':
+    milter.set_envfrom_callback(lambda ctx,*s: ctx.getpriv().envfrom(*s))
+    milter.set_envrcpt_callback(lambda ctx,*s: ctx.getpriv().envrcpt(*s))
+    milter.set_header_callback(lambda ctx,f,v: ctx.getpriv().header(f,v))
+  else:
+    milter.set_envfrom_callback(lambda ctx,*b: ctx.getpriv().envfrom_bytes(*b))
+    milter.set_envrcpt_callback(lambda ctx,*b: ctx.getpriv().envrcpt_bytes(*b))
+    milter.set_header_callback(lambda ctx,f,v: ctx.getpriv().header_bytes(f,v))
   milter.set_eoh_callback(lambda ctx: ctx.getpriv().eoh())
   milter.set_body_callback(lambda ctx,chunk: ctx.getpriv().body(chunk))
   milter.set_eom_callback(lambda ctx: ctx.getpriv().eom())
   milter.set_abort_callback(lambda ctx: ctx.getpriv().abort())
-  milter.set_close_callback(closecallback)
+  milter.set_close_callback(close_callback)
 
   milter.setconn(socketname)
   if timeout > 0: milter.settimeout(timeout)
+  # disable negotiate callback if runtime version < (1,0,1)
+  ncb = negotiate_callback
+  if milter.getversion() < (1,0,1):
+    ncb = None
   # The name *must* match the X line in sendmail.cf (supposedly)
-  milter.register(name)
+  milter.register(name,
+        data=lambda ctx: ctx.getpriv().data(),
+        unknown=lambda ctx,cmd: ctx.getpriv().unknown(cmd),
+        negotiate=ncb
+  )
+
+  # We remove the socket here by default on the assumption that you will be
+  # starting this filter before sendmail.  If sendmail is not running and the
+  # socket already exists, libmilter will throw a warning.  If sendmail is
+  # running, this is still safe if there are no messages currently being
+  # processed.  It's safer to shutdown sendmail, kill the filter process,
+  # restart the filter, and then restart sendmail.
+  milter.opensocket(rmsock)
   start_seq = _seq
   try:
     milter.main()
@@ -225,3 +888,7 @@ __all__ = globals().copy()
 for priv in ('os','milter','thread','factory','_seq','_seq_lock','__version__'):
   del __all__[priv]
 __all__ = __all__.keys()
+
+## @example milter-template.py
+## @example milter-nomix.py
+#

Milter/cache.py

@@ -10,6 +10,9 @@
 # CBV results.
 #
 # $Log$
+# Revision 1.9  2008/05/08 21:35:57  customdesigned
+# Allow explicitly whitelisted email from banned_users.
+#
 # Revision 1.8  2007/09/03 16:18:45  customdesigned
 # Delete unparseable timestamps when loading address cache.  These have
 # arisen because of failure to parse MAIL FROM properly.   Will have to
@@ -43,8 +46,9 @@
 # Copyright 2001,2002,2003,2004,2005 Business Management Systems, Inc.
 # This code is under the GNU General Public License.  See COPYING for details.
 
+from __future__ import print_function
 import time
-from plock import PLock
+from Milter.plock import PLock
 
 class AddrCache(object):
   time_format = '%Y%b%d %H:%M:%S %Z'
@@ -72,8 +76,8 @@ class AddrCache(object):
       except OSError:
         fp = ()
       for ln in fp:
-	try:
-	  rcpt,ts = ln.strip().split(None,1)
+        try:
+          rcpt,ts = ln.strip().split(None,1)
           try:
             l = time.strptime(ts,AddrCache.time_format)
             t = time.mktime(l)
@@ -84,11 +88,11 @@ class AddrCache(object):
           except:       # unparsable timestamp - likely garbage
             changed = True
             continue
-	except: # manual entry (no timestamp)
-	  cache[ln.strip().lower()] = (now,None)
-	wfp.write(ln)
+        except: # manual entry (no timestamp)
+          cache[ln.strip().lower()] = (now,None)
+        wfp.write(ln)
       if changed:
-	lock.commit(self.fname+'.old')
+        lock.commit(self.fname+'.old')
       else:
         lock.unlock()
     except IOError:
@@ -126,13 +130,13 @@ class AddrCache(object):
       ts,res = self.cache[lsender]
       too_old = time.time() - self.age*24*60*60	# max age in days
       if not ts or ts > too_old:
-	return res
+        return res
       del self.cache[lsender]
-      raise KeyError, sender
-    except KeyError,x:
+      raise KeyError(sender)
+    except KeyError as x:
       try:
-	user,host = sender.split('@',1)
-	return self.__getitem__(host)
+        user,host = sender.split('@',1)
+        return self.__getitem__(host)
       except ValueError:
         raise x
 
@@ -144,7 +148,8 @@ class AddrCache(object):
       if not ts: return		# already permanent
     self.cache[lsender] = (None,res)
     if not res:
-      print >>open(self.fname,'a'),sender
+      with open(self.fname,'a') as fp:
+        print(sender,file=fp)
     
   def __setitem__(self,sender,res):
     lsender = sender.lower()
@@ -152,7 +157,8 @@ class AddrCache(object):
     self.cache[lsender] = (now,res)
     if not res and self.fname:
       s = time.strftime(AddrCache.time_format,time.localtime(now))
-      print >>open(self.fname,'a'),sender,s # log refreshed senders
+      with open(self.fname,'a') as fp:
+        print(sender,s,file=fp) # log refreshed senders
 
   def __len__(self):
     return len(self.cache)

Milter/config.py

@@ -1,4 +1,8 @@
-from ConfigParser import ConfigParser
+try:
+  from configparser import ConfigParser
+except:
+  from ConfigParser import ConfigParser
+import os.path
 
 class MilterConfigParser(ConfigParser):
 
@@ -10,17 +14,17 @@ class MilterConfigParser(ConfigParser):
   # which screws up iterating over all options in a section.
   # Worse, passing "defaults" with vars= overrides the config file!
   # So we roll our own defaults.
-  def get(self,sect,opt):
-    if not self.has_option(sect,opt) and opt in self.defaults:
+  def get(self,sect,opt,fallback=None,**kwds):
+    if not self.has_option(sect,opt) and not fallback and opt in self.defaults:
       return self.defaults[opt]
-    return ConfigParser.get(self,sect,opt)
+    return ConfigParser.get(self,sect,opt,fallback=fallback,**kwds)
     
   def getlist(self,sect,opt):
     if self.has_option(sect,opt):
       return [q.strip() for q in self.get(sect,opt).split(',')]
     return []
 
-  def getaddrset(self,sect,opt):
+  def getaddrset(self,sect,opt,dir=''):
     if not self.has_option(sect,opt):
       return {}
     s = self.get(sect,opt)
@@ -29,13 +33,15 @@ class MilterConfigParser(ConfigParser):
       q = q.strip()
       if q.startswith('file:'):
         domain = q[5:].lower()
-	d[domain] = d.setdefault(domain,[]) + open(domain,'r').read().split()
+        fname = os.path.join(dir,domain)
+        with open(fname,'r') as fp:
+          d[domain] = d.setdefault(domain,[]) + fp.read().split()
       else:
-	user,domain = q.split('@')
-	d.setdefault(domain.lower(),[]).append(user)
+        user,domain = q.split('@')
+        d.setdefault(domain.lower(),[]).append(user)
     return d
   
-  def getaddrdict(self,sect,opt):
+  def getaddrdict(self,sect,opt,dir=''):
     if not self.has_option(sect,opt):
       return {}
     d = {}
@@ -43,14 +49,15 @@ class MilterConfigParser(ConfigParser):
       q = q.strip()
       if self.has_option(sect,q):
         l = self.get(sect,q)
-	for addr in l.split(','):
-	  addr = addr.strip()
-	  if addr.startswith('file:'):
-	    fname = addr[5:]
-	    for a in open(fname,'r').read().split():
-	      d[a] = q
-	  else:
-	    d[addr] = q
+        for addr in l.split(','):
+          addr = addr.strip()
+          if addr.startswith('file:'):
+            fname = os.path.join(dir,addr[5:])
+            with open(fname,'r') as fp:
+              for a in fp.read().split():
+                d[a] = q
+          else:
+            d[addr] = q
     return d
 
   def getdefault(self,sect,opt,default=None):

Milter/dns.py

@@ -1,12 +1,23 @@
-# provide a higher level interface to pydns
+## @package Milter.dns
+# Provide a higher level interface to pydns.
 
+from __future__ import print_function
 import DNS
 from DNS import DNSError
 
 MAX_CNAME = 10
 
+## Lookup DNS records by label and RR type.
+# The response can include records of other types that the DNS
+# server thinks we might need.
+# @param name the DNS label to lookup
+# @param qtype the name of the DNS RR type to lookup
+# @return a list of ((name,type),data) tuples
 def DNSLookup(name, qtype):
     try:
+        # To be thread safe, we create a fresh DnsRequest with
+        # each call.  It would be more efficient to reuse
+        # a req object stored in a Session.
         req = DNS.DnsRequest(name, qtype=qtype)
         resp = req.req()
         #resp.show()
@@ -15,8 +26,8 @@ def DNSLookup(name, qtype):
         # A RR as dotted quad.  For consistency, this driver should
         # return both as binary string.
         return [((a['name'], a['typename']), a['data']) for a in resp.answers]
-    except IOError, x:
-        raise DNSError, str(x)
+    except IOError as x:
+        raise DNSError(str(x))
 
 class Session(object):
   """A Session object has a simple cache with no TTL that is valid
@@ -24,25 +35,28 @@ class Session(object):
   def __init__(self):
     self.cache = {}
 
+  ## Additional DNS RRs we can safely cache.
   # We have to be careful which additional DNS RRs we cache.  For
   # instance, PTR records are controlled by the connecting IP, and they
   # could poison our local cache with bogus A and MX records.  
+  # Each entry is a tuple of (query_type,rr_type).  So for instance,
+  # the entry ('MX','A') says it is safe (for milter purposes) to cache
+  # any 'A' RRs found in an 'MX' query.
+  SAFE2CACHE = frozenset((
+    ('MX','MX'), ('MX','A'),
+    ('CNAME','CNAME'), ('CNAME','A'),
+    ('A','A'),
+    ('AAAA','AAAA'),
+    ('PTR','PTR'),
+    ('NS','NS'), ('NS','A'),
+    ('TXT','TXT'),
+    ('SPF','SPF')
+  ))
 
-  SAFE2CACHE = {
-    ('MX','A'): None,
-    ('MX','MX'): None,
-    ('CNAME','A'): None,
-    ('CNAME','CNAME'): None,
-    ('A','A'): None,
-    ('AAAA','AAAA'): None,
-    ('PTR','PTR'): None,
-    ('NS','NS'): None,
-    ('NS','A'): None,
-    ('TXT','TXT'): None,
-    ('SPF','SPF'): None
-  }
-
-
+  ## Cached DNS lookup.
+  # @param name the DNS label to query
+  # @param qtype the query type, e.g. 'A'
+  # @param cnames tracks CNAMES already followed in recursive calls
   def dns(self, name, qtype, cnames=None):
     """DNS query.
 
@@ -57,15 +71,24 @@ class Session(object):
     pre: qtype in ['A', 'AAAA', 'MX', 'PTR', 'TXT', 'SPF']
     post: isinstance(__return__, types.ListType)
     """
+    if name.endswith('.'): name = name[:-1]
+    if not reduce(lambda x,y:x and 0 < len(y) < 64, name.split('.'),True):
+        return []   # invalid DNS name (too long or empty)
+    name = name.lower()
     result = self.cache.get( (name, qtype) )
     cname = None
+    if result: return result
+    cnamek = (name,'CNAME')
+    cname = self.cache.get( cnamek )
 
-    if not result:
+    if cname:
+        cname = cname[0]
+    else:
         safe2cache = Session.SAFE2CACHE
         for k, v in DNSLookup(name, qtype):
-            if k == (name, 'CNAME'):
+            if k == cnamek:
                 cname = v
-            if (qtype,k[1]) in safe2cache:
+            if k[1] == 'CNAME' or (qtype,k[1]) in safe2cache:
                 self.cache.setdefault(k, []).append(v)
         result = self.cache.get( (name, qtype), [])
     if not result and cname:
@@ -75,16 +98,28 @@ class Session(object):
             #return result    # if too many == NX_DOMAIN
             raise DNSError('Length of CNAME chain exceeds %d' % MAX_CNAME)
         cnames[name] = cname
-        if cname in cnames:
-            raise DNSError, 'CNAME loop'
+        if cname.lower().rstrip('.') in cnames:
+            raise DNSError('CNAME loop')
         result = self.dns(cname, qtype, cnames=cnames)
+        if result:
+            self.cache[(name,qtype)] = result
     return result
 
+  def dns_txt(self, domainname, enc='ascii'):
+    "Get a list of TXT records for a domain name."
+    if domainname:
+        try:
+            return [''.join(s.decode(enc) for s in a)
+                for a in self.dns(domainname, 'TXT')]
+        except UnicodeEncodeError:
+            raise DNSError('Non-ascii character in SPF TXT record.')
+    return []
+
 DNS.DiscoverNameServers()
 
 if __name__ == '__main__':
   import sys
   s = Session()
   for n,t in zip(*[iter(sys.argv[1:])]*2):
-    print n,t
-    print s.dns(n,t)
+    print(n,t)
+    print(s.dns(n,t))

Milter/dsn.py

@@ -5,6 +5,27 @@
 # Send DSNs, do call back verification,
 # and generate DSN messages from a template
 # $Log$
+# Revision 1.22  2011/03/18 20:41:31  customdesigned
+# Python2.6 SMTP.close() fails when instance never connected.
+#
+# Revision 1.21  2011/03/03 05:11:58  customdesigned
+# Release 0.9.4
+#
+# Revision 1.20  2010/10/11 00:29:47  customdesigned
+# Handle multiple recipients.  For CBV or auto whitelist of multiple emails.
+#
+# Revision 1.19  2009/07/02 19:41:12  customdesigned
+# Handle @ in localpart.
+#
+# Revision 1.18  2009/06/10 18:01:59  customdesigned
+# Doxygen updates
+#
+# Revision 1.17  2009/05/20 20:08:44  customdesigned
+# Support non-DSN CBV (non-empty MAIL FROM)
+#
+# Revision 1.16  2007/09/25 01:24:59  customdesigned
+# Allow arbitrary object, not just spf.query like, to provide data for create_msg
+#
 # Revision 1.15  2007/09/24 20:13:26  customdesigned
 # Remove explicit spf dependency.
 #
@@ -23,20 +44,61 @@
 # Revision 1.10  2006/05/24 20:56:35  customdesigned
 # Remove default templates.  Scrub test.
 #
-
+## @package Milter.dsn
+# Support DSNs and CallBackValidations (CBV).
+#
+# A Delivery Status Notification (bounce) is sent to the envelope
+# sender (original MAIL FROM) with a null MAIL FROM (<>) to notify the
+# original sender # of delays or problems with delivery.  A Callback Validation
+# starts the DSN process, but stops before issuing the DATA command.  The
+# purpose is to check whether the envelope recipient is accepted (and is
+# therefore a valid email).  The null MAIL FROM tells the remote
+# MTA to never reply according to RFC2821 (but some braindead MTAs
+# reply anyway, of course).
+#
+# Milters should cache CBV results and should avoid sending DSNs
+# unless the sender is authenticated somehow (e.g. SPF Pass).  However,
+# when email is quarantined, and is not known to be a forgery, sending a DSN 
+# is better than silently disappearing, and a DSN is better than sending
+# a normal message as notification - because MAIL FROM signing schemes
+# can reject bounces of forged emails.   Whatever you do, don't copy those
+# assinine commercial filters that send a normal message to notify you
+# that some virus is forging your email.
+#
+# <b>DSNs should *only* be sent to MAIL FROM addresses.</b>  Never send
+# a DSN or use a null MAIL FROM with an email address obtained from
+# anywhere else.
+#
+from __future__ import print_function
 import smtplib
 import socket
-from email.Message import Message
+try:
+  from email.message import Message
+except:
+  from email.Message import Message
 import Milter
+import Milter.dns as dns
 import time
-import dns
 
-def send_dsn(mailfrom,receiver,msg=None,timeout=600,session=None):
+## Send DSN.
+# Try the published MX names in order, rejecting obviously bogus entries
+# (like <code>localhost</code>).
+# @param mailfrom the original sender we are notifying or validating
+# @param receiver the HELO name of the MTA we are sending the DSN on behalf of.
+#	Be sure to send from an IP that matches the HELO.
+# @param msg the DSN message in RFC2822 format, or None for CBV.
+# @param timeout total seconds to wait for a response from an MX
+# @param session Milter.dns.Session object from current incoming mail
+#	session to reuse its cache, or None to create a fresh one.
+# @param ourfrom set to a valid email to send a normal notification from, or
+#	to validate emails not obtained from MAIL FROM.
+# @return None on success or (status_code,msg) on failure.
+def send_dsn(mailfrom,receiver,msg=None,timeout=600,session=None,ourfrom=''):
   """Send DSN.  If msg is None, do callback verification.
      Mailfrom is original sender we are sending DSN or CBV to.
      Receiver is the MTA sending the DSN.
      Return None for success or (code,msg) for failure."""
-  user,domain = mailfrom.split('@')
+  user,domain = mailfrom.rsplit('@',1)
   if not session: session = dns.Session()
   try:
     mxlist = session.dns(domain,'MX')
@@ -59,27 +121,37 @@ def send_dsn(mailfrom,receiver,msg=None,timeout=600,session=None):
       if a[0] == receiver:
         return (553,'Fraudulent MX for %s: %s' % (domain,host))
       if not (200 <= code <= 299):
-	raise smtplib.SMTPHeloError(code, resp)
+        raise smtplib.SMTPHeloError(code, resp)
       if msg:
         try:
-	  smtp.sendmail('<>',mailfrom,msg)
-	except smtplib.SMTPSenderRefused:
+          smtp.sendmail('<%s>'%ourfrom,mailfrom,msg)
+        except smtplib.SMTPSenderRefused:
 	  # does not accept DSN, try postmaster (at the risk of mail loops)
-	  smtp.sendmail('<postmaster@%s>'%receiver,mailfrom,msg)
+          smtp.sendmail('<postmaster@%s>'%receiver,mailfrom,msg)
       else:	# CBV
-	code,resp = smtp.docmd('MAIL FROM: <>')
-	if code != 250:
-	  raise smtplib.SMTPSenderRefused(code, resp, '<>')
-	code,resp = smtp.rcpt(mailfrom)
-	if code not in (250,251):
-	  return (code,resp)		# permanent error
-	smtp.quit()
+        code,resp = smtp.docmd('MAIL FROM: <%s>'%ourfrom)
+        if code != 250:
+          raise smtplib.SMTPSenderRefused(code, resp, '<%s>'%ourfrom)
+        if isinstance(mailfrom,basestring):
+          mailfrom = [mailfrom]
+        badrcpts = {}
+        for rcpt in mailfrom:
+          code,resp = smtp.rcpt(rcpt)
+          if code not in (250,251):
+            badrcpts[rcpt] = (code,resp)# permanent error
+        smtp.quit()
+        if len(badrcpts) == 1:
+          return badrcpts.values()[0]	# permanent error
+        if badrcpts:
+          return badrcpts
       return None			# success
-    except smtplib.SMTPRecipientsRefused,x:
-      return x.recipients[mailfrom]	# permanent error
-    except smtplib.SMTPSenderRefused,x:
+    except smtplib.SMTPRecipientsRefused as x:
+      if len(x.recipients) == 1:
+        return x.recipients.values()[0]	# permanent error
+      return x.recipients
+    except smtplib.SMTPSenderRefused as x:
       return x.args[:2]			# does not accept DSN
-    except smtplib.SMTPDataError,x:
+    except smtplib.SMTPDataError as x:
       return x.args			# permanent error
     except smtplib.SMTPException:
       pass		# any other error, try next MX
@@ -87,7 +159,7 @@ def send_dsn(mailfrom,receiver,msg=None,timeout=600,session=None):
       pass		# MX didn't accept connections, try next one
     except socket.timeout:
       pass		# MX too slow, try next one
-    smtp.close()
+    if hasattr(smtp,'sock'): smtp.close()
     if time.time() > toolate:
       return (450,'No MX response within %f minutes'%(timeout/60.0))
   return (450,'No MX servers available')	# temp error
@@ -162,6 +234,6 @@ Subject: Test
 Test DSN template
 """
   )
-  print msg.as_string()
-  # print send_dsn(f,msg.as_string())
-  # print send_dsn(q.s,'mail.example.com',msg.as_string())
+  print(msg.as_string())
+  # print(send_dsn(f,msg.as_string()))
+  # print(send_dsn(q.s,'mail.example.com',msg.as_string()))

Milter/dynip.py

@@ -9,6 +9,7 @@
 # wiley-268-8196.roadrunner.nf.net at ('205.251.174.46', 4810)
 # cbl-sd-02-79.aster.com.do at ('200.88.62.79', 4153)
 
+from __future__ import print_function
 import re
 
 ip3 = re.compile('[0-9]{1,3}')
@@ -48,15 +49,16 @@ def is_dynip(host,addr):
   True
   """
   if host.startswith('[') and host.endswith(']'):
-    return True
+    return True                                 # no ptr
   if addr:
     if host.find(addr) >= 0: return True
+    if addr.find(':') >= 0: return False        # IP6
     a = addr.split('.')
-    ia = map(int,a)
+    ia = list(map(int,a))
     h = host
     m = ip3.findall(host)
     if m:
-      g = map(int,m)[:4]
+      g = list(map(int,m))[:4]
       ia3 = (ia[1:],ia[:3])
       if g[-3:] in ia3: return True
       if g[0] == ia[3] and g[1:3] == ia[:2]: return True
@@ -67,8 +69,8 @@ def is_dynip(host,addr):
       if ia[2:] in (g[:2],g[-2:]): return True
       for m in ip3.finditer(host):
         if int(m.group()) == ia[3]:
-	  h = host[:m.start()] + '<3>' + host[m.end():]
-	  break
+          h = host[:m.start()] + '<3>' + host[m.end():]
+          break
     if rehmac.search(h): return True
     if host.find(''.join(a[:3])) >= 0: return True
     if host.find(''.join(a[1:])) >= 0: return True
@@ -85,11 +87,11 @@ if __name__ == '__main__':
     if a[3:5] == ['connect','from']:
       host = a[5]
       if host.startswith('[') and host.endswith(']'):
-	continue	# no PTR
+        continue	# no PTR
       ip = a[7][2:-2]
       if ip in seen: continue
       seen.add(ip)
       if is_dynip(host,ip):
-        print '%s\t%s DYN' % (ip,host)
+        print('%s\t%s DYN' % (ip,host))
       else:
-        print '%s\t%s' % (ip,host)
+        print('%s\t%s' % (ip,host))

Milter/greylist.py

@@ -1,3 +1,4 @@
+from __future__ import print_function
 import time
 import shelve
 import thread
@@ -18,13 +19,19 @@ def quoteAddress(s):
 class Record(object):
   __slots__ = ( 'firstseen', 'lastseen', 'umis', 'cnt' )
 
-  def __init__(self):
-    now = time.time()
+  def __init__(self,timeinc=0):
+    now = time.time() + timeinc
     self.firstseen = now
     self.lastseen = now
     self.cnt = 0
     self.umis = None
 
+  def __str__(self):
+    return "Grey[%s:%s:%s:%d]" % (
+        time.ctime(self.firstseen),time.ctime(self.lastseen),
+        self.umis,self.cnt
+    )
+
 class Greylist(object):
 
   def __init__(self,dbname,grey_time=10,grey_expire=4,grey_retain=36):
@@ -35,7 +42,37 @@ class Greylist(object):
     self.dbp = shelve.open(dbname,'c',protocol=2)
     self.lock = thread.allocate_lock()
 
-  def check(self,ip,sender,recipient):
+  def export_csv(self,fp,timeinc=0):
+    "Export records to csv."
+    import csv
+    dbp = self.dbp
+    w = csv.writer(fp)
+    now = time.time() + timeinc
+    for key, r in dbp.iteritems():
+      if now > r.lastseen + self.greylist_retain: continue
+      ip,sender,recipient = key.rsplit(':',2)
+      w.writerow([ip,sender,recipient,r.firstseen,r.lastseen,r.cnt,r.umis])
+
+  def clean(self,timeinc=0):
+    "Delete records past the retention limit."
+    now = time.time() + timeinc
+    cnt = 0
+    dbp = self.dbp
+    for key, r in dbp.iteritems():
+      #print(key,r,time.ctime(now))
+      if now > r.lastseen + self.greylist_retain:
+        self.lock.acquire()
+        try:
+          r = dbp[key]
+          now = time.time() + timeinc
+          if now > r.lastseen + self.greylist_retain:
+            del dbp[key]
+            cnt += 1
+        finally:
+          self.lock.release()
+    return cnt
+  
+  def check(self,ip,sender,recipient,timeinc=0):
     "Return number of allowed messages for greylist triple."
     sender = quoteAddress(sender)
     recipient = quoteAddress(recipient)
@@ -45,15 +82,15 @@ class Greylist(object):
       dbp = self.dbp
       try:
         r = dbp[key]
-        now = time.time()
+        now = time.time() + timeinc
         if now > r.lastseen + self.greylist_retain:
           # expired
           log.debug('Expired greylist: %s',key)
-          r = Record()
-        elif now < r.firstseen + self.greylist_time:
+          r = Record(timeinc)
+        elif now < r.firstseen + self.greylist_time + 5:
           # still greylisted
           log.debug('Early greylist: %s',key)
-          #r = Record()
+          #r = Record(timeinc)
           r.lastseen = now
         elif r.cnt or now < r.firstseen + self.greylist_expire:
           # in greylist window or active
@@ -63,12 +100,22 @@ class Greylist(object):
         else:
           # passed greylist window
           log.debug('Late greylist: %s',key)
-          r = Record()
+          r = Record(timeinc)
         dbp[key] = r
       except:
-        r = Record()
+        r = Record(timeinc)
         dbp[key] = r
       dbp.sync()
     finally:
       self.lock.release()
     return r.cnt
+
+  def close(self):
+    self.dbp.close()
+
+if __name__ == '__main__':
+  import sys
+  g = Greylist(sys.argv[1],5,24,36)
+  try:
+    g.export_csv(sys.stdout)
+  finally: g.close()

Milter/greysql.py

@@ -0,0 +1,109 @@
+import time
+import logging
+import urllib
+import sqlite3
+try:
+  import thread
+except:
+  import _thread as thread
+from datetime import datetime
+
+log = logging.getLogger('milter.greylist')
+
+_db_lock = thread.allocate_lock()
+
+class Greylist(object):
+
+  def __init__(self,dbname,grey_time=10,grey_expire=4,grey_retain=36):
+    self.ignoreLastByte = False
+    self.greylist_time = grey_time * 60         # minutes
+    self.greylist_expire = grey_expire * 3600   # hours
+    self.greylist_retain = grey_retain * 24 * 3600   # days
+    self.conn = sqlite3.connect(dbname)
+    self.conn.row_factory = sqlite3.Row
+    try:
+      self.conn.execute('''create table greylist(
+        ip text , sender text, recipient text,
+        firstseen timestamp, lastseen timestamp, cnt integer, umis text,
+        primary key (ip,sender,recipient))''')
+    except: pass
+
+  def import_csv(self,fp):
+    import csv
+    rdr = csv.reader(fp)
+    cur = self.conn.execute('begin immediate')
+    try:
+      for r in rdr:
+        cur.execute('''insert into 
+          greylist(ip,sender,recipient,firstseen,lastseen,cnt,umis)
+          values(?,?,?,?,?,?,?)''', r)
+      self.conn.commit()
+    finally:
+      cur.close();
+
+  def clean(self,timeinc=0):
+    "Delete records past the retention limit."
+    now = time.time() + timeinc - self.greylist_retain
+    cur = self.conn.cursor()
+    try:
+      cur.execute('delete from greylist where lastseen < ?',(now,))
+      cnt = cur.rowcount
+      self.conn.commit()
+    finally: cur.close()
+    return cnt
+
+  def check(self,ip,sender,recipient,timeinc=0):
+    "Return number of allowed messages for greylist triple."
+    _db_lock.acquire()
+    cur = self.conn.execute('begin immediate')
+    try:
+      cur.execute('''select firstseen,lastseen,cnt,umis from greylist where
+        ip=? and sender=? and recipient=?''',(ip,sender,recipient))
+      r = cur.fetchone()
+      now = time.time() + timeinc
+      cnt = 0
+      if not r:
+        cur.execute('''insert into 
+          greylist(ip,sender,recipient,firstseen,lastseen,cnt,umis)
+          values(?,?,?,?,?,?,?)''', (ip,sender,recipient,now,now,0,None))
+      elif now > r['lastseen'] + self.greylist_retain:
+        # expired
+        log.debug('Expired greylist: %s:%s:%s',ip,sender,recipient)
+        cur.execute('''update greylist set firstseen=?,lastseen=?,cnt=?,umis=?
+          where ip=? and sender=? and recipient=?''',
+          (now,now,0,None,ip,sender,recipient))
+      elif now < r['firstseen'] + self.greylist_time + 5:
+        # still greylisted
+        log.debug('Early greylist: %s:%s:%s',ip,sender,recipient)
+        #r = Record()
+        cur.execute('''update greylist set lastseen=?
+          where ip=? and sender=? and recipient=?''',
+          (now,ip,sender,recipient))
+      elif r['cnt'] or now < r['firstseen'] + self.greylist_expire:
+        # in greylist window or active
+        cnt = r['cnt'] + 1
+        cur.execute('''update greylist set lastseen=?,cnt=?
+          where ip=? and sender=? and recipient=?''',
+          (now,cnt,ip,sender,recipient))
+        log.debug('Active greylist(%d): %s:%s:%s',cnt,ip,sender,recipient)
+      else:
+        # passed greylist window
+        log.debug('Late greylist: %s:%s:%s',ip,sender,recipient)
+        cur.execute('''update greylist set firstseen=?,lastseen=?,cnt=?,umis=?
+          where ip=? and sender=? and recipient=?''',
+          (now,now,0,None,ip,sender,recipient))
+      self.conn.commit()
+    finally:
+      cur.close()
+      _db_lock.release()
+    return cnt
+
+  def close(self):
+    self.conn.close()
+
+if __name__ == '__main__':
+  import sys
+  g = Greylist(sys.argv[1])
+  try:
+    g.import_csv(sys.stdin)
+  finally: g.close()

Milter/plock.py

@@ -11,7 +11,7 @@ class PLock(object):
     self.basename = basename
     self.fp = None
 
-  def lock(self,lockname=None,mode=0660,strict_perms=False):
+  def lock(self,lockname=None,mode=0o660,strict_perms=False):
     "Start an update transaction.  Return FILE to write new version."
     self.unlock()
     if not lockname:
@@ -21,7 +21,7 @@ class PLock(object):
       st = os.stat(self.basename)
       mode |= st.st_mode
     except OSError: pass
-    u = os.umask(0002)
+    u = os.umask(0o2)
     try:
       fd = os.open(lockname,os.O_WRONLY+os.O_CREAT+os.O_EXCL,mode)
     finally:
@@ -31,8 +31,8 @@ class PLock(object):
       os.chown(self.lockname,-1,st.st_gid)
     except:
       if strict_perms:
-	self.unlock()
-	raise
+        self.unlock()
+        raise
     return self.fp
 
   def wlock(self,lockname=None):
@@ -46,12 +46,12 @@ class PLock(object):
   def commit(self,backname=None):
     "Commit update transaction with optional backup file."
     if not self.fp:
-      raise IOError,"File not locked"
+      raise IOError("File not locked")
     self.fp.close()
     self.fp = None
     if backname:
       try:
-	os.remove(backname)
+        os.remove(backname)
       except OSError: pass
       os.link(self.basename,backname)
     os.rename(self.lockname,self.basename)

Milter/policy.py

@@ -0,0 +1,87 @@
+try:
+  try:
+    from berkeleydb import db
+  except:
+    from bsddb3 import db
+  class DB(object):
+    def open(self,fname,mode):
+      if mode == 'r': flags = db.DB_RDONLY
+      else: raise RuntimeException('unsupported mode')
+      self.f = db.DB()
+      self.f.open(fname,flags=flags)
+    def __contains__(self,key):
+      return not not self.f.get(key)
+    def __getitem__(self,key):
+      v = self.f.get(key)
+      if not v: raise KeyError(key)
+      return v
+    def close(self):
+      self.f.close()
+  def dbmopen(fname,mode):
+    f = DB()
+    f.open(fname,mode)
+    return f
+except ModuleNotFoundError: raise
+except:
+  import anydbm as dbm
+  dbmopen = dbm.open
+
+class MTAPolicy(object):
+  "Get SPF policy by result from sendmail style access file."
+  def __init__(self,sender,conf,access_file=None):
+    if not access_file:
+      access_file = conf.access_file
+    self.use_nulls = conf.access_file_nulls
+    try:
+      self.use_colon = conf.access_file_colon
+    except:
+      self.use_colon = True
+    self.sender = sender
+    self.domain = sender.split('@')[-1].lower()
+    self.acf = None
+    self.access_file = access_file
+
+  def close(self):
+    if self.acf:
+      self.acf.close()
+
+  def __enter__(self): 
+    self.acf = None
+    if self.access_file:
+      try:
+        self.acf = dbmopen(self.access_file,'r')
+      except:
+        print('%s: Cannot open for reading'%self.access_file)
+        raise
+    return self
+  def __exit__(self,t,v,b): self.close()
+
+  def getPolicy(self,pfx):
+    acf = self.acf
+    if not acf: return None
+    if self.use_nulls: sfx = b'\x00'
+    else: sfx = b''
+    if self.use_colon:
+      sep = b':'
+    else:
+      sep = b'!'
+    pfx = pfx.encode() + sep
+    try:    # try with localpart@domain
+      return acf[pfx + self.sender.encode() + sfx].rstrip(b'\x00').decode()
+    except KeyError:
+      try:  # try with domain
+        d = self.domain.encode()
+        k = pfx + d + sfx
+        while not k in acf and b'.' in d:
+          # check partial domains
+          d = b'.'.join(d.split(b'.')[1:])
+          k = pfx + b'.' + d + sfx
+        return acf[k].rstrip(b'\x00').decode()
+      except KeyError:
+        try:    # try bare prefix
+          return acf[pfx + sfx].rstrip(b'\x00').decode()
+        except KeyError:
+          try:
+            return acf[pfx[:-1] + sfx].rstrip(b'\x00').decode()
+          except KeyError:
+            return None

