This commit was manufactured by cvs2svn to create tag 'pymilter-1_0'.

Sprout from master 2014-03-01 23:38:51 UTC Stuart Gathman <stuart@gathman.org> 'Release 1.0-2'
Cherrypick from bmsi 2005-05-31 18:10:47 UTC Stuart Gathman <stuart@gathman.org> 'Release 0.7.2':
    test/big5
    test/bounce
    test/bounce1
    test/bound
    test/honey
    test/missingboundary
    test/samp1
    test/spam44
    test/spam7
    test/spam8
    test/test1
    test/test8
    test/virus1
    test/virus13
    test/virus2
    test/virus3
    test/virus4
    test/virus5
    test/virus6
    test/virus7

CREDITS

@@ -1,5 +1,5 @@
 Jim Niemira (urmane@urmane.org) wrote the original C module and some quick
-and dirty python to use it.  Stuart D. Gathman (stuart@bmsi.com) took that
+and dirty python to use it.  Stuart D. Gathman (stuart@gathman.org) took that
 kludge and added threading and context objects to it, wrote a proper OO
 wrapper (Milter.py) that handles attachments, did lots of testing, packaged
 it with distutils, and generally transformed it from a quick hack to a
@@ -7,7 +7,6 @@ real, usable Python extension.
 
 Other contributors (in random order):
 
-
 Daniel Troeder
   for pointing out a typo in @noreply
 arkanes@irc.freenode.net
@@ -44,4 +43,4 @@ Business Management Systems - http://www.bmsi.com
   for hosting the website, and providing paying clients who need milter service
   so I can work on it as part of my day job.
 
-If I have left anybody out, send me a reminder: stuart@bmsi.com
+If I have left anybody out, send me a reminder: stuart@gathman.org

Milter/__init__.py

@@ -21,12 +21,6 @@ from functools import wraps
 _seq_lock = thread.allocate_lock()
 _seq = 0
 
-## @fn set_flags(flags)
-# @brief Enable optional %milter actions.
-# Certain %milter actions need to be enabled before calling milter.runmilter()
-# or they throw an exception. 
-# @param flags Bit ored mask of optional actions to enable
-
 def uniqueID():
   """Return a unique sequence number (incremented on each call).
   """
@@ -724,28 +718,7 @@ def envcallback(c,args):
 # @param socketname the socket to be passed to milter.setconn()
 # @param timeout the time in secs the MTA should wait for a response before 
 #	considering this %milter dead
-def runmilter(name,socketname,timeout = 0):
-  # This bit is here on the assumption that you will be starting this filter
-  # before sendmail.  If sendmail is not running and the socket already exists,
-  # libmilter will throw a warning.  If sendmail is running, this is still
-  # safe if there are no messages currently being processed.  It's safer to
-  # shutdown sendmail, kill the filter process, restart the filter, and then
-  # restart sendmail.
-  pos = socketname.find(':')
-  if pos > 1:
-    s = socketname[:pos]
-    fname = socketname[pos+1:]
-  else:
-    s = "unix"
-    fname = socketname
-  if s == "unix" or s == "local":
-    print "Removing %s" % fname
-    try:
-      os.unlink(fname)
-    except os.error, x:
-      import errno
-      if x.errno != errno.ENOENT:
-        raise milter.error(x)
+def runmilter(name,socketname,timeout = 0,rmsock=True):
 
   # The default flags set include everything
   # milter.set_flags(milter.ADDHDRS)
@@ -776,6 +749,14 @@ def runmilter(name,socketname,timeout = 0):
         unknown=lambda ctx,cmd: ctx.getpriv().unknown(cmd),
         negotiate=ncb
   )
+
+  # We remove the socket here by default on the assumption that you will be
+  # starting this filter before sendmail.  If sendmail is not running and the
+  # socket already exists, libmilter will throw a warning.  If sendmail is
+  # running, this is still safe if there are no messages currently being
+  # processed.  It's safer to shutdown sendmail, kill the filter process,
+  # restart the filter, and then restart sendmail.
+  milter.opensocket(rmsock)
   start_seq = _seq
   try:
     milter.main()