Milter/pyip6.py

@@ -0,0 +1,118 @@
+"""Pure Python IP6 parsing and formatting
+
+Copyright (c) 2006 Stuart Gathman <stuart@bmsi.com>
+
+This module is free software, and you may redistribute it and/or modify
+it under the same terms as Python itself, so long as this copyright message
+and disclaimer are retained in their original form.
+"""
+from __future__ import print_function
+import struct
+#from spf import RE_IP4 
+import re
+PAT_IP4 = r'\.'.join([r'(?:\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])']*4)
+RE_IP4 = re.compile(PAT_IP4+'$')
+
+def inet_ntop(s):
+  """
+  Convert ip6 address to standard hex notation.
+
+  Examples:
+
+  >>> inet_ntop(struct.pack("!HHHHHHHH",0,0,0,0,0,0xFFFF,0x0102,0x0304))
+  '::FFFF:1.2.3.4'
+
+  >>> inet_ntop(struct.pack("!HHHHHHHH",0x1234,0x5678,0,0,0,0,0x0102,0x0304))
+  '1234:5678::102:304'
+
+  >>> inet_ntop(struct.pack("!HHHHHHHH",0,0,0,0x1234,0x5678,0,0x0102,0x0304))
+  '::1234:5678:0:102:304'
+
+  >>> inet_ntop(struct.pack("!HHHHHHHH",0x1234,0x5678,0,0x0102,0x0304,0,0,0))
+  '1234:5678:0:102:304::'
+
+  >>> inet_ntop(struct.pack("!HHHHHHHH",0,0,0,0,0,0,0,0))
+  '::'
+  """
+  # convert to 8 words
+  a = struct.unpack("!HHHHHHHH",s)
+  n = (0,0,0,0,0,0,0,0)	# null ip6
+  if a == n: return '::'
+  # check for ip4 mapped
+  if a[:5] == (0,0,0,0,0) and a[5] in (0,0xFFFF):
+    ip4 = '.'.join([str(i) for i in struct.unpack("!BBBB",s[12:])])
+    if a[5]:
+      return "::FFFF:" + ip4
+    return "::" + ip4
+  # find index of longest sequence of 0
+  for l in (7,6,5,4,3,2,1):
+    e = n[:l]
+    for i in range(9-l):
+      if a[i:i+l] == e:
+        if i == 0:
+          return ':'+':%x'*(8-l) % a[l:]
+        if i == 8 - l:
+          return '%x:'*(8-l) % a[:-l] + ':'
+        return '%x:'*i % a[:i] + ':%x'*(8-l-i) % a[i+l:]
+  return "%x:%x:%x:%x:%x:%x:%x:%x" % a
+
+def inet_pton(p):
+  """
+  Convert ip6 standard hex notation to ip6 address.
+
+  Examples:
+
+  >>> struct.unpack('!HHHHHHHH',inet_pton('::'))
+  (0, 0, 0, 0, 0, 0, 0, 0)
+
+  >>> struct.unpack('!HHHHHHHH',inet_pton('::1234'))
+  (0, 0, 0, 0, 0, 0, 0, 4660)
+
+  >>> struct.unpack('!HHHHHHHH',inet_pton('1234::'))
+  (4660, 0, 0, 0, 0, 0, 0, 0)
+
+  >>> struct.unpack('!HHHHHHHH',inet_pton('1234::5678'))
+  (4660, 0, 0, 0, 0, 0, 0, 22136)
+
+  >>> struct.unpack('!HHHHHHHH',inet_pton('::FFFF:1.2.3.4'))
+  (0, 0, 0, 0, 0, 65535, 258, 772)
+
+  >>> struct.unpack('!HHHHHHHH',inet_pton('1.2.3.4'))
+  (0, 0, 0, 0, 0, 65535, 258, 772)
+
+  >>> try: inet_pton('::1.2.3.4.5')
+  ... except ValueError as x: print(x)
+  ::1.2.3.4.5
+  """
+  if p == '::':
+    return b'\0'*16
+  s = p
+  m = RE_IP4.search(s)
+  try:
+      if m:
+          pos = m.start()
+          ip4 = [int(i) for i in s[pos:].split('.')]
+          if not pos:
+              return struct.pack('!QLBBBB',0,65535,*ip4)
+          s = s[:pos]+'%x%02x:%x%02x'%tuple(ip4)
+      a = s.split('::')
+      if len(a) == 2:
+        l,r = a
+        if not l:
+          r = r.split(':')
+          return struct.pack('!HHHHHHHH',
+	    *[0]*(8-len(r)) + [int(s,16) for s in r])
+        if not r:
+          l = l.split(':')
+          return struct.pack('!HHHHHHHH',
+	    *[int(s,16) for s in l] + [0]*(8-len(l)))
+        l = l.split(':')
+        r = r.split(':')
+        return struct.pack('!HHHHHHHH',
+	    *[int(s,16) for s in l] + [0]*(8-len(l)-len(r))
+	    + [int(s,16) for s in r])
+      if len(a) == 1:
+        return struct.pack('!HHHHHHHH',
+	    *[int(s,16) for s in a[0].split(':')])
+  except ValueError: pass
+  raise ValueError(p)

Milter/sgmllib.py

@@ -0,0 +1,552 @@
+"""A parser for SGML, using the derived class as a static DTD."""
+
+# XXX This only supports those SGML features used by HTML.
+
+# XXX There should be a way to distinguish between PCDATA (parsed
+# character data -- the normal case), RCDATA (replaceable character
+# data -- only char and entity references and end tags are special)
+# and CDATA (character data -- only end tags are special).  RCDATA is
+# not supported at all.
+
+from __future__ import print_function
+
+try:
+  import _markupbase
+except:
+  import markupbase as _markupbase
+import re
+
+__all__ = ["SGMLParser", "SGMLParseError"]
+
+# Regular expressions used for parsing
+
+interesting = re.compile('[&<]')
+incomplete = re.compile('&([a-zA-Z][a-zA-Z0-9]*|#[0-9]*)?|'
+                           '<([a-zA-Z][^<>]*|'
+                              '/([a-zA-Z][^<>]*)?|'
+                              '![^<>]*)?')
+
+entityref = re.compile('&([a-zA-Z][-.a-zA-Z0-9]*)[^a-zA-Z0-9]')
+charref = re.compile('&#([0-9]+)[^0-9]')
+
+starttagopen = re.compile('<[>a-zA-Z]')
+shorttagopen = re.compile('<[a-zA-Z][-.a-zA-Z0-9]*/')
+shorttag = re.compile('<([a-zA-Z][-.a-zA-Z0-9]*)/([^/]*)/')
+piclose = re.compile('>')
+endbracket = re.compile('[<>]')
+tagfind = re.compile('[a-zA-Z][-_.a-zA-Z0-9]*')
+attrfind = re.compile(
+    r'\s*([a-zA-Z_][-:.a-zA-Z_0-9]*)(\s*=\s*'
+    r'(\'[^\']*\'|"[^"]*"|[][\-a-zA-Z0-9./,:;+*%?!&$\(\)_#=~\'"@]*))?')
+
+
+class SGMLParseError(RuntimeError):
+    """Exception raised for all parse errors."""
+    pass
+
+
+# SGML parser base class -- find tags and call handler functions.
+# Usage: p = SGMLParser(); p.feed(data); ...; p.close().
+# The dtd is defined by deriving a class which defines methods
+# with special names to handle tags: start_foo and end_foo to handle
+# <foo> and </foo>, respectively, or do_foo to handle <foo> by itself.
+# (Tags are converted to lower case for this purpose.)  The data
+# between tags is passed to the parser by calling self.handle_data()
+# with some data as argument (the data may be split up in arbitrary
+# chunks).  Entity references are passed by calling
+# self.handle_entityref() with the entity reference as argument.
+
+class SGMLParser(_markupbase.ParserBase):
+    # Definition of entities -- derived classes may override
+    entity_or_charref = re.compile('&(?:'
+      '([a-zA-Z][-.a-zA-Z0-9]*)|#([0-9]+)'
+      ')(;?)')
+
+    def __init__(self, verbose=0):
+        """Initialize and reset this instance."""
+        self.verbose = verbose
+        self.reset()
+
+    def reset(self):
+        """Reset this instance. Loses all unprocessed data."""
+        self.__starttag_text = None
+        self.rawdata = ''
+        self.stack = []
+        self.lasttag = '???'
+        self.nomoretags = 0
+        self.literal = 0
+        _markupbase.ParserBase.reset(self)
+
+    def setnomoretags(self):
+        """Enter literal mode (CDATA) till EOF.
+
+        Intended for derived classes only.
+        """
+        self.nomoretags = self.literal = 1
+
+    def setliteral(self, *args):
+        """Enter literal mode (CDATA).
+
+        Intended for derived classes only.
+        """
+        self.literal = 1
+
+    def feed(self, data):
+        """Feed some data to the parser.
+
+        Call this as often as you want, with as little or as much text
+        as you want (may include '\n').  (This just saves the text,
+        all the processing is done by goahead().)
+        """
+
+        self.rawdata = self.rawdata + data
+        self.goahead(0)
+
+    def close(self):
+        """Handle the remaining data."""
+        self.goahead(1)
+
+    def error(self, message):
+        raise SGMLParseError(message)
+
+    # Internal -- handle data as far as reasonable.  May leave state
+    # and data to be processed by a subsequent call.  If 'end' is
+    # true, force handling all data as if followed by EOF marker.
+    def goahead(self, end):
+        rawdata = self.rawdata
+        i = 0
+        n = len(rawdata)
+        while i < n:
+            if self.nomoretags:
+                self.handle_data(rawdata[i:n])
+                i = n
+                break
+            match = interesting.search(rawdata, i)
+            if match: j = match.start()
+            else: j = n
+            if i < j:
+                self.handle_data(rawdata[i:j])
+            i = j
+            if i == n: break
+            if rawdata[i] == '<':
+                if starttagopen.match(rawdata, i):
+                    if self.literal:
+                        self.handle_data(rawdata[i])
+                        i = i+1
+                        continue
+                    k = self.parse_starttag(i)
+                    if k < 0: break
+                    i = k
+                    continue
+                if rawdata.startswith("</", i):
+                    k = self.parse_endtag(i)
+                    if k < 0: break
+                    i = k
+                    self.literal = 0
+                    continue
+                if self.literal:
+                    if n > (i + 1):
+                        self.handle_data("<")
+                        i = i+1
+                    else:
+                        # incomplete
+                        break
+                    continue
+                if rawdata.startswith("<!--", i):
+                        # Strictly speaking, a comment is --.*--
+                        # within a declaration tag <!...>.
+                        # This should be removed,
+                        # and comments handled only in parse_declaration.
+                    k = self.parse_comment(i)
+                    if k < 0: break
+                    i = k
+                    continue
+                if rawdata.startswith("<?", i):
+                    k = self.parse_pi(i)
+                    if k < 0: break
+                    i = i+k
+                    continue
+                if rawdata.startswith("<!", i):
+                    # This is some sort of declaration; in "HTML as
+                    # deployed," this should only be the document type
+                    # declaration ("<!DOCTYPE html...>").
+                    k = self.parse_declaration(i)
+                    if k < 0: break
+                    i = k
+                    continue
+            elif rawdata[i] == '&':
+                if self.literal:
+                    self.handle_data(rawdata[i])
+                    i = i+1
+                    continue
+                match = charref.match(rawdata, i)
+                if match:
+                    name = match.group(1)
+                    self.handle_charref(name)
+                    i = match.end(0)
+                    if rawdata[i-1] != ';': i = i-1
+                    continue
+                match = entityref.match(rawdata, i)
+                if match:
+                    name = match.group(1)
+                    self.handle_entityref(name)
+                    i = match.end(0)
+                    if rawdata[i-1] != ';': i = i-1
+                    continue
+            else:
+                self.error('neither < nor & ??')
+            # We get here only if incomplete matches but
+            # nothing else
+            match = incomplete.match(rawdata, i)
+            if not match:
+                self.handle_data(rawdata[i])
+                i = i+1
+                continue
+            j = match.end(0)
+            if j == n:
+                break # Really incomplete
+            self.handle_data(rawdata[i:j])
+            i = j
+        # end while
+        if end and i < n:
+            self.handle_data(rawdata[i:n])
+            i = n
+        self.rawdata = rawdata[i:]
+        # XXX if end: check for empty stack
+
+    # Extensions for the DOCTYPE scanner:
+    _decl_otherchars = '='
+
+    # Internal -- parse processing instr, return length or -1 if not terminated
+    def parse_pi(self, i):
+        rawdata = self.rawdata
+        if rawdata[i:i+2] != '<?':
+            self.error('unexpected call to parse_pi()')
+        match = piclose.search(rawdata, i+2)
+        if not match:
+            return -1
+        j = match.start(0)
+        self.handle_pi(rawdata[i+2: j])
+        j = match.end(0)
+        return j-i
+
+    def get_starttag_text(self):
+        return self.__starttag_text
+
+    # Internal -- handle starttag, return length or -1 if not terminated
+    def parse_starttag(self, i):
+        self.__starttag_text = None
+        start_pos = i
+        rawdata = self.rawdata
+        if shorttagopen.match(rawdata, i):
+            # SGML shorthand: <tag/data/ == <tag>data</tag>
+            # XXX Can data contain &... (entity or char refs)?
+            # XXX Can data contain < or > (tag characters)?
+            # XXX Can there be whitespace before the first /?
+            match = shorttag.match(rawdata, i)
+            if not match:
+                return -1
+            tag, data = match.group(1, 2)
+            self.__starttag_text = '<%s/' % tag
+            tag = tag.lower()
+            k = match.end(0)
+            self.finish_shorttag(tag, data)
+            self.__starttag_text = rawdata[start_pos:match.end(1) + 1]
+            return k
+        # XXX The following should skip matching quotes (' or ")
+        # As a shortcut way to exit, this isn't so bad, but shouldn't
+        # be used to locate the actual end of the start tag since the
+        # < or > characters may be embedded in an attribute value.
+        match = endbracket.search(rawdata, i+1)
+        if not match:
+            return -1
+        j = match.start(0)
+        # Now parse the data between i+1 and j into a tag and attrs
+        attrs = []
+        if rawdata[i:i+2] == '<>':
+            # SGML shorthand: <> == <last open tag seen>
+            k = j
+            tag = self.lasttag
+        else:
+            match = tagfind.match(rawdata, i+1)
+            if not match:
+                self.error('unexpected call to parse_starttag')
+            k = match.end(0)
+            tag = rawdata[i+1:k].lower()
+            self.lasttag = tag
+        while k < j:
+            match = attrfind.match(rawdata, k)
+            if not match: break
+            attrname, rest, attrvalue = match.group(1, 2, 3)
+            if not rest:
+                attrvalue = attrname
+            else:
+                if (attrvalue[:1] == "'" == attrvalue[-1:] or
+                    attrvalue[:1] == '"' == attrvalue[-1:]):
+                    # strip quotes
+                    attrvalue = attrvalue[1:-1]
+                attrvalue = self.entity_or_charref.sub(
+                    self._convert_ref, attrvalue)
+            attrs.append((attrname.lower(), attrvalue))
+            k = match.end(0)
+        if rawdata[j] == '>':
+            j = j+1
+        self.__starttag_text = rawdata[start_pos:j]
+        self.finish_starttag(tag, attrs)
+        return j
+
+    # Internal -- convert entity or character reference
+    def _convert_ref(self, match):
+        if match.group(2):
+            return self.convert_charref(match.group(2)) or \
+                '&#%s%s' % match.groups()[1:]
+        elif match.group(3):
+            return self.convert_entityref(match.group(1)) or \
+                '&%s;' % match.group(1)
+        else:
+            return '&%s' % match.group(1)
+
+    # Internal -- parse endtag
+    def parse_endtag(self, i):
+        rawdata = self.rawdata
+        match = endbracket.search(rawdata, i+1)
+        if not match:
+            return -1
+        j = match.start(0)
+        tag = rawdata[i+2:j].strip().lower()
+        if rawdata[j] == '>':
+            j = j+1
+        self.finish_endtag(tag)
+        return j
+
+    # Internal -- finish parsing of <tag/data/ (same as <tag>data</tag>)
+    def finish_shorttag(self, tag, data):
+        self.finish_starttag(tag, [])
+        self.handle_data(data)
+        self.finish_endtag(tag)
+
+    # Internal -- finish processing of start tag
+    # Return -1 for unknown tag, 0 for open-only tag, 1 for balanced tag
+    def finish_starttag(self, tag, attrs):
+        try:
+            method = getattr(self, 'start_' + tag)
+        except AttributeError:
+            try:
+                method = getattr(self, 'do_' + tag)
+            except AttributeError:
+                self.unknown_starttag(tag, attrs)
+                return -1
+            else:
+                self.handle_starttag(tag, method, attrs)
+                return 0
+        else:
+            self.stack.append(tag)
+            self.handle_starttag(tag, method, attrs)
+            return 1
+
+    # Internal -- finish processing of end tag
+    def finish_endtag(self, tag):
+        if not tag:
+            found = len(self.stack) - 1
+            if found < 0:
+                self.unknown_endtag(tag)
+                return
+        else:
+            if tag not in self.stack:
+                try:
+                    method = getattr(self, 'end_' + tag)
+                except AttributeError:
+                    self.unknown_endtag(tag)
+                else:
+                    self.report_unbalanced(tag)
+                return
+            found = len(self.stack)
+            for i in range(found):
+                if self.stack[i] == tag: found = i
+        while len(self.stack) > found:
+            tag = self.stack[-1]
+            try:
+                method = getattr(self, 'end_' + tag)
+            except AttributeError:
+                method = None
+            if method:
+                self.handle_endtag(tag, method)
+            else:
+                self.unknown_endtag(tag)
+            del self.stack[-1]
+
+    # Overridable -- handle start tag
+    def handle_starttag(self, tag, method, attrs):
+        method(attrs)
+
+    # Overridable -- handle end tag
+    def handle_endtag(self, tag, method):
+        method()
+
+    # Example -- report an unbalanced </...> tag.
+    def report_unbalanced(self, tag):
+        if self.verbose:
+            print('*** Unbalanced </' + tag + '>')
+            print('*** Stack:', self.stack)
+
+    def convert_charref(self, name):
+        """Convert character reference, may be overridden."""
+        try:
+            n = int(name)
+        except ValueError:
+            return
+        if not 0 <= n <= 127:
+            return
+        return self.convert_codepoint(n)
+
+    def convert_codepoint(self, codepoint):
+        return chr(codepoint)
+
+    def handle_charref(self, name):
+        """Handle character reference, no need to override."""
+        replacement = self.convert_charref(name)
+        if replacement is None:
+            self.unknown_charref(name)
+        else:
+            self.handle_data(replacement)
+
+    # Definition of entities -- derived classes may override
+    entitydefs = \
+            {'lt': '<', 'gt': '>', 'amp': '&', 'quot': '"', 'apos': '\''}
+
+    def convert_entityref(self, name):
+        """Convert entity references.
+
+        As an alternative to overriding this method; one can tailor the
+        results by setting up the self.entitydefs mapping appropriately.
+        """
+        table = self.entitydefs
+        if name in table:
+            return table[name]
+        else:
+            return
+
+    def handle_entityref(self, name):
+        """Handle entity references, no need to override."""
+        replacement = self.convert_entityref(name)
+        if replacement is None:
+            self.unknown_entityref(name)
+        else:
+            self.handle_data(replacement)
+
+    # Example -- handle data, should be overridden
+    def handle_data(self, data):
+        pass
+
+    # Example -- handle comment, could be overridden
+    def handle_comment(self, data):
+        pass
+
+    # Example -- handle declaration, could be overridden
+    def handle_decl(self, decl):
+        pass
+
+    # Example -- handle processing instruction, could be overridden
+    def handle_pi(self, data):
+        pass
+
+    # To be overridden -- handlers for unknown objects
+    def unknown_starttag(self, tag, attrs): pass
+    def unknown_endtag(self, tag): pass
+    def unknown_charref(self, ref): pass
+    def unknown_entityref(self, ref): pass
+
+
+class TestSGMLParser(SGMLParser):
+
+    def __init__(self, verbose=0):
+        self.testdata = ""
+        SGMLParser.__init__(self, verbose)
+
+    def handle_data(self, data):
+        self.testdata = self.testdata + data
+        if len(repr(self.testdata)) >= 70:
+            self.flush()
+
+    def flush(self):
+        data = self.testdata
+        if data:
+            self.testdata = ""
+            print('data:', repr(data))
+
+    def handle_comment(self, data):
+        self.flush()
+        r = repr(data)
+        if len(r) > 68:
+            r = r[:32] + '...' + r[-32:]
+        print('comment:', r)
+
+    def unknown_starttag(self, tag, attrs):
+        self.flush()
+        if not attrs:
+            print('start tag: <' + tag + '>')
+        else:
+            print('start tag: <' + tag, end=' ')
+            for name, value in attrs:
+                print(name + '=' + '"' + value + '"', end=' ')
+            print('>')
+
+    def unknown_endtag(self, tag):
+        self.flush()
+        print('end tag: </' + tag + '>')
+
+    def unknown_entityref(self, ref):
+        self.flush()
+        print('*** unknown entity ref: &' + ref + ';')
+
+    def unknown_charref(self, ref):
+        self.flush()
+        print('*** unknown char ref: &#' + ref + ';')
+
+    def unknown_decl(self, data):
+        self.flush()
+        print('*** unknown decl: [' + data + ']')
+
+    def close(self):
+        SGMLParser.close(self)
+        self.flush()
+
+
+def test(args = None):
+    import sys
+
+    if args is None:
+        args = sys.argv[1:]
+
+    if args and args[0] == '-s':
+        args = args[1:]
+        klass = SGMLParser
+    else:
+        klass = TestSGMLParser
+
+    if args:
+        file = args[0]
+    else:
+        file = 'test.html'
+
+    if file == '-':
+        f = sys.stdin
+    else:
+        try:
+            f = open(file, 'r')
+        except IOError as msg:
+            print(file, ":", msg)
+            sys.exit(1)
+
+    data = f.read()
+    if f is not sys.stdin:
+        f.close()
+
+    x = klass()
+    for c in data:
+        x.feed(c)
+    x.close()
+
+
+if __name__ == '__main__':
+    test()

Milter/test.py

@@ -0,0 +1,247 @@
+## @package Milter.test
+# A test framework for milters
+
+from __future__ import print_function
+import mime
+try:
+  from io import BytesIO
+except:
+  from StringIO import StringIO as BytesIO
+import Milter
+
+Milter.NOREPLY = Milter.CONTINUE
+
+## Test mixin for unit testing %milter applications.
+# This mixin overrides many Milter.MilterBase methods
+# with stub versions that simply record what was done.
+# @deprecated Use Milter.test.TestCtx
+# @since 0.9.8
+class TestBase(object):
+
+  def __init__(self,logfile='test/milter.log'):
+    self._protocol = 0
+    self.logfp = open(logfile,"a")
+    ## The MAIL FROM for the current email being fed to the %milter
+    self._sender = None
+    ## List of recipients deleted
+    self._delrcpt = []
+    ## List of recipients added
+    self._addrcpt = []
+    ## Macros defined
+    self._macros = { }
+    ## The message body.
+    self._body = None
+    ## True if the %milter replaced the message body.
+    self._bodyreplaced = False
+    ## True if the %milter changed any headers.
+    self._headerschanged = False
+    ## True if the %milter changed the envelope from.
+    self._envfromchanged = False
+    ## Reply codes and messages set by the %milter
+    self._reply = None
+    ## The rfc822 message object for the current email being fed to the %milter.
+    self._msg = None
+    ## The protocol stage for macros returned
+    self._stage = None
+    ## The macros returned by protocol stage
+    self._symlist = [ None, None, None, None, None, None, None ]
+
+  def _close(self):
+    if self.logfp:
+      self.logfp.close()
+      self.logfp = None
+
+  def log(self,*msg):
+    for i in msg: print(i,file=self.logfp,end=None)
+    print(file=self.logfp)
+
+  ## Set a macro value.
+  # These are retrieved by the %milter with getsymval.
+  # @param name the macro name, as passed to getsymval
+  # @param val the macro value
+  def setsymval(self,name,val):
+    self._macros[name] = val
+    
+  def getsymval(self,name):
+    stage = self._stage
+    if stage is not None and stage >= 0:
+      syms = self._symlist[stage]
+      if syms is not None and name not in syms:
+        return None
+    return self._macros.get(name,None)
+
+  def replacebody(self,chunk):
+    if self._body:
+      self._body.write(chunk)
+      self._bodyreplaced = True
+    else:
+      raise IOError("replacebody not called from eom()")
+
+  def chgfrom(self,sender,params=None):
+    if not self._body:
+      raise IOError("chgfrom not called from eom()")
+    self.log('chgfrom: sender=%s' % (sender))
+    self._envfromchanged = True
+    self._sender = sender
+
+  # TODO: write implement quarantine()
+  def quarantine(self,reason):
+    raise NotImplemented
+
+  # TODO: measure time between milter calls
+  def progress(self):
+    pass
+
+  # FIXME: rfc822 indexing does not really reflect the way chg/add header
+  # work for a %milter
+  def chgheader(self,field,idx,value):
+    if not self._body:
+      raise IOError("chgheader not called from eom()")
+    self.log('chgheader: %s[%d]=%s' % (field,idx,value))
+    if value == '':
+      del self._msg[field]
+    else:
+      self._msg[field] = value
+    self._headerschanged = True
+
+  def addheader(self,field,value,idx=-1):
+    if not self._body:
+      raise IOError("addheader not called from eom()")
+    self.log('addheader: %s=%s' % (field,value))
+    self._msg[field] = value
+    self._headerschanged = True
+
+  def delrcpt(self,rcpt):
+    if not self._body:
+      raise IOError("delrcpt not called from eom()")
+    self._delrcpt.append(rcpt)
+
+  def addrcpt(self,rcpt):
+    if not self._body:
+      raise IOError("addrcpt not called from eom()")
+    self._addrcpt.append(rcpt)
+
+  ## Save the reply codes and messages in self._reply.
+  def setreply(self,rcode,xcode,*msg):
+    self._reply = (rcode,xcode) + msg
+
+  def setsymlist(self,stage,macros):
+    if not self._actions & Milter.SETSYMLIST:
+      raise DisabledAction("SETSYMLIST")
+    if self._stage != -1:
+      raise RuntimeError("setsymlist may only be called from negotiate")
+    # not used yet, but just for grins we save the data
+    a = []
+    for m in macros:
+      try:
+        m = m.encode('utf8')
+      except: pass
+      try:
+        m = m.split(b' ')
+      except: pass
+      a += m
+    if len(a) > 5:
+      raise ValueError('setsymlist limited to 5 macros by MTA')
+    if self._symlist[stage] is not None:
+      raise ValueError('setsymlist already called for stage:'+stage)
+    print('setsymlist',stage,a)
+    self._symlist[stage] = set(a)
+
+  ## Feed a file like object to the %milter.  Calls envfrom, envrcpt for
+  # each recipient, header for each header field, body for each body 
+  # block, and finally eom.  A return code from the %milter other than
+  # CONTINUE returns immediately with that return code.
+  #
+  # This is a convenience method, a test could invoke the callbacks
+  # in sequence on its own - and for some complex tests, this may
+  # be necessary.
+  # @param fp the file with rfc2822 message stream
+  # @param sender the MAIL FROM
+  # @param rcpt RCPT TO - additional recipients may follow
+  def feedFile(self,fp,sender="spam@adv.com",rcpt="victim@lamb.com",*rcpts):
+    self._body = None
+    self._bodyreplaced = False
+    self._headerschanged = False
+    self._reply = None
+    self._sender = '<%s>'%sender
+    msg = mime.message_from_file(fp)
+    # envfrom
+    self._stage = Milter.M_ENVFROM
+    rc = self.envfrom(self._sender)
+    self._stage = None
+    if rc != Milter.CONTINUE: return rc
+    # envrcpt
+    for rcpt in (rcpt,) + rcpts:
+      self._stage = Milter.M_ENVRCPT
+      rc = self.envrcpt('<%s>'%rcpt)
+      self._stage = None
+      if rc != Milter.CONTINUE: return rc
+    # data
+    self._stage = Milter.M_DATA
+    rc = self.data()
+    self._stage = None
+    if rc != Milter.CONTINUE: return rc
+    # header
+    for h,val in msg.items():
+      rc = self.header_bytes(h,val.encode())
+      if rc != Milter.CONTINUE: return rc
+    # eoh
+    self._stage = Milter.M_EOH
+    rc = self.eoh()
+    self._stage = None
+    if rc != Milter.CONTINUE: return rc
+    # body
+    header,body = msg.as_bytes().split(b'\n\n',1)
+    bfp = BytesIO(body)
+    while 1:
+      buf = bfp.read(8192)
+      if len(buf) == 0: break
+      rc = self.body(buf)
+      if rc != Milter.CONTINUE: return rc
+    self._msg = msg
+    self._body = BytesIO()
+    self._stage = Milter.M_EOM
+    rc = self.eom()
+    self._stage = None
+    if self._bodyreplaced:
+      body = self._body.getvalue()
+    self._body = BytesIO()
+    self._body.write(header)
+    self._body.write(b'\n\n')
+    self._body.write(body)
+    self.close()
+    self._close()
+    return rc
+
+  ## Feed an email contained in a file to the %milter.
+  # This is a convenience method that invokes @link #feedFile feedFile @endlink.
+  # @param sender MAIL FROM
+  # @param rcpts RCPT TO, multiple recipients may be supplied
+  def feedMsg(self,fname,sender="spam@adv.com",*rcpts):
+    with open('test/'+fname,'rb') as fp:
+      return self.feedFile(fp,sender,*rcpts)
+
+  ## Call the connect and helo callbacks.
+  # The helo callback is not called if connect does not return CONTINUE.
+  # @param host the hostname passed to the connect callback
+  # @param helo the hostname passed to the helo callback
+  # @param ip the IP address passed to the connect callback
+  def connect(self,host='localhost',helo='spamrelay',ip='1.2.3.4'):
+    self._body = None
+    self._bodyreplaced = False
+    self._setctx(None)
+    opts = [ Milter.CURR_ACTS,~0,0,0 ]
+    self._stage = -1
+    rc = self.negotiate(opts)
+    self._stage = Milter.M_CONNECT
+    rc =  super(TestBase,self).connect(host,1,(ip,1234)) 
+    if rc != Milter.CONTINUE:
+      self._stage = None
+      self.close()
+      return rc
+    self._stage = Milter.M_HELO
+    rc = self.hello(helo)
+    self._stage = None
+    if rc != Milter.CONTINUE:
+      self.close()
+    return rc

Milter/testctx.py

@@ -0,0 +1,312 @@
+## @package Milter.testctx
+# A test framework for milters that replaces milterContext rather
+# than Milter.Base.  Since miltermodule.c doesn't currently export
+# a way to query callbacks set (and we might want to run without 
+# loading milter), we assume the callbacks set by Milter.runmilter().
+
+from __future__ import print_function
+from socket import AF_INET,AF_INET6
+from sys import version as VERSION
+import time
+import mime
+try:
+  from io import BytesIO
+except:
+  from StringIO import StringIO as BytesIO
+import Milter
+from Milter import utils
+
+## Milter context for unit testing %milter applications.
+# A substitute for milter.milterContext that can be passed to
+# Milter.Base._setctx().
+# @since 1.0.3
+class TestCtx(object):
+  default_opts = [Milter.CURR_ACTS,0x1fffff,0,0]
+  def __init__(self,logfile='test/milter.log'):
+    ## Usually the Milter application derived from Milter.Base
+    self._priv = None
+    ## List of recipients deleted
+    self._delrcpt = []
+    ## List of recipients added
+    self._addrcpt = []
+    ## Macros defined
+    self._macros = { }
+    ## Reply codes and messages set by the %milter
+    self._reply = None
+    ## The macros returned by protocol stage
+    self._symlist = [ None, None, None, None, None, None, None ]
+    ## The message body.
+    self._body = None
+    ## True if the %milter replaced the message body.
+    self._bodyreplaced = False
+    ## True if the %milter changed any headers.
+    self._headerschanged = False
+    ## The rfc822 message object for the current email being fed to the %milter.
+    self._msg = None
+    ## The MAIL FROM for the current email being fed to the %milter
+    self._sender = None
+    ## True if the %milter changed the envelope from.
+    self._envfromchanged = False
+    ## List of recipients added
+    self._addrcpt = []
+    ## Negotiated options
+    self._opts = TestCtx.default_opts
+    ## Last activity
+    self._activity = time.time()
+
+  def getpriv(self):
+    return self._priv
+
+  def setpriv(self,priv):
+    self._priv = priv
+
+  def getsymval(self,name):
+    stage = self._stage
+    if stage >= 0:
+      try:
+        s = name.encode('utf8')
+      except: pass
+      syms = self._symlist[stage]
+      if syms is not None and s not in syms:
+        return None
+    return self._macros.get(name,None)
+
+  def _setsymval(self,name,val):
+    self._macros[name] = val
+
+  def setreply(self,rcode,xcode,*msg):
+    self._reply = (rcode,xcode) + msg
+
+  def setsymlist(self,stage,macros):
+    if self._stage != -1:
+      raise RuntimeError("setsymlist may only be called from negotiate")
+    # Records which macros are available to getsymval()
+    m = macros
+    try:
+      m = m.encode('utf8')
+    except: pass
+    try:
+      m = m.split(b' ')
+    except: pass
+    if len(m) > 5:
+      raise ValueError('setsymlist limited to 5 macros by MTA')
+    if self._symlist[stage] is not None:
+      raise ValueError('setsymlist already called for stage:'+stage)
+    if not m:
+      raise ValueError('setsymlist with empty list for stage:'+stage)
+    self._symlist[stage] = set(m)
+
+  def addheader(self,field,value,idx):
+    if not self._body:
+      raise IOError("addheader not called from eom()")
+    self._msg[field] = value
+    self._headerschanged = True
+
+  def chgheader(self,field,idx,value):
+    if not self._body:
+      raise IOError("chgheader not called from eom()")
+    if value == '':
+      del self._msg[field]
+    else:
+      self._msg[field] = value
+    self._headerschanged = True
+ 
+  def addrcpt(self,rcpt,params):
+    if not self._body:
+      raise IOError("addrcpt not called from eom()")
+    self._addrcpt.append((rcpt,params))
+
+  def delrcpt(self,rcpt):
+    if not self._body:
+      raise IOError("delrcpt not called from eom()")
+    self._delrcpt.append(rcpt)
+
+  def replacebody(self,chunk):
+    if self._body:
+      self._body.write(chunk)
+      self._bodyreplaced = True
+    else:
+      raise IOError("replacebody not called from eom()")
+
+  def chgfrom(self,sender,params=None):
+    if not self._body:
+      raise IOError("chgfrom not called from eom()")
+    self._envfromchanged = True
+    self._sender = sender
+
+  def quarantine(self,reason):
+    raise NotImplemented
+
+  ## Reset activity timer.
+  def progress(self):
+    self._activity = time.time()
+
+  def _abort(self):
+    "What Milter sets for abort_callback"
+    self._priv.abort()
+    self._close()
+
+  def _close(self):
+    Milter.close_callback(self)
+
+  def _negotiate(self):
+    self._body = None
+    self._bodyreplaced = False
+    self._priv = None
+    self._opts = TestCtx.default_opts
+    self._stage = -1
+    rc = Milter.negotiate_callback(self,self._opts)
+    if rc == Milter.ALL_OPTS:
+      self._opts = TestCtx.default_opts
+    elif rc != Milter.CONTINUE:
+      self._abort()
+      self._close()
+    self._protocol = self._opts[1]
+    return rc
+
+  def _connect(self,host='localhost',helo='spamrelay',ip='1.2.3.4'):
+    rc = self._negotiate()
+    # FIXME: what if not CONTINUE or ALL_OPTS?
+    if self._protocol & Milter.P_NOCONNECT:
+      return Milter.CONTINUE
+    if utils.ip4re.match(ip):
+      af = AF_INET
+    elif utils.ip6re.match(ip):
+      af = AF_INET6
+    else:
+      raise ValueError('TestCtx.connect: invalid ip address: '+ip)
+    self._stage = Milter.M_CONNECT
+    rc = Milter.connect_callback(self,host,af,ip)
+    self._stage = None
+    if rc != Milter.CONTINUE:
+      self._close()
+      return rc
+    return self._helo(helo)
+
+  def _helo(self,helo):
+    if self._protocol & Milter.P_NOHELO:
+      return Milter.CONTINUE
+    self._stage = Milter.M_HELO
+    rc = self._priv.hello(helo)
+    self._stage = None
+    if rc != Milter.CONTINUE:
+      self._close()
+    return rc
+
+  def _envfrom(self,*s):
+    self._sender = s[0]
+    if self._protocol & Milter.P_NOMAIL:
+      return Milter.CONTINUE
+    self._stage = Milter.M_ENVFROM
+    rc = self._priv.envfrom(*s)
+    self._stage = None
+    return rc
+
+  def _envrcpt(self,s):
+    if self._protocol & Milter.P_NORCPT:
+      return Milter.CONTINUE
+    self._stage = Milter.M_ENVRCPT
+    rc = self._priv.envrcpt(s)
+    self._stage = None
+    return rc
+
+  def _data(self):
+    if self._protocol & Milter.P_NODATA:
+      return Milter.CONTINUE
+    self._stage = Milter.M_DATA
+    rc = self._priv.data()
+    self._stage = None
+    return rc
+
+  def _header(self,fld,val):
+    if VERSION < '3.0.0':
+      return self._priv.header(fld,val)
+    # email.message_from_binary_file uses surrogateescape to 
+    # preserve original bytes in unicode string for decoding errors.
+    # convert str or Header back to original bytes
+    if hasattr(val, '_chunks'):
+      # val is a Header object for invalid header values 
+      v = b''
+      for s,charset in val._chunks:
+        # recover the original bytes
+        b = s.encode(encoding='ascii',errors='surrogateescape')
+        v += b
+    else:
+      v = val.encode(encoding='ascii',errors='surrogateescape')
+    # invoke the Milter header_callback
+    return self._priv.header_bytes(fld,v)
+
+  def _eoh(self):
+    if self._protocol & Milter.P_NOEOH:
+      return Milter.CONTINUE
+    self._stage = Milter.M_EOH
+    rc = self._priv.eoh()
+    self._stage = None
+    return rc
+
+  def _feed_body(self,bfp):
+    if self._protocol & Milter.P_NOBODY:
+      return Milter.CONTINUE
+    while True:
+      buf = bfp.read(8192)
+      if len(buf) == 0: break
+      rc = self._priv.body(buf)
+      if rc != Milter.CONTINUE: return rc
+    return Milter.CONTINUE
+
+  def _eom(self):
+    self._body = BytesIO()
+    self._stage = Milter.M_EOM
+    rc = self._priv.eom()
+    self._stage = None
+    return rc
+
+  ## Feed a file like object to the ctx.  Calls the callbacks in
+  # the same sequence as libmilter.
+  # @param fp the file with rfc2822 message stream
+  # @param sender the MAIL FROM
+  # @param rcpt RCPT TO - additional recipients may follow
+  def _feedFile(self,fp,sender="spam@adv.com",rcpt="victim@lamb.com",*rcpts):
+    self._body = None
+    self._bodyreplaced = False
+    self._headerschanged = False
+    self._reply = None
+    msg = mime.message_from_file(fp)
+    self._msg = msg
+    # envfrom
+    rc = self._envfrom('<%s>'%sender)
+    if rc != Milter.CONTINUE: return rc
+    # envrcpt
+    for rcpt in (rcpt,) + rcpts:
+      rc = self._envrcpt('<%s>'%rcpt)
+      if rc != Milter.CONTINUE: return rc
+    # data
+    rc = self._data()
+    if rc != Milter.CONTINUE: return rc
+    # header
+    for h,val in msg.items():
+      rc = self._header(h,val)
+      if rc != Milter.CONTINUE: return rc
+    # eoh
+    rc = self._eoh()
+    if rc != Milter.CONTINUE: return rc
+    # body
+    header,body = msg.as_bytes().split(b'\n\n',1)
+    rc = self._feed_body(BytesIO(body))
+    if rc != Milter.CONTINUE: return rc
+    rc = self._eom()
+    if self._bodyreplaced:
+      body = self._body.getvalue()
+    self._body = BytesIO()
+    self._body.write(header)
+    self._body.write(b'\n\n')
+    self._body.write(body)
+    return rc
+
+  ## Feed an email contained in a file to the %milter.
+  # This is a convenience method that invokes @link #feedFile feedFile @endlink.
+  # @param sender MAIL FROM
+  # @param rcpts RCPT TO, multiple recipients may be supplied
+  def _feedMsg(self,fname,sender="spam@adv.com",*rcpts):
+    with open('test/'+fname,'rb') as fp:
+      return self._feedFile(fp,sender,*rcpts)