Milter/config.py

@@ -1,4 +1,5 @@
 from ConfigParser import ConfigParser
+import os.path
 
 class MilterConfigParser(ConfigParser):
 
@@ -20,7 +21,7 @@ class MilterConfigParser(ConfigParser):
       return [q.strip() for q in self.get(sect,opt).split(',')]
     return []
 
-  def getaddrset(self,sect,opt):
+  def getaddrset(self,sect,opt,dir=''):
     if not self.has_option(sect,opt):
       return {}
     s = self.get(sect,opt)
@@ -29,13 +30,14 @@ class MilterConfigParser(ConfigParser):
       q = q.strip()
       if q.startswith('file:'):
         domain = q[5:].lower()
-        d[domain] = d.setdefault(domain,[]) + open(domain,'r').read().split()
+        fname = os.path.join(dir,domain)
+        d[domain] = d.setdefault(domain,[]) + open(fname,'r').read().split()
       else:
         user,domain = q.split('@')
         d.setdefault(domain.lower(),[]).append(user)
     return d
   
-  def getaddrdict(self,sect,opt):
+  def getaddrdict(self,sect,opt,dir=''):
     if not self.has_option(sect,opt):
       return {}
     d = {}
@@ -46,7 +48,7 @@ class MilterConfigParser(ConfigParser):
         for addr in l.split(','):
           addr = addr.strip()
           if addr.startswith('file:'):
-            fname = addr[5:]
+            fname = os.path.join(dir,addr[5:])
             for a in open(fname,'r').read().split():
               d[a] = q
           else:

Milter/greylist.py

@@ -41,6 +41,17 @@ class Greylist(object):
     self.dbp = shelve.open(dbname,'c',protocol=2)
     self.lock = thread.allocate_lock()
 
+  def export_csv(self,fp,timeinc=0):
+    "Export records to csv."
+    import csv
+    dbp = self.dbp
+    w = csv.writer(fp)
+    now = time.time() + timeinc
+    for key, r in dbp.iteritems():
+      if now > r.lastseen + self.greylist_retain: continue
+      ip,sender,recipient = key.rsplit(':',2)
+      w.writerow([ip,sender,recipient,r.firstseen,r.lastseen,r.cnt,r.umis])
+
   def clean(self,timeinc=0):
     "Delete records past the retention limit."
     now = time.time() + timeinc
@@ -100,3 +111,10 @@ class Greylist(object):
 
   def close(self):
     self.dbp.close()
+
+if __name__ == '__main__':
+  import sys
+  g = Greylist(sys.argv[1],5,24,36)
+  try:
+    g.export_csv(sys.stdout)
+  finally: g.close()

Milter/greysql.py

@@ -25,6 +25,19 @@ class Greylist(object):
         primary key (ip,sender,recipient))''')
     except: pass
 
+  def import_csv(self,fp):
+    import csv
+    rdr = csv.reader(fp)
+    cur = self.conn.execute('begin immediate')
+    try:
+      for r in rdr:
+        cur.execute('''insert into 
+          greylist(ip,sender,recipient,firstseen,lastseen,cnt,umis)
+          values(?,?,?,?,?,?,?)''', r)
+      self.conn.commit()
+    finally:
+      cur.close();
+
   def clean(self,timeinc=0):
     "Delete records past the retention limit."
     now = time.time() + timeinc - self.greylist_retain
@@ -84,3 +97,10 @@ class Greylist(object):
 
   def close(self):
     self.conn.close()
+
+if __name__ == '__main__':
+  import sys
+  g = Greylist(sys.argv[1])
+  try:
+    g.import_csv(sys.stdin)
+  finally: g.close()