Milter/utils.py

@@ -1,23 +1,65 @@
+## @package Milter.utils
+# Miscellaneous functions.
+#
+
 import re
 import struct
 import socket
-import email.Errors
+import email.errors
+from email.header import decode_header
+import email.base64mime
+import email.utils
 from fnmatch import fnmatchcase
-from email.Header import decode_header
-#import email.Utils
-import rfc822
+from binascii import a2b_base64
 
-ip4re = re.compile(r'^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*$')
+dnsre = re.compile(r'^[a-z][-a-z\d.]+$', re.IGNORECASE)
+PAT_IP4 = r'\.'.join([r'(?:\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])']*4)
+ip4re = re.compile(PAT_IP4+'$')
+ip6re = re.compile(                 '(?:%(hex4)s:){6}%(ls32)s$'
+                   '|::(?:%(hex4)s:){5}%(ls32)s$'
+                  '|(?:%(hex4)s)?::(?:%(hex4)s:){4}%(ls32)s$'
+    '|(?:(?:%(hex4)s:){0,1}%(hex4)s)?::(?:%(hex4)s:){3}%(ls32)s$'
+    '|(?:(?:%(hex4)s:){0,2}%(hex4)s)?::(?:%(hex4)s:){2}%(ls32)s$'
+    '|(?:(?:%(hex4)s:){0,3}%(hex4)s)?::%(hex4)s:%(ls32)s$'
+    '|(?:(?:%(hex4)s:){0,4}%(hex4)s)?::%(ls32)s$'
+    '|(?:(?:%(hex4)s:){0,5}%(hex4)s)?::%(hex4)s$'
+    '|(?:(?:%(hex4)s:){0,6}%(hex4)s)?::$'
+  % {
+    'ls32': r'(?:[0-9a-f]{1,4}:[0-9a-f]{1,4}|%s)'%PAT_IP4,
+    'hex4': r'[0-9a-f]{1,4}'
+    }, re.IGNORECASE)
 
 # from spf.py
-def addr2bin(str):
-  "Convert a string IPv4 address into an unsigned integer."
-  return struct.unpack("!L", socket.inet_aton(str))[0]
+def addr2bin(s):
+  """Convert a string IPv4 address into an unsigned integer."""
+  if s.find(':') >= 0:
+    try:
+      return bin2long6(inet_pton(s))
+    except:
+      raise socket.error("Invalid IP6 address: "+s)
+  try:
+    return struct.unpack("!L", socket.inet_aton(s))[0]
+  except socket.error:
+    raise socket.error("Invalid IP4 address: "+s)
 
-MASK = 0xFFFFFFFFL
+def bin2long6(s):
+    """Convert binary IP6 address into an unsigned Python long integer."""
+    h, l = struct.unpack("!QQ", s)
+    return h << 64 | l
 
-def cidr(i,n):
-  return ~(MASK >> n) & MASK & i
+if hasattr(socket,'has_ipv6') and socket.has_ipv6:
+    def inet_ntop(s):
+        return socket.inet_ntop(socket.AF_INET6,s)
+    def inet_pton(s):
+        return socket.inet_pton(socket.AF_INET6,s.strip())
+else:
+    from pyip6 import inet_ntop, inet_pton
+
+MASK = 0xFFFFFFFF
+MASK6 = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+
+def cidr(i,n,mask=MASK):
+  return ~(mask >> n) & mask & i
 
 def iniplist(ipaddr,iplist):
   """Return whether ip is in cidr list
@@ -27,21 +69,59 @@ def iniplist(ipaddr,iplist):
   True
   >>> iniplist('192.168.0.45',['192.168.0.*'])
   True
+  >>> iniplist('4.2.2.2',['b.resolvers.Level3.net'])
+  True
+  >>> iniplist('2606:2800:220:1::',['example.com/40'])
+  True
+  >>> iniplist('4.2.2.2',['nothing.example.com'])
+  False
+  >>> iniplist('2001:610:779:0:223:6cff:fe9a:9cf3',['127.0.0.1','172.20.1.0/24','2001:610:779::/48'])
+  True
+  >>> iniplist('2G01:610:779:0:223:6cff:fe9a:9cf3',['127.0.0.1','172.20.1.0/24','2001:610:779::/48'])
+  Traceback (most recent call last):
+    ...
+  ValueError: Invalid ip syntax:2G01:610:779:0:223:6cff:fe9a:9cf3
   """
-  ipnum = addr2bin(ipaddr)
+  if ip4re.match(ipaddr):
+    fam = socket.AF_INET
+    ipnum = addr2bin(ipaddr)
+  elif ip6re.match(ipaddr):
+    fam = socket.AF_INET6
+    ipnum = bin2long6(inet_pton(ipaddr))
+  else:
+    raise ValueError('Invalid ip syntax:'+ipaddr)
   for pat in iplist:
     p = pat.split('/',1)
     if ip4re.match(p[0]):
       if len(p) > 1:
-	n = int(p[1])
+        n = int(p[1])
       else:
         n = 32
       if cidr(addr2bin(p[0]),n) == cidr(ipnum,n):
         return True
+    elif ip6re.match(p[0]):
+      if len(p) > 1:
+        n = int(p[1])
+      else:
+        n = 128
+      if cidr(bin2long6(inet_pton(p[0])),n,MASK6) == cidr(ipnum,n,MASK6):
+        return True
+    elif dnsre.match(p[0]):
+      try:
+        sfx = '/'.join(['']+p[1:])
+        addrlist = [r[4][0]+sfx for r in socket.getaddrinfo(p[0],25,fam)]
+        if iniplist(ipaddr,addrlist):
+          return True
+      except socket.gaierror: pass
     elif fnmatchcase(ipaddr,pat):
       return True
   return False
 
+## Split email into Fullname and address.
+# This replaces <code>email.utils.parseaddr</code> but fixes
+# some <a href="http://bugs.python.org/issue1025395">tricky test cases</a>.
+# Additional tricky cases are still broken.  Patches welcome.
+#
 def parseaddr(t):
   """Split email into Fullname and address.
 
@@ -54,12 +134,10 @@ def parseaddr(t):
   >>> parseaddr('God@heaven <@hop1.org,@hop2.net:jeff@spec.org>')
   ('God@heaven', 'jeff@spec.org')
   >>> parseaddr('Real Name ((comment)) <addr...@example.com>')
-  ('Real Name', 'addr...@example.com')
-  >>> parseaddr('a(WRONG)@b')
-  ('WRONG', 'a@b')
+  ('Real Name (comment)', 'addr...@example.com')
   """
-  #return email.Utils.parseaddr(t)
-  res = rfc822.parseaddr(t)
+  #return email.utils.parseaddr(t)
+  res = email.utils.parseaddr(t)
   # dirty fix for some broken cases
   if not res[0]:
     pos = t.find('<')
@@ -68,7 +146,7 @@ def parseaddr(t):
       pos1 = addrspec.rfind(':')
       if pos1 > 0:
         addrspec = addrspec[pos1+1:]
-      return rfc822.parseaddr('"%s" <%s>' % (t[:pos].strip(),addrspec))
+      return email.utils.parseaddr('"%s" <%s>' % (t[:pos].strip(),addrspec))
   if not res[1]:
     pos = t.find('<')
     if pos > 0 and t[-1] == '>':
@@ -76,9 +154,19 @@ def parseaddr(t):
       pos1 = addrspec.rfind(':')
       if pos1 > 0:
         addrspec = addrspec[pos1+1:]
-      return rfc822.parseaddr('%s<%s>' % (t[:pos].strip(),addrspec))
+      return email.utils.parseaddr('%s<%s>' % (t[:pos].strip(),addrspec))
   return res
 
+## Fix email.base64mime.decode to add any missing padding
+def decode(s, convert_eols=None):
+  if not s: return s
+  while len(s) % 4: s += '='	# add missing padding
+  dec = a2b_base64(s)
+  if convert_eols:
+      return dec.replace(CRLF, convert_eols)
+  return dec
+    
+email.base64mime.decode = decode
 
 def parse_addr(t):
   """Split email into user,domain.
@@ -91,13 +179,27 @@ def parse_addr(t):
   ['user@bar', 'example.com']
   >>> parse_addr('foo')
   ['foo']
+  >>> parse_addr('@mx.example.com:user@example.com')
+  ['user', 'example.com']
+  >>> parse_addr('@user@example.com')
+  ['@user', 'example.com']
   """
   if t.startswith('<') and t.endswith('>'): t = t[1:-1]
   if t.startswith('"'):
     if t.endswith('"'): return [t[1:-1]]
     pos = t.find('"@')
     if pos > 0: return [t[1:pos],t[pos+2:]]
-  return t.split('@')
+  if t.startswith('@'):
+    try: t = t.split(':',1)[1]
+    except IndexError: pass
+  return t.rsplit('@',1)
+
+## Decode headers gratuitously encoded to hide the content.
+# Spammers often encode headers to obscure the content from
+# spam filters.  This function decodes gratuitously encoded
+# headers.
+# @param val    the raw header value
+# @return the decoded value or the original raw value
 
 def parse_header(val):
   """Decode headers gratuitously encoded to hide the content.
@@ -109,17 +211,19 @@ def parse_header(val):
     for s,enc in h:
       if enc:
         try:
-	  u.append(unicode(s,enc))
-	except LookupError:
-	  u.append(unicode(s))
+          u.append(s.decode(enc,'replace'))
+        except LookupError:
+          u.append(s.decode())
       else:
-	u.append(unicode(s))
+        u.append(s.decode())
     u = ''.join(u)
-    for enc in ('us-ascii','iso-8859-1','utf8'):
+    if type(u) is str: return u
+    for enc in ('us-ascii','iso-8859-1','utf-8'):
       try:
-	return u.encode(enc)
+        return u.encode(enc)
       except UnicodeError: continue
   except UnicodeDecodeError: pass
   except LookupError: pass
-  except email.Errors.HeaderParseError: pass
+  except ValueError: pass
+  except email.errors.HeaderParseError: pass
   return val

README.md

@@ -1,5 +1,4 @@
-Abstract
---------
+# Abstract
 
 This is a python extension module to enable python scripts to attach to
 Sendmail's libmilter API, enabling filtering of messages as they arrive.
@@ -7,70 +6,49 @@ Since it's a script, you can do anything you want to the message - screen
 out viruses, collect statistics, add or modify headers, etc.  You can, at
 any point, tell Sendmail to reject, discard, or accept the message.
 
+Additional python modules provide for navigating and modifying MIME parts, and
+sending DSNs or doing CBVs.
 
-Requirements
-------------
+# Requirements 
 
-This python milter extension: http://www.bmsi.com/python/milter.html
+Python milter extension: https://pypi.org/project/pymilter/
 Python: http://www.python.org
 Sendmail: http://www.sendmail.org
-NB: From Sendmail's libmilter/README:
+   or
+Postfix: http://www.postfix.org/MILTER_README.html
 
-libmilter requires pthread support in the operating system.  Moreover, it
-requires that the library functions it uses are thread safe; which is true
-for the operating systems libmilter has been developed and tested on.  On
-some operating systems this requires special compile time options (e.g.,
-not just -pthread).  libmilter is currently known to work on (modulo
-problems in the pthread support of some specific versions):
+# Quick Installation
 
-FreeBSD 3.x, 4.x
-SunOS 5.x (x >= 5)
-AIX 4.3.x
-HP UX 11.x
-Linux (recent versions/distributions)
-OpenBSD
-AIX 4.1.5
-
-libmilter is currently not supported on:
-
-IRIX 6.x
-Ultrix
-
-Quick Installation
-------------------
-
-1. Build and install Sendmail, enabling libmilter (see libmilter/README).
-2. Build and install Python, enabling threading.
-3. Install this module: python setup.py --help
-4. Add these two lines to sendmail.cf[*]:
-
-O InputMailFilters=pythonfilter
-Xpythonfilter,        S=local:/home/username/pythonsock
-
-5. Run the sample.py example milter with: python sample.py
-Note that milters should almost certainly not run as root.
+ 1. Build and install Sendmail, enabling libmilter (see libmilter/README).
+ 2. Build and install Python, enabling threading.
+ 3. Install this module: python setup.py --help
+ 4. Add these two lines to sendmail.cf[a]:
+```
+ O InputMailFilters=pythonfilter
+ Xpythonfilter,        S=local:/home/username/pythonsock
+```
+ 5. Run the sample.py example milter with: python sample.py
+ Note that milters should almost certainly not run as root.
 
 That's it.  Incoming mail will cause the milter to print some things, and
 some email will be rejected (see the "header" method).  Edit and play.  
 See spfmilter.py for a functional SPF milter, or see bms.py for an complex
 milter used in production.
 
-[*] This is for a quick test.  Your sendmail.cf in most distros will get
+[a] This is for a quick test.  Your sendmail.cf in most distros will get
 overwritten whenever sendmail.mc is updated.  To make a milter permanent,
 add something like:
-
+```
 INPUT_MAIL_FILTER(`pythonfilter', `S=local:/home/username/pythonsock, F=T, T=C:5m;S:20s;R:5m;E:5m')
-
+```
 to sendmail.mc instead.
 
-Not-so-quick Installation
--------------------------
+# Not-so-quick Installation
 
 First install Sendmail.  Make sure you read libmilter/README in the Sendmail
 source directory, and make sure you enable libmilter before you build.  The
 8.11 series had libmilter marked as FFR (For Future Release); 8.12
-officially
-supports libmilter, but it's still not built by default.
+officially supports libmilter, but it's still not built by default.
 
 Install Python, and enable threading in Modules/Setup.
 
@@ -78,18 +56,13 @@ Install this miltermodule package; DistUtils Automatic Installation:
 
 $ python setup.py --help
 
-For versions of python prior to 2.0, you will need to download distutils
-separately or build manually.  You will need to download unittest
-separately to run the test programs.  The bdist_rpm distutils option seems
-not to work for python 2.0; upgrade to at least 2.1.1.
-
 Now that everything is installed, we need to tell sendmail that we're going
 to filter incoming email.  Add lines similar to the following to
 sendmail.cf:
-
+```
 O InputMailFilters=pythonfilter
 Xpythonfilter,        S=local:/home/username/pythonsock
-
+```
 The "O" line tells sendmail which filters to use in what order; here we're
 telling sendmail to use the filter named "pythonfilter".
 
@@ -103,49 +76,24 @@ NB: The name is specified in two places: here, in sendmail's cf file, and
 in the milter itself.  Make sure the two match.
 
 NB: The above lines can be added in your .mc file with this line:
-
+```
 INPUT_MAIL_FILTER(`pythonfilter', `S=local:/home/username/pythonsock')
-
+```
 For versions of sendmail prior to 8.12, you will need to enable
-_FFR_MILTER for the cf macros.  For example,
-
+`_FFR_MILTER` for the cf macros.  For example,
+```
 m4 -D_FFR_MILTER ../m4/cf.m4 myconfig.mc > myconfig.cf
-
-
-RedHat 6.2 Notes
-----------------
-
-The Redhat 6.2 sendmail RPM does not enable milter.  You can obtain a
-modified spec file at
-
-http://www.bmsi.com/linux/rh62/sendmail-rhmilter.spec
-
-use it to rebuild the Redhat 7.2 SRPM.  The RH6.2 SRPM does not have
-recent sendmail security patches.
-
-RedHat 7.2 Notes
-----------------
-
-The Redhat 7.2 sendmail RPM enables milter in sendmail - but does not include
-the headers needed for compiling a milter.  You can obtain a modified spec
-file with a sendmail-devel package that includes the needed static libraries
-and headers at
-
-http://www.bmsi.com/linux/sendmail-rh72.spec
-
-IPv6 Notes
-----------
-
-IPv6 is still experimental.
+```
+# IPv6 Notes
 
 The IPv6 protocol is supported if your operation system supports it
 and if sendmail was compiled with IPv6 support.  To determine if your
 sendmail supports IPv6, run "sendmail -d0" and check for the NETINET6
 compilation option.  To compile sendmail with IPv6 support, add this
 declaration to your site.config.m4 before building it:
-
+```
 APPENDDEF(`confENVDEF', `-DNETINET6=1')
-
+```
 IPv6 support can show up in two places; the communications socket
 between the milter and sendmail processes and in the host address
 argument to the connect() callback method.
@@ -156,34 +104,34 @@ want to allow both IPv4 and IPv6 connections, some operating systems
 will require that each listens to different port numbers.  For an
 IPv6-only setup, your sendmail configuration should contain a line
 similar to (first line is for sendmail.mc, second is sendmail.cf):
-
+```
 DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6, Modify=C, Port=25')
 O DaemonPortOptions=Name=MTA-v6, Family=inet6, Modify=C, Port=25
-
+```
 To allow sendmail and the milter process to communicate with each
 other over IPv6, you may use the "inet6" socket name prefix, as in:
-
+```
 Xpythonfilter,        S=inet6:1234@fec0:0:0:7::5c
-
+```
 The connect() callback method in the milter class will pass the
 IPv6-specific information in the 'hostaddr' argument as a tuple.  Note
 that the type of this value is dependent upon the protocol family, and
 is not compatible with IPv4 connections.  Therefore you should always
 check the family argument before attempting to use the hostaddr
 argument.  A quick example showing this follows:
-
+```
   import socket
-  ...
-  class ipv6awareMilter(Milter.Milter):
-  ...
-     def connect(self,hostname,family,hostaddr):
-        if family==socket.AF_INET:
-           ipaddress, port = hostaddr
-        elif family==socket.AF_INET6:
-           ip6address, port, flowinfo, scopeid = hostaddr
-        elif family==socket.AF_UNIX:
-           socketpath = hostaddr
   
+  class ipv6awareMilter(Milter.Milter):
+     
+     def connect(self,hostname,family,hostaddr):
+	if family==socket.AF_INET:
+	   ipaddress, port = hostaddr
+	elif family==socket.AF_INET6:
+	   ip6address, port, flowinfo, scopeid = hostaddr
+	elif family==socket.AF_UNIX:
+	   socketpath = hostaddr
+```
 The hostname argument is always safe to use without interpreting the
 protocol family.  For IPv6 connections for which the hostname can not
 be determined the hostname will appear similar to the string
@@ -191,11 +139,10 @@ be determined the hostname will appear similar to the string
 RFC 2553 for information on interpreting and using the flowinfo and
 scopeid socket attributes, both of which are integers.
 
-Authors
--------
+# Authors
 
 Jim Niemira (urmane@urmane.org) wrote the original C module and some quick
-and dirty python to use it.  Stuart D. Gathman (stuart@bmsi.com) took that
+and dirty python to use it.  Stuart D. Gathman (stuart@gathman.org) took that
 kludge and added threading and context objects to it, wrote a proper OO
 wrapper (Milter.py) that handles attachments, did lots of testing, packaged
 it with distutils, and generally transformed it from a quick hack to a

TODO

@@ -1,6 +1,4 @@
-Support smfi_negotiate and auto negotiate only those callbacks for which 
-Milter.Milter methods have been overridden.  (Python should be able to
-do that.)
+Test case for Milter/dsn.py
 
 Lookup exact RFC syntax of real name / email and make 
 Milter.utils.parse_addr() pass all unit tests.

doc/mainpage.py

@@ -0,0 +1,98 @@
+## @mainpage Writing Milters in Python
+#
+# At the lowest level, the <code>milter</code> module provides a thin wrapper
+# around the <a href="milter_api/index.html"> sendmail
+# libmilter API</a>.  This API lets you register callbacks for a number of
+# events in the process of sendmail receiving a message via SMTP.  These
+# events include the initial connection from a MTA, the envelope sender and
+# recipients, the top level mail headers, and the message body.  There are
+# options to mangle all of these components of the message as it passes through
+# the %milter.
+# 
+# At the next level, the <code>Milter</code> module (note the case difference)
+# provides a Python friendly object oriented wrapper for the low level API.  To
+# use the Milter module, an application registers a 'factory' to create an
+# object for each connection from a MTA to sendmail.  These connection objects
+# must provide methods corresponding to the libmilter event callbacks.
+# 
+# Each callback method returns a code to tell sendmail whether to proceed with
+# processing the message.  This is a big advantage of milters over other mail
+# filtering systems.  Unwanted mail can be stopped in its tracks at the
+# earliest possible point.  The callback return codes are
+# milter.CONTINUE, milter.REJECT, milter.DISCARD, milter.ACCEPT, 
+# milter.TEMPFAIL, milter.SKIP, milter.NOREPLY.
+# 
+# The Milter.Base class provides default implementations for
+# event methods that do nothing, and also provides wrappers for the libmilter
+# methods to mutate the message.  It automatically negotiates with MTA
+# which protocol steps need to be processed by the %milter, based on
+# which callback methods are overridden.
+#
+# The Milter.Milter class provides an alternate default
+# implementation that logs the main milter callbacks, but otherwise does
+# nothing.  It is provided for compatibility.
+# 
+# The mime module provides a wrapper for the Python email package
+# that fixes some bugs, and simplifies modifying selected parts of a MIME
+# message.
+#
+# @section threading
+#
+# The libmilter library which pymilter wraps 
+# <a href="milter_overview#SignalHandling">handles
+# all signals</a> itself, and expects to be called from a single main thread.
+# It handles SIGTERM, SIGHUP, and SIGINT, mapping the first two to 
+# <a href="milter_api/smfi_stop.html">smfi_stop</a>
+# and the last to an internal ABORT.
+#
+# If you use python threads or threading modules, then signal handling gets
+# confused.  Threads may still be useful, but you may need to provide an
+# alternate means of causing graceful shutdown.
+#
+# You may find the
+# <a href="http://docs.python.org/release/2.6.6/library/multiprocessing.html">
+# multiprocessing</a> module useful.  It can be a drop-in
+# replacement for threading as illustrated in 
+# <a href="milter-template_8py-example.html">milter-template.py</a>.
+#
+# @section Useful python packages for milters
+#
+# <a href="https://github.com/sdgathman/pymilter">pymilter</a> - this package.
+#
+# <a href="https://github.com/sdgathman/pyspf">pyspf</a> checks the
+# SMTP envelope sender (MAIL FROM, passed to the Milter.Base.envfrom callback)
+# against a Sender Policy published in DNS by the sending domain.  This
+# can prevent forgery of the MAIL FROM.  SPF is Sender Policy Framework.
+#
+# <a href="https://launchpad.net/dkimpy">pydkim</a> checks a DKIM signature
+# of the email body and headers against a public key published in DNS by
+# the signing domain.  DKIM is DomainKeys Identified Mail.
+#
+# The <a href="https://pypi.python.org/pypi/authres/">authres</a> module 
+# parses and formats the Authentication-Results email header, providing
+# a standard place to summarize the results from DKIM, SPF, rDNS, SMTP AUTH,
+# and other email authentication methods.
+#
+# <a href="https://github.com/sdgathman/pydspam/">pydspam</a> wraps 
+# the libdspam API of the <a href="http://dspam.sourceforge.net/">DSPAM</a>
+# project.
+#
+# <a href="https://github.com/sdgathman/pysrs/">pysrs</a> rewrites
+# MAIL FROM to include a timestamped signature so that "bounce spam"
+# can be immediately rejected.
+#
+# <a href="https://github.com/sdgathman/pygossip/">pygossip</a> is a 
+# system to track reputation by domain and authentication level and type,
+# and a simple protocol to gossip about reputations with other mail servers.
+#
+# @section Milters written with pymilter
+#
+# <a href="https://github.com/croessner/vrfydmn">Verify Domain</a> is a
+# Postfix milter that rejects/fixes manipulated From: header
+# on a mail host with multiple virtual domains.
+#
+# <a href="https://github.com/sdgathman/milter/">BMS Milter</a> has several
+# milters, a big complicated spam filter that integrates multiple
+# authentication protocols with pydspam, and two simple ones: spfmilter.py and
+# dkim-milter.py.
+#

doc/milter.py

@@ -0,0 +1,251 @@
+# Document miltermodule for Doxygen
+#
+
+## @package milter
+#
+# A thin wrapper around libmilter.  Most users will not import
+# milter directly, but will instead import Milter and subclass
+# Milter.Base.  This module gives you ultimate low level control
+# from python.
+#
+
+## Continue processing the current connection, message, or recipient.
+CONTINUE  = 0
+##  For a connection-oriented routine, reject this connection; 
+# call Milter.Base.close(). For a message-oriented routine, except
+# Milter.Base.eom() or Milter.Base.abort(), reject this message.  For a
+# recipient-oriented routine, reject the current recipient (but continue
+# processing the current message).
+REJECT    = 1
+
+## For a message- or recipient-oriented routine, accept this message, but
+# silently discard it.  SMFIS_DISCARD should not be returned by a
+# connection-oriented routine.
+DISCARD   = 2
+
+## For a connection-oriented routine, accept this connection without further
+# filter processing; call Milter.Base.close().   For a message- or
+# recipient-oriented routine, accept this message without further filtering.
+ACCEPT    = 3
+
+## Return a temporary failure, i.e., the corresponding SMTP command will return
+# an appropriate 4xx status code. For a message-oriented routine, except
+# Milter.Base.envfrom(), fail for this message.  For a connection-oriented
+# routine, fail for this connection; call Milter.Base.close().  For a recipient-oriented
+# routine, only
+# fail for the current recipient; continue message processing.
+TEMPFAIL  = 4
+
+## Skip further callbacks of the same type in this transaction. 
+# Currently this return value is only allowed in Milter.Base.body(). It can be
+# used if a %milter has received sufficiently many body chunks to make a
+# decision, but still wants to invoke message modification functions that are
+# only allowed to be called from Milter.Base.eom(). Note: the %milter must
+# negotiate this behavior with the MTA, i.e., it must check whether the
+# protocol action SMFIP_SKIP is available and if so, the %milter must request
+# it.
+SKIP      = 5
+
+## Do not send a reply back to the MTA. 
+# The %milter must negotiate this behavior with the MTA, i.e., it must check
+# whether the appropriate protocol action P_NR_* is available and if so,
+# the %milter must request it. If you set the P_NR_* protocol action for a
+# callback, that callback must always reply with NOREPLY. Using any other
+# reply code is a violation of the API. If in some cases your callback may
+# return another value (e.g., due to some resource shortages), then you must
+# not set P_NR_* and you must use CONTINUE as the default return
+# code. (Alternatively you can try to delay reporting the problem to a later
+# callback for which P_NR_* is not set.)
+#
+# This is negotiated and returned automatically by the Milter.noreply 
+# function decorator.
+NOREPLY   = 6
+
+## Hold context for a %milter connection.
+# Each connection to sendmail creates a new <code>SMFICTX</code> struct within
+# libmilter.  The milter module in turn creates a milterContext
+# tied to the <code>SMFICTX</code> struct via <code>smfi_setpriv</code>
+# to hold a PyThreadState and a user defined Python object for the connection.
+# 
+# Most application interaction with libmilter takes places via 
+# the milterContext object for the connection.  It is passed to
+# callback functions as the first parameter.
+#
+# The <code>Milter</code> module creates a python class for each connection,
+# and converts function callbacks to instance method invocations.
+#
+class milterContext(object):
+  ## Calls <a href="milter_api/smfi_getsymval.html">smfi_getsymval</a>.
+  def getsymval(self,sym): pass
+  ## Calls <a href="milter_api/smfi_setreply.html">
+  # smfi_setreply</a> or
+  # <a href="milter_api/smfi_setmlreply.html">
+  # smfi_setmlreply</a>.
+  # @param rcode SMTP response code
+  # @param xcode extended SMTP response code
+  # @param msg one or more message lines.  If the MTA does not support 
+  #     multiline messages, only the first is used.
+  def setreply(self,rcode,xcode,*msg): pass
+  ## Calls <a href="milter_api/smfi_addheader.html">smfi_addheader</a>.
+  def addheader(self,name,value,idx=-1): pass
+  ## Calls <a href="milter_api/smfi_chgheader.html">smfi_chgheader</a>.
+  def chgheader(self,name,idx,value): pass
+  ## Calls <a href="milter_api/smfi_addrcpt.html">smfi_addrcpt</a>.
+  def addrcpt(self,rcpt,params=None): pass
+  ## Calls <a href="milter_api/smfi_delrcpt.html">smfi_delrcpt</a>.
+  def delrcpt(self,rcpt): pass
+  ## Calls <a href="milter_api/smfi_replacebody.html">smfi_replacebody</a>.
+  def replacebody(self,data): pass
+  ## Attach a Python object to this connection context.
+  # @return the old value or None
+  def setpriv(self,priv): pass
+  ## Return the Python object attached to this connection context.
+  def getpriv(self): pass
+  ## Calls <a href="milter_api/smfi_quarantine.html">smfi_quarantine</a>.
+  def quarantine(self,reason): pass
+  ## Calls <a href="milter_api/smfi_progress.html">smfi_progress</a>.
+  def progress(self): pass
+  ## Calls <a href="milter_api/smfi_chgfrom.html">smfi_chgfrom</a>.
+  def chgfrom(self,sender,param=None): pass
+  ## Tell the MTA which macro values we are interested in for a given stage.
+  # Of interest only when you need to squeeze a few more bytes of bandwidth.
+  # It may only be called from the negotiate callback.
+  # The protocol stages are 
+  # M_CONNECT, M_HELO, M_ENVFROM, M_ENVRCPT, M_DATA, M_EOM, M_EOH.
+  # Calls <a href="milter_api/smfi_setsymlist.html">smfi_setsymlist</a>.
+  # @param stage protocol stage in which the macro list should be used
+  # @param macrolist a space separated list of macro names
+  def setsymlist(self,stage,macrolist): pass
+
+class error(Exception): pass
+
+## Enable optional %milter actions.
+# Certain %milter actions need to be enabled before calling main()
+# or they throw an exception.  Pymilter enables them all by
+# default (since 0.9.2), but you may wish to disable unneeded
+# actions as an optimization.
+# @param flags Bit or mask of optional actions to enable
+def set_flags(flags): pass
+
+def set_connect_callback(cb): pass
+def set_helo_callback(cb): pass
+def set_envfrom_callback(cb): pass
+def set_envrcpt_callback(cb): pass
+def set_header_callback(cb): pass
+def set_eoh_callback(cb): pass
+def set_body_callback(cb): pass
+def set_abort_callback(cb): pass
+def set_close_callback(cb): pass
+
+## Sets the return code for untrapped Python exceptions during a callback.
+# The default is TEMPFAIL.  You should not depend on this handler.  Your
+# application should have its own top level exception handler for each
+# callback.  You can then choose your own reply message, log the stack track
+# were you please, and so on.  However, if you miss one, this last ditch
+# handler will print a standard stack trace to sys.stderr, and return to
+# sendmail.  
+# @param code one of #TEMPFAIL,#REJECT,#CONTINUE, or since 1.0, #ACCEPT
+def set_exception_policy(code): pass
+
+## Register python %milter with libmilter.
+# The name we pass is used to identify the %milter in the MTA configuration.
+# Callback functions must be set using the set_*_callback() functions before
+# registering the %milter.
+# Three additional callbacks are specified as keyword parameters.  These
+# were added by recent versions of libmilter.  The keyword parameters is
+# a nicer way to do it, I think, since it makes clear that you have to do
+# it before registering.  I may move all the callbacks in the future (perhaps
+# keeping the set functions for compatibility).  Note that Milter.Base
+# automatically maps all callbacks to member functions, and negotiates which
+# member functions are actually overridden by an application class.
+# @param name the %milter name by which the MTA finds us
+# @param negotiate the
+#       <a href="milter_api/xxfi_negotiate.html">
+#       xxfi_negotiate</a> callback, called to negotiate supported
+#       actions, callbacks, and protocol steps.
+# @param unknown the
+#       <a href="milter_api/xxfi_unknown.html">
+#       xxfi_unknown</a> callback, called when for SMTP commands
+#       not recognized by the MTA. (Extend SMTP in your milter!)
+# @param data the
+#       <a href="milter_api/xxfi_data.html">
+#       xxfi_data</a> callback, called when the DATA
+#       SMTP command is received.
+def register(name,negotiate=None,unknown=None,data=None): pass
+
+## Attempt to create the socket used to communicate with the MTA.
+# milter.opensocket() attempts to create the socket specified previously by a
+# call to milter.setconn() which will be the interface between MTAs and the
+# %milter.  This allows the calling application to ensure that the socket can be
+# created.  If this is not called, milter.main() will do so implicitly.
+# Calls <a href="milter_api/smfi_opensocket.html">
+# smfi_opensocket</a>.  While not documented for libmilter, my experiments
+# indicate that you must call register() before calling opensocket().
+# @param rmsock Try to remove an existing unix domain socket if true.
+def opensocket(rmsock): pass
+
+## Transfer control to libmilter.
+# Calls <a href="milter_api/smfi_main.html">
+#   smfi_main</a>.
+def main(): pass
+
+## Set the libmilter debugging level.
+# <a href="milter_api/smfi_setdbg.html">smfi_setdbg</a>
+# sets the %milter library's internal debugging level to a new level
+# so that code details may be traced. A level of zero turns off debugging. The
+# greater (more positive) the level the more detailed the debugging. Six is the
+# current, highest, useful value.  Must be called before calling main().
+def setdbg(lev): pass
+
+## Set timeout for MTA communication.
+# Calls <a href="milter_api/smfi_settimeout.html">
+# smfi_settimeout</a>.  Must be called before calling main().
+def settimeout(secs): pass
+
+## Set socket backlog.
+# Calls <a href="milter_api/smfi_setbacklog.html">
+# smfi_setbacklog</a>.  Must be called before calling main().
+def setbacklog(n): pass
+
+## Set the socket used to communicate with the MTA.
+# The MTA can communicate with the milter by means of a
+# unix, inet, or inet6 socket. By default, a unix domain socket
+# is used.  It must not exist,
+# and sendmail will throw warnings if, eg, the file is under a
+# group or world writable directory.  milter.setconn() will not fail with
+# an invalid socket - this will be detected only when calling milter.main()
+# or milter.opensocket().
+# @param s the socket address in proto:address format
+# <pre>
+# milter.setconn('unix:/var/run/pythonfilter')  # a named pipe
+# milter.setconn('local:/var/run/pythonfilter') # a named pipe
+# milter.setconn('inet:8800') 			# listen on ANY interface
+# milter.setconn('inet:7871@@publichost')	# listen on a specific interface
+# milter.setconn('inet6:8020')
+# milter.setconn('inet6:8020@[2001:db8:1234::1]')      # listen on specific IP
+# </pre>
+def setconn(s): pass
+
+## Stop the %milter gracefully.
+def stop(): pass
+
+## Retrieve diagnostic info.
+# Return a tuple with diagnostic info gathered by the milter module.
+# The first two fields are counts of milterContext objects created
+# and deleted.  Additional fields may be added later.
+# @return a tuple of diagnostic data
+def getdiag(): pass
+
+## Retrieve the runtime libmilter version.
+# Return the runtime libmilter version. This can be different
+# from the compile time version when sendmail or libmilter is upgraded
+# after pymilter is compiled.
+# @return a tuple of <code>(major,minor,patchlevel)</code>
+def getversion(): pass
+
+## The compile time libmilter version.
+# Python code might need to deal with pymilter compiled 
+# against various versions of libmilter.  This module constant 
+# contains the contents of the <code>SMFI_VERSION</code> macro when
+# the milter module was compiled.
+VERSION = 0x1000001

makefile

@@ -0,0 +1,18 @@
+web:
+	doxygen
+	test -L doc/html/milter_api || ln -sf /usr/share/doc/sendmail-milter-devel doc/html/milter_api
+	rsync -ravKk doc/html/ pymilter.org:/var/www/html/milter/pymilter
+	cd doc/html; zip -r ../../doc .
+
+VERSION=1.0.5
+PKG=pymilter-$(VERSION)
+SRCTAR=$(PKG).tar.gz
+
+$(SRCTAR):
+	git archive --format=tar.gz --prefix=$(PKG)/ -o $(SRCTAR) $(PKG)
+
+# add extra copy of name like github so annoyingly does...
+github:
+	git archive --format=tar.gz --prefix=pymilter-$(PKG)/ -o $(SRCTAR) $(PKG)
+
+gittar: $(SRCTAR)

milter-nomix.py

@@ -0,0 +1,80 @@
+## A very simple sample milter to prevent mixing of internal and external mail.
+# Internal is defined as using one of a list of internal top level domains.
+#  This code is open-source on the same terms as Python.
+
+from __future__ import print_function
+import Milter
+import time
+import sys
+from Milter.utils import parse_addr
+
+internal_tlds = ["corp", "personal"]
+
+## Determine if a hostname is internal or not. 
+# True if internal, False otherwise
+def is_internal(hostname):
+    components = hostname.split(".")
+    return components.pop() in internal_tlds
+
+# Determine if internal and external hosts are mixed based on a list
+# of hostnames
+def are_mixed(hostnames):
+    hostnames_mapped = map(is_internal, hostnames)
+
+    # Num internals
+    num_internal_hosts = hostnames_mapped.count(True)
+
+    # Num externals
+    num_external_hosts = hostnames_mapped.count(False)
+
+    return num_external_hosts >= 1 and num_internal_hosts >= 1
+
+class NoMixMilter(Milter.Base):
+
+  def __init__(self):  # A new instance with each new connection.
+    self.id = Milter.uniqueID()  # Integer incremented with each call.
+
+
+  ##  def envfrom(self,f,*str):
+  @Milter.noreply
+  def envfrom(self, mailfrom, *str):
+    self.mailfrom = mailfrom
+    self.domains = []
+    t = parse_addr(mailfrom)
+    if len(t) > 1:
+      self.domains.append(t[1])
+    else:
+      self.domains.append('local')
+    self.internal = False
+    return Milter.CONTINUE
+
+  ##  def envrcpt(self, to, *str):
+  def envrcpt(self, to, *str):
+    self.R.append(to)
+    t = parse_addr(to)
+    if len(t) > 1:
+      self.domains.append(t[1])
+    else:
+      self.domains.append('local')
+
+    if are_mixed(self.domains):
+      # FIXME: log recipients collected in self.mailfrom and self.R
+      self.setreply('550','5.7.1','Mixing internal and external TLDs')
+      return Milter.REJECT
+        
+    return Milter.CONTINUE
+    
+def main():
+  socketname = "/var/run/nomixsock"
+  timeout = 600
+  # Register to have the Milter factory create instances of your class:
+  Milter.factory = NoMixMilter
+  print("%s milter startup" % time.strftime('%Y%b%d %H:%M:%S'))
+  sys.stdout.flush()
+  Milter.runmilter("nomixfilter",socketname,timeout)
+  logq.put(None)
+  bt.join()
+  print("%s nomix milter shutdown" % time.strftime('%Y%b%d %H:%M:%S'))
+
+if __name__ == "__main__":
+  main()

mime.py

@@ -1,100 +1,43 @@
-# $Log$
-# Revision 1.4  2005/06/17 01:49:39  customdesigned
-# Handle zip within zip.
+## @package mime
+# This module provides a "defang" function to replace naughty attachments.
 #
-# Revision 1.3  2005/06/02 15:00:17  customdesigned
-# Configure banned extensions.  Scan zipfile option with test case.
-#
-# Revision 1.2  2005/06/02 04:18:55  customdesigned
-# Update copyright notices after reading article on /.
-#
-# Revision 1.1.1.4  2005/05/31 18:23:49  customdesigned
-# Development changes since 0.7.2
-#
-# Revision 1.62  2005/02/14 22:31:17  stuart
-# _parseparam replacement not needed for python2.4
-#
-# Revision 1.61  2005/02/12 02:11:11  stuart
-# Pass unit tests with python2.4.
-#
-# Revision 1.60  2005/02/11 18:34:14  stuart
-# Handle garbage after quote in boundary.
-#
-# Revision 1.59  2005/02/10 01:10:59  stuart
-# Fixed MimeMessage.ismodified()
-#
-# Revision 1.58  2005/02/10 00:56:49  stuart
-# Runs with python2.4.  Defang not working correctly - more work needed.
-#
-# Revision 1.57  2004/11/20 16:37:52  stuart
-# fix regex for splitting header and body
-#
-# Revision 1.56  2004/11/09 20:33:51  stuart
-# Recognize more dynamic PTR variations.
-#
-# Revision 1.55  2004/10/06 21:39:20  stuart
-# Handle message attachments with boundary errors by not parsing them
-# until needed.
-#
-# Revision 1.54  2004/08/18 01:59:46  stuart
-# Handle mislabeled multipart messages
-#
-# Revision 1.53  2004/04/24 22:53:20  stuart
-# Rename some local variables to avoid shadowing builtins
-#
-# Revision 1.52  2004/04/24 22:47:13  stuart
-# Convert header values to str
-#
-# Revision 1.51  2004/03/25 03:19:10  stuart
-# Correctly defang rfc822 attachments when boundary specified with
-# content-type message/rfc822.
-#
-# Revision 1.50  2003/10/15 22:01:00  stuart
-# Test for and work around email bug with encoded filenames.
-#
-# Revision 1.49  2003/09/04 18:48:13  stuart
-# Support python-2.2.3
-#
-# Revision 1.48  2003/09/02 00:27:27  stuart
-# Should have full milter based dspam support working
-#
-# Revision 1.47  2003/08/26 06:08:18  stuart
-# Use new python boolean since we now require 2.2.2
-#
-# Revision 1.46  2003/08/26 05:01:38  stuart
-# Release 0.6.0
-#
-# Revision 1.45  2003/08/26 04:01:24  stuart
-# Use new email module for parsing mail.  Still need mime module to
-# provide various bug fixes to email module, and maintain some compatibility
-# with old milter code.
-#
-
-# This module provides a "defang" function to replace naughty attachments
-# with a warning message.
+# We also provide workarounds for bugs in the email module that comes 
+# with python.  The "bugs" fixed mostly come up only with malformed
+# messages - but that is what you have when dealing with spam.
 
 # Author: Stuart D. Gathman <stuart@bmsi.com>
 # Copyright 2001,2002,2003,2004,2005 Business Management Systems, Inc.
 # This code is under the GNU General Public License.  See COPYING for details.
 
-import StringIO
+from __future__ import print_function
+try:
+  from io import BytesIO, StringIO
+except:
+  from StringIO import StringIO 
+  BytesIO = StringIO
 import socket
 import Milter
 import zipfile
+import sys
 
 import email
-import email.Message
-from email.Message import Message
-from email.Generator import Generator
-from email.Utils import quote
-from email import Utils
-from email.Parser import Parser
-from email import Errors
+from email.message import Message
+try:
+  from email.generator import BytesGenerator
+  from email import message_from_binary_file, encoders
+except:
+  from email.generator import Generator as BytesGenerator
+  from email import message_from_file as message_from_binary_file
+  from email import Encoders as encoders
+from email.utils import quote
 
-from types import ListType,StringType
+if not getattr(Message,'as_bytes',None):
+  Message.as_bytes = Message.as_string
 
+## Return a list of filenames in a zip file.
+# Embedded zip files are recursively expanded.
 def zipnames(txt):
-  fp =  StringIO.StringIO(txt)
+  fp =  BytesIO(txt)
   zipf = zipfile.ZipFile(fp,'r')
   names = []
   for nm in zipf.namelist():
@@ -103,60 +46,62 @@ def zipnames(txt):
       names += zipnames(zipf.read(nm))
   return names
 
-class MimeGenerator(Generator):
+## Fix multipart handling in email.Generator.
+#
+class MimeGenerator(BytesGenerator):
     def _dispatch(self, msg):
         # Get the Content-Type: for the message, then try to dispatch to
         # self._handle_<maintype>_<subtype>().  If there's no handler for the
         # full MIME type, then dispatch to self._handle_<maintype>().  If
         # that's missing too, then dispatch to self._writeBody().
         main = msg.get_content_maintype()
-	if msg.is_multipart() and main.lower() != 'multipart':
-	  self._handle_multipart(msg)
-	else:
-	  Generator._dispatch(self,msg)
+        if msg.is_multipart() and main.lower() != 'multipart':
+          self._handle_multipart(msg)
+        else:
+          BytesGenerator._dispatch(self,msg)
 
 def unquote(s):
     """Remove quotes from a string."""
     if len(s) > 1:
         if s.startswith('"'):
-	  if s.endswith('"'):
+          if s.endswith('"'):
             s = s[1:-1]
-	  else: # remove garbage after trailing quote
-	    try: s = s[1:s[1:].index('"')+1]
-	    except:
-	      return s
-	  return s.replace('\\\\', '\\').replace('\\"', '"')
+          else: # remove garbage after trailing quote
+            try: s = s[1:s[1:].index('"')+1]
+            except:
+              return s
+          return s.replace('\\\\', '\\').replace('\\"', '"')
         if s.startswith('<') and s.endswith('>'):
-	  return s[1:-1]
+          return s[1:-1]
     return s
 
-from types import TupleType
-
 def _unquotevalue(value):
-  if isinstance(value, TupleType):
+  if isinstance(value, tuple):
       return value[0], value[1], unquote(value[2])
   else:
       return unquote(value)
 
 #email.Message._unquotevalue = _unquotevalue
 
-from email.Message import _parseparam
+from email.message import _parseparam
 
-# Enhance email.Message 
-# - Provide a headerchange event for integration with Milter
-#   Headerchange attribute can be assigned a function to be called when
-#   changing headers.  The signature is:
-#	headerchange(msg,name,value) -> None
-# - Track modifications to headers of body or any part independently
+## Enhance email.message.Message
+#
+# Tracks modifications to headers of body or any part independently.
 
 class MimeMessage(Message):
   """Version of email.Message.Message compatible with old mime module
   """
   def __init__(self,fp=None,seekable=1):
     Message.__init__(self)
-    self.headerchange = None
     self.submsg = None
     self.modified = False
+  ## @var headerchange
+  # Provide a headerchange event for integration with Milter.
+  #   The headerchange attribute can be assigned a function to be called when
+  #   changing headers.  The signature is:
+  #   headerchange(msg,name,value) -> None
+    self.headerchange = None
 
   def get_param(self, param, failobj=None, header='content-type', unquote=True):
     val = Message.get_param(self,param,failobj,header,unquote)
@@ -180,24 +125,24 @@ class MimeMessage(Message):
     """Return a list of (attr,name) pairs of attributes that IE might
        interpret as a name - and hence decide to execute this message."""
     names = []
-    for attr,val in self._get_params_preserve([],'content-type'):
-      if isinstance(val, TupleType):
+    for attr,val in self.get_params([],'content-type',False):
+      if isinstance(val, tuple):
 	  # It's an RFC 2231 encoded parameter
-	  newvalue = _unquotevalue(val)
-	  if val[0]:
-	    val =  unicode(newvalue[2], newvalue[0])
-	  else:
-	    val = unicode(newvalue[2])
+          newvalue = _unquotevalue(val)
+          if val[0]:
+            val =  unicode(newvalue[2], newvalue[0])
+          else:
+            val = unicode(newvalue[2])
       else:
-	  val = _unquotevalue(val.strip())
+          val = _unquotevalue(val.strip())
       names.append((attr,val))
     names += [("filename",self.get_filename())]
     if scan_zip:
       for key,name in tuple(names):	# copy by converting to tuple
-	if name and name.lower().endswith('.zip'):
-	  txt = self.get_payload(decode=True)
-	  if txt.strip():
-	    names += zipnames(txt)
+        if name and name.lower().endswith('.zip'):
+          txt = self.get_payload(decode=True)
+          if txt.strip():
+            names += zipnames(txt)
     return names
 
   def ismodified(self):
@@ -216,9 +161,9 @@ class MimeMessage(Message):
     g = MimeGenerator(file)
     g.flatten(self,unixfrom=unixfrom)
 
-  def as_string(self, unixfrom=False):
+  def as_bytes(self, unixfrom=False):
       "Return the entire formatted message as a string."
-      fp = StringIO.StringIO()
+      fp = BytesIO()
       self.dump(fp,unixfrom=unixfrom)
       return fp.getvalue()
 
@@ -250,6 +195,11 @@ class MimeMessage(Message):
 
   def get_payload(self,i=None,decode=False):
     msg = self.submsg
+    if msg is None:
+      t = self.get_content_type().lower()
+      if t == 'message/rfc822' or t.startswith('multipart/'):
+        msg = super().get_payload()
+        self.submsg = msg
     if isinstance(msg,Message) and msg.ismodified():
       self.set_payload([msg])
     return Message.get_payload(self,i,decode)
@@ -268,18 +218,22 @@ class MimeMessage(Message):
     if t == 'message/rfc822' or t.startswith('multipart/'):
       if not self.submsg:
         txt = self.get_payload()
-	if type(txt) == str:
-	  txt = self.get_payload(decode=True)
-	  self.submsg = email.message_from_string(txt,MimeMessage)
-	  for part in self.submsg.walk():
-	    part.modified = False
-	else:
-	  self.submsg = txt[0]
+        if type(txt) is bytes:
+          self.submsg = email.message_from_bytes(txt,MimeMessage)
+          for part in self.submsg.walk():
+            part.modified = False
+        elif type(txt) is str:
+          txt = self.get_payload(decode=True)
+          self.submsg = email.message_from_string(txt,MimeMessage)
+          for part in self.submsg.walk():
+            part.modified = False
+        else:
+          self.submsg = txt[0]
       return self.submsg
     return None
 
 def message_from_file(fp):
-  msg = email.message_from_file(fp,MimeMessage)
+  msg = message_from_binary_file(fp,MimeMessage)
   for part in msg.walk():
     part.modified = False
   assert not msg.ismodified()
@@ -290,7 +244,7 @@ ade,adp,asd,asx,asp,bas,bat,chm,cmd,com,cpl,crt,dll,exe,hlp,hta,inf,ins,isp,js,
 jse,lnk,mdb,mde,msc,msi,msp,mst,ocx,pcd,pif,reg,scr,sct,shs,url,vb,vbe,vbs,wsc,
 wsf,wsh 
 """.split())
-bad_extensions = map(lambda x:'.' + x,extlist.split(','))
+bad_extensions = ['.' + x for x in extlist.split(',')]
 
 def check_ext(name):
   "Check a name for dangerous Winblows extensions."
@@ -314,7 +268,7 @@ def check_name(msg,savname=None,ckname=check_ext,scan_zip=False):
       if badname:
         if key == 'zipname':
           badname = msg.get_filename()
-	break
+        break
     else:
       return Milter.CONTINUE
   except zipfile.BadZipfile:
@@ -329,19 +283,24 @@ def check_name(msg,savname=None,ckname=check_ext,scan_zip=False):
   msg["Content-Type"] = "text/plain; name="+name
   return Milter.CONTINUE
 
-import email.Iterators
-
-def check_attachments(msg,check):
+def check_attachments(msg,check,lev=None):
   """Scan attachments.
 msg	MimeMessage
 check	function(MimeMessage): int
 	Return CONTINUE, REJECT, ACCEPT
   """
   if msg.is_multipart():
+    if not lev: lev = []
+    lev.append(1)
+    if msg.get_content_type().endswith('/rfc822'):
+      foo = 1
     for i in msg.get_payload():
-      rc = check_attachments(i,check)
+      print('chkm',lev,msg.get_content_type())
+      rc = check_attachments(i,check,lev=lev)
       if rc != Milter.CONTINUE: return rc
+      lev[-1] += 1
     return Milter.CONTINUE
+  print('chk',lev,msg.get_content_type())
   return check(msg)
 
 # save call context for Python without nested_scopes
@@ -361,7 +320,7 @@ class _defang:
     return rc
 
   def __call__(self,msg,savname=None,check=check_ext,scan_rfc822=True,
-  		scan_zip=False):
+		scan_zip=False):
     """Compatible entry point.
     Replace all attachments with dangerous names."""
     self._savname = savname
@@ -376,18 +335,21 @@ class _defang:
 # emulate old defang function
 defang = _defang()
 
-import sgmllib
+if sys.version < '3.0.0':
+    from sgmllib import SGMLParser as HTMLParser
+else:
+    from Milter.sgmllib import SGMLParser as HTMLParser
 
 import re
 declname = re.compile(r'[a-zA-Z][-_.a-zA-Z0-9]*\s*')
 declstringlit = re.compile(r'(\'[^\']*\'|"[^"]*")\s*')
 
-class SGMLFilter(sgmllib.SGMLParser):
+class SGMLFilter(HTMLParser):
   """Parse HTML and pass through all constructs unchanged.  It is intended for
      derived classes to implement exceptional processing for selected cases.
   """
   def __init__(self,out):
-    sgmllib.SGMLParser.__init__(self)
+    HTMLParser.__init__(self)
     self.out = out
 
   def handle_comment(self,comment):
@@ -418,7 +380,7 @@ class SGMLFilter(sgmllib.SGMLParser):
     self.out.write("<!%s>" % data)
 
   def write(self,buf):
-    "Act like a writer.  Why doesn't SGMLParser do this by default?"
+    "Act like a writer.  Why doesn't HTMLParser do this by default?"
     self.feed(buf)
 
   # Python-2.1 sgmllib rejects illegal declarations.  Since various Microsoft
@@ -431,25 +393,25 @@ class SGMLFilter(sgmllib.SGMLParser):
       n = len(rawdata)
       j = i + 2
       while j < n:
-	  c = rawdata[j]
-	  if c == ">":
-	      # end of declaration syntax
-	      self.handle_special(rawdata[i+2:j])
-	      return j + 1
-	  if c in "\"'":
-	      m = declstringlit.match(rawdata, j)
-	      if not m:
+          c = rawdata[j]
+          if c == ">":
+              # end of declaration syntax
+              self.handle_special(rawdata[i+2:j])
+              return j + 1
+          if c in "\"'":
+              m = declstringlit.match(rawdata, j)
+              if not m:
 		  # incomplete or an error?
-		  return -1
-	      j = m.end()
-	  elif c in "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ":
-	      m = declname.match(rawdata, j)
-	      if not m:
-		  # incomplete or an error?
-		  return -1
-	      j = m.end()
-	  else:
-	      j += 1
+                  return -1
+              j = m.end()
+          elif c in "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ":
+              m = declname.match(rawdata, j)
+              if not m:
+                  # incomplete or an error?
+                  return -1
+              j = m.end()
+          else:
+              j += 1
       # end of buffer between tokens
       return -1
 
@@ -461,11 +423,14 @@ class HTMLScriptFilter(SGMLFilter):
     self.modified = False
     self.msg = "<!-- WARNING: embedded script removed -->"
   def start_script(self,unused):
+    #print('beg script',unused)
     self.ignoring += 1
     self.modified = True
-    self.out.write(self.msg)
   def end_script(self):
+    #print('end script')
     self.ignoring -= 1
+    if not self.ignoring:
+      self.out.write(self.msg)
   def handle_data(self,data):
     if not self.ignoring: SGMLFilter.handle_data(self,data)
   def handle_comment(self,comment):
@@ -478,16 +443,16 @@ def check_html(msg,savname=None):
   if msgtype == 'application/octet-stream':
     for (attr,name) in msg.getnames():
       if name and name.lower().endswith(".htm"):
-	msgtype = 'text/html'
+        msgtype = 'text/html'
   if msgtype == 'text/html':
-    out = StringIO.StringIO()
+    out = StringIO()
     htmlfilter = HTMLScriptFilter(out)
     try:
-      htmlfilter.write(msg.get_payload(decode=True))
+      htmlfilter.write(msg.get_payload(decode=True).decode())
       htmlfilter.close()
     #except sgmllib.SGMLParseError:
     except:
-      #mimetools.copyliteral(msg.get_payload(),open('debug.out','w')
+      mimetools.copyliteral(msg.get_payload(),open('debug.out','wb'))
       htmlfilter.close()
       hostname = socket.gethostname()
       msg.set_payload(
@@ -502,22 +467,21 @@ def check_html(msg,savname=None):
     if htmlfilter.modified:
       msg.set_payload(out)	# remove embedded scripts
       del msg["content-transfer-encoding"]
-      email.Encoders.encode_quopri(msg)
+      encoders.encode_quopri(msg)
   return Milter.CONTINUE
 
 if __name__ == '__main__':
-  import sys
   def _list_attach(msg):
     t = msg.get_content_type()
     p = msg.get_payload(decode=True)
-    print msg.get_filename(),msg.get_content_type(),type(p)
+    print(msg.get_filename(),msg.get_content_type(),type(p))
     msg = msg.get_submsg()
     if isinstance(msg,Message):
       return check_attachments(msg,_list_attach)
     return Milter.CONTINUE
 
   for fname in sys.argv[1:]:
-    fp = open(fname)
-    msg = message_from_file(fp)
-    email.Iterators._structure(msg)
+    with open(fname,'rb') as fp:
+      msg = message_from_file(fp)
+    email.iterators._structure(msg)
     check_attachments(msg,_list_attach)

pep8.dat

@@ -0,0 +1,6 @@
+Check	Description		Justification
+E111	req indent 4		Creates more continuation lines
+E114	req indent 4 cmnt	Same
+E231	req space after ,	makes calls like print() harder to read
+E266	no ## 			Required by Doxygen
+W291	trailing spaces in cmnt	Needed for space preserving para reformat

pep8.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+ignore=`awk -F\\\\t '{ print $1 }' pep8.dat | tail -n +2`
+a=(${ignore})
+list=$(echo "${a[@]}"|tr '[ ]' '[,]')
+echo python3 -m pep8 --ignore="$list" $@

pymilter-check.patch

@@ -0,0 +1,27 @@
+diff -up ./Milter/utils.py.check ./Milter/utils.py
+--- ./Milter/utils.py.check	2018-08-04 23:01:23.858668412 -0400
++++ ./Milter/utils.py	2018-08-04 23:01:39.460869588 -0400
+@@ -68,10 +68,6 @@ def iniplist(ipaddr,iplist):
+   True
+   >>> iniplist('192.168.0.45',['192.168.0.*'])
+   True
+-  >>> iniplist('4.2.2.2',['b.resolvers.Level3.net'])
+-  True
+-  >>> iniplist('2606:2800:220:1::',['example.com/40'])
+-  True
+   >>> iniplist('4.2.2.2',['nothing.example.com'])
+   False
+   >>> iniplist('2001:610:779:0:223:6cff:fe9a:9cf3',['127.0.0.1','172.20.1.0/24','2001:610:779::/48'])
+diff -up ./test.py.check ./test.py
+--- ./test.py.check	2018-08-04 23:04:58.609420815 -0400
++++ ./test.py	2018-08-04 23:05:40.070949438 -0400
+@@ -14,6 +14,8 @@ def suite():
+   return s
+ 
+ if __name__ == '__main__':
++  import sys
+   try: os.remove('test/milter.log')
+   except: pass
+-  unittest.TextTestRunner().run(suite())
++  rc = unittest.TextTestRunner().run(suite())
++  sys.exit(len(rc.failures))

pymilter.spec

@@ -1,100 +1,300 @@
-%define __python python2.4
-%define version 0.9.0
-%define release 1.el4
-%define libdir %{_libdir}/pymilter
-%define name pymilter
-%define redhat7 0
+# we don't want to provide private python extension libs
+%global sum Python interface to sendmail milter API
+%global __provides_exclude_from ^(%{python2_sitearch})/.*\\.so$
+%if 0%{?epel} == 7
+%global python3 python36
+%else
+%global python3 python3
+%endif
 
-Summary: Python interface to sendmail milter API
-Name: %{name}
-Version: %{version}
-Release: %{release}
-Source: %{name}-%{version}.tar.gz
-#Patch: %{name}-%{version}.patch
+Summary: %{sum}
+Name: python-pymilter
+Version: 1.0.4
+Release: 1%{?dist}
+Url: http://bmsi.com/pymilter
+Source: https://github.com/sdgathman/pymilter/archive/pymilter-%{version}.tar.gz
+#Source1: tmpfiles-python-pymilter.conf
+# remove unit tests that require network for check
+Patch: pymilter-check.patch
 License: GPLv2+
 Group: Development/Libraries
-BuildRoot: %{_tmppath}/%{name}-buildroot
-Vendor: Stuart D. Gathman <stuart@bmsi.com>
-Url: http://www.bmsi.com/python/milter.html
-Requires: %{__python} >= 2.4, sendmail >= 8.13
-BuildRequires: %{__python}-devel >= 2.4, sendmail-devel >= 8.13
+BuildRequires: python2-devel, %{python3}-devel, sendmail-devel >= 8.13
+# python-2.6.4 gets RuntimeError: not holding the import lock
+# Need python2.6 specific pydns, not the version for system python
+BuildRequires:  gcc
 
-%description
-This is a python extension module to enable python scripts to
-attach to sendmail's libmilter functionality.  Additional python
-modules provide for navigating and modifying MIME parts, sending
+%global _description\
+This is a python extension module to enable python scripts to\
+attach to sendmail's libmilter functionality.  Additional python\
+modules provide for navigating and modifying MIME parts, sending\
 DSNs, and doing CBV.
 
+%description %_description
+
+%package -n python2-pymilter
+Summary: %{sum}
+%if 0%{?epel} >= 6
+Requires: python-pydns
+%else
+Requires: python2-pydns
+%endif
+Requires: %{name}-common = %{version}-%{release}
+%{?python_provide:%python_provide python2-pymilter}
+
+%description -n python2-pymilter %_description
+
+%package -n %{python3}-pymilter
+Summary: %{sum}
+%if 0%{?fedora} >= 26
+Requires: %{python3}-py3dns
+%endif
+Requires: %{name}-common = %{version}-%{release}
+%{?python_provide:%python_provide %{python3}-pymilter}
+
+%description -n %{python3}-pymilter %_description
+
+%package common
+Summary: Common files and directories for python milters
+BuildArch: noarch
+
+%description common
+Common files and directories used for python milters
+
+%package selinux
+Summary: SELinux policy module for pymilter
+Group: System Environment/Base
+Requires: policycoreutils, selinux-policy-targeted
+Requires: %{name} = %{version}-%{release}
+BuildArch: noarch
+BuildRequires: policycoreutils, checkpolicy, selinux-policy-devel
+%if 0%{?epel} >= 6
+BuildRequires: policycoreutils-python
+%else
+BuildRequires: policycoreutils-python-utils
+%endif
+
+%description selinux
+Give sendmail_t additional access to stream sockets used to communicate
+with milters.
+
 %prep
-%setup -q
-#patch -p0 -b .bms
+%setup -q -n pymilter-pymilter-%{version}
+#patch -p1 -b .check
 
 %build
-%if %{redhat7} 
-  LDFLAGS="-s"
-%else # Redhat builds debug packages after 7.3
-  LDFLAGS="-g"
-%endif
-env CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$LDFLAGS" %{__python} setup.py build
+%py2_build
+%py3_build
+checkmodule -m -M -o pymilter.mod pymilter.te
+semodule_package -o pymilter.pp -m pymilter.mod
 
 %install
-rm -rf $RPM_BUILD_ROOT
-%{__python} setup.py install --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES
-mkdir -p $RPM_BUILD_ROOT/var/run/milter
-mkdir -p $RPM_BUILD_ROOT%{libdir}
-%ifos aix4.1
-cat >$RPM_BUILD_ROOT%{libdir}/start.sh <<'EOF'
-#!/bin/sh
-cd /var/log/milter
-exec /usr/local/bin/python bms.py >>milter.log 2>&1
-EOF
-%else # not aix4.1
-cp start.sh $RPM_BUILD_ROOT%{libdir}
-ed $RPM_BUILD_ROOT%{libdir}/start.sh <<'EOF'
-/^python=/
-c
-python="%{__python}"
-.
-w
-q
-EOF
-%endif
-chmod a+x $RPM_BUILD_ROOT%{libdir}/start.sh
-%if !%{redhat7}
-#grep '.pyc$' INSTALLED_FILES | sed -e 's/c$/o/' >>INSTALLED_FILES
-%endif
+%py2_install 
+%py3_install 
 
-# start.sh is used by spfmilter and milter, and could be used by
-# other milters running on redhat
-%files -f INSTALLED_FILES
-%defattr(-,root,root)
+mkdir -p %{buildroot}/run/milter
+mkdir -p %{buildroot}%{_localstatedir}/log/milter
+mkdir -p %{buildroot}%{_libexecdir}/milter
+#mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d
+#install -m 0644 %{SOURCE1} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf
+
+# install selinux modules
+mkdir -p %{buildroot}%{_datadir}/selinux/targeted
+cp -p pymilter.pp %{buildroot}%{_datadir}/selinux/targeted
+
+%check
+py2path=$(ls -d build/lib.linux-*-2.*)
+py3path=$(ls -d build/lib.linux-*-3.*)
+PYTHONPATH=${py2path}:. python2 test.py &&
+PYTHONPATH=${py3path}:. python3 test.py
+
+%files -n python2-pymilter
+%license COPYING
 %doc README ChangeLog NEWS TODO CREDITS sample.py milter-template.py
-%config %{libdir}/start.sh
-%dir %attr(0755,mail,mail) /var/run/milter
+%{python2_sitearch}/*
 
-%clean
-rm -rf $RPM_BUILD_ROOT
+%files -n %{python3}-pymilter
+%license COPYING
+%doc README ChangeLog NEWS TODO CREDITS sample.py milter-template.py
+%{python3_sitearch}/*
+
+%files common
+%dir %{_libexecdir}/milter
+%{_prefix}/lib/tmpfiles.d/%{name}.conf
+%dir %attr(0755,mail,mail) %{_localstatedir}/log/milter
+%dir %attr(0755,mail,mail) /run/milter
+
+%files selinux
+%doc pymilter.te
+%{_datadir}/selinux/targeted/*
+
+%post selinux
+%{_sbindir}/semodule -s targeted -i %{_datadir}/selinux/targeted/pymilter.pp \
+        &>/dev/null || :
+
+%postun selinux
+if [ $1 -eq 0 ] ; then
+%{_sbindir}/semodule -s targeted -r pymilter &> /dev/null || :
+fi
 
 %changelog
+* Wed Apr 17 2019 Stuart Gathman <stuart@gathman.org> - 1.0.4-1
+- New upstream release: cleanup unused files, additional platform support
+- Minor doc updates
+
+* Sun Dec 23 2018 Stuart Gathman <stuart@gathman.org> - 1.0.3-1
+- New upstream release
+- patch step for python3 no longer required in build
+
+* Sat Aug  4 2018 Stuart Gathman <stuart@gathman.org> - 1.0.2-4
+- Add unit tests to %%check
+
+* Sat Aug  4 2018 Stuart Gathman <stuart@gathman.org> - 1.0.2-3
+- use libexec instead of libdir
+
+* Sat Aug  4 2018 Stuart Gathman <stuart@gathman.org> - 1.0.2-2
+- add python34 subpackage on el7
+
+* Sat Aug  4 2018 Stuart Gathman <stuart@gathman.org> - 1.0.2-1
+- build for both python2 and python3
+- add selinux policy allowing sendmail_t access to milters
+
+* Tue Jul 17 2018 Miro Hrončok <mhroncok@redhat.com> - 1.0-13
+- Update Python macros to new packaging standards
+  (See https://fedoraproject.org/wiki/Changes/Move_usr_bin_python_into_separate_package)
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri Feb 09 2018 Iryna Shcherbina <ishcherb@redhat.com> - 1.0-11
+- Update Python 2 dependency declarations to new packaging standards
+  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.0-9
+- Escape macros in %%changelog
+
+* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.0-8
+- Python 2 binary package renamed to python2-pymilter
+  See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+>>>>>>> 021796e51e5919812f1c300d1830ef9ed378db2d
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0-4
+- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sat Sep 27 2014 Paul Wouters <pwouters@redhat.com> - 1.0-1
+- Updated to 1.0
+- Use tmpfiles and /run
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Fri Jan 10 2014 Paul Wouters <pwouters@redhat.com> - 0.9.8-4
+- Add COPYING
+- Fix buildroot macros and dist macro
+
+* Fri Jan 10 2014 Paul Wouters <pwouters@redhat.com> - 0.9.8-3
+- rebuilt with proper file permission
+
+* Tue Jan 07 2014 Paul Wouters <pwouters@redhat.com> - 0.9.8-2
+- Fixup for fedora release
+
+* Sat Mar  9 2013 Stuart Gathman <stuart@bmsi.com> 0.9.8-1
+- Add Milter.test module for unit testing milters.
+- Fix typo that prevented setsymlist from being active.
+- Change untrapped exception message to:
+- "pymilter: untrapped exception in milter app"
+
+* Sat Feb 25 2012 Stuart Gathman <stuart@bmsi.com> 0.9.7-1
+- Raise RuntimeError when result != CONTINUE for @noreply and @nocallback
+- Remove redundant table in miltermodule
+- Fix CNAME chain duplicating TXT records in Milter.dns (from pyspf).
+
+* Sat Feb 25 2012 Stuart Gathman <stuart@bmsi.com> 0.9.6-1
+- Raise ValueError on unescaped '%%' passed to setreply
+- Grace time at end of Greylist window
+
+* Fri Aug 19 2011 Stuart Gathman <stuart@bmsi.com> 0.9.5-1
+- Print milter.error for invalid callback return type.
+  (Since stacktrace is empty, the TypeError exception is confusing.)
+- Fix milter-template.py
+- Tweak Milter.utils.addr2bin and Milter.dynip to handle IP6
+
+* Tue Mar 02 2010 Stuart Gathman <stuart@bmsi.com> 0.9.4-1
+- Handle IP6 in Milter.utils.iniplist()
+- python-2.6
+
+* Thu Jul 02 2009 Stuart Gathman <stuart@bmsi.com> 0.9.3-1
+- Handle source route in Milter.utils.parse_addr()
+- Fix default arg in chgfrom.
+- Disable negotiate callback for libmilter < 8.14.3 (1,0,1)
+
+* Tue Jun 02 2009 Stuart Gathman <stuart@bmsi.com> 0.9.2-3
+- Change result of @noreply callbacks to NOREPLY when so negotiated.
+
+* Tue Jun 02 2009 Stuart Gathman <stuart@bmsi.com> 0.9.2-2
+- Cache callback negotiation
+
+* Thu May 28 2009 Stuart Gathman <stuart@bmsi.com> 0.9.2-1
+- Add new callback support: data,negotiate,unknown
+- Auto-negotiate protocol steps 
+
+* Thu Feb 05 2009 Stuart Gathman <stuart@bmsi.com> 0.9.1-1
+- Fix missing address of optional param to addrcpt
+
+* Wed Jan 07 2009 Stuart Gathman <stuart@bmsi.com> 0.9.0-4
+- Stop using INSTALLED_FILES to make Fedora happy
+- Remove config flag from start.sh glue
+- Own /var/log/milter
+- Use _localstatedir
+
+* Wed Jan 07 2009 Stuart Gathman <stuart@bmsi.com> 0.9.0-2
+- Changes to meet Fedora standards
+
 * Mon Nov 24 2008 Stuart Gathman <stuart@bmsi.com> 0.9.0-1
 - Split pymilter into its own CVS module
 - Support chgfrom and addrcpt_par
 - Support NS records in Milter.dns
+
 * Mon Aug 25 2008 Stuart Gathman <stuart@bmsi.com> 0.8.10-2
 - /var/run/milter directory must be owned by mail
+
 * Mon Aug 25 2008 Stuart Gathman <stuart@bmsi.com> 0.8.10-1
 - improved parsing into email and fullname (still 2 self test failures)
 - implement no-DSN CBV, reduce full DSNs
+
 * Mon Sep 24 2007 Stuart Gathman <stuart@bmsi.com> 0.8.9-1
 - Use ifarch hack to build milter and milter-spf packages as noarch
 - Remove spf dependency from dsn.py, add dns.py
+
 * Fri Jan 05 2007 Stuart Gathman <stuart@bmsi.com> 0.8.8-1
 - move AddrCache, parse_addr, iniplist to Milter package
 - move parse_header to Milter.utils
 - fix plock for missing source and can't change owner/group
 - split out pymilter and pymilter-spf packages
 - move milter apps to /usr/lib/pymilter
+
 * Sat Nov 04 2006 Stuart Gathman <stuart@bmsi.com> 0.8.7-1
 - SPF moved to pyspf RPM
+
 * Tue May 23 2006 Stuart Gathman <stuart@bmsi.com> 0.8.6-2
 - Support CBV timeout

pymilter.te

@@ -0,0 +1,13 @@
+module pymilter 1.0;
+
+require {
+	type sendmail_t;
+	type var_run_t;
+	type initrc_t;
+	class sock_file { write getattr };
+	class unix_stream_socket connectto;
+}
+
+#============= sendmail_t ==============
+allow sendmail_t initrc_t:unix_stream_socket connectto;
+allow sendmail_t var_run_t:sock_file { write getattr };

sample.py

@@ -1,4 +1,4 @@
-
+from __future__ import print_function
 # A simple milter.
 