Milter/test.py

@@ -7,7 +7,7 @@ import Milter
 
 Milter.NOREPLY = Milter.CONTINUE
 
-## Test mixin for unit testing milter applications.
+## Test mixin for unit testing %milter applications.
 # This mixin overrides many Milter.MilterBase methods
 # with stub versions that simply record what was done.
 # @since 0.9.8
@@ -24,13 +24,13 @@ class TestBase(object):
     self._macros = { }
     ## The message body.
     self._body = None
-    ## True if the milter replaced the message body.
+    ## True if the %milter replaced the message body.
     self._bodyreplaced = False
-    ## True if the milter changed any headers.
+    ## True if the %milter changed any headers.
     self._headerschanged = False
-    ## Reply codes and messages set by milter
+    ## Reply codes and messages set by the %milter
     self._reply = None
-    ## The rfc822 message object for the current email being fed to the milter.
+    ## The rfc822 message object for the current email being fed to the %milter.
     self._msg = None
     self._symlist = [ None, None, None, None, None, None, None ]
 
@@ -39,7 +39,7 @@ class TestBase(object):
     print >>self.logfp
 
   ## Set a macro value.
-  # These are retrieved by the milter with getsymval.
+  # These are retrieved by the %milter with getsymval.
   # @param name the macro name, as passed to getsymval
   # @param val the macro value
   def setsymval(self,name,val):
@@ -57,7 +57,7 @@ class TestBase(object):
       raise IOError,"replacebody not called from eom()"
 
   # FIXME: rfc822 indexing does not really reflect the way chg/add header
-  # work for a milter
+  # work for a %milter
   def chgheader(self,field,idx,value):
     if not self._body:
       raise IOError,"chgheader not called from eom()"
@@ -103,9 +103,9 @@ class TestBase(object):
       a += m
     self._symlist[stage] = set(a)
 
-  ## Feed a file like object to the milter.  Calls envfrom, envrcpt for
+  ## Feed a file like object to the %milter.  Calls envfrom, envrcpt for
   # each recipient, header for each header field, body for each body 
-  # block, and finally eom.  A return code from the milter other than
+  # block, and finally eom.  A return code from the %milter other than
   # CONTINUE returns immediately with that return code.
   #
   # This is a convenience method, a test could invoke the callbacks
@@ -164,7 +164,7 @@ class TestBase(object):
     self._body.write(body)
     return rc
 
-  ## Feed an email contained in a file to the milter.
+  ## Feed an email contained in a file to the %milter.
   # This is a convenience method that invokes @link #feedFile feedFile @endlink.
   # @param sender MAIL FROM
   # @param rcpts RCPT TO, multiple recipients may be supplied

README

@@ -135,8 +135,6 @@ http://www.bmsi.com/linux/sendmail-rh72.spec
 IPv6 Notes
 ----------
 
-IPv6 is still experimental.
-
 The IPv6 protocol is supported if your operation system supports it
 and if sendmail was compiled with IPv6 support.  To determine if your
 sendmail supports IPv6, run "sendmail -d0" and check for the NETINET6
@@ -194,7 +192,7 @@ Authors
 -------
 
 Jim Niemira (urmane@urmane.org) wrote the original C module and some quick
-and dirty python to use it.  Stuart D. Gathman (stuart@bmsi.com) took that
+and dirty python to use it.  Stuart D. Gathman (stuart@gathman.org) took that
 kludge and added threading and context objects to it, wrote a proper OO
 wrapper (Milter.py) that handles attachments, did lots of testing, packaged
 it with distutils, and generally transformed it from a quick hack to a

TODO

@@ -1,6 +1,2 @@
-Support smfi_negotiate and auto negotiate only those callbacks for which 
-Milter.Milter methods have been overridden.  (Python should be able to
-do that.)
-
 Lookup exact RFC syntax of real name / email and make 
 Milter.utils.parse_addr() pass all unit tests.