 # Author: Stuart D. Gathman <stuart@bmsi.com>
@@ -7,8 +7,10 @@
 
 import sys
 import os
-import StringIO
-import rfc822
+try:
+  from io import BytesIO
+except:
+  from StringIO import StringIO as BytesIO
 import mime
 import Milter
 import tempfile
@@ -21,9 +23,14 @@ class sampleMilter(Milter.Milter):
   "Milter to replace attachments poisonous to Windows with a WARNING message."
 
   def log(self,*msg):
-    print "%s [%d]" % (strftime('%Y%b%d %H:%M:%S'),self.id),
-    for i in msg: print i,
-    print
+    print("%s [%d]" % (strftime('%Y%b%d %H:%M:%S'),self.id),end=None)
+    for i in msg:
+      try:
+        print(i,end=None)
+      except UnicodeEncodeError:
+        s = i.encode(encoding='utf-8',errors='surrogateescape')
+        print(s,end=None)
+    print()
 
   def __init__(self):
     self.tempname = None
@@ -31,16 +38,25 @@ class sampleMilter(Milter.Milter):
     self.fp = None
     self.bodysize = 0
     self.id = Milter.uniqueID()
+    self.user = None
 
   # multiple messages can be received on a single connection
   # envfrom (MAIL FROM in the SMTP protocol) seems to mark the start
   # of each message.
+  @Milter.symlist('{auth_authen}')
+  @Milter.noreply
   def envfrom(self,f,*str):
-    self.log("mail from",f,str)
-    self.fp = StringIO.StringIO()
+    "start of MAIL transaction"
+    self.fp = BytesIO()
     self.tempname = None
     self.mailfrom = f
     self.bodysize = 0
+    self.user = self.getsymval('{auth_authen}')
+    self.auth_type = self.getsymval('{auth_type}')
+    if self.user:
+      self.log("user",self.user,"sent mail from",f,str)
+    else:
+      self.log("mail from",f,str)
     return Milter.CONTINUE
 
   def envrcpt(self,to,*str):
@@ -51,30 +67,33 @@ class sampleMilter(Milter.Milter):
     self.log("rcpt to",to,str)
     return Milter.CONTINUE
 
+  @Milter.decode('bytes')
   def header(self,name,val):
     lname = name.lower()
     if lname == 'subject':
 
       # even if we wanted the Taiwanese spam, we can't read Chinese
       # (delete if you read chinese mail)
-      if val.startswith('=?big5') or val.startswith('=?ISO-2022-JP'):
-	self.log('REJECT: %s: %s' % (name,val))
+      #print('val=',val.encode(errors='surrogateescape'))
+      print('val=',val)
+      if val.startswith(b'=?big5') or val.startswith(b'=?ISO-2022-JP'):
+        self.log('REJECT: %s: %s' % (name,val))
 	#self.setreply('550','','Go away spammer')
-	return Milter.REJECT
+        return Milter.REJECT
 
       # check for common spam keywords
-      if val.find("$$$") >= 0 or val.find("XXX") >= 0	\
-      	or val.find("!!!") >= 0 or val.find("FREE") >= 0:
-	self.log('REJECT: %s: %s' % (name,val))
+      if val.find(b"$$$") >= 0 or val.find(b"XXX") >= 0	\
+	or val.find(b"!!!") >= 0 or val.find(b"FREE") >= 0:
+        self.log('REJECT: %s: %s' % (name,val))
 	#self.setreply('550','','Go away spammer')
-	return Milter.REJECT
+        return Milter.REJECT
 
       # check for spam that pretends to be legal
       lval = val.lower()
-      if lval.startswith("adv:") or lval.startswith("adv.") \
-      	or lval.find('viagra') >= 0:
-	self.log('REJECT: %s: %s' % (name,val))
-	return Milter.REJECT
+      if lval.startswith(b"adv:") or lval.startswith(b"adv.") \
+	or lval.find(b'viagra') >= 0:
+        self.log('REJECT: %s: %s' % (name,val))
+        return Milter.REJECT
 
     # check for invalid message id
     if lname == 'message-id' and len(val) < 4:
@@ -84,7 +103,7 @@ class sampleMilter(Milter.Milter):
 
     # check for common bulk mailers
     if lname == 'x-mailer' and \
-    	val.lower() in ('direct email','calypso','mail bomber'):
+	val.lower() in (b'direct email',b'calypso',b'mail bomber'):
       self.log('REJECT: %s: %s' % (name,val))
       #self.setreply('550','','Go away spammer')
       return Milter.REJECT
@@ -93,12 +112,12 @@ class sampleMilter(Milter.Milter):
     if lname in ('subject','x-mailer'):
       self.log('%s: %s' % (name,val))
     if self.fp:
-      self.fp.write("%s: %s\n" % (name,val))	# add header to buffer
+      self.fp.write(b"%s: %s\n" % (name.encode(),val))	# add header to buffer
     return Milter.CONTINUE
 
   def eoh(self):
     if not self.fp: return Milter.TEMPFAIL	# not seen by envfrom
-    self.fp.write("\n")
+    self.fp.write(b'\n')
     self.fp.seek(0)
     # copy headers to a temp file for scanning the body
     headers = self.fp.getvalue()
@@ -121,7 +140,7 @@ class sampleMilter(Milter.Milter):
       h = msg.getheaders(name)
       cnt = len(h)
       for i in range(cnt,0,-1):
-	self.chgheader(name,i-1,'')
+        self.chgheader(name,i-1,'')
 
   def eom(self):
     if not self.fp: return Milter.ACCEPT
@@ -136,19 +155,16 @@ class sampleMilter(Milter.Milter):
     self.log("Temp file:",self.tempname)
     self.tempname = None	# prevent removal of original message copy
     # copy defanged message to a temp file 
-    out = tempfile.TemporaryFile()
-    try:
+    with tempfile.TemporaryFile() as out:
       msg.dump(out)
       out.seek(0)
-      msg = rfc822.Message(out)
-      msg.rewindbody()
+      msg = mime.message_from_file(out)
+      fp = BytesIO(msg.as_bytes().split(b'\n\n',1)[1])
       while 1:
-	buf = out.read(8192)
-	if len(buf) == 0: break
-	self.replacebody(buf)	# feed modified message to sendmail
+        buf = fp.read(8192)
+        if len(buf) == 0: break
+        self.replacebody(buf)	# feed modified message to sendmail
       return Milter.ACCEPT	# ACCEPT modified message
-    finally:
-      out.close()
     return Milter.TEMPFAIL
 
   def close(self):
@@ -169,13 +185,13 @@ if __name__ == "__main__":
   socketname = os.getenv("HOME") + "/pythonsock"
   Milter.factory = sampleMilter
   Milter.set_flags(Milter.CHGBODY + Milter.CHGHDRS + Milter.ADDHDRS)
-  print """To use this with sendmail, add the following to sendmail.cf:
+  print("""To use this with sendmail, add the following to sendmail.cf:
 
 O InputMailFilters=pythonfilter
 Xpythonfilter,        S=local:%s
 
 See the sendmail README for libmilter.
-sample  milter startup""" % socketname
+sample  milter startup""" % socketname)
   sys.stdout.flush()
   Milter.runmilter("pythonfilter",socketname,240)
-  print "sample milter shutdown"
+  print("sample milter shutdown")

setup.cfg

@@ -1,5 +1,5 @@
 [bdist_rpm]
-python=python2.4
-doc_files=README NEWS TODO
-packager=Stuart D. Gathman <stuart@bmsi.com>
+python=python3
+doc_files=README NEWS TODO COPYING CREDITS
+packager=Stuart D. Gathman <stuart@gathman.org>
 release=1

setup.py

@@ -1,43 +1,42 @@
 import os
 import sys
-from distutils.core import setup, Extension
+from setuptools import setup, Extension
 
-# FIXME: on some versions of sendmail, smutil is renamed to sm
-# on slackware and debian, leave it out entirely.  It depends
+if sys.version < '2.6.5':
+  sys.exit('ERROR: Sorry, python 2.6.5 is required for this module.')
+
+with open("README.md", "r") as fh:
+    long_description = fh.read()
+
+# FIXME: on some versions of sendmail, smutil is renamed to sm.
+# On slackware and debian, leave it out entirely.  It depends
 # on how libmilter was built by the sendmail package.
-libs = ["milter", "smutil"]
+#libs = ["milter", "smutil"]
+libs = ["milter"]
 libdirs = ["/usr/lib/libmilter"]    # needed for Debian
-
-# patch distutils if it can't cope with the "classifiers" or
-# "download_url" keywords
-if sys.version < '2.2.3':
-  from distutils.dist import DistributionMetadata
-  DistributionMetadata.classifiers = None
-  DistributionMetadata.download_url = None
+modules = ["mime"]
 
 # NOTE: importing Milter to obtain version fails when milter.so not built
-setup(name = "pymilter", version = '0.9.0',
+setup(name = "pymilter", version = '1.0.5',
 	description="Python interface to sendmail milter API",
-	long_description="""\
-This is a python extension module to enable python scripts to
-attach to sendmail's libmilter functionality.  Additional python
-modules provide for navigating and modifying MIME parts, and
-sending DSNs or doing CBVs.
-""",
+	long_description=long_description,
+    long_description_content_type='text/markdown',
 	author="Jim Niemira",
 	author_email="urmane@urmane.org",
 	maintainer="Stuart D. Gathman",
-	maintainer_email="stuart@bmsi.com",
+	maintainer_email="stuart@gathman.org",
 	license="GPL",
-	url="http://www.bmsi.com/python/milter.html",
-	py_modules=["mime"],
+	url="https://www.pymilter.org/",
+	py_modules=modules,
 	packages = ['Milter'],
 	ext_modules=[
 	  Extension("milter", ["miltermodule.c"],
             library_dirs=libdirs,
 	    libraries=libs,
 	    # set MAX_ML_REPLY to 1 for sendmail < 8.13
-	    define_macros = [ ('MAX_ML_REPLY',32) ]
+	    define_macros = [ ('MAX_ML_REPLY',32) ],
+            # save lots of debugging time testing rfc2553 compliance
+            extra_compile_args = [ "-Werror=implicit-function-declaration" ]
 	  ),
 	],
 	keywords = ['sendmail','milter'],

start.sh

@@ -1,14 +0,0 @@
-#!/bin/sh
-appname="$1"
-script="${2:-${appname}}"
-datadir=/var/log/milter
-python="python2.4"
-exec >>${datadir}/${appname}.log 2>&1
-if test -s ${datadir}/${script}.py; then
-  cd ${datadir} # use version in log dir if it exists for debugging
-else
-  cd /usr/lib/pymilter
-fi
-
-${python} ${script}.py &
-echo $! >/var/run/milter/${appname}.pid

template.py

@@ -1,21 +1,38 @@
 ## To roll your own milter, create a class that extends Milter.  
-#  See the pymilter project at http://bmsi.com/python/milter.html
-#  based on Sendmail's milter API http://www.milter.org/milter_api/api.html
+#  This is a useless example to show basic features of Milter. 
+#  See the pymilter project at https://pymilter.org based 
+#  on Sendmail's milter API 
 #  This code is open-source on the same terms as Python.
 
 ## Milter calls methods of your class at milter events.
 ## Return REJECT,TEMPFAIL,ACCEPT to short circuit processing for a message.
 ## You can also add/del recipients, replacebody, add/del headers, etc.
 
+from __future__ import print_function
 import Milter
-import StringIO
+try:
+  from StringIO import StringIO as BytesIO
+except:
+  from io import BytesIO
 import time
 import email
+from email import message_from_binary_file
+from email import policy
+import mimetypes
+import os
+import sys
 from socket import AF_INET, AF_INET6
-from Milter import parse_addr
+from Milter.utils import parse_addr
+if True:
+  # for logging process - usually not needed
+  from multiprocessing import Process as Thread, Queue
+else:
+  from threading import Thread
+  from Queue import Queue
 
+logq = None
 
-class myMilter(Milter.Milter):
+class myMilter(Milter.Base):
 
   def __init__(self):  # A new instance with each new connection.
     self.id = Milter.uniqueID()  # Integer incremented with each call.
@@ -23,6 +40,7 @@ class myMilter(Milter.Milter):
   # each connection runs in its own thread and has its own myMilter
   # instance.  Python code must be thread safe.  This is trivial if only stuff
   # in myMilter instances is referenced.
+  @Milter.noreply
   def connect(self, IPname, family, hostaddr):
     # (self, 'ip068.subnet71.example.com', AF_INET, ('215.183.71.68', 4720) )
     # (self, 'ip6.mxout.example.com', AF_INET6,
@@ -63,45 +81,57 @@ class myMilter(Milter.Milter):
     self.fromparms = Milter.dictfromlist(str)	# ESMTP parms
     self.user = self.getsymval('{auth_authen}')	# authenticated user
     self.log("mail from:", mailfrom, *str)
-    self.fp = StringIO.StringIO()
+    # NOTE: self.fp is only an *internal* copy of message data.  You
+    # must use addheader, chgheader, replacebody to change the message
+    # on the MTA.
+    self.fp = BytesIO()
     self.canon_from = '@'.join(parse_addr(mailfrom))
-    self.fp.write('From %s %s\n' % (self.canon_from,time.ctime()))
+    self.fp.write(b'From %s %s\n' % (self.canon_from.encode(),
+        time.ctime().encode()))
     return Milter.CONTINUE
 
 
   ##  def envrcpt(self, to, *str):
-  def envrcpt(self, recipient, *str):
+  @Milter.noreply
+  def envrcpt(self, to, *str):
     rcptinfo = to,Milter.dictfromlist(str)
     self.R.append(rcptinfo)
     
     return Milter.CONTINUE
 
 
+  @Milter.noreply
   def header(self, name, hval):
-    self.fp.write("%s: %s\n" % (name,hval))	# add header to buffer
+    self.fp.write(b'%s: %s\n' % (name.encode(),hval.encode()))	# add header to buffer
     return Milter.CONTINUE
 
-
+  @Milter.noreply
   def eoh(self):
-    self.fp.write("\n")				# terminate headers
+    self.fp.write(b'\n')				# terminate headers
     return Milter.CONTINUE
 
-
+  @Milter.noreply
   def body(self, chunk):
     self.fp.write(chunk)
     return Milter.CONTINUE
 
-
   def eom(self):
     self.fp.seek(0)
-    msg = email.message_from_file(self.fp)
-    self.setreply('250','2.5.1','Grokked by pymilter')
+    msg = email.message_from_binary_file(self.fp, policy=policy.default)
+
+    #example on how to iterate through attachments
+    for attachment in msg.iter_attachments():
+      #attachment holds the attachment object so that it can be used with a new MIMEMultipart() message
+      self.log("Attachment filename is %s" % (attachment.get_filename(),))
+      self.log("Attachment content/type is %s" % (attachment.get_content_type(),))
+      data = attachment.get_content()
+      self.log("Attachment content is %s" % (data,))
+    
     # many milter functions can only be called from eom()
     # example of adding a Bcc:
     self.addrcpt('<%s>' % 'spy@example.com')
     return Milter.ACCEPT
 
-
   def close(self):
     # always called, even when abort is called.  Clean up
     # any external resources here.
@@ -114,25 +144,51 @@ class myMilter(Milter.Milter):
   ## === Support Functions ===
 
   def log(self,*msg):
-    print "%s [%d]" % (time.strftime('%Y%b%d %H:%M:%S'),self.id),
-    # 2005Oct13 02:34:11 [1] msg1 msg2 msg3 ...
-    for i in msg: print i,
-    print
+    t = (msg,self.id,time.time())
+    if logq:
+      logq.put(t)
+    else:
+      # logmsg(*t)
+      pass
 
+def logmsg(msg,id,ts):
+    print("%s [%d]" % (time.strftime('%Y%b%d %H:%M:%S',time.localtime(ts)),id),
+        end=None)
+    # 2005Oct13 02:34:11 [1] msg1 msg2 msg3 ...
+    for i in msg: print(i,end=None)
+    print()
+    sys.stdout.flush()
+
+def background():
+  while True:
+    t = logq.get()
+    if not t: break
+    logmsg(*t)
 
 ## ===
     
 def main():
+  bt = Thread(target=background)
+  bt.start()
+  # This is NOT a good socket location for production, it is for 
+  # playing around.  I suggest /var/run/milter/myappnamesock for production.
+  socketname = os.path.expanduser('~/pythonsock')
+  timeout = 600
   # Register to have the Milter factory create instances of your class:
   Milter.factory = myMilter
   flags = Milter.CHGBODY + Milter.CHGHDRS + Milter.ADDHDRS
   flags += Milter.ADDRCPT
   flags += Milter.DELRCPT
   Milter.set_flags(flags)       # tell Sendmail which features we use
-  print "%s milter startup" % time.strftime('%Y%b%d %H:%M:%S')
+  print("%s milter startup" % time.strftime('%Y%b%d %H:%M:%S'))
   sys.stdout.flush()
   Milter.runmilter("pythonfilter",socketname,timeout)
-  print "%s bms milter shutdown" % time.strftime('%Y%b%d %H:%M:%S')
+  logq.put(None)
+  bt.join()
+  print("%s bms milter shutdown" % time.strftime('%Y%b%d %H:%M:%S'))
 
 if __name__ == "__main__":
+  # You probably do not need a logging process, but if you do, this
+  # is one way to do it.
+  logq = Queue(maxsize=4)
   main()

test.py

@@ -2,6 +2,9 @@ import unittest
 import testmime
 import testsample
 import testutils
+import testgrey
+import testcfg
+import testpolicy
 import os
 
 def suite(): 
@@ -9,6 +12,9 @@ def suite():
   s.addTest(testmime.suite())
   s.addTest(testsample.suite())
   s.addTest(testutils.suite())
+  s.addTest(testgrey.suite())
+  s.addTest(testcfg.suite())
+  s.addTest(testpolicy.suite())
   return s
 
 if __name__ == '__main__':

test/access

@@ -0,0 +1,10 @@
+SPF-Pass:example.com	OK
+SPF-Neutral:example.com	REJECT
+HELO-Neutral:example.com        OK
+SPF-Permerror:foo@bad.example.com	OK
+SPF-Permerror:	REJECT
+SMTP-Auth:good@example.com      OK
+SMTP-Auth:example.com      REJECT
+SMTP-Auth:bad@localhost.localdomain     REJECT
+SMTP-Test:      REJECT
+SMTP-Test:.baz.com      WILDCARD

test/amazon

@@ -1,710 +0,0 @@
-From stuart@bmsi.com  Wed May  1 14:37:14 2002
-Return-Path: <stuart@bmsi.com>
-Received: from bmsi.com (IDENT:stuart@localhost [127.0.0.1])
-	by gathman.bmsi.com (8.11.6/8.11.6) with ESMTP id g41IbCF01796
-	for <stuart@gathman.bmsi.com>; Wed, 1 May 2002 14:37:13 -0400
-Sender: stuart@gathman.bmsi.com
-Message-ID: <3CD035D7.18ADF27F@bmsi.com>
-Date: Wed, 01 May 2002 14:37:11 -0400
-From: "Stuart D. Gathman" <stuart@bmsi.com>
-Organization: Business Management Systems, Inc.
-X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.9-21 i586)
-X-Accept-Language: en
-MIME-Version: 1.0
-To: stuart@gathman.bmsi.com
-Subject: Amazon.com--Earth's Biggest Selection
-Content-Type: multipart/mixed;
- boundary="------------59A46341C90BA737DD47867B"
-
-This is a multi-part message in MIME format.
---------------59A46341C90BA737DD47867B
-Content-Type: multipart/alternative;
- boundary="------------0B098FB91956AC123C61B151"
-
-
---------------0B098FB91956AC123C61B151
-Content-Type: text/plain; charset=us-ascii
-Content-Transfer-Encoding: 7bit
-
-http://www.amazon.com/exec/obidos/subst/home/redirect.html/103-3111065-2579065
-
---
-              Stuart D. Gathman
-Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
-"Confutatis maledictis, flamis acribus addictis" - background song for
-a Microsoft sponsored "Where do you want to go from here?" commercial.
-
-
-
---------------0B098FB91956AC123C61B151
-Content-Type: text/html; charset=us-ascii
-Content-Transfer-Encoding: 7bit
-
-<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
-<html>
-<A HREF="http://www.amazon.com/exec/obidos/subst/home/redirect.html/103-3111065-2579065">http://www.amazon.com/exec/obidos/subst/home/redirect.html/103-3111065-2579065</A>
-<pre>--&nbsp;
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Stuart D. Gathman&nbsp;<stuart@bmsi.com>
-Business Management Systems Inc.&nbsp; Phone: 703 591-0911 Fax: 703 591-6154
-"Confutatis maledictis, flamis acribus addictis" - background song for
-a Microsoft sponsored "Where do you want to go from here?" commercial.</pre>
-&nbsp;</html>
-
---------------0B098FB91956AC123C61B151--
-
---------------59A46341C90BA737DD47867B
-Content-Type: text/html; charset=us-ascii;
- name="103-3111065-2579065"
-Content-Transfer-Encoding: 7bit
-Content-Disposition: inline;
- filename="103-3111065-2579065"
-Content-Base: "http://www.amazon.com/exec/obidos/subs
-	t/home/redirect.html/103-3111065-25
-	79065"
-Content-Location: "http://www.amazon.com/exec/obidos/subs
-	t/home/redirect.html/103-3111065-25
-	79065"
-
-
-<html>
-<head>
-<title>
-Amazon.com--Earth's Biggest Selection
-</title>
-<meta name="keywords" content="amazon.com,amazon books,amazon,amazon.com books,amazon music,amazon.com music,amazon video,amazon.com video,auctions,amazon auctions,amazon.com auctions,electronics,consumer electronics,gifts,amazon gifts,amazon.com gifts,cards,e-cards,e-mail cards,greeting cards,amazon cards,amazon.com cards,toys,amazon toys,amazon.com toys,games,amazon games,amazon.com games,toys & games,toys and games">
-<style type="text/css"><!-- .serif { font-family: times,serif; font-size: medium; }
-.sans { font-family: verdana,arial,helvetica,sans-serif; font-size: medium; }
-.small { font-family: verdana,arial,helvetica,sans-serif; font-size: small; }
-.h1 { font-family: verdana,arial,helvetica,sans-serif; color: #CC6600; font-size: medium; }
-.h3color { font-family: verdana,arial,helvetica,sans-serif; color: #CC6600; font-size: small; }
-.tiny { font-family: verdana,arial,helvetica,sans-serif; font-size: x-small; }
-.listprice { font-family: arial,verdana,helvetica,sans-serif; text-decoration: line-through; font-size: small; }
-.price { font-family: verdana,arial,helvetica,sans-serif; color: #990000; font-size: small; }
---></style>
-</head>
-<body bgcolor="#FFFFFF" link="#003399" alink="#FF9933" vlink="#996633" text="#000000" onLoad="document.searchform.elements[1].focus()">
-<a name="top"></a>
-<map name="right_top_nav_map">
-<area shape="rect" href=/exec/obidos/shopping-basket/ref=top_nav_sb_gateway/103-3111065-2579065 coords="0,0,80,21">
-<area shape="rect" href=/exec/obidos/wishlist/ref=cm_wl_topnav_gateway/103-3111065-2579065 coords="85,0,151,21">
-<area shape="rect" href=/exec/obidos/account-access-login/ref=top_nav_ya_gateway/103-3111065-2579065 coords="155,0,256,21">
-<area shape="rect" href=/exec/obidos/tg/browse/-/508510/ref=top_nav_hp_gateway/103-3111065-2579065 coords="260,0,299,21">
-</map>
-<map name="gateway_nav_map">
-<area shape=rect coords="0,0,124,28" href=/exec/obidos/tg/stores/static/-/gateway/international-gateway/ref=gw_subnav_in/103-3111065-2579065>
-<area shape=rect coords="125,0,228,28" href=/exec/obidos/tg/new-for-you/top-sellers/-/main/ref=gw_subnav_ts/103-3111065-2579065>
-<area shape=rect coords="229,0,332,28" href=/exec/obidos/tg/browse/-/700060/ref=gw_subnav_target/103-3111065-2579065>
-<area shape=rect coords="333,0,450,28" href=/exec/obidos/tg/browse/-/909656/ref=stuffandsubnav_td1_/103-3111065-2579065>
-<area shape=rect coords="451,0,580,28" href=/exec/obidos/subst/misc/sell-your-stuff.html/ref=subnav_sys_/103-3111065-2579065>
-</map>
-<table border=0 width=100% cellspacing=0 cellpadding=0>
-<tr><td width=100%>
-<center>
-<table width=100% border=0 cellspacing=0 cellpadding=0 vspace=0>
-<tr>
-<td width=25% rowspan=2>&nbsp;</td>
-<td align=left valign=bottom><a href=/exec/obidos/subst/home/redirect.html/ref=nh_gateway/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/associates/navbar2000/logo-no-border(1).gif" width=148 height=43 alt="" border=0></a></td>
-<td width=10%>&nbsp;</td>
-<td align=right>
-<img src="http://g-images.amazon.com/images/G/01/nav/personalized/cartwish/right-topnav-default-2.gif" width=300 height=22 alt="" USEMAP=#right_top_nav_map border=0></td>
-<td align=right rowspan=2 width=25%>
-&nbsp;
-</td>
-</tr>
-<tr valign=bottom>
-<td colspan=3 align=center>
-<table align=center border=0 cellpadding=0 cellspacing=0><tr valign=bottom>
-<td><a href=/exec/obidos/subst/home/home.html/ref%3Dtab%5Fgw%5Fgw%5F1/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/welcome-on-whole.gif" width=60 height=26 border=0></a></td>
-<td><a href=/exec/obidos/tg/stores/your/store-home/-/0/ref%3Dtab%5Fgw%5Ffr%5F2/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/yourstore-off-sliced._ZCSTUART%27S,0,2,0,0,verdenab,7,90,90,80_.gif" width=81 height=26 border=0></a></td>
-<td><a href=/exec/obidos/tg/browse/-/283155/ref%3Dtab%5Fgw%5Fb%5F3/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/books-off-sliced.gif" width=39 height=26 border=0></a></td>
-<td><a href=/exec/obidos/tg/browse/-/172282/ref%3Dtab%5Fgw%5Fe%5F4/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/electronics-off-sliced.gif" width=74 height=26 border=0></a></td>
-<td><a href=/exec/obidos/tg/browse/-/130/ref%3Dtab%5Fgw%5Fd%5F5/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/dvd-off-sliced.gif" width=35 height=26 border=0></a></td>
-<td><a href=/exec/obidos/tg/browse/-/171280/ref%3Dtab%5Fgw%5Ft%5F6/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/toys-off-sliced.gif" width=47 height=26 border=0></a></td>
-<td><a href=/exec/obidos/tg/browse/-/468642/ref%3Dtab%5Fgw%5Fvg%5F7/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/videogames-off-sliced.gif" width=73 height=26 border=0></a></td>
-<td><a href=/exec/obidos/tg/browse/-/600460/ref%3Dtab%5Fgw%5F%5F8/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/corporate-off-sliced.gif" width=70 height=26 border=0></a></td>
-<td><a href=/exec/obidos/subst/home/all-stores.html/ref%3Dtab_gw_storesdirectory/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/nav/personalized/tabs/see-more-off-sliced.gif" width=70 height=26 border=0></a></td>
-</tr></table>
-</td>
-</tr>
-</table>
-</center>
-</td></tr>
-<tr align=center bgcolor=#006699>
-<td><img src="http://g-images.amazon.com/images/G/01/nav/amazon/gateway/blue/gateway-subnav-default.gif" width=580 height=28 width=580 height=28 alt="" USEMAP="#gateway_nav_map" border=0></td>
-</tr>
-<tr>
-<td bgcolor=#ffffdd align=center class=small>
-<font face=verdana,arial,helvetica size=-1>
-<font color="#CC6600"><B>Hello, Stuart D. Gathman.</B></font>
-We have <A href="http://www.amazon.com/exec/obidos/ilm-redirect/103-3111065-2579065?append-uid=no&path=http://www.amazon.com/exec/obidos/subst%2Frecs%2Finstant-recs-home.html%2Fref%3Dpd_ir_gw_r/ref=ilm_stripe_272005/103-3111065-2579065&message=272005,m1,26">recommendations</A> for you.
-</font><font face=verdana,arial,helvetica size=-2>
-(If you're not Stuart D. Gathman, <A href="http://www.amazon.com/exec/obidos/ilm-redirect/103-3111065-2579065?append-uid=no&path=http://www.amazon.com/exec/obidos/flex-sign-in%2Fref%3Dpd_ir_gw_r%2F%3Fopt%3Doa%26page%3Drecs%2Fsign-in-secure.html%26response%3Dtg%2Frecs%2Frecs-post-login-dispatch%2F-%2Frecs%2Fpd_rw_gw_r/ref=ilm_stripe_272005/103-3111065-2579065&message=272005,m1,26">click here</A>.)
-</font>
-</td>
-</tr>
-</table>
-
-<br>
-<table width=100% cellpadding=0 cellspacing=0 border=0>
-<tr valign=top>
-<td width=174>
-<TABLE border=0 cellspacing=0 cellpadding=0><TR valign=bottom align=center>
-<td><img src="http://g-images.amazon.com/images/G/01/v9/search-browse/search-gateway.gif" width=171 height=19 border=0 alt="Search Amazon.com"></td>
-</TR> <TR valign=top align=center><TD> <TABLE border=0 width= 171 cellpadding=1 cellspacing=0 bgcolor=#708090 ><TR> <TD width=100%><TABLE width=100% border=0 cellpadding=4 cellspacing=0 bgcolor=#708090><TR> <TD bgcolor=#FFCC66 valign=top width=100%>
-<form method="post" action="/exec/obidos/search-handle-form/103-3111065-2579065" name="searchform">
-<select name=index>
-<option value=blended selected>All Products
-<option value=books>Books
-<option value=music>Popular Music
-<option value=music-dd>Music Downloads
-<option value=classical>Classical Music
-<option value="dvd">DVD
-<option value="vhs">VHS
-<option value=theatrical>Movie Showtimes
-<option value=toys>Toys
-<option value=baby>Baby
-<option value=pc-hardware>Computers
-<option value=videogames>Video Games
-<option value=electronics>Electronics
-<option value=photo>Camera &amp; Photo
-<option value=software>Software
-<option value=tools>Tools &amp; Hardware
-<option value=magazines>Magazines
-<option value=garden>Outdoor Living
-<option value=kitchen>Kitchen
-<option value=travel>Travel
-<option value=wireless-phones>Cell Phones & Service
-<option value=outlet>Outlet
-<option value=auction-redirect>Auctions
-<option value=fixed-price-redirect>zShops
-</select>
-<input type="text" name="field-keywords" size="15">
-<input type="image" height="21" width="21" border=0 value="Go" name="Go" src="http://g-images.amazon.com/images/G/01/v9/search-browse/go-button-gateway.gif" align=absmiddle>
-</TD> </TR> </TABLE> </TD> </TR> </TABLE> </TD> </form>
-</TR> </TABLE> <br clear=left>
-<TABLE border=0 cellspacing=0 cellpadding=0>
-<TR valign=bottom align=center>
-<td><img src="http://g-images.amazon.com/images/G/01/v9/search-browse/browse-gateway.gif" width=171 height=19 border=0 alt="Browse Amazon.com"></td>
-</TR> <TR valign=top align=center>
-<TD> <TABLE border=0 width= 171 cellpadding=1 cellspacing=0 bgcolor=#708090 ><TR> <TD width=100%><TABLE width=100% border=0 cellpadding=4 cellspacing=0 bgcolor=#708090><TR> <TD bgcolor=#ffffff valign=top width=100%>
-<table cellpadding=3 cellspacing=0>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/283155/ref=gw_br_bo/103-3111065-2579065">Books</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/172282/ref=gw_br_el/103-3111065-2579065">Electronics</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/540744/ref=gw_br_ba/103-3111065-2579065">Baby &amp;</a><br>&nbsp; &nbsp;<a href="/exec/obidos/tg/browse/-/540744/ref=gw_br_ba/103-3111065-2579065">Baby Registry</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/5174/ref=gw_br_mu/103-3111065-2579065">Music</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/redirect-to-partner/ref=gw_br_dscm/103-3111065-2579065?name=dscm&aid=2&aparam=tb5270_bhp&trx=8056">Health & Beauty</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/130/ref=gw_br_dvd/103-3111065-2579065">DVD</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/229534/ref=gw_br_sw/103-3111065-2579065">Software</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/284507/ref=gw_br_ki/103-3111065-2579065">Kitchen &amp;</a><br>&nbsp; &nbsp;<a href="/exec/obidos/tg/browse/-/284507/ref=gw_br_ki/103-3111065-2579065">Housewares</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/228013/ref=gw_br_hi/103-3111065-2579065">Tools &amp;</a><br>&nbsp; &nbsp;<a href="/exec/obidos/tg/browse/-/228013/ref=gw_br_hi/103-3111065-2579065">Hardware</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/541966/ref=gw_br_pc/103-3111065-2579065">Computers</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/502394/ref=gw_br_p/103-3111065-2579065">Camera & Photo</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/562436/ref=gw_br_th/103-3111065-2579065">Movie Showtimes</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/468642/ref=gw_br_cvg/103-3111065-2579065">Computer &amp;</a><br>&nbsp; &nbsp;<a href="/exec/obidos/tg/browse/-/468642/ref=gw_br_cvg/103-3111065-2579065">Video Games</a></b></td>
-</tr> <tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/171280/ref=gw_br_tg/103-3111065-2579065">Toys &amp; Games</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/301185/ref=gw_br_wi/103-3111065-2579065">Cell Phones</a><br>&nbsp;&nbsp;&nbsp;<a href="/exec/obidos/tg/browse/-/301185/ref=gw_br_wi/103-3111065-2579065">& Service</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/404272/ref=gw_br_vi/103-3111065-2579065">Video</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/599858/ref=gw_br_zi/103-3111065-2579065">Magazine</a><br>&nbsp; &nbsp;<a href="/exec/obidos/tg/browse/-/599858/ref=gw_br_zi/103-3111065-2579065">Subscriptions</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/286168/ref=gw_br_lp/103-3111065-2579065">Outdoor Living</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/605012/ref=gw_br_tr/103-3111065-2579065">Travel</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/acn-redirect-to-partner/ref=gw_br_cars/103-3111065-2579065?partner-name=carsdirect&partner-url=home%3Fpartner%3Damzn%26customerid%3Dbrowse">Cars</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/229220/ref=gw_br_gi/103-3111065-2579065">Gifts &amp;</a><br>&nbsp; &nbsp;<a href="/exec/obidos/tg/browse/-/229220/ref=gw_br_gi/103-3111065-2579065">Gift Certificates</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="http://s1.amazon.com/exec/varzea/subst/home/home.html/ref=gw_br_au/103-3111065-2579065">Auctions</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="http://s1.amazon.com/exec/varzea/subst/home/fixed.html/ref=gw_br_zs/103-3111065-2579065">zShops</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/517808/ref=gw_br_ou/103-3111065-2579065">Outlet</a></b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<b><a href="/exec/obidos/tg/browse/-/600460/ref=gw_br_cb/103-3111065-2579065">Corporate</a> <br>&nbsp; &nbsp;<a href="/exec/obidos/tg/browse/-/600460/ref=gw_br_cb/103-3111065-2579065">Accounts</a></b></td>
-</tr>
-<tr>
-<td class=small>
-<a href="/exec/obidos/flex-sign-in/ref=pd_fr_gw_fav_edt/103-3111065-2579065?page=personalization/favorites/favorites-sign-in-secure.html&response=favorites-edit/personalization/favorites/edit-areas.html&pass_through=product-group-id.gateway.hp&method=GET">
-<img src="http://g-images.amazon.com/images/G/01/buttons/edit-favorites.gif" width=69 height=15 border=0 valign=top vspace=2></a><br>
-</td>
-</tr>
-<tr>
-<td class=small><b>Browse Partners</b></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<a href="/exec/obidos/tg/browse/-/700060/ref=gw_tarb_/103-3111065-2579065"><img src="http://g-images.amazon.com/images/G/01/target/target-logo-sm.gif" width=71 height=17 border=0 alt=Target></a></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<a href="/exec/obidos/tg/browse/-/171280/ref=gw_trub_/103-3111065-2579065"><img src="http://g-images.amazon.com/images/G/01/toys/navigation/tru-logo.gif" width=117 height=14 border=0 alt=Toysrus.com></a></td>
-</tr>
-<tr>
-<td class=small>&#149;&nbsp;<a href="/exec/obidos/tg/browse/-/540744/ref=gw_brub_/103-3111065-2579065"><img src="http://g-images.amazon.com/images/G/01/toys/navigation/bru-logo.gif" width=136 height=15 border=0 alt=Babiesrus.com></a></td>
-</tr>
-</table>
-</TD> </TR> </TABLE> </TD> </TR> </TABLE> </TD>
-</TR>
-</TABLE> <br>
-<TABLE border=0 width=171 cellpadding=1 cellspacing=0 bgcolor=#708090 ><TR> <TD width=100%><TABLE width=100% border=0 cellpadding=4 cellspacing=0 bgcolor=#708090><TR> <TD bgcolor=#ffffff valign=top width=100%>
-<font face=verdana,arial,helvetica color=#000000 size=-1><b>Special Features</b></font><br>
-<font face=verdana,arial,helvetica size=-1>
-<ul><li> <A href="/exec/obidos/subst/alerts/signup.html/ref=gw_hp_ls_1_1/103-3111065-2579065">Alerts</A><li> <A href="/exec/obidos/subst/misc/anywhere/anywhere.html/ref=gw_hp_ls_1_2/103-3111065-2579065">Amazon.com
-Anywhere</A><li> <A href="/exec/obidos/subst/misc/amazon-credit/marketing-page.html/ref=gw_hp_ls_1_3/103-3111065-2579065">Amazon Credit Account</A><li> <A href="/exec/obidos/subst/delivers/delivers-signup-combo.html/ref=gw_hp_ls_1_4/103-3111065-2579065">Delivers</A><li><A href="/exec/obidos/tg/browse/-/225840/ref=gw_hp_ls_1_5/103-3111065-2579065">Free e-Cards</A><li><A href="/exec/obidos/subst/community/community-home.html/ref=gw_hp_ls_1_6/103-3111065-2579065">Friends &amp; Favorites</A><li> <A href="/exec/obidos/subst/gifts/gift-services/gift-certificates.html/ref=gw_hp_ls_1_7/103-3111065-2579065">Gift
-Certificates</A><li> <A href="http://auctions.amazon.com/exec/varzea/subst/fx/home.html/ref=gw_hp_ls_1_8/103-3111065-2579065">Honor
-System</A><li> <A href="/exec/obidos/subst/community/community.html/ref=gw_hp_ls_1_9/103-3111065-2579065">Purchase
-Circles</A><li>
-<A href="/exec/obidos/tg/browse/-/885446/ref=gw_hp_ls_1_10/103-3111065-2579065">Wedding
-Registry</A></ul>
-</font>
-</TD> </TR> </TABLE> </TD> </TR> </TABLE> <br>
-<TABLE border=0 width=171 cellpadding=1 cellspacing=0 bgcolor=#708090 ><TR> <TD width=100%><TABLE width=100% border=0 cellpadding=4 cellspacing=0 bgcolor=#708090><TR> <TD bgcolor=#ffffff valign=top width=100%>
-<font face=verdana,arial,helvetica color=#000000 size=-1><b>Associates</b></font><br>
-<font face=verdana,arial,helvetica size=-1>
-Sell books, music, videos, and more from your
-Web site. <A href="/exec/obidos/subst/associates/join/associates.html/ref=gw_hp_ls_2_1/103-3111065-2579065">Start earning
-today</A>!<BR>
-</font>
-</TD> </TR> </TABLE> </TD> </TR> </TABLE> <br>
-<p>
-<br clear=all>
-</td>
-<td>&nbsp;</td>
-<td>
-<center>
-</center>
-<br clear=all><p>
-<A href="http://www.amazon.com/exec/obidos/ilm-redirect/103-3111065-2579065?append-uid=no&path=http://www.amazon.com/exec/obidos/tg/browse/-/283155/ref=ilm_rc_285799/103-3111065-2579065&message=285799,m1,27">
-<center><img src="http://g-images.amazon.com/images/G/01/books/homepage-pricing/books-home-pricing-iii.gif" width=257 height=99 border=0></center>
-</A>
-<br clear=all><br>
-<A href="http://www.amazon.com/exec/obidos/ilm-redirect/103-3111065-2579065?append-uid=no&path=http://www.amazon.com/exec/obidos/tg/browse/-/753570/ref=ilm_rc_283024/103-3111065-2579065&message=283024,gw_lr_dvd_lor,28"><img src="http://g-images.amazon.com/images/G/01/icons/thumbnails/b00003cwt6_thumb.gif" width=41 height=60 border=0 valign=top align=left></A>
-Pre-order the Oscar&#174;-winning blockbuster <A href="http://www.amazon.com/exec/obidos/ilm-redirect/103-3111065-2579065?append-uid=no&path=http://www.amazon.com/exec/obidos/tg/browse/-/753570/ref=ilm_rc_283024/103-3111065-2579065&message=283024,gw_lr_dvd_lor,28"><I>The Lord of the Rings: The Fellowship of the Ring</I></A>, arriving on <A href="http://www.amazon.com/exec/obidos/ilm-redirect/103-3111065-2579065?append-uid=no&path=http://www.amazon.com/exec/obidos/ASIN/B00003CWT6/ref=ilm_rc_283024/103-3111065-2579065&message=283024,gw_lr_dvd_lor,28">DVD</A> and <A href="http://www.amazon.com/exec/obidos/ilm-redirect/103-3111065-2579065?append-uid=no&path=http://www.amazon.com/exec/obidos/ASIN/B000065U6Q/ref=ilm_rc_283024/103-3111065-2579065&message=283024,gw_lr_dvd_lor,28">video</A> August 6.
-<br clear=all><br>
-<b class=small><A href="/exec/obidos/tg/browse/-/229220/ref=gw_hp_cs_1_1/103-3111065-2579065">In Gifts</A></b><br>
-<A href="/exec/obidos/tg/browse/-/229220/ref=gw_hp_cs_2_1/103-3111065-2579065"><img src="http://g-images.amazon.com/images/G/01/marketing/mothers_day/md_sd_roto.jpg" width=100 height=95 border=0 align=left hspace=4></A>
-<b><font face=verdana,arial,helvetica color=#CC6600>Mother's Day Is May 12</font></b><br>
-We've made it fun and easy to buy the perfect
-present for Mom. Shop by <A href="/exec/obidos/tg/stores/recs/gift-wizard-refine/-/holiday/ref=gw_hp_cs_2_2/103-3111065-2579065">recipient</A>
-or <A href="/exec/obidos/tg/stores/recs/gift-wizard/-/price/ref=gw_hp_cs_2_3/103-3111065-2579065">price</A>,
-browse <A href="/exec/obidos/tg/stores/recs/gift-wizard/-/topsellers/ref=gw_hp_cs_2_4/103-3111065-2579065">top
-sellers</A>, or order <A href="http://www.amazon.com/exec/obidos/redirect-to-external-url/103-3111065-2579065?path=http%3A//www.proflowers.com/freechocolate/freechocolate.cfm%3FREF%3DFCHAmazonGatewayExp042702">flowers</A>.
-Visit <A href="/exec/obidos/tg/browse/-/229220/ref=gw_hp_cs_2_5/103-3111065-2579065">Gifts</A> for
-these and more great ideas for expressing your love and
-appreciation.<BR>
-&nbsp;<br clear=left>
-<br clear=all>
-<a href=/exec/obidos/instant-recs/recs/instant-recs-home.html/ref=pd_gw_qpt_h/103-3111065-2579065><b class=small>Your Recommendations</b></a>
-<br> <b class=h1>
-<i>War in Heaven</i>
-</b>
-</b><br>
-<a href=/exec/obidos/ASIN/0802812198/ref=pd_gw_qpt_1/103-3111065-2579065><img src="http://images.amazon.com/images/P/0802812198.01.__PE20_PIm.arrow,TopLeft,-2,-19_SCTZZZZZZZ_.jpg" width=76 height=116 vspace=3 hspace=7 align=left border=0></a>
-<b>Amazon.com</b><br>
-"The telephone was ringing wildly," begins Charles Williams's novel <I>War in Heaven</I>, "but without result, since there was no-one in the room but the corpse." From this abrupt--and darkly humorous--start, Williams takes us on a 20th-century version of the Grail quest, with an Archdeacon, a Duke, and an...
-<a href=/exec/obidos/ASIN/0802812198/ref=pd_gw_qpt_1/103-3111065-2579065>
-<font size=-1>Read more</font></a>
-<span class=tiny>
-&#124;
-&#040;<a href=/exec/obidos/tg/recs/ir-why/-/books/0/regular/none/0802812198/gw/1/pc/3/none/ref=pd_gw_qpt_1/103-3111065-2579065>Why was I recommended this?</a>&#041;
-</span>
-<br clear=all>
-<br><b class=small>More Recommendations</b><br>
-<img src="http://g-images.amazon.com/images/G/01/icons/small-blue-books-icon.gif" width=18 height=18 border=0 alt=Icon >
-<a href=/exec/obidos/ASIN/0471070408/ref=pd_gw_qpt_2/103-3111065-2579065><i>Reliable Linux</i></a> by Iain Campbell
-<span class=tiny>
-&#040;<a href=/exec/obidos/tg/recs/ir-why/-/books/0/regular/none/0471070408/gw/1/pc/3/none/ref=pd_gw_qpt_2/103-3111065-2579065>Why?</a>&#041;
-</span>
-<br>
-<img src="http://g-images.amazon.com/images/G/01/icons/small-blue-books-icon.gif" width=18 height=18 border=0 alt=Icon >
-<a href=/exec/obidos/ASIN/1565926102/ref=pd_gw_qpt_3/103-3111065-2579065><i>Programming PHP</i></a> by Rasmus Lerdorf, et al
-<span class=tiny>
-&#040;<a href=/exec/obidos/tg/recs/ir-why/-/books/0/regular/none/1565926102/gw/1/pc/3/none/ref=pd_gw_qpt_3/103-3111065-2579065>Why?</a>&#041;
-</span>
-<br>
-<img src="http://g-images.amazon.com/images/G/01/icons/small-blue-books-icon.gif" width=18 height=18 border=0 alt=Icon >
-<a href=/exec/obidos/ASIN/0802812201/ref=pd_gw_qpt_4/103-3111065-2579065><i>Descent into Hell</i></a> by Charles W. Williams
-<span class=tiny>
-&#040;<a href=/exec/obidos/tg/recs/ir-why/-/books/0/regular/none/0802812201/gw/1/pc/3/none/ref=pd_gw_qpt_4/103-3111065-2579065>Why?</a>&#041;
-</span>
-<br>
-<img src="http://g-images.amazon.com/images/G/01/icons/small-blue-books-icon.gif" width=18 height=18 border=0 alt=Icon >
-<a href=/exec/obidos/ASIN/059600186X/ref=pd_gw_qpt_5/103-3111065-2579065><i>Network Troubleshooting Tools (O'Reilly System Administration)</i></a> by Joseph D. Sloan
-<span class=tiny>
-&#040;<a href=/exec/obidos/tg/recs/ir-why/-/books/0/regular/none/059600186X/gw/1/pc/3/none/ref=pd_gw_qpt_5/103-3111065-2579065>Why?</a>&#041;
-</span>
-<br>
-<p>
-<font face=verdana,arial,helvetica size=-1><a href=/exec/obidos/tg/stores/your/favorites/-/music/ref=pd_fr_gw_nr_h/103-3111065-2579065><b>Your Music Store</b></a></font><br>
-<font face=verdana,arial,helvetica color=#CC6600><b>
-Isaac Freeman, et al&#44;
-<i>Beautiful Stars</i>
-</b></font>
-<br>
-<a href=/exec/obidos/ASIN/B000063TQV/ref=pd_fr_qw_nr_1/103-3111065-2579065><img src="http://images.amazon.com/images/P/B000063TQV.01.26TLZZZZ.jpg" width=73 height=71 vspace=3 hspace=7 align=left border=0></a>
-Great African American gospel music has an indisputable power, rooted in the audible faith of its performers and the beauty of their voices. As the bass singer of the <a href="/exec/obidos/tg/stores/artist/glance/-/73920/103-3111065-2579065">Fairfield Four</a>, an a cappella group that started more than a half century ago,...
-<a href=/exec/obidos/ASIN/B000063TQV/ref=pd_fr_qw_nr_1/103-3111065-2579065><font size=-1>Read more</font></a>
-<br>
-<br clear=left>
-<br>
-<table border=0 cellpadding=2 cellspacing=0><tr><td colspan=2>
-<p><b class="small">More Stores:</b>
-</td></tr>
-<tr valign=top><td width=1%><a href=/exec/obidos/tg/stores/your/favorites/-/electronics/ref=pd_fr_qw_nr_2/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/small-blue-electronics-icon.gif" width=18 height=18 alt=Icon border=0 align=absmiddle></a></td><td><b class="small"><a href=/exec/obidos/tg/stores/your/favorites/-/electronics/ref=pd_fr_gw_nr_2_p/103-3111065-2579065>Your Electronics Store</a>:</b> <a href=/exec/obidos/ASIN/B000063574/ref=pd_fr_gw_nr_2/103-3111065-2579065>iRiver SlimX iMP-350 CD/MP3 Player with 8 minutes ASP and Upgradeable Firmware</a>
-by iRiver
-</td></tr>
-<tr valign=top><td width=1%><a href=/exec/obidos/tg/stores/your/favorites/-/video/ref=pd_fr_qw_nr_3/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/small-blue-video-icon.gif" width=18 height=18 alt=Icon border=0 align=absmiddle></a></td><td><b class="small"><a href=/exec/obidos/tg/stores/your/favorites/-/video/ref=pd_fr_gw_nr_3_p/103-3111065-2579065>Your Video Store</a>:</b> <a href=/exec/obidos/ASIN/B000062XNA/ref=pd_fr_gw_nr_3/103-3111065-2579065><i>Ocean's Eleven</i></a>
-<b>VHS</b> ~ George Clooney
-</td></tr>
-</table>
-<p>
-<b><font face=verdana,arial,helvetica color=#CC6600>Listmania!</font></b><br>
-<font face=verdana,arial,helvetica size=-2>
-(<a href=/exec/obidos/tg/browse/-/542566/103-3111065-2579065>What is this?</a>)
-</font><br>
-<table width=100% border=0 cellpadding=5 cellspacing=0>
-<tr valign=top>
-<td width=50% class=small>
-<a href=/exec/obidos/tg/listmania/list-browse/-/2RKS17C9X4D3F/ref=pd_gw_lmq_1/103-3111065-2579065><img src="http://images.amazon.com/images/P/0072127732.01.__PIm.arrow,TopLeft,-2,-19_SCTZZZZZZZ_.jpg" width=76 height=109 border=0 vspace=4 hspace=5></a>
-<p>
-<font face=verdana,arial,helvetica size=-1>
-<a href=/exec/obidos/tg/listmania/list-browse/-/2RKS17C9X4D3F/ref=pd_gw_lmq_1/103-3111065-2579065><b>Best Linux Security books</b></a>:&nbsp;A list by <a href=/exec/obidos/tg/cm/member-fil/-/A3362WVVMJ3LE9/ref=pd_gw_lmq_n1/103-3111065-2579065>J. Parker</a>, Administrator, hacker.<br>
-(7 item list)</font>
-</td>
-<td width=50% class=small>
-<a href=/exec/obidos/tg/listmania/list-browse/-/2B0DIAPG2D3RT/ref=pd_gw_lmq_2/103-3111065-2579065><img src="http://images.amazon.com/images/P/0070419531.01.__PIm.arrow,TopLeft,-2,-19_SCTZZZZZZZ_.jpg" width=76 height=109 border=0 vspace=4 hspace=5></a>
-<p>
-<font face=verdana,arial,helvetica size=-1>
-<a href=/exec/obidos/tg/listmania/list-browse/-/2B0DIAPG2D3RT/ref=pd_gw_lmq_2/103-3111065-2579065><b>Networking</b></a>:&nbsp;A list by <a href=/exec/obidos/tg/cm/member-fil/-/AJINE650CAMUQ/ref=pd_gw_lmq_n2/103-3111065-2579065>gakis</a>, Engineer<br>
-(13 item list)</font>
-</td>
-</tr>
-<tr>
-<td colspan=2 class=small><ul>
-<li><a href=/exec/obidos/tg/listmania/list-browse/-/IEF1DNVKZO8B/ref=pd_gw_lmq_3/103-3111065-2579065>My Coder Library</a>:&nbsp;A list by <a href=/exec/obidos/tg/cm/member-fil/-/A3RK9LZQKL2YIN/ref=pd_gw_lmq_n3/103-3111065-2579065>John Washam</a><br> <li><a href=/exec/obidos/tg/listmania/list-browse/-/LE6A7H4L7VZK/ref=pd_gw_lmq_4/103-3111065-2579065>ALL THE FANTASY YOU'LL EVER NE</a>:&nbsp;A list by <a href=/exec/obidos/tg/cm/member-fil/-/A3628L43ZVEMP5/ref=pd_gw_lmq_n4/103-3111065-2579065>aramis</a><br> <li><a href=/exec/obidos/tg/listmania/list-browse/-/1MD5H6RUOIMIU/ref=pd_gw_lmq_5/103-3111065-2579065>Mythopoeic Fantasy</a>:&nbsp;A list by <a href=/exec/obidos/tg/cm/member-fil/-/A7CSNW9E46NR5/ref=pd_gw_lmq_n5/103-3111065-2579065>Vera Nazarian</a><br> </ul></td></tr></table>
-<p>
-<b class=small><A href="/exec/obidos/tg/browse/-/605012/ref=gw_hp_cb_1_1/103-3111065-2579065">In Travel</A></b><br>
-<A href="/exec/obidos/tg/browse/-/605012/ref=gw_hp_cb_2_1/103-3111065-2579065"><img src="http://g-images.amazon.com/images/G/01/travel/promotions/travel-gateway1.gif" width=100 height=95 border=0 align=left hspace=4></A>
-<b><font face=verdana,arial,helvetica color=#CC6600>Your Next Vacation Starts
-Here</font></b><br>
-Save up to 70% on hotels from Vegas to New York
-and everywhere in between on <A href="/exec/obidos/acn-redirect-to-partner/103-3111065-2579065?partner-name=expedia&partner-url=pubspec/scripts/eap.asp%3FEAPID%3D11420-1%26GOTO%3DDAILY%26Page%3D/deals/hoteldeals.asp%3Frfrr%3D-2980">Expedia.com</A>.
-Book a flight during Hotwire's <A href="/exec/obidos/acn-redirect-to-partner/103-3111065-2579065?partner-name=hotwire&partner-url=index.jsp%3Fsid%3D39151%26bid%3DB627">major-airline Spring Sale</A> through May 2 and fly the
-big-name airlines at no-name airline prices. <A href="/exec/obidos/acn-redirect-to-partner/103-3111065-2579065?partner-name=thevacationstore&partner-url=cruises/show_cruise.asp%3Fd%3D%26i%3D743065%26c%3D24%26v%3D110">The
-Vacation Store</A> is offering seven-day Holland America
-Caribbean cruises from just $599. <BR>
-&nbsp;<br clear=left>
-<td width=174>
-<table width=100% cellpadding=3 cellspacing=0 border=0>
-<tr>
-<td>
-<a href=/exec/obidos/subst/xs/hotpicks.html/ref=xs_ie_13_gw/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/marketing/cross-shop/web-labs/lp_gate_roto_t._ZCStuart%5c,,3,5,300,300,verdenab,14,204,0,0_SCLZZZZZZZ_.gif" width=174 height=34 border=0></a><br>
-<a href=/exec/obidos/subst/xs/hotpicks.html/ref=xs_ie_13_gw/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/marketing/cross-shop/web-labs/lp_gate_roto_m.gif" width=174 height=200 border=0></a><br>
-<a href=/exec/obidos/subst/xs/hotpicks.html/ref=xs_ie_13_gw/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/marketing/cross-shop/web-labs/lp_gate_roto_b.gif" width=174 height=231 border=0></a><br>
-<a href=/exec/obidos/tg/new-for-you/new-for-you/-/main/ref=pd_nfy_gw_n/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/banners/n4u/n4u-header-recognized-01.gif" width=174 height=41 hspace=0 vspace=0 align=right border=0 alt="New For You"></a><br clear=all>
-<table border=0 bgcolor=#708090 cellpadding=1 cellspacing=0 width=174 align=right valign=top vspace=0 hspace=0><tr><td>
-<table border=0 cellpadding=3 cellspacing=0 width=100% bgcolor=#ffffff>
-<tr><td bgcolor=#ffffff align=middle>
-<span class=small><font color=#CC6600><b>Stuart,</b></font> check out what's<b> <a href=/exec/obidos/tg/new-for-you/new-for-you/-/main/ref=pd_nfy_gw_n/103-3111065-2579065>New for You</a></b>:<br></span>
-</td></tr>
-<tr><td bgcolor=#ffffff align=middle>
-<span class=tiny>(If you're not Stuart D. Gathman, <a href=/exec/obidos/flex-sign-in/ref=pd_nfy_gw_n/103-3111065-2579065?opt=o&page=misc/login/flex-sign-in-secure.html&response=tg/new-for-you/new-for-you/-/main>click here</a>.)</span>
-<br><br>
-</td></tr>
-<tr bgcolor=#eeeecc><td>
-<a href=/exec/obidos/tg/new-for-you/inbox/inbox/-/main/ref=pd_nfy_gw_ibx/103-3111065-2579065><b class=small>Your Message Center</b></a>
-</td></tr>
-<tr bgcolor=#ffffee><td>
-<table><tr bgcolor=#ffffee>
-<td valign=top><a href=/exec/obidos/tg/new-for-you/inbox/inbox/-/main/ref=pd_nfy_gw_ibx/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/exclamation-clear.gif" width=20 height=20 border=0 alt=!></a></td>
-<td class=small> You have <a href=/exec/obidos/tg/new-for-you/inbox/inbox/-/main/ref=pd_nfy_gw_ibx/103-3111065-2579065>5 new messages</a>.
-<br><br>
-</td>
-</tr></table>
-</td></tr>
-<tr bgcolor=#eeeecc><td>
-<font face=verdana,arial,helvetica size=-1><a href=/exec/obidos/shopping-basket/ref=pd_nfy_gw_sc/103-3111065-2579065><b>Your Shopping Cart</b></a></font>
-</td></tr>
-<tr><td>
-<table><tr>
-<td valign=top><a href=/exec/obidos/shopping-basket/ref=pd_nfy_gw_sc/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/shopping-cart-small.gif" width=25 height=25 border=0 alt="Shopping Cart" align=left></a></td>
-<td valign=top><font face=verdana,arial,helvetica size=-1>You have 0 items in <a href=/exec/obidos/shopping-basket/ref=pd_nfy_gw_sc/103-3111065-2579065>your Shopping Cart</a>.</font><br><br></td>
-</tr></table>
-</td></tr></table>
-<table border=0 cellpadding=3 cellspacing=0 width=100% bgcolor=#ffffff vspace=0>
-<tr bgcolor=#eeeecc><td class=small>
-<a href=/exec/obidos/tg/new-for-you/new-releases/-/main/ref=pd_nfy_gw_n/103-3111065-2579065><b>Your New Releases</b></a>
-</td></tr></table>
-<table border=0 cellpadding=3 cellspacing=0 width=100% bgcolor=#ffffff vspace=0>
-<tr valign=top><td>
-<a href=/exec/obidos/tg/new-for-you/new-releases/-/music/37/ref=pd_nfy_gw_n1/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/small-blue-music-icon.gif" width=18 height=18 border=0 alt=Icon ></a></td><td>
-<a href=/exec/obidos/tg/new-for-you/new-releases/-/music/37/ref=pd_nfy_gw_n1/103-3111065-2579065><font face=verdana,arial,helvetica size=-1>Pop</font></a>
-</td></tr>
-<tr valign=top><td>
-<a href=/exec/obidos/tg/new-for-you/new-releases/-/music/173429/ref=pd_nfy_gw_n2/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/small-blue-music-icon.gif" width=18 height=18 border=0 alt=Icon ></a></td><td>
-<a href=/exec/obidos/tg/new-for-you/new-releases/-/music/173429/ref=pd_nfy_gw_n2/103-3111065-2579065><font face=verdana,arial,helvetica size=-1>Christian & Gospel</font></a>
-</td></tr>
-<tr valign=top><td>
-<a href=/exec/obidos/tg/new-for-you/new-releases/-/books/5/ref=pd_nfy_gw_n3/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/small-blue-books-icon.gif" width=18 height=18 border=0 alt=Icon ></a></td><td>
-<a href=/exec/obidos/tg/new-for-you/new-releases/-/books/5/ref=pd_nfy_gw_n3/103-3111065-2579065><font face=verdana,arial,helvetica size=-1>Computers & Internet</font></a>
-</td></tr>
-<tr valign=top><td>
-<a href=/exec/obidos/tg/new-for-you/new-releases/-/kitchen/289814/ref=pd_nfy_gw_n4/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/icon-kitchen-blue.gif" width=18 height=18 border=0 alt=Icon ></a></td><td>
-<a href=/exec/obidos/tg/new-for-you/new-releases/-/kitchen/289814/ref=pd_nfy_gw_n4/103-3111065-2579065><font face=verdana,arial,helvetica size=-1>Cookware</font></a>
-</td></tr>
-<tr valign=top><td>
-<a href=/exec/obidos/tg/new-for-you/new-releases/-/video/141/ref=pd_nfy_gw_n5/103-3111065-2579065><img src="http://g-images.amazon.com/images/G/01/icons/small-blue-vhs-icon.gif" width=18 height=18 border=0 alt=Icon ></a></td><td>
-<a href=/exec/obidos/tg/new-for-you/new-releases/-/video/141/ref=pd_nfy_gw_n5/103-3111065-2579065><font face=verdana,arial,helvetica size=-1>Action & Adventure</font></a>
-</td></tr>
-</td></tr>
-<tr><td colspan=2 align=left> <img src="http://g-images.amazon.com/images/G/01/icons/orange-arrow.gif" width=10 height=9 border=0> <a href=/exec/obidos/tg/new-for-you/new-releases/-/main/ref=pd_nfy_gw_n/103-3111065-2579065><font face=verdana,arial,helvetica size=-1><b>More New Releases</b></font></a><p>
-</td></tr></table>
-<table border=0 cellpadding=3 cellspacing=0 width=100% bgcolor=#ffffff>
-<tr bgcolor=#eeeecc><td class=small>
-<a href=/exec/obidos/tg/new-for-you/movers-and-shakers/-/books/ref=pd_gw_msgr/103-3111065-2579065><b>Movers &amp; Shakers</b></a>
-</td></tr></table>
-<table border=0 cellpadding=2 cellspacing=0 width=100% bgcolor=#ffffff vspace=0>
-<tr><td valign=top align=center>
-<img src="http://g-images.amazon.com/images/G/01/icons/uparrow_green2.gif" width=13 height=11 alt="Up">
-</td>
-<td valign=top>
-<font color=#339900 face=verdana,arial,helvetica size=-1><b>974%</b></font> </td></tr>
-<tr><td valign=top align=left>
-<img src="http://g-images.amazon.com/images/G/01/icons/small-blue-dvd-icon.gif" width=18 height=18 border=0 alt=Icon >
-</td>
-<td valign=top>
-<font face=verdana,arial,helvetica size=-1><a href=/exec/obidos/tg/new-for-you/movers-and-shakers/-/dvd/ref=pd_gw_msd2/103-3111065-2579065>Dorothy L. Sayers Mysteries (Strong Poison / Have His Carcass / Gaudy Night)</a>
-<font face=verdana,arial,helvetica size=-1>
-<b>DVD</b>
-<br>~ Dorothy L. Sayers
-</font>
-</font>
-</td></tr>
-<tr><td valign=top align=center>
-<img src="http://g-images.amazon.com/images/G/01/icons/uparrow_green2.gif" width=13 height=11 alt="Up">
-</td>
-<td valign=top>
-<font color=#339900 face=verdana,arial,helvetica size=-1><b>2,415%</b></font> </td></tr>
-<tr><td valign=top align=left>
-<img src="http://g-images.amazon.com/images/G/01/icons/small-blue-books-icon.gif" width=18 height=18 border=0 alt=Icon >
-</td>
-<td valign=top>
-<font face=verdana,arial,helvetica size=-1><a href=/exec/obidos/tg/new-for-you/movers-and-shakers/-/books/ref=pd_gw_msb2/103-3111065-2579065>Artemis Fowl</a>
-<br><font face=verdana,arial,helvetica size=-1>by Eoin Colfer</font>
-</font>
-</td></tr>
-<tr><td colspan=2>
-<img src="http://g-images.amazon.com/images/G/01/icons/orange-arrow.gif" width=10 height=9 border=0> <font face=verdana,arial,helvetica size=-1><b><a href=/exec/obidos/tg/new-for-you/movers-and-shakers/-/books/ref=pd_gw_msgr/103-3111065-2579065>More Movers & Shakers</a></b>
-<br>
-</td></tr></table>
-</td></tr></table>
-</td></tr></table>
-</td></tr></table>
-<br clear="all">
-<center>
-<form method="post" action="/exec/obidos/search-handle-form/103-3111065-2579065">
-<table border=0 width=100% cellpadding=1 cellspacing=0 bgcolor=#999999>
-<tr><td>
-<table border=0 width=100% bgcolor=#ffffff cellspacing=0 cellpadding=5 class="small">
-<tr valign=top><td width=33% class="small">
-<b>Where's My Stuff?</b><br>
-&#149; Track your <a href="/exec/obidos/flex-sign-in/ref=hy_f_1/103-3111065-2579065?opt=ab&page=help/ya-sign-in-secure.html&response=order-history-filtered&method=POST&ss-order-filter=wheres-my-stuff&return-url=order-history-filtered">recent orders</a>.<br>
-&#149; View or change your orders in <a href="/exec/obidos/account-access-login/ref=hy_f_2/103-3111065-2579065">Your Account</a>.
-<script language="JavaScript1.1" type="text/javascript">
-<!--
-var agt=navigator.userAgent.toLowerCase();
-var is_major = parseInt(navigator.appVersion);
-var is_nav = ((agt.indexOf('mozilla')!=-1) && (agt.indexOf('spoofer')==-1)
-&& (agt.indexOf('compatible') == -1) && (agt.indexOf('opera')==-1)
-&& (agt.indexOf('webtv')==-1) && (agt.indexOf('hotjava')==-1));
-var is_gecko = (agt.indexOf('gecko') != -1);
-var is_ie = ((agt.indexOf("msie") != -1) && (agt.indexOf("opera") == -1));
-var is_aol = (agt.indexOf("aol") != -1);
-var is_opera = (agt.indexOf("opera") != -1);
-var is_win = ( (agt.indexOf("win")!=-1) || (agt.indexOf("16bit")!=-1) );
-//-->
-</script>
-<script language="JavaScript1.1" type="text/javascript">
-<!--
-var OpenedWin;
-function openWin (URL, width, height) {
-OpenedWin = window.open(URL, "demo_window", "width="+width+",height="+height+",status=no,menubar=no,location=no,toolbar=no,directories=no,scrollbars=no");
-if (! is_aol) {
-var NewX = (screen.availWidth/2)-(width/2);
-var NewY = (screen.availHeight/2)-(height/2);
-OpenedWin.moveTo(NewX, NewY);
-NewX = null;
-NewY = null;
-}
-}
-function launch (URL, width, height) {
-if (!URL || !width || !height) {
-alert("Error");
-} else if (width>screen.availWidth || height>screen.availHeight) {
-var message;
-message = "Your screen resolution is too low to display the demo.\nClick 'OK' if you wish to continue anyway.\n";
-message += '\n Your screen resolution: '+screen.width+' x '+screen.height;
-message += ' | Viewable: '+screen.availWidth+' x '+screen.availHeight;
-message += '\n Required: '+width+' x '+height;
-if (confirm(message)) {
-message = "If you can not find the close buttons, use your keyboard:\n";
-message += 'Windows: ALT+F4\n';
-message += 'Macintosh: CONTROL+W';
-alert(message);
-openWin(URL, width, height);
-}
-} else {
-openWin(URL, width, height);
-}
-}
-function displayLink(text){
-if ( is_major >= 4 && is_win && ( is_nav || is_ie || is_opera || is_gecko ) ) {
-document.write(text);
-};
-}
-//-->
-</script>
-<script language="JavaScript1.1" type="text/javascript">
-<!--
-displayLink('<br>&#149; See our <b><a href=javascript:launch(\'/exec/obidos/subst/help/demo-wms/display-demo.html/ref=hy_f_demo/103-3111065-2579065\',788,444)>animated demo</a></b>!');
-//-->
-</script>
-</td>
-<td width=33% class="small">
-<b>Shipping &amp; Returns</b><br>
-&#149; See our <a href="/exec/obidos/tg/browse/-/468520/ref=hy_f_3/103-3111065-2579065">shipping rates &amp; policies</a>.<br>
-&#149; <a href="/exec/obidos/subst/help/self-service-returns.html/ref=hy_f_4/103-3111065-2579065">Return</a> an item (here's our <a href="/exec/obidos/tg/browse/-/468532/103-3111065-2579065">Returns Policy</a>).
-</td>
-<td width=33% class="small">
-<b>Need Help?</b><br>
-&#149; Forgot your password? <a href="/exec/obidos/self-service-forgot-password-get-email/ref=hy_f_6/103-3111065-2579065">Click here</a>.
-<br>
-&#149; <a href="/exec/obidos/subst/gifts/gift-certificates/gc-redeeming.html/ref=hy_f_7/103-3111065-2579065">Redeem</a> or <a href="/exec/obidos/subst/gifts/gift-services/gift-certificates.html/ref=hy_f_8/103-3111065-2579065">buy</a> a gift certificate.<br>
-&#149; <a href="/exec/obidos/tg/browse/-/508510/ref=hy_f_9/103-3111065-2579065">Visit our Help department</a>. <br>
-</td></tr>
-</table>
-</td></tr>
-<tr><td>
-<table border=0 width=100% bgcolor=#FFCC66 cellspacing=0 cellpadding=5>
-<tr><td align=center class="small">
-<b>Search&nbsp;</b>
-<select name=index>
-<option value=blended selected>All Products
-<option value=books>Books
-<option value=music>Popular Music
-<option value=music-dd>Music Downloads
-<option value=classical>Classical Music
-<option value="dvd">DVD
-<option value="vhs">VHS
-<option value=theatrical>Movie Showtimes
-<option value=toys>Toys
-<option value=baby>Baby
-<option value=pc-hardware>Computers
-<option value=videogames>Video Games
-<option value=electronics>Electronics
-<option value=photo>Camera &amp; Photo
-<option value=software>Software
-<option value=tools>Tools &amp; Hardware
-<option value=magazines>Magazines
-<option value=garden>Outdoor Living
-<option value=kitchen>Kitchen
-<option value=travel>Travel
-<option value=wireless-phones>Cell Phones & Service
-<option value=outlet>Outlet
-<option value=auction-redirect>Auctions
-<option value=fixed-price-redirect>zShops
-</select>
-<b>&nbsp;&nbsp;for&nbsp;&nbsp;</b>
-<input type="text" name="field-keywords" size="15">&nbsp;&nbsp;
-<input type=image name="Go" value="Go!" border=0 alt="Go!" src=http://g-images.amazon.com/images/G/01/v9/search-browse/go-button-gateway.gif width=21 height=21 border=0 align=absmiddle > </td></tr></table>
-</td></tr>
-</table>
-</form>
-<p align=center>
-<b class=h1>Stuart D. Gathman, make </b><font color=#990000><b class=sans>$</b><b class=sans>310.61</b></font><br />
-<b class=sans>Sell <a href="/exec/obidos/flex-sign-in/ref=sdp_bbump_gw/103-3111065-2579065?opt=an&page=misc/login/flex-sign-in-secure.html&response=tg/stores/static/-/used/sell-your-collection/1/">your past purchases</a> at Amazon.com today!</b>
-</p>
-<table width="100%">
-<tr>
-<td width="50%" valign="top" align="left">
-<span class="small"><a href=/exec/obidos/change-style/subst/home/redirect.html/103-3111065-2579065>Text Only</a></span>
-</td>
-<td width="50%" valign="top" align="right" class="small">
-<a href="#top">Top of Page</a>
-</td>
-</tr>
-</table>
-<center>
-<p>
-<a href=/exec/obidos/subst/home/all-stores.html/ref=gw_bt_st/103-3111065-2579065>Directory of All Stores</a><p>
-Our International Sites:
-<a href="/exec/obidos/redirect-to-external-url/ref=gw_bt_uk/103-3111065-2579065?path=http%3A//www.amazon.co.uk/exec/obidos/redirect-home%3Ftag%3Dintl-usgt-ukhome-21%26site%3Damazon">United Kingdom</a>
-&nbsp;&nbsp;|&nbsp;&nbsp;
-<a href="/exec/obidos/redirect-to-external-url/ref=gw_bt_de/103-3111065-2579065?path=http%3A//www.amazon.de/exec/obidos/redirect-home%3Ftag%3Dintl-usgt-dehome-21%26site%3Dhome">Germany</a>
-&nbsp;&nbsp;|&nbsp;&nbsp;
-<a href="/exec/obidos/redirect-to-external-url/ref=gw_bt_jp/103-3111065-2579065?path=http%3A//www.amazon.co.jp/exec/obidos/redirect-home%3Ftag%3Dintl-usgatew-jphome-22%26site%3Damazon">Japan</a>
-&nbsp;&nbsp|&nbsp;&nbsp;
-<a href="/exec/obidos/redirect-to-external-url/ref=gw_bt_fr/103-3111065-2579065?path=http%3A//www.amazon.fr/exec/obidos/redirect-home%3Fsite%3Damazon%26tag%3Dusfr-gatew-footer-21">France</a>
-<p>
-<a href=/exec/obidos/tg/browse/-/508510/ref=gw_bt_he/103-3111065-2579065>Help</a>&nbsp;&nbsp;|&nbsp;&nbsp;
-<a href=/exec/obidos/shopping-basket/ref=gw_bt_sc/103-3111065-2579065>Shopping Cart</a>&nbsp;&nbsp;|&nbsp;&nbsp;
-<a href=/exec/obidos/account-access-login/ref=gw_bt_ya/103-3111065-2579065>Your Account</a>&nbsp;&nbsp;|&nbsp;&nbsp;
-<a href="http://s1.amazon.com/exec/varzea/ts/announcement-list-zshops/slp/ref=gw_bt_si/103-3111065-2579065">Sell Items</a>&nbsp;&nbsp;|&nbsp;&nbsp;
-<a href="/exec/obidos/flex-sign-in/ref=gw_bt_oc/103-3111065-2579065?opt=a&page=ordering/one-click-address-sign-in-secure.html&response=one-click-main&method=GET&return-url=one-click-main">1-Click Settings</a>
-<p>
-<a href=/exec/obidos/subst/misc/company-info.html/ref=gw_bt_aa/103-3111065-2579065>About Amazon.com</a>&nbsp;&nbsp;|&nbsp;&nbsp;
-<a href=/exec/obidos/tg/stores/job-listings/-/generic/home/103-3111065-2579065>Join Our Staff</a>&nbsp;&nbsp;|&nbsp;&nbsp;
-<a href="/exec/obidos/subst/associates/join/associates.html/ref=gw_bt_as/103-3111065-2579065">Join Associates</a>&nbsp;&nbsp;|&nbsp;&nbsp;
-<a href=/exec/obidos/subst/partners/direct/direct-application.html/ref=gw_bt_ad/103-3111065-2579065>Join Advantage</a>&nbsp;&nbsp;|&nbsp;&nbsp;
-<a href="http://s1.amazon.com/exec/varzea/subst/fx/home.html/ref=gw_bt_hs/103-3111065-2579065">Join Honor System</a>
-</center>
-<center>
-<p>
-<div class="tiny" align=center>
-<A HREF="/exec/obidos/subst/misc/policy/conditions-of-use.html/103-3111065-2579065">Conditions of Use</A> | <A HREF="/exec/obidos/tg/browse/-/468496/103-3111065-2579065">Privacy Notice</A> &copy; 1996-2002, Amazon.com, Inc. or its affiliates
-</div>
-</center>
-<!-- whfhYn47qD1fv3PW2R8XWAkFcMwteHFKxorD -->
-</body>
-</html>
-
---------------59A46341C90BA737DD47867B--
-

test/pysrs.cfg

@@ -0,0 +1,32 @@
+# sample SRS configuration
+[srs]
+;secret="shhhh!"
+;maxage=21
+;hashlength=5
+# if defined, SRS uses a database for opaque rewriting
+;database=/var/log/milter/srsdata
+# sign these domains using SES to prevent forged bounces instead of SRS
+;ses = localdomain1.com, localdomain2.org
+# sign these domains using SRS in signing mode to prevent forged bounces 
+;sign = localdomain1.com, localdomain2.org
+# rewrite all other domains to this domain using SRS
+;fwdomain = mydomain.com
+# additional domains to decode (reverse) srs 
+# NOTE: bms.py in milter package can also do this, as can pysrs.m4 HACK.
+;srs = otherdomain.com
+# do not rewrite mail to these domains
+;nosrs = braindeadmail.com
+# Treat these localparts as a DSN.  Lot's of braindead systems 
+# send non-DSN mail to MAIL FROM.
+;banned_users = mailer-daemon, clamav, postmaster
+
+[srsmilter]
+;datadir=/var/lib/milter
+socketname = /var/run/milter/srsmilter
+miltername = pysrsfilter
+# reject DSNs to unsigned recipients (bounce spam)
+reject_spoofed = true
+;trusted_relay = 1.2.3.4
+internal_connect = 192.168.*.*,127.0.0.1,::1
+# Enable outgoing SRS via CHGFROM (see code for limitations)
+miltersrs = false

test/utf8

@@ -0,0 +1,6 @@
+From the-concourse-on-high Sat Feb  2 13:01:43 2019
+Date: Sat, 02 Feb 2019 19:48:56 +0100
+To: stuart@[IPv6:fcd9:7f8a:e050:4b48:7fd6:7fa:5509:6e26]
+Subject: 来自qq.com的退信
+
+Does you receive this email?