doc/mainpage.py

@@ -7,30 +7,32 @@
 # events include the initial connection from a MTA, the envelope sender and
 # recipients, the top level mail headers, and the message body.  There are
 # options to mangle all of these components of the message as it passes through
-# the milter.
+# the %milter.
 # 
 # At the next level, the <code>Milter</code> module (note the case difference)
 # provides a Python friendly object oriented wrapper for the low level API.  To
 # use the Milter module, an application registers a 'factory' to create an
 # object for each connection from a MTA to sendmail.  These connection objects
-# must provide methods corresponding to the libmilter callback events.
+# must provide methods corresponding to the libmilter event callbacks.
 # 
-# Each event method returns a code to tell sendmail whether to proceed with
+# Each callback method returns a code to tell sendmail whether to proceed with
 # processing the message.  This is a big advantage of milters over other mail
 # filtering systems.  Unwanted mail can be stopped in its tracks at the
-# earliest possible point.
+# earliest possible point.  The callback return codes are
+# milter.CONTINUE, milter.REJECT, milter.DISCARD, milter.ACCEPT, 
+# milter.TEMPFAIL, milter.SKIP, milter.NOREPLY.
 # 
-# The <code>Milter.Base</code> class provides default implementations for
+# The Milter.Base class provides default implementations for
 # event methods that do nothing, and also provides wrappers for the libmilter
 # methods to mutate the message.  It automatically negotiates with MTA
-# which protocol steps need to be processed by the milter, based on
+# which protocol steps need to be processed by the %milter, based on
 # which callback methods are overridden.
 #
-# The <code>Milter.Milter</code> class provides an alternate default
-# implementation that logs the main milter events, but otherwise does nothing.
-# It is provided for compatibility.
+# The Milter.Milter class provides an alternate default
+# implementation that logs the main milter callbacks, but otherwise does
+# nothing.  It is provided for compatibility.
 # 
-# The <code>mime</code> module provides a wrapper for the Python email package
+# The mime module provides a wrapper for the Python email package
 # that fixes some bugs, and simplifies modifying selected parts of a MIME
 # message.
 #
@@ -50,4 +52,5 @@
 # You may find the
 # <a href="http://docs.python.org/release/2.6.6/library/multiprocessing.html">
 # multiprocessing</a> module useful.  It can be a drop-in
-# replacement for threading as illustrated in @ref milter-template.py.
+# replacement for threading as illustrated in 
+# <a href="milter-template_8py-example.html">milter-template.py</a>.

doc/milter.py

@@ -3,10 +3,65 @@
 
 ## @package milter
 #
-# A thin wrapper around libmilter.
+# A thin wrapper around libmilter.  Most users will not import
+# milter directly, but will instead import Milter and subclass
+# Milter.Base.  This module gives you ultimate low level control
+# from python.
 #
 