test/virus1

@@ -1,72 +0,0 @@
-Received: from www.bmsi.com (bmsweb.bmsi.com [219.109.11.130])
-	by bmsaix.bmsi.com (8.9.1/8.9.1) with ESMTP id FAA42304
-	for <ed@bmsi.com>; Thu, 4 May 2000 05:22:03 -0400
-Received: from camco.celestial.com (root@dagney.celestial.com [192.136.111.7])
-	by www.bmsi.com (8.9.1/8.9.1) with ESMTP id FAA21364
-	for <ed@bmsi.com>; Thu, 4 May 2000 05:22:01 -0400
-Received: (12482 bytes) by camco.celestial.com
-	via sendmail with P:stdio/D:lists/R:inet_hosts/T:smtp
-	(sender: <owner-flexfax@celestial.com> owner: <owner-flexfax-outbound>) 
-	id <m12nHjG-000eNHa@camco.celestial.com>
-	for flexfax-outbound; Thu, 4 May 2000 02:15:30 -0700 (PDT)
-	(Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Apr-13)
-Received: from sgi.com(sgi.SGI.COM[192.48.153.1]) (12116 bytes) by camco.celestial.com
-	via sendmail with P:esmtp/D:aliases/T:pipe
-	(sender: <owner-flexfax@sgi.com> owner: <owner-flexfax>) 
-	id <m12nHh6-000eN7C@camco.celestial.com>
-	for <flexfax@celestial.com>; Thu, 4 May 2000 02:13:16 -0700 (PDT)
-	(Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Apr-13)
-Received: from proxy.internet ([195.184.42.82]) 
-	by sgi.com (980327.SGI.8.8.8-aspam/980304.SGI-aspam:
-       SGI does not authorize the use of its proprietary
-       systems or networks for unsolicited or bulk email
-       from the Internet.) 
-	via ESMTP id CAA02330
-	for <flexfax@sgi.com>; Thu, 4 May 2000 02:13:10 -0700 (PDT)
-	mail_from (orum@ditas.dk)
-Received: from [172.16.96.14] by proxy.daab.dkproxy.internet (NTMail 4.30.0013/NU4152.00.32401f35) with ESMTP id zmlyaaaa for <flexfax@sgi.com>; Thu, 4 May 2000 11:13:09 +0200
-Received: by mars with Internet Mail Service (5.5.2650.21)
-	id <KGM63KG3>; Thu, 4 May 2000 11:11:13 +0100
-Message-ID: <9704D2AA604ED311BF6D0008C79F0A990B57BE@mars>
-From: =?iso-8859-1?Q?Peter_=D8rum?= <orum@ditas.dk>
-To: "'flexfax@sgi.com'" <flexfax@sgi.com>
-Subject: flexfax: ILOVEYOU
-Date: Thu, 4 May 2000 11:11:11 +0100 
-MIME-Version: 1.0
-X-Mailer: Internet Mail Service (5.5.2650.21)
-Content-Type: multipart/mixed;
-	boundary="----_=_NextPart_000_01BFB5B1.13228432"
-Sender: owner-flexfax@celestial.com
-Precedence: bulk
-
-This message is in MIME format. Since your mail reader does not understand
-this format, some or all of this message may not be legible.
-
-------_=_NextPart_000_01BFB5B1.13228432
-Content-Type: text/plain
-
-
-kindly check the attached LOVELETTER coming from me.
-
-
-------_=_NextPart_000_01BFB5B1.13228432
-Content-Type: application/octet-stream;
-	name="LOVE-LETTER-FOR-YOU.TXT.vbs"
-Content-Transfer-Encoding: quoted-printable
-Content-Disposition: attachment;
-	filename="LOVE-LETTER-FOR-YOU.TXT.vbs"
-
-rem  barok -loveletter(vbe) <i hate go to school>
-rem 			by: spyder  /  ispyder@mail.com  /  @GRAMMERSoft Group  /  =
-Manila,Philippines
-On Error Resume Next
-set b=3Dfso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM")
-b.close
-set d=3Dfso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2)
-d.write dt5
-d.write join(lines,vbcrlf)
-d.write vbcrlf
-d.write dt6
-d.close
-end sub
-------_=_NextPart_000_01BFB5B1.13228432--

test/virus13

@@ -1,127 +0,0 @@
-Received: from www.bmsi.com (bmsweb.bmsi.com [219.109.11.130])
-	by bmsaix.bmsi.com (8.12.3/8.12.2) with ESMTP id g41MmROS014480
-	for <stuart@bmsi.com>; Wed, 1 May 2002 18:48:27 -0400
-Received: from bmsred.bmsi.com (bmsred [219.109.11.50])
-	by www.bmsi.com (8.12.1/8.12.1) with ESMTP id g41MmFGR017812
-	for <stuart@bmsi.com>; Wed, 1 May 2002 18:48:15 -0400
-X-Received: from www.bmsi.com (bmsweb.bmsi.com [219.109.11.130])
-	by bmsaix.bmsi.com (8.12.3/8.12.2) with ESMTP id g41M3hOS038584
-	for <ed@bmsi.com>; Wed, 1 May 2002 18:03:43 -0400
-X-Received: from exp.dflinc.com (exppub [12.148.147.210])
-	by www.bmsi.com (8.12.1/8.12.1) with ESMTP id g41M3LGQ017812
-	for <ed@bmsi.com>; Wed, 1 May 2002 18:03:22 -0400
-X-Received: from exp.dflinc.com (exp.dflinc.com [219.109.14.1])
-	by exp.dflinc.com (8.12.1/8.12.1) with ESMTP id g41M3JGT012258
-	for <ed@bmsi.com>; Wed, 1 May 2002 17:03:19 -0500
-X-Received: from dns.intervip.psi.br (dns.intervip.psi.br [200.215.126.2])
-	by exp.dflinc.com (8.12.1/8.12.1) with ESMTP id g3NHlhGS032960
-	for <lorraine@dflinc.com>; Tue, 23 Apr 2002 12:47:44 -0500
-X-Received: from Sncpyf (adsl-fnsbnu-055-k.brt.telesc.net.br [200.180.75.55])
-	by dns.intervip.psi.br (Postfix) with SMTP id 1FAEE24D18
-	for <lorraine@dflinc.com>; Tue, 23 Apr 2002 14:50:41 -0300 (BRT)
-From: enardelli <enardelli@karsten.com.br>
-To: lorraine@dflinc.com
-Subject: A special  powful tool
-MIME-Version: 1.0
-Content-Type: multipart/alternative;
-	boundary=XQ4T5Cj14m5h2vQ69IpO4mCG
-Message-Id: <20020423175041.1FAEE24D18@dns.intervip.psi.br>
-Date: Tue, 23 Apr 2002 14:50:41 -0300 (BRT)
-X-ReSent-Date: Wed, 1 May 2002 17:03:03 -0500 (CDT)
-X-ReSent-From: Gwen Bartelle <gwenb@dflinc.com>
-X-ReSent-To: ed@bmsi.com
-X-ReSent-Subject: A special  powful tool
-X-ReSent-Message-ID: <Pine.A41.4.10.10205011703030.30638@exp.dflinc.com>
-ReSent-Date: Wed, 1 May 2002 18:47:52 -0400 (EDT)
-ReSent-From: Ed Bond <ed@bmsi.com>
-ReSent-To: Stuart Gathman <stuart@bmsi.com>
-ReSent-Subject: A special  powful tool
-ReSent-Message-ID: <Pine.LNX.4.44.0205011847520.17454@bmsred.bmsi.com>
-
---XQ4T5Cj14m5h2vQ69IpO4mCG
-Content-Type: text/html;
-Content-Transfer-Encoding: quoted-printable
-
-<HTML><HEAD></HEAD><BODY>
-<iframe src=3Dcid:Ux7VyFy7bTS9q height=3D0 width=3D0>
-</iframe>
-<FONT>Hi,This is a special  powful tool<br>
-I wish you would enjoy it.</FONT></BODY></HTML>
-
---XQ4T5Cj14m5h2vQ69IpO4mCG
-Content-Type: audio/x-midi;
-	name=hom1;tile=1;ord=3354010700499224[1].scr
-Content-Transfer-Encoding: base64
-Content-ID: <Ux7VyFy7bTS9q>
-
-TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-CMDDePe/RHj3v5IT+r+Pe/e/kHr3v9Fv97/1Gfq/93H3v1Yc+r/3dve/oGj3v8sK+r+sx/e/
-Nyz5v7Hu+b98HD==
---XQ4T5Cj14m5h2vQ69IpO4mCG
---XQ4T5Cj14m5h2vQ69IpO4mCG
-Content-Type: application/octet-stream;
-	name=hom1;tile=1;ord=3354010700499224[1].htm
-Content-Transfer-Encoding: base64
-Content-ID: <Ux7VyFy7bTS9q>
-
-PGh0bWw+PGhlYWQ+PHRpdGxlPkNsaWNrIGhlcmUgdG8gZmluZCBvdXQgbW9yZSE8L3RpdGxl
-PjwvaGVhZD4NCjxib2R5PjxTQ1JJUFQgTEFOR1VBR0U9SmF2YVNjcmlwdD4KPCEtLQp2YXIg
-U2hvY2tNb2RlID0gMDsKaWYgKG5hdmlnYXRvci5taW1lVHlwZXMgJiYgbmF2aWdhdG9yLm1p
-bWVUeXBlc1siYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giXSAmJiBuYXZpZ2F0b3Iu
-bWltZVR5cGVzWyJhcHBsaWNhdGlvbi94LXNob2Nrd2F2ZS1mbGFzaCJdLmVuYWJsZWRQbHVn
-aW4pIHsKaWYgKG5hdmlnYXRvci5wbHVnaW5zICYmIG5hdmlnYXRvci5wbHVnaW5zWyJTaG9j
-a3dhdmUgRmxhc2giXSkKU2hvY2tNb2RlID0gMTsKfQplbHNlIGlmIChuYXZpZ2F0b3IudXNl
-ckFnZW50ICYmIG5hdmlnYXRvci51c2VyQWdlbnQuaW5kZXhPZigiTVNJRSIpPj0wIAomJiAo
-bmF2aWdhdG9yLnVzZXJBZ2VudC5pbmRleE9mKCJXaW5kb3dzIDkiKT49MCB8fCBuYXZpZ2F0
-b3IudXNlckFnZW50LmluZGV4T2YoIldpbmRvd3MgTlQiKT49MCkpIHsKZG9jdW1lbnQud3Jp
-dGUoJzxTQ1JJUFQgTEFOR1VBR0U9VkJTY3JpcHRcPiBcbicpOwpkb2N1bWVudC53cml0ZSgn
-b24gZXJyb3IgcmVzdW1lIG5leHQgXG4nKTsKZG9jdW1lbnQud3JpdGUoJ1Nob2NrTW9kZSA9
-IChJc09iamVjdChDcmVhdGVPYmplY3QoIlNob2Nrd2F2ZUZsYXNoLlNob2Nrd2F2ZUZsYXNo
-LjMiKSkpICcpOwpkb2N1bWVudC53cml0ZSgnPFwvU0NSSVBUXD4gJyk7Cn0KaWYgKCBTaG9j
-a01vZGUgKSB7CmRvY3VtZW50LndyaXRlKCc8T0JKRUNUIGNsYXNzaWQ9ImNsc2lkOkQyN0NE
-QjZFLUFFNkQtMTFjZi05NkI4LTQ0NDU1MzU0MDAwMCInKTsKZG9jdW1lbnQud3JpdGUoJyBj
-b2RlYmFzZT0iaHR0cDovL2FjdGl2ZS5tYWNyb21lZGlhLmNvbS9mbGFzaDIvY2Ficy9zd2Zs
-YXNoLmNhYiN2ZXJzaW9uPTMsMCwwLDAiJyk7CmRvY3VtZW50LndyaXRlKCcgSUQ9YmFubmVy
-IFdJRFRIPTIzMCBIRUlHSFQ9MjIwPicpOwpkb2N1bWVudC53cml0ZSgnIDxQQVJBTSBOQU1F
-PW1vdmllIFZBTFVFPSJodHRwOi8vd3d3LnRlcnJhLmNvbS5ici9hZHMvcG9wXzIzMHgyMjBf
-Z3Z0X3RlbGVmb25lLnN3Zj9jbGlja3RhZz1odHRwOi8vYWQuYnIuZG91YmxlY2xpY2submV0
-L2NsaWNrJTNCaD12MnwyZGRkfDN8MHwlfHAlM0IzOTI1ODU3JTNCMC0wJTNCMCUzQjY2NjEw
-MDIlM0IxLTQ2OHw2MCUzQjUwOTkxN3w1MDkyNDR8MSUzQiUzQiUzZmh0dHAlM2ElMmYlMmZ3
-d3cuZ3Z0Lm5ldC5ici9taWRpYV9wb3B1cHRlcnJhX3Byb21vcG9ydGFsLmpzcCI+ICcpOwpk
-b2N1bWVudC53cml0ZSgnIDxQQVJBTSBOQU1FPXF1YWxpdHkgVkFMVUU9YXV0b2hpZ2g+ICcp
-Owpkb2N1bWVudC53cml0ZSgnPEVNQkVEIFNSQz0iaHR0cDovL3d3dy50ZXJyYS5jb20uYnIv
-YWRzL3BvcF8yMzB4MjIwX2d2dF90ZWxlZm9uZS5zd2Y/Y2xpY2t0YWc9aHR0cDovL2FkLmJy
-LmRvdWJsZWNsaWNrLm5ldC9jbGljayUzQmg9djJ8MmRkZHwzfDB8JXxwJTNCMzkyNTg1NyUz
-QjAtMCUzQjAlM0I2NjYxMDAyJTNCMS00Njh8NjAlM0I1MDk5MTd8NTA5MjQ0fDElM0IlM0Il
-M2ZodHRwJTNhJTJmJTJmd3d3Lmd2dC5uZXQuYnIvbWlkaWFfcG9wdXB0ZXJyYV9wcm9tb3Bv
-cnRhbC5qc3AiJyk7CmRvY3VtZW50LndyaXRlKCcgc3dMaXZlQ29ubmVjdD1GQUxTRSBXSURU
-SD0yMzAgSEVJR0hUPTIyMCcpOwpkb2N1bWVudC53cml0ZSgnIFFVQUxJVFk9YXV0b2hpZ2gn
-KTsKZG9jdW1lbnQud3JpdGUoJyBUWVBFPSJhcHBsaWNhdGlvbi94LXNob2Nrd2F2ZS1mbGFz
-aCIgUExVR0lOU1BBR0U9Imh0dHA6Ly93d3cubWFjcm9tZWRpYS5jb20vc2hvY2t3YXZlL2Rv
-d25sb2FkL2luZGV4LmNnaT9QMV9Qcm9kX1ZlcnNpb249U2hvY2t3YXZlRmxhc2giPicpOwpk
-b2N1bWVudC53cml0ZSgnPC9FTUJFRD4nKTsKZG9jdW1lbnQud3JpdGUoJzwvT0JKRUNUPicp
-Owp9IGVsc2UgaWYgKCEobmF2aWdhdG9yLmFwcE5hbWUgJiYgbmF2aWdhdG9yLmFwcE5hbWUu
-aW5kZXhPZigiTmV0c2NhcGUiKT49MCAmJiBuYXZpZ2F0b3IuYXBwVmVyc2lvbi5pbmRleE9m
-KCIyLiIpPj0wKSl7CmRvY3VtZW50LndyaXRlKCc8QSBIUkVGPSJodHRwOi8vYWQuYnIuZG91
-YmxlY2xpY2submV0L2NsaWNrJTNCaD12MnwyZGRkfDN8MHwlfHAlM0IzOTI1ODU3JTNCMC0w
-JTNCMCUzQjY2NjEwMDIlM0IxLTQ2OHw2MCUzQjUwOTkxN3w1MDkyNDR8MSUzQiUzQiUzZmh0
-dHAlM2ElMmYlMmZ3d3cuZ3Z0Lm5ldC5ici9taWRpYV9wb3B1cHRlcnJhX3Byb21vcG9ydGFs
-LmpzcCIgVEFSR0VUPSJfYmxhbmsiPjxJTUcgU1JDPSJodHRwOi8vd3d3LnRlcnJhLmNvbS5i
-ci9hZHMvcG9wXzIzMHgyMjBfZ3Z0X3RlbGVmb25lLmdpZiIgV0lEVEg9MjMwIEhFSUdIVD0y
-MjAgQk9SREVSPTA+PC9BPicpOwp9Ci8vLS0+CjwvU0NSSVBUPgo8Tk9FTUJFRD48QSBIUkVG
-PT0iaHR0cDovL2FkLmJyLmRvdWJsZWNsaWNrLm5ldC9jbGljayUzQmg9djJ8MmRkZHwzfDB8
-JXxwJTNCMzkyNTg1NyUzQjAtMCUzQjAlM0I2NjYxMDAyJTNCMS00Njh8NjAlM0I1MDk5MTd8
-NTA5MjQ0fDElM0IlM0IlM2ZodHRwJTNhJTJmJTJmd3d3Lmd2dC5uZXQuYnIvbWlkaWFfcG9w
-dXB0ZXJyYV9wcm9tb3BvcnRhbC5qc3AiIFRBUkdFVD0iX2JsYW5rIj48SU1HIFNSQz0iaHR0
-cDovL3d3dy50ZXJyYS5jb20uYnIvYWRzL3BvcF8yMzB4MjIwX2d2dF90ZWxlZm9uZS5naWYi
-IFdJRFRIPTIzMCBIRUlHSFQ9MjIwIEJPUkRFUj0wPjwvQT48L05PRU1CRUQ+CjxOT1NDUklQ
-VD48QSBIUkVGPT0iaHR0cDovL2FkLmJyLmRvdWJsZWNsaWNrLm5ldC9jbGljayUzQmg9djJ8
-MmRkZHwzfDB8JXxwJTNCMzkyNTg1NyUzQjAtMCUzQjAlM0I2NjYxMDAyJTNCMS00Njh8NjAl
-M0I1MDk5MTd8NTA5MjQ0fDElM0IlM0IlM2ZodHRwJTNhJTJmJTJmd3d3Lmd2dC5uZXQuYnIv
-bWlkaWFfcG9wdXB0ZXJyYV9wcm9tb3BvcnRhbC5qc3AiIFRBUkdFVD0iX2JsYW5rIj48SU1H
-IFNSQz0iaHR0cDovL3d3dy50ZXJyYS5jb20uYnIvYWRzL3BvcF8yMzB4MjIwX2d2dF90ZWxl
-Zm9uZS5naWYiIFdJRFRIPTIzMCBIRUlHSFQ9MjIwIEJPUkRFUj0wPjwvQT48L05PU0NSSVBU
-PjwvYm9keT4NCjwvaHRtbD
---XQ4T5Cj14m5h2vQ69IpO4mCG--
-
-

test/virus2

@@ -1,90 +0,0 @@
-Received: from www.bmsi.com (bmsweb.bmsi.com [219.109.11.130])
-	by bmsaix.bmsi.com (8.9.1/8.9.1) with ESMTP id QAA24094
-	for <ed@bmsi.com>; Fri, 12 Jan 2001 16:30:00 -0500
-Received: from jscaix.jsconnor.com (jscaix [209.193.177.106])
-	by www.bmsi.com (8.9.1/8.9.1) with ESMTP id QAA30044
-	for <ed@bmsi.com>; Fri, 12 Jan 2001 16:29:54 -0500
-Received: from connor.jsconnor.com (connor.jsconnor.com [192.168.100.15])
-	by jscaix.jsconnor.com (8.9.1/8.9.1) with ESMTP id QAA12022
-	for <ed@bmsi.com>; Fri, 12 Jan 2001 16:31:51 -0500
-X-Received: from goodspeed2.apical.com (ns1.apical.com [209.150.15.130])
-	by jscaix.jsconnor.com (8.9.1/8.9.1) with ESMTP id HAA36550
-	for <carrollf@jsconnor.com>; Fri, 12 Jan 2001 07:19:10 -0500
-X-Received: from SalCanino (cz-cblk-150-16-32.cyberzone.net [209.150.16.32])
-	by goodspeed2.apical.com (8.9.3/8.9.3) with SMTP id HAA14946
-	for <carrollf@jsconnor.com>; Fri, 12 Jan 2001 07:16:37 -0500
-Reply-To: <sal.canino@innovativeconcepts.com>
-From: "Sal Canino" <sal.canino@innovativeconcepts.com>
-To: "Carroll Forehand" <carrollf@jsconnor.com>
-Subject: AUTEAE
-Date: Fri, 12 Jan 2001 04:16:36 -0800
-Message-ID: <NEBBKLEPKLBIEKBANDGCIEMOCGAA.sal.canino@innovativeconcepts.com>
-MIME-Version: 1.0
-Content-Type: multipart/mixed;
-	boundary="----=_NextPart_000_0003_01C07C4E.74368FC0"
-X-Priority: 3 (Normal)
-X-MSMail-Priority: Normal
-X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
-Importance: Normal
-X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
-Disposition-Notification-To: "Sal Canino" <sal.canino@innovativeconcepts.com>
-ReSent-Date: Fri, 12 Jan 2001 16:29:03 -0500 (EST)
-ReSent-From: Carroll Forehand <carrollf@jsconnor.com>
-ReSent-To: ed@bmsi.com
-ReSent-Subject: AUTEAE
-ReSent-Message-ID: <Pine.A41.4.10.10101121629001.171826@connor.jsconnor.com>
-
-This is a multi-part message in MIME format.
-
-------=_NextPart_000_0003_01C07C4E.74368FC0
-Content-Type: text/plain;
-	charset="iso-8859-1"
-Content-Transfer-Encoding: 7bit
-
-
-
-------=_NextPart_000_0003_01C07C4E.74368FC0
-Content-Type: application/octet-stream;
-	name="PEDI.JPG.vbs"
-Content-Transfer-Encoding: quoted-printable
-Content-Disposition: attachment;
-	filename="PEDI.JPG.vbs"
-
-rem  =
-=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
-=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
-=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
-=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A=
-rem  "Plan Colombia" virus v1.0=0A=
-rem  by Sand Ja9e Gr0w   (www.colombia.com)=0A=
-=0A=
-rem  Dedicated to all the people that want to be hackers or crackers, in =
-Colombia  =0A=
-rem  This program is also a protest act against the violence and =
-corruption that Colombia lives...=0A=
-rem  I always wanting that all this finishes, I have said...=0A=
-=0A=
-=0A=
-rem  Santa fe de Bogot=E1 2000/09=0A=
-rem  I dedicate to all you the song "GoodBye" of Andreas Bochelli=0A=
-rem  =
-=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
-=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
-=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
-=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A=
-=0A=
-=0A=
-rem  Thanks God..!=0A=
-rem  A greeting for "Lina Mar=EDa" from "Santa fe de Bogot=E1"=0A=
-rem  A greeting for "Tizo" from "Spain"=0A=
-rem  And One kicked of tail to my friends, "eL ChE" and "ThE SpY"=0A=
-=0A=
-rem  okay, ok... =0A=
-rem  my baby start here...=0A=
-=0A=
- =0A=
-On Error Resume Next=0A=
-
-------=_NextPart_000_0003_01C07C4E.74368FC0--
-
-

test/virus3

@@ -1,50 +0,0 @@
-Received: from www.bmsi.com (bmsweb.bmsi.com [219.109.11.130])
-	by bmsaix.bmsi.com (8.11.5/8.11.3) with ESMTP id f8EMUxS24174
-	for <stuart@bmsi.com>; Fri, 14 Sep 2001 18:30:59 -0400
-Received: from bmsred.bmsi.com (bmsred [219.109.11.50])
-	by www.bmsi.com (8.9.1/8.9.1) with ESMTP id SAA12740
-	for <stuart@bmsi.com>; Fri, 14 Sep 2001 18:30:58 -0400
-X-Received: from www.bmsi.com (bmsweb.bmsi.com [219.109.11.130])
-	by bmsaix.bmsi.com (8.11.5/8.11.3) with ESMTP id f8EESNW28934
-	for <ed@bmsi.com>; Fri, 14 Sep 2001 10:28:23 -0400
-X-Received: from bwi.bwicorp.com (bwi.bwicorp.com [209.116.254.106])
-	by www.bmsi.com (8.9.1/8.9.1) with ESMTP id KAA34262
-	for <ed@bmsi.com>; Fri, 14 Sep 2001 10:28:20 -0400
-X-Received: from bwicorp.com (bwi3 [192.168.3.22])
-	by bwi.bwicorp.com (8.9.1/8.9.1) with ESMTP id KAA42970
-	for <ed@bmsi.com>; Fri, 14 Sep 2001 10:33:54 -0400
-Date: Fri, 14 Sep 2001 10:33:54 -0400
-From: Mary Smith <mary@bwicorp.com>
-Message-Id: <200109141433.KAA42970@bwi.bwicorp.com>
-MIME-Version: 1.0
-Content-Type: multipart/mixed; boundary="==i3.9.0oisdboibsd((kncd"
-ReSent-Date: Fri, 14 Sep 2001 18:30:47 -0400 (EDT)
-ReSent-From: Ed Bond <ed@bmsi.com>
-ReSent-To: Stuart Gathman <stuart@bmsi.com>
-ReSent-Subject: Resent mail....
-ReSent-Message-ID: <Pine.LNX.4.33.0109141830470.13214@bmsred.bmsi.com>
-
---==i3.9.0oisdboibsd((kncd
-Content-Type: application/octet-stream; name="READER_DIGEST_LETTER.TXT.pif"
-Content-Transfer-Encoding: base64
-Content-Disposition: attachment; filename="READER_DIGEST_LETTER.TXT.pif"
-
-TVpQAAIAAAAEAA8A//8AALgAAAAAAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAEAALoQAA4ftAnNIbgBTM0hkJBUaGlzIHByb2dyYW0gbXVzdCBiZSBydW4gdW5kZXIgV2lu
-MzINCiQ3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQQA5ijojgAAAAAAAAAA4ACOgQsBAhkA
-FAAAAAYAAAAAAAAAEAAAABAAAAAwAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAAMAAAAAE
-AAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAAEAAAIoAAAAAUAAAAAYA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ09ERQAAAAAA
-IAAAABAAAAAUAAAABgAAAAAAAAAAAAAAAAAAIAAA4ERBVEEAAAAAABAAAAAwAAAAAgAAABoAAAAA
-AAAAAAAAAAAAAEAAAMAuaWRhdGEAAAAQAAAAQAAAAAIAAAAcAAAAAAAAAAAAAAAAAABAAADALnJz
-cmMAAAAAgAAAAFAAAAAwAAAAHgAAAAAAAAAAAAAAAAAAQAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAA
-RDY5alLDAJCK/jLsU0G8R03PAwt5DjEcFVK3ICRNw5dh2gxwqg7aZ3VtO1ynbZr2zAD/////////
-/////6IDEwBbAAggAAAA
-
-
---==i3.9.0oisdboibsd((kncd--
-
-

test/virus4

@@ -1,60 +0,0 @@
-From mdb@go2net.com Tue Sep 18 10:31:34 2001
-Received: from www.bmsi.com (bmsweb.bmsi.com [219.109.11.130])
-	by bmsaix.bmsi.com (8.11.5/8.11.3) with ESMTP id f8IEVXM42662
-	for <stuart@bmsi.com>; Tue, 18 Sep 2001 10:31:34 -0400
-Received: from STOREULV2 (mail.indexas.no [195.70.182.114])
-	by www.bmsi.com (8.9.1/8.9.1) with SMTP id KAA27604
-	for <stuart@bmsi.com>; Tue, 18 Sep 2001 10:31:31 -0400
-Date: Tue, 18 Sep 2001 10:31:31 -0400
-From: mdb@go2net.com
-Message-Id: <200109181431.KAA27604@www.bmsi.com>
-Subject: udesktopdesktopeksempeleksempeldesktopeksempeldesktopeksempeldesktopdesktopdesktopeksempeleksempeleksempeleksempeldesktopeksempeleksempeleksempeleksempeleksempeleksempeldesktopeksempeleksempeleksempeldesktopeksempeleksempeldesktopdesktopdesktopeksempeldeskmail.bmsi.com.desktop
-MIME-Version: 1.0
-Content-Type: multipart/related;
-	type="multipart/alternative";
-	boundary="====_ABC1234567890DEF_===="
-X-Priority: 3
-X-MSMail-Priority: Normal
-X-Unsent: 1
-Status: RO
-X-Status: 
-X-Keywords:                 
-
---====_ABC1234567890DEF_====
-Content-Type: multipart/alternative;
-	boundary="====_ABC0987654321DEF_===="
-
---====_ABC0987654321DEF_====
-Content-Type: text/html;
-	charset="iso-8859-1"
-Content-Transfer-Encoding: quoted-printable
-
-
-<HTML><HEAD></HEAD><BODY bgColor=3D#ffffff>
-<iframe src=3Dcid:EA4DMGBP9p height=3D0 width=3D0>
-</iframe></BODY></HTML>
---====_ABC0987654321DEF_====--
-
---====_ABC1234567890DEF_====
-Content-Type: audio/x-wav;
-	name="readme.exe"
-Content-Transfer-Encoding: base64
-Content-ID: <EA4DMGBP9p>
-
-TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v
-ZGUuDQ0KJAAAAAAAAAA11CFvcbVPPHG1TzxxtU88E6pcPHW1TzyZqkU8dbVPPJmqSzxytU88cbVO
-PBG1TzyZqkQ8fbVPPMmzSTxwtU88UmljaHG1TzwAAAAAAAAAAMBEAWMAAAB/UEUAAEwBBQB1Oqc7
-AAAAAAAAAADgAA4BCwEGAABwAAAAYAAAAAAAALN0AAAAEAAAAIAAAAAAFzYAEAAAABAAAAQAAAAA
-AAAABAAAAAAAAAAAEAEAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAA
-AACEgQAAUAAAAADgAACIHgAAAAAAAAAAAAAAAAAAAAAAAAAAAQA4CgAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAIQBAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAudGV4dAAAAFZlAAAAEAAAAHAAAAAQAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAAq
-CQAAAIAAAAAQAAAAgAAAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAKEcAAACQAAAAIAAAAJAAAAAA
-AAAAAAAAAAAAAEAAAMAucnNyYwAAAAAgAAAA4AAAACAAAACwAAAAAAAAAAAAAAAAAABAAABALnJl
-bG9jAABGCwAAAAABAAAQAAAA0AAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAA=
-
---====_ABC1234567890DEF_====
-
-

test/virus5

@@ -1,38 +0,0 @@
-From mdb@go2net.com Tue Sep 18 10:31:34 2001
-Received: from localhost (varna148.pip.digsys.bg [193.68.1.148])
-	by danbo.digsys.bg (8.10.1/8.10.1) with SMTP id fAM7FHk06734
-	for butchc@trwonnor.com; Thu, 22 Nov 2001 09:15:18 +0200 (EET)
-From: POP - interlogvar <interlogvar@mbox.digsys.bg>
-Message-Id: <200111220715.fAM7FHk06734@danbo.digsys.bg>
-To: butchc@trwonnor.com
-Subject:  Funny shit to see ?! 
-Date: Thu,22 Nov 2001 09:16:34 -0000
-MIME-Version: 1.0
-Content-Type: multipart/mixed;
-        boundary="bound"
-	X-Priority: 3
-	X-MSMail-Priority: Normal
-	X-Mailer: Microsoft Outlook Express 5.50.4522.1300
-	X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1300
-
-This is a multi-part message in MIME format.
-
---bound
-Content-Type: text/html;
-        charset="iso-8859-1"
-Content-Transfer-Encoding: quoted-printable
-
-<HTML><HEAD></HEAD><BODY><iframe src=3Dcid:SOMECID height=3D0 width=3D0></iframe>
-<font>peace</font></BODY></HTML>
-
---bound
-Content-Type: audio/x-wav;
-        name="whatever.exe"
-Content-Transfer-Encoding: base64
-Content-ID: <SOMECID>
-
-TVoAAAIAAAACAB4AHgAAAAACAAAAAAAAAAAAAMWnLuEOH7oOALQJ
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAA=
-
---bound--

test/virus6

@@ -1,27 +0,0 @@
-From mdb@go2net.com Tue Sep 18 10:31:34 2001
-Received: from aglnss01.grupoagrisal.net ([172.16.0.1])
-          by agntss05 (Lotus Domino Release 5.07a)
-          with ESMTP id 2001120416164050:5294 ;
-          Tue, 4 Dec 2001 16:16:40 -0600 
-Subject: MAEU XSS025786 - ORDER 1251 - CONTAINER MAEU 6053725
-To: kathyp@jsconnor.com
-Cc: Blanca@ace-of-hearts.net
-X-Mailer: Lotus Notes Release 5.07a  May 14, 2001
-Message-ID: <OF28551015.C47BCC85-ON06256B18.0079DD92@grupoagrisal.net>
-From: sherrera.dco.lc@agrisal.com
-Date: Tue, 4 Dec 2001 16:11:48 -0600
-MIME-Version: 1.0
-X-MIMETrack: Serialize by Router on AGLNSS01/AGRISAL(Release 5.07a |May 14, 2001) at 04/12/2001
- 04:11:57 p.m.,
-	Itemize by SMTP Server on aglnss03/Grupo_Agrisal(Release 5.07a |May 14, 2001) at
- 12/04/2001 04:16:41 PM,
-	Serialize by Router on aglnss03/Grupo_Agrisal(Release 5.07a |May 14, 2001) at
- 12/04/2001 04:16:51 PM
-Content-type: application/octet-stream; 
-	name="FAX20.exe"
-Content-Disposition: attachment; filename="FAX20.exe"
-Content-Transfer-Encoding: base64
-
-TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAKJsVAAAACIAACIAACIBr6AQA
-

test/virus7

@@ -1,62 +0,0 @@
-From pandora.owner@pandora.cz Wed Mar 24 21:02:22 2004
-Received: from pandora.cz (localhost [127.0.0.1])
-	by pandora3.mobil.cz (8.12.8/8.12.8) with ESMTP id i2O88iWu021270
-	for <stuart@bmsi.com>; Wed, 24 Mar 2004 09:08:44 +0100
-Message-Id: <200403240808.i2O88iWu021270@pandora3.mobil.cz>
-X-Sender: Pandora
-MIME-Version: 1.0
-Date: Wed, 24 Mar 2004 09:08:44 +0100
-From: "administrator@pandora.cz" <administrator@pandora.cz>
-To: "stuart@bmsi.com" <stuart@bmsi.com>
-Subject: Konferenceneexistuje
-Content-Type: multipart/mixed; boundary="Pandora3Bndry_1080115724426044878"
-
-
---Pandora3Bndry_1080115724426044878
-Content-Type: multipart/alternative; boundary="Pandora3Bndry_1080115724783315537"
-
-
---Pandora3Bndry_1080115724783315537
-Content-Type: text/plain; charset="ISO-8859-2"
-
-Konference '2003-07-46063' neexistuje.
-
---Pandora3Bndry_1080115724783315537
-Content-Type: text/html; charset="ISO-8859-2"
-
-Konference '2003-07-46063' neexistuje.
-
---Pandora3Bndry_1080115724783315537--
-
---Pandora3Bndry_1080115724426044878
-Content-Type: message/rfc822; boundary="----=_NextPart_000_0010_00000FFF.00007545"
-
-MIME-Version: 1.0
-Date: Wed, 24 Mar 2004 09:03:28 +0100
-From: "" <stuart@bmsi.com>
-To: "" <2003-07-46063@pandora.cz>
-Subject: =?ISO-8859-2?q?Re=3A_Your_software?=
-Content-Type: multipart/mixed; boundary="Pandora3Bndry_10801157231587976770"
-
-
---Pandora3Bndry_10801157231587976770
-Content-Type: text/plain; charset="Windows-1252"
-Content-Transfer-Encoding: 7bit
-
-See the attached file for details.
-
-
---Pandora3Bndry_10801157231587976770
-Content-Type: application/octet-stream; name="application.pif"
-Content-Disposition: attachment; filename="application.pif"
-Content-Transfer-Encoding: base64
-
-TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAuAAAAKvnXsbvhjCV74Ywle+GMJVsmj6V44YwlQeZOpX2hjCV74YxlbiGMJVsjm2V
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-
---Pandora3Bndry_10801157231587976770--
-
---Pandora3Bndry_1080115724426044878--
-

testcfg.py

@@ -0,0 +1,17 @@
+import unittest
+from Milter.config import MilterConfigParser
+
+class ConfigTestCase(unittest.TestCase):
+  def testConfig(self):
+    cp = MilterConfigParser()
+    cp.read(['test/pysrs.cfg'])
+    socketname = cp.getdefault('srsmilter','socketname',
+        '/var/run/milter/srsmilter')
+    self.assertEqual(socketname,'/var/run/milter/srsmilter')
+    miltersrs = cp.getboolean('srsmilter','miltersrs')
+    self.assertFalse(miltersrs)
+
+def suite(): return unittest.makeSuite(ConfigTestCase,'test')
+
+if __name__ == '__main__':
+  unittest.main()

testgrey.py

@@ -0,0 +1,56 @@
+import unittest
+import doctest
+import os
+#from Milter.greylist import Greylist
+from Milter.greysql import Greylist
+
+class GreylistTestCase(unittest.TestCase):
+
+  def setUp(self):
+    self.fname = 'test.db'
+    if os.path.isfile(self.fname):
+      os.remove(self.fname)
+
+  def tearDown(self):
+    #os.remove(self.fname)
+    pass
+
+  def testGrey(self):
+    grey = Greylist(self.fname)
+    # first time
+    rc = grey.check('1.2.3.4','foo@bar.com','baz@spat.com')
+    self.assertEqual(rc,0)
+    # not in window yet
+    rc = grey.check('1.2.3.4','foo@bar.com','baz@spat.com',timeinc=5*60)
+    self.assertEqual(rc,0)
+    # within window
+    rc = grey.check('1.2.3.4','foo@bar.com','baz@spat.com',timeinc=15*60)
+    self.assertEqual(rc,1)
+    # new triple
+    rc = grey.check('1.2.3.5','foo@bar.com','baz@spat.com',timeinc=15*60)
+    self.assertEqual(rc,0)
+    # seen again
+    rc = grey.check('1.2.3.4','foo@bar.com','baz@spat.com',timeinc=5*3600)
+    self.assertEqual(rc,2)
+    # new one past expire
+    rc = grey.check('1.2.3.5','foo@bar.com','baz@spat.com',timeinc=6*3600)
+    self.assertEqual(rc,0)
+    # original past retain 
+    rc = grey.check('1.2.3.4','foo@bar.com','baz@spat.com',timeinc=37*24*3600)
+    self.assertEqual(rc,0)
+    # new one for testing expire
+    rc = grey.check('1.2.3.5','flub@bar.com','baz@spat.com',timeinc=20*24*3600)
+    self.assertEqual(rc,0)
+    grey.close()
+    # test cleanup
+    grey = Greylist(self.fname)
+    rc = grey.clean(timeinc=37*24*3600)
+    self.assertEqual(rc,1)
+    grey.close()
+
+def suite(): 
+  s = unittest.makeSuite(GreylistTestCase,'test')
+  return s
+
+if __name__ == '__main__':
+  unittest.TextTestRunner().run(suite())

testmime.py

@@ -1,32 +1,22 @@
-# $Log$
-# Revision 1.3  2005/06/17 01:49:39  customdesigned
-# Handle zip within zip.
-#
-# Revision 1.2  2005/06/02 15:00:17  customdesigned
-# Configure banned extensions.  Scan zipfile option with test case.
-#
-# Revision 1.1.1.2  2005/05/31 18:23:49  customdesigned
-# Development changes since 0.7.2
-#
-# Revision 1.23  2005/02/11 18:34:14  stuart
-# Handle garbage after quote in boundary.
-#
-# Revision 1.22  2005/02/10 01:10:59  stuart
-# Fixed MimeMessage.ismodified()
-#
-# Revision 1.21  2005/02/10 00:56:49  stuart
-# Runs with python2.4.  Defang not working correctly - more work needed.
-#
-# Revision 1.20  2004/11/20 16:38:17  stuart
-# Add rcs log
-#
+# @author Stuart D. Gathman <stuart@bmsi.com>
+# Copyright 2005,2009,2020 Business Management Systems, Inc.
+# This code is under the GNU General Public License.  See COPYING for details.
+from __future__ import print_function
 import unittest
 import mime
+import zipfile
 import socket
-import StringIO
+try:
+  from StringIO import StringIO
+except:
+  from io import StringIO
 import email
 import sys
-from email import Errors
+import Milter
+try:
+  from email import Errors as errors
+except:
+  from email import errors
 
 samp1_txt1 = """Dear Agent 1
 I hope you can read this.  Whenever you write label it  P.B.S kids.
@@ -37,50 +27,70 @@ hostname = socket.gethostname()
 
 class MimeTestCase(unittest.TestCase):
 
+  def setUp(self):
+    self.zf = zipfile.ZipFile('test/virus.zip','r')
+    self.zf.setpassword(b'denatured')
+
+  def tearDown(self):
+    self.zf.close()
+    self.zf = None
+
   # test mime parameter parsing
   def testParam(self):
-    plist = mime._parseparam(
-      '; boundary="----=_NextPart_000_4e56_490d_48e3"')
-    self.failUnless(len(plist)==1)
-    self.failUnless(plist[0] == 'boundary="----=_NextPart_000_4e56_490d_48e3"')
+    plist = mime._parseparam('; boundary="----=_NextPart_000_4e56_490d_48e3"')
+    plist = [ x for x in plist if x ] # py2 doesn't include empty params
+    self.assertEqual(1,len(plist))
+    self.assertTrue(plist[0] == 'boundary="----=_NextPart_000_4e56_490d_48e3"')
     plist = mime._parseparam('; name="Jim&amp;amp;Girlz.jpg"')
-    self.failUnless(len(plist)==1)
-    self.failUnless(plist[0] == 'name="Jim&amp;amp;Girlz.jpg"')
+    plist = [ x for x in plist if x ] # py2 doesn't include empty params
+    self.assertEqual(1,len(plist))
+    self.assertTrue(plist[0] == 'name="Jim&amp;amp;Girlz.jpg"')
 
   def testParse(self,fname='samp1'):
-    msg = mime.message_from_file(open('test/'+fname,"r"))
-    self.failUnless(msg.ismultipart())
+    with open('test/'+fname,"rb") as fp:
+      msg = mime.message_from_file(fp)
+    self.assertTrue(msg.ismultipart())
     parts = msg.get_payload()
-    self.failUnless(len(parts) == 2)
+    self.assertTrue(len(parts) == 2)
     txt1 = parts[0].get_payload()
-    self.failUnless(txt1.rstrip() == samp1_txt1,txt1)
-    msg = mime.message_from_file(open('test/missingboundary',"r"))
+    self.assertTrue(txt1.rstrip() == samp1_txt1,txt1)
+    with open('test/missingboundary',"rb") as fp:
+      msg = mime.message_from_file(fp)
     # should get no exception as long as we don't try to parse
     # message attachments
     mime.defang(msg,scan_rfc822=False)
-    msg.dump(open('test/missingboundary.out','w'))
-    msg = mime.message_from_file(open('test/missingboundary',"r"))
+    with open('test/missingboundary.out','wb') as fp:
+      msg.dump(fp)
+    with open('test/missingboundary',"rb") as fp:
+      msg = mime.message_from_file(fp)
     try:
       mime.defang(msg)
       # python 2.4 doesn't get exceptions on missing boundaries, and
       # if message is modified, output is readable by mail clients
       if sys.hexversion < 0x02040000:
-	self.fail('should get boundary error parsing bad rfc822 attachment')
-    except Errors.BoundaryError:
+        self.fail('should get boundary error parsing bad rfc822 attachment')
+    except errors.BoundaryError:
       pass
   
   def testDefang(self,vname='virus1',part=1,
-  	fname='LOVE-LETTER-FOR-YOU.TXT.vbs'):
-    msg = mime.message_from_file(open('test/'+vname,"r"))
+	fname='LOVE-LETTER-FOR-YOU.TXT.vbs'):
+    try:
+      with self.zf.open(vname,"r") as fp:
+        msg = mime.message_from_file(fp)
+    except KeyError:
+      with open('test/'+vname,"rb") as fp:
+        msg = mime.message_from_file(fp)
     mime.defang(msg,scan_zip=True)
-    self.failUnless(msg.ismodified(),"virus not removed")
+    self.assertTrue(msg.ismodified(),"virus not removed")
     oname = vname + '.out'
-    msg.dump(open('test/'+oname,"w"))
-    msg = mime.message_from_file(open('test/'+oname,"r"))
+    with open('test/'+oname,"wb") as fp:
+      msg.dump(fp)
+    with open('test/'+oname,"rb") as fp:
+      msg = mime.message_from_file(fp)
     txt2 = msg.get_payload()
     if type(txt2) == list:
       txt2 = txt2[part].get_payload()
-    self.failUnless(
+    self.assertTrue(
       txt2.rstrip()+'\n' == mime.virus_msg % (fname,hostname,None),txt2)
 
   def testDefang3(self):
@@ -96,58 +106,121 @@ class MimeTestCase(unittest.TestCase):
 
   # virus6 has no parts - the virus is directly inline
   def testDefang6(self,vname="virus6",fname='FAX20.exe'):
-    msg = mime.message_from_file(open('test/'+vname,"r"))
+    with self.zf.open(vname,"r") as fp:
+      msg = mime.message_from_file(fp)
     mime.defang(msg)
     oname = vname + '.out'
-    msg.dump(open('test/'+oname,"w"))
-    msg = mime.message_from_file(open('test/'+oname,"r"))
-    self.failIf(msg.ismultipart())
+    with open('test/'+oname,"wb") as fp:
+      msg.dump(fp)
+    with open('test/'+oname,"rb") as fp:
+      msg = mime.message_from_file(fp)
+    self.assertFalse(msg.ismultipart())
     txt2 = msg.get_payload()
-    self.failUnless(txt2 == mime.virus_msg % \
-    	(fname,hostname,None),txt2)
+    self.assertTrue(txt2 == mime.virus_msg % \
+	(fname,hostname,None),txt2)
 
   # honey virus has a sneaky ASP payload which is parsed correctly
   # by email package in python-2.2.2, but not by mime.MimeMessage or 2.2.1
   def testDefang7(self,vname="honey",fname='story[1].scr'):
-    msg = mime.message_from_file(open('test/'+vname,"r"))
+    with open('test/'+vname,"rb") as fp:
+      msg = mime.message_from_file(fp)
     mime.defang(msg)
     oname = vname + '.out'
-    msg.dump(open('test/'+oname,"w"))
-    msg = mime.message_from_file(open('test/'+oname,"r"))
+    with open('test/'+oname,"wb") as fp:
+      msg.dump(fp)
+    with open('test/'+oname,"rb") as fp:
+      msg = mime.message_from_file(fp)
     parts = msg.get_payload()
     txt2 = parts[1].get_payload()
     txt3 = parts[2].get_payload()
-    self.failUnless(txt2.rstrip()+'\n' == mime.virus_msg % \
-    	(fname,hostname,None),txt2)
+    self.assertTrue(txt2.rstrip()+'\n' == mime.virus_msg % \
+	(fname,hostname,None),txt2)
     if txt3 != '':
-      self.failUnless(txt3.rstrip()+'\n' == mime.virus_msg % \
+      self.assertTrue(txt3.rstrip()+'\n' == mime.virus_msg % \
 	  ('story[1].asp',hostname,None),txt3)
 
   def testParse2(self,fname="spam7"):
-    msg = mime.message_from_file(open('test/'+fname,"r"))
-    self.failUnless(msg.ismultipart())
+    with open('test/'+fname,"rb") as fp:
+      msg = mime.message_from_file(fp)
+    self.assertTrue(msg.ismultipart())
     parts = msg.get_payload()
-    self.failUnless(len(parts) == 2)
+    self.assertTrue(len(parts) == 2)
     name = parts[1].getname()
-    self.failUnless(name == "Jim&amp;amp;Girlz.jpg","name=%s"%name)
+    self.assertTrue(name == "Jim&amp;amp;Girlz.jpg","name=%s"%name)
 
   def testZip(self,vname="zip1",fname='zip.zip'):
     self.testDefang(vname,1,'zip.zip')
     # test scan_zip flag
-    msg = mime.message_from_file(open('test/'+vname,"r"))
+    with open('test/'+vname,"rb") as fp:
+      msg = mime.message_from_file(fp)
     mime.defang(msg,scan_zip=False)
-    self.failIf(msg.ismodified())
+    self.assertFalse(msg.ismodified())
     # test ignoring empty zip (often found in DSNs)
-    msg = mime.message_from_file(open('test/zip2','r'))
+    with open('test/zip2','rb') as fp:
+      msg = mime.message_from_file(fp)
     mime.defang(msg,scan_zip=True)
-    self.failIf(msg.ismodified())
+    self.assertFalse(msg.ismodified())
     # test corrupt zip (often an EXE named as a ZIP)
     self.testDefang('zip3',1,'zip.zip')
     # test zip within zip
     self.testDefang('ziploop',1,'stuart@bmsi.com.zip')
 
+  def _chk_name(self,name):
+    self.filename = name
+
+  def _chk_attach(self,msg):
+    "Filter attachments by content."
+    # check for bad extensions
+    mime.check_name(msg,ckname=self._chk_name,scan_zip=True)
+    # remove scripts from HTML
+    mime.check_html(msg)
+    # don't let a tricky virus slip one past us
+    msg = msg.get_submsg()
+    if isinstance(msg,email.message.Message):
+      return mime.check_attachments(msg,self._chk_attach)
+    return Milter.CONTINUE
+
+  def testCheckAttach(self,fname="test1"):
+    # test1 contains a very long filename
+    with open('test/'+fname,'rb') as fp:
+      msg = mime.message_from_file(fp)
+    mime.defang(msg,scan_zip=True)
+    self.assertFalse(msg.ismodified())
+    with open('test/test2','rb') as fp:
+      msg = mime.message_from_file(fp)
+    rc = mime.check_attachments(msg,self._chk_attach)
+    self.assertEqual(self.filename,"7501'S FOR TWO GOLDEN SOURCES SHIPMENTS FOR TAX & DUTY PURPOSES ONLY.PDF")
+    self.assertEqual(rc,Milter.CONTINUE)
+
+  def test_getnames(self):
+    names = []
+    self.sawpif = False
+    def do_part(m):
+      n = m.getnames()
+      a = names
+      a += n
+      return Milter.CONTINUE
+    def chk_part(m):
+      for k,n in m.getnames():
+        if n and n.lower().endswith('.pif'):
+          self.sawpif = True
+      s = m.get_submsg()
+      print(m.get_content_type(),type(s),'modified:',m.ismodified())
+      if isinstance(s,email.message.Message):
+        return mime.check_attachments(s,chk_part)
+      return Milter.CONTINUE
+
+    with self.zf.open('virus7','r') as fp:
+      msg = mime.message_from_file(fp)
+      self.assertTrue(msg.ismultipart())
+      mime.check_attachments(msg,do_part)
+      self.assertTrue(('filename','application.pif') in names)
+      self.assertFalse(self.sawpif)
+      mime.check_attachments(msg,chk_part)
+      self.assertTrue(self.sawpif)
+
   def testHTML(self,fname=""):
-    result = StringIO.StringIO()
+    result = StringIO()
     filter = mime.HTMLScriptFilter(result)
     msg = """<! Illegal declaration used as comment>
       <![if conditional]> Optional SGML <![endif]>
@@ -156,8 +229,10 @@ class MimeTestCase(unittest.TestCase):
     script = "<script lang=javascript> Dangerous script </script>"
     filter.feed(msg + script)
     filter.close()
-    #print result.getvalue()
-    self.failUnless(result.getvalue() == msg + filter.msg)
+    #print(result.getvalue())
+    #print('---')
+    #print(msg + filter.msg)
+    self.assertTrue(result.getvalue() == msg + filter.msg)
 
 def suite(): return unittest.makeSuite(MimeTestCase,'test')
 
@@ -166,7 +241,7 @@ if __name__ == '__main__':
     unittest.main()
   else:
     for fname in sys.argv[1:]:
-      fp = open(fname,'r')
-      msg = mime.message_from_file(fp)
+      with open(fname,'rb') as fp:
+        msg = mime.message_from_file(fp)
       mime.defang(msg,scan_zip=True)
-      print msg.as_string()
+      print(msg.as_string())

testpolicy.py

@@ -0,0 +1,57 @@
+from __future__ import print_function
+import unittest
+import sys
+import os
+from Milter.policy import MTAPolicy
+
+class Config(object):
+  def __init__(self):
+    self.access_file='test/access.db'
+    self.access_file_nulls=True
+    self.access_file_colon = False
+
+class PolicyTestCase(unittest.TestCase):
+
+  def setUp(self):
+    self.config = Config()
+    if os.access('test/access',os.R_OK):
+      if not os.path.exists('test/access.db') or \
+          os.path.getmtime('test/access') > os.path.getmtime('test/access.db'):
+        cmd = 'tr : ! <test/access | makemap hash test/access.db'
+        if os.system(cmd):
+          print('failed!')
+    else:
+      print("Missing test/access")
+
+  def testPolicy(self):
+    self.config.access_file_colon = False
+    self.config.access_file_nulls = True
+    with MTAPolicy('good@example.com',conf=self.config) as p:
+      pol = p.getPolicy('smtp-auth')
+    self.assertEqual(pol,'OK')
+    with MTAPolicy('bad@example.com',conf=self.config) as p:
+      pol = p.getPolicy('smtp-auth')
+    self.assertEqual(pol,'REJECT')
+    with MTAPolicy('bad@bad.example.com',conf=self.config) as p:
+      pol = p.getPolicy('smtp-auth')
+    self.assertEqual(pol,None)
+    with MTAPolicy('any@random.com',conf=self.config) as p:
+      pol = p.getPolicy('smtp-test')
+    self.assertEqual(pol,'REJECT')
+    with MTAPolicy('foo@bar.baz.com',conf=self.config) as p:
+      pol = p.getPolicy('smtp-test')
+    self.assertEqual(pol,'WILDCARD')
+
+def suite(): return unittest.makeSuite(PolicyTestCase,'test')
+
+if __name__ == '__main__':
+  if len(sys.argv) < 2:
+    unittest.main()
+  else:
+    a = sys.argv[1:]
+    while len(a) >= 2:
+      e,k = a[:2]
+      with MTAPolicy(e,conf=Config()) as p:
+        pol = p.getPolicy(k)
+        print(pol)
+      a = a[2:]

testsample.py

@@ -1,112 +1,106 @@
 import unittest
 import Milter
 import sample
+import template
 import mime
-import rfc822
-import StringIO
-
-class TestMilter(sample.sampleMilter):
+import zipfile
+from Milter.test import TestBase
+from Milter.testctx import TestCtx
 
+class TestMilter(TestBase,sample.sampleMilter):
   def __init__(self):
-    self.logfp = open("test/milter.log","a")
-
-  def log(self,*msg):
-    for i in msg: print >>self.logfp, i,
-    print >>self.logfp
-
-  def replacebody(self,chunk):
-    if self._body:
-      self._body.write(chunk)
-      self.bodyreplaced = True
-    else:
-      raise IOError,"replacebody not called from eom()"
-
-  # FIXME: rfc822 indexing does not really reflect the way chg/add header
-  # work for a milter
-  def chgheader(self,field,idx,value):
-    self.log('chgheader: %s[%d]=%s' % (field,idx,value))
-    if value == '':
-      del self._msg[field]
-    else:
-      self._msg[field] = value
-    self.headerschanged = True
-
-  def addheader(self,field,value):
-    self.log('addheader: %s=%s' % (field,value))
-    self._msg[field] = value
-    self.headerschanged = True
-
-  def feedMsg(self,fname):
-    self._body = None
-    self.bodyreplaced = False
-    self.headerschanged = 0
-    fp = open('test/'+fname,'r')
-    msg = rfc822.Message(fp)
-    rc = self.envfrom('<spam@advertisements.com>')
-    if rc != Milter.CONTINUE: return rc
-    rc = self.envrcpt('<victim@lamb.com>')
-    if rc != Milter.CONTINUE: return rc
-    line = None
-    for h in msg.headers:
-      if h[:1].isspace():
-	line = line + h
-	continue
-      if not line:
-	line = h
-	continue
-      s = line.split(': ',1)
-      rc = self.header(s[0],s[1].strip())
-      if rc != Milter.CONTINUE: return rc
-      line = h
-    if line:
-      s = line.split(': ',1)
-      rc = self.header(s[0],s[1])
-      if rc != Milter.CONTINUE: return rc
-    rc = self.eoh()
-    if rc != Milter.CONTINUE: return rc
-    while 1:
-      buf = fp.read(8192)
-      if len(buf) == 0: break
-      rc = self.body(buf)
-      if rc != Milter.CONTINUE: return rc
-    self._msg = msg
-    self._body = StringIO.StringIO()
-    rc = self.eom()
-    if self.bodyreplaced:
-      body = self._body.getvalue()
-    else:
-      msg.rewindbody()
-      body = msg.fp.read()
-    self._body = StringIO.StringIO()
-    self._body.writelines(msg.headers)
-    self._body.write('\n')
-    self._body.write(body)
-    return rc
-
-  def connect(self,host='localhost'):
-    self._body = None
-    self.bodyreplaced = False
-    rc =  sample.sampleMilter.connect(self,host,1,0) 
-    if rc != Milter.CONTINUE and rc != Milter.ACCEPT:
-      self.close()
-      return rc
-    rc = self.hello('spamrelay')
-    if rc != Milter.CONTINUE:
-      self.close()
-    return rc
+    TestBase.__init__(self)
+    sample.sampleMilter.__init__(self)
 
 class BMSMilterTestCase(unittest.TestCase):
 
+  def setUp(self):
+    self.zf = zipfile.ZipFile('test/virus.zip','r')
+    self.zf.setpassword(b'denatured')
+
+  def tearDown(self):
+    self.zf.close()
+    self.zf = None
+
+  def testTemplate(self,fname='test2'):
+    ctx = TestCtx()
+    Milter.factory = template.myMilter
+    ctx._setsymval('{auth_authen}','batman')
+    ctx._setsymval('{auth_type}','batcomputer')
+    ctx._setsymval('j','mailhost')
+    count = 10
+    while count > 0:
+      rc = ctx._connect(helo='milter-template.example.org')
+      self.assertEqual(rc,Milter.CONTINUE)
+      with open('test/'+fname,'rb') as fp:
+        rc = ctx._feedFile(fp)
+      milter = ctx.getpriv()
+      self.assertFalse(ctx._bodyreplaced,"Message body replaced")
+      ctx._close()
+      count -= 1
+
+  def testHeader(self,fname='utf8'):
+    ctx = TestCtx()
+    Milter.factory = sample.sampleMilter
+    ctx._setsymval('{auth_authen}','batman')
+    ctx._setsymval('{auth_type}','batcomputer')
+    ctx._setsymval('j','mailhost')
+    rc = ctx._connect()
+    self.assertEqual(rc,Milter.CONTINUE)
+    with open('test/'+fname,'rb') as fp:
+      rc = ctx._feedFile(fp)
+    milter = ctx.getpriv()
+    self.assertFalse(ctx._bodyreplaced,"Message body replaced")
+    fp = ctx._body
+    with open('test/'+fname+".tstout","wb") as ofp:
+      ofp.write(fp.getvalue())
+    ctx._close()
+
+  def testCtx(self,fname='virus1'):
+    ctx = TestCtx()
+    Milter.factory = sample.sampleMilter
+    ctx._setsymval('{auth_authen}','batman')
+    ctx._setsymval('{auth_type}','batcomputer')
+    ctx._setsymval('j','mailhost')
+    rc = ctx._connect()
+    self.assertTrue(rc == Milter.CONTINUE)
+    with self.zf.open(fname) as fp:
+      rc = ctx._feedFile(fp)
+    milter = ctx.getpriv()
+#    self.assertTrue(milter.user == 'batman',"getsymval failed: "+
+#        "%s != %s"%(milter.user,'batman'))
+    self.assertEqual(milter.user,'batman')
+    self.assertTrue(milter.auth_type != 'batcomputer',"setsymlist failed")
+    self.assertTrue(rc == Milter.ACCEPT)
+    self.assertTrue(ctx._bodyreplaced,"Message body not replaced")
+    fp = ctx._body
+    with open('test/'+fname+".tstout","wb") as f:
+        f.write(fp.getvalue())
+    #self.assertTrue(fp.getvalue() == open("test/virus1.out","r").read())
+    fp.seek(0)
+    msg = mime.message_from_file(fp)
+    s = msg.get_payload(1).get_payload()
+    milter.log(s)
+    ctx._close()
+
   def testDefang(self,fname='virus1'):
     milter = TestMilter()
+    milter.setsymval('{auth_authen}','batman')
+    milter.setsymval('{auth_type}','batcomputer')
+    milter.setsymval('j','mailhost')
     rc = milter.connect()
-    self.failUnless(rc == Milter.CONTINUE)
-    rc = milter.feedMsg(fname)
-    self.failUnless(rc == Milter.ACCEPT)
-    self.failUnless(milter.bodyreplaced,"Message body not replaced")
+    self.assertTrue(rc == Milter.CONTINUE)
+    with self.zf.open(fname) as fp:
+      rc = milter.feedFile(fp)
+    self.assertTrue(milter.user == 'batman',"getsymval failed")
+    # setsymlist not working in TestBase
+    #self.assertTrue(milter.auth_type != 'batcomputer',"setsymlist failed")
+    self.assertTrue(rc == Milter.ACCEPT)
+    self.assertTrue(milter._bodyreplaced,"Message body not replaced")
     fp = milter._body
-    open('test/'+fname+".tstout","w").write(fp.getvalue())
-    #self.failUnless(fp.getvalue() == open("test/virus1.out","r").read())
+    with open('test/'+fname+".tstout","wb") as f:
+        f.write(fp.getvalue())
+    #self.assertTrue(fp.getvalue() == open("test/virus1.out","r").read())
     fp.seek(0)
     msg = mime.message_from_file(fp)
     s = msg.get_payload(1).get_payload()
@@ -117,30 +111,35 @@ class BMSMilterTestCase(unittest.TestCase):
     milter = TestMilter()
     milter.connect('somehost')
     rc = milter.feedMsg(fname)
-    self.failUnless(rc == Milter.ACCEPT)
-    self.failIf(milter.bodyreplaced,"Milter needlessly replaced body.")
+    self.assertTrue(rc == Milter.ACCEPT)
+    self.assertFalse(milter._bodyreplaced,"Milter needlessly replaced body.")
     fp = milter._body
-    open('test/'+fname+".tstout","w").write(fp.getvalue())
+    with open('test/'+fname+".tstout","wb") as f:
+        f.write(fp.getvalue())
     milter.close()
 
   def testDefang2(self):
     milter = TestMilter()
     milter.connect('somehost')
     rc = milter.feedMsg('samp1')
-    self.failUnless(rc == Milter.ACCEPT)
-    self.failIf(milter.bodyreplaced,"Milter needlessly replaced body.")
-    rc = milter.feedMsg("virus3")
-    self.failUnless(rc == Milter.ACCEPT)
-    self.failUnless(milter.bodyreplaced,"Message body not replaced")
+    self.assertTrue(rc == Milter.ACCEPT)
+    self.assertFalse(milter._bodyreplaced,"Milter needlessly replaced body.")
+    with self.zf.open("virus3") as fp:
+      rc = milter.feedFile(fp)
+    self.assertTrue(rc == Milter.ACCEPT)
+    self.assertTrue(milter._bodyreplaced,"Message body not replaced")
     fp = milter._body
-    open("test/virus3.tstout","w").write(fp.getvalue())
-    #self.failUnless(fp.getvalue() == open("test/virus3.out","r").read())
-    rc = milter.feedMsg("virus6")
-    self.failUnless(rc == Milter.ACCEPT)
-    self.failUnless(milter.bodyreplaced,"Message body not replaced")
-    self.failUnless(milter.headerschanged,"Message headers not adjusted")
+    with open("test/virus3.tstout","wb") as f:
+        f.write(fp.getvalue())
+    #self.assertTrue(fp.getvalue() == open("test/virus3.out","r").read())
+    with self.zf.open("virus6") as fp:
+      rc = milter.feedFile(fp)
+    self.assertTrue(rc == Milter.ACCEPT)
+    self.assertTrue(milter._bodyreplaced,"Message body not replaced")
+    self.assertTrue(milter._headerschanged,"Message headers not adjusted")
     fp = milter._body
-    open("test/virus6.tstout","w").write(fp.getvalue())
+    with open("test/virus6.tstout","wb") as f:
+        f.write(fp.getvalue())
     milter.close()
 
 def suite(): return unittest.makeSuite(BMSMilterTestCase,'test')

testutils.py

@@ -1,9 +1,11 @@
+from __future__ import print_function
 import unittest
 import doctest
 import os
 import Milter.utils
 from Milter.cache import AddrCache
 from Milter.dynip import is_dynip
+from Milter.pyip6 import inet_ntop
 
 class AddrCacheTestCase(unittest.TestCase):
 
@@ -11,37 +13,51 @@ class AddrCacheTestCase(unittest.TestCase):
     self.fname = 'test.dat'
 
   def tearDown(self):
-    os.remove(self.fname)
+    if os.path.exists(self.fname):
+      os.remove(self.fname)
 
   def testAdd(self):
     cache = AddrCache(fname=self.fname)
     cache['foo@bar.com'] = None
     cache.addperm('baz@bar.com')
     cache['temp@bar.com'] = 'testing'
-    self.failUnless(cache.has_key('foo@bar.com'))
-    self.failUnless(not cache.has_key('hello@bar.com'))
-    self.failUnless('baz@bar.com' in cache)
-    self.assertEquals(cache['temp@bar.com'],'testing')
+    self.assertTrue(cache.has_key('foo@bar.com'))
+    self.assertTrue(not cache.has_key('hello@bar.com'))
+    self.assertTrue('baz@bar.com' in cache)
+    self.assertEqual(cache['temp@bar.com'],'testing')
     s = open(self.fname).readlines()
-    self.failUnless(len(s) == 2)
-    self.failUnless(s[0].startswith('foo@bar.com '))
-    self.assertEquals(s[1].strip(),'baz@bar.com')
+    self.assertTrue(len(s) == 2)
+    self.assertTrue(s[0].startswith('foo@bar.com '))
+    self.assertEqual(s[1].strip(),'baz@bar.com')
     # check that new result overrides old
     cache['temp@bar.com'] = None
-    self.failUnless(not cache['temp@bar.com'])
+    self.assertTrue(not cache['temp@bar.com'])
 
   def testDomain(self):
-    fp = open(self.fname,'w')
-    print >>fp,'spammer.com'
-    fp.close()
+    with open(self.fname,'w') as fp:
+      print('spammer.com',file=fp)
     cache = AddrCache(fname=self.fname)
     cache.load(self.fname,30)
-    self.failUnless('spammer.com' in cache)
+    self.assertTrue('spammer.com' in cache)
+
+  def testParseHeader(self):
+    s='=?UTF-8?B?TGFzdCBGZXcgQ29sZHBsYXkgQWxidW0gQXJ0d29ya3MgQXZhaWxhYmxlAA?='
+    h = Milter.utils.parse_header(s)
+    self.assertEqual(h,'Last Few Coldplay Album Artworks Available\x00')
+    s='=?iso-8859-1?Q?Peter_=D8rum?= <orum@ditas.dk>'
+    h = Milter.utils.parse_header(s)
+    self.assertEqual(h,'Peter \xd8rum <orum@ditas.dk>')
+
+  @unittest.expectedFailure
+  def testParseAddress(self):
+    s = Milter.utils.parseaddr('a(WRONG)@b')
+    self.assertEqual(s,('WRONG', 'a@b'))
 
 def suite(): 
   s = unittest.makeSuite(AddrCacheTestCase,'test')
   s.addTest(doctest.DocTestSuite(Milter.utils))
   s.addTest(doctest.DocTestSuite(Milter.dynip))
+  s.addTest(doctest.DocTestSuite(Milter.pyip6))
   return s
 
 if __name__ == '__main__':