-## Hold context for a milter connection.
+## Continue processing the current connection, message, or recipient.
+CONTINUE  = 0
+##  For a connection-oriented routine, reject this connection; 
+# call Milter.Base.close(). For a message-oriented routine, except
+# Milter.Base.eom() or Milter.Base.abort(), reject this message.  For a
+# recipient-oriented routine, reject the current recipient (but continue
+# processing the current message).
+REJECT    = 1
+
+## For a message- or recipient-oriented routine, accept this message, but
+# silently discard it.  SMFIS_DISCARD should not be returned by a
+# connection-oriented routine.
+DISCARD   = 2
+
+## For a connection-oriented routine, accept this connection without further
+# filter processing; call Milter.Base.close().   For a message- or
+# recipient-oriented routine, accept this message without further filtering.
+ACCEPT    = 3
+
+## Return a temporary failure, i.e., the corresponding SMTP command will return
+# an appropriate 4xx status code. For a message-oriented routine, except
+# Milter.Base.envfrom(), fail for this message.  For a connection-oriented
+# routine, fail for this connection; call Milter.Base.close().  For a recipient-oriented
+# routine, only
+# fail for the current recipient; continue message processing.
+TEMPFAIL  = 4
+
+## Skip further callbacks of the same type in this transaction. 
+# Currently this return value is only allowed in Milter.Base.body(). It can be
+# used if a %milter has received sufficiently many body chunks to make a
+# decision, but still wants to invoke message modification functions that are
+# only allowed to be called from Milter.Base.eom(). Note: the %milter must
+# negotiate this behavior with the MTA, i.e., it must check whether the
+# protocol action SMFIP_SKIP is available and if so, the %milter must request
+# it.
+SKIP      = 5
+
+## Do not send a reply back to the MTA. 
+# The %milter must negotiate this behavior with the MTA, i.e., it must check
+# whether the appropriate protocol action P_NR_* is available and if so,
+# the %milter must request it. If you set the P_NR_* protocol action for a
+# callback, that callback must always reply with NOREPLY. Using any other
+# reply code is a violation of the API. If in some cases your callback may
+# return another value (e.g., due to some resource shortages), then you must
+# not set P_NR_* and you must use CONTINUE as the default return
+# code. (Alternatively you can try to delay reporting the problem to a later
+# callback for which P_NR_* is not set.)
+#
+# This is negotiated and returned automatically by the Milter.noreply 
+# function decorator.
+NOREPLY   = 6
+
+## Hold context for a %milter connection.
 # Each connection to sendmail creates a new <code>SMFICTX</code> struct within
 # libmilter.  The milter module in turn creates a milterContext
 # tied to the <code>SMFICTX</code> struct via <code>smfi_setpriv</code>
@@ -59,12 +114,13 @@ class milterContext(object):
   # M_CONNECT, M_HELO, M_ENVFROM, M_ENVRCPT, M_DATA, M_EOM, M_EOH.
   # Calls <a href="https://www.milter.org/developers/api/smfi_setsymlist">smfi_setsymlist</a>.
   # @param stage protocol stage in which the macro list should be used
+  # @param macrolist a space separated list of macro names
   def setsymlist(self,stage,macrolist): pass
 
 class error(Exception): pass
 
-## Enable optional milter actions.
-# Certain milter actions need to be enabled before calling main()
+## Enable optional %milter actions.
+# Certain %milter actions need to be enabled before calling main()
 # or they throw an exception.  Pymilter enables them all by
 # default (since 0.9.2), but you may wish to disable unneeded
 # actions as an optimization.
@@ -82,24 +138,27 @@ def set_abort_callback(cb): pass
 def set_close_callback(cb): pass
 
 ## Sets the return code for untrapped Python exceptions during a callback.
-# Must be one of TEMPFAIL,REJECT,CONTINUE.  The default is TEMPFAIL.
-# You should not depend on this handler.  Your application should
-# have its own top level exception handler for each callback.  You can
-# then choose your own reply message, log the stack track were you please,
-# and so on.  However, if you miss one, this last ditch handler will
-# print a standard stack trace to sys.stderr, and return to sendmail.
+# The default is TEMPFAIL.  You should not depend on this handler.  Your
+# application should have its own top level exception handler for each
+# callback.  You can then choose your own reply message, log the stack track
+# were you please, and so on.  However, if you miss one, this last ditch
+# handler will print a standard stack trace to sys.stderr, and return to
+# sendmail.  
+# @param code one of #TEMPFAIL,#REJECT,#CONTINUE, or since 1.0, #ACCEPT
 def set_exception_policy(code): pass
 
-## Register python milter with libmilter.
-# The name we pass is used to identify the milter in the MTA configuration.
+## Register python %milter with libmilter.
+# The name we pass is used to identify the %milter in the MTA configuration.
 # Callback functions must be set using the set_*_callback() functions before
-# registering the milter.
+# registering the %milter.
 # Three additional callbacks are specified as keyword parameters.  These
 # were added by recent versions of libmilter.  The keyword parameters is
 # a nicer way to do it, I think, since it makes clear that you have to do
-# it before registering.  I may move all the callbacks 
-# in the future (perhaps keeping the set functions for compatibility).
-# @param name the milter name by which the MTA finds us
+# it before registering.  I may move all the callbacks in the future (perhaps
+# keeping the set functions for compatibility).  Note that Milter.Base
+# automatically maps all callbacks to member functions, and negotiates which
+# member functions are actually overridden by an application class.
+# @param name the %milter name by which the MTA finds us
 # @param negotiate the
 #       <a href="https://www.milter.org/developers/api/xxfi_negotiate">
 #       xxfi_negotiate</a> callback, called to negotiate supported
@@ -113,6 +172,16 @@ def set_exception_policy(code): pass
 #       xxfi_data</a> callback, called when the DATA
 #       SMTP command is received.
 def register(name,negotiate=None,unknown=None,data=None): pass
+
+## Attempt to create the socket used to communicate with the MTA.
+# milter.opensocket() attempts to create the socket specified previously by a
+# call to milter.setconn() which will be the interface between MTAs and the
+# %milter.  This allows the calling application to ensure that the socket can be
+# created.  If this is not called, milter.main() will do so implicitly.
+# Calls <a href="https://www.milter.org/developers/api/smfi_opensocket">
+# smfi_opensocket</a>.  While not documented for libmilter, my experiments
+# indicate that you must call register() before calling opensocket().
+# @param rmsock Try to remove an existing unix domain socket if true.
 def opensocket(rmsock): pass
 
 ## Transfer control to libmilter.
@@ -122,7 +191,7 @@ def main(): pass
 
 ## Set the libmilter debugging level.
 # <a href="https://www.milter.org/developers/api/smfi_setdbg">smfi_setdbg</a>
-# sets the milter library's internal debugging level to a new level
+# sets the %milter library's internal debugging level to a new level
 # so that code details may be traced. A level of zero turns off debugging. The
 # greater (more positive) the level the more detailed the debugging. Six is the
 # current, highest, useful value.  Must be called before calling main().
@@ -143,16 +212,21 @@ def setbacklog(n): pass
 # unix, inet, or inet6 socket. By default, a unix domain socket
 # is used.  It must not exist,
 # and sendmail will throw warnings if, eg, the file is under a
-# group or world writable directory.
+# group or world writable directory.  milter.setconn() will not fail with
+# an invalid socket - this will be detected only when calling milter.main()
+# or milter.opensocket().
+# @param s the socket address in proto:address format
 # <pre>
-# setconn('unix:/var/run/pythonfilter')
-# setconn('inet:8800') 			# listen on ANY interface
-# setconn('inet:7871@@publichost')	# listen on a specific interface
-# setconn('inet6:8020')
+# milter.setconn('unix:/var/run/pythonfilter')  # a named pipe
+# milter.setconn('local:/var/run/pythonfilter') # a named pipe
+# milter.setconn('inet:8800') 			# listen on ANY interface
+# milter.setconn('inet:7871@@publichost')	# listen on a specific interface
+# milter.setconn('inet6:8020')
+# milter.setconn('inet6:8020@[2001:db8:1234::1]')      # listen on specific IP
 # </pre>
 def setconn(s): pass
 
-## Stop the milter gracefully.
+## Stop the %milter gracefully.
 def stop(): pass
 
 ## Retrieve diagnostic info.

makefile

@@ -1,9 +1,10 @@
 web:
 	doxygen
+	cd doc/html; zip -r ../../doc .
 	rsync -ravK doc/html/ spidey2.bmsi.com:/Public/pymilter
 
-VERSION=0.9.8
-CVSTAG=pymilter-0_9_8
+VERSION=1.0
+CVSTAG=pymilter-1_0
 PKG=pymilter-$(VERSION)
 SRCTAR=$(PKG).tar.gz
 

milter-template.py

@@ -71,6 +71,9 @@ class myMilter(Milter.Base):
     self.fromparms = Milter.dictfromlist(str)	# ESMTP parms
     self.user = self.getsymval('{auth_authen}')	# authenticated user
     self.log("mail from:", mailfrom, *str)
+    # NOTE: self.fp is only an *internal* copy of message data.  You
+    # must use addheader, chgheader, replacebody to change the message
+    # on the MTA.
     self.fp = StringIO.StringIO()
     self.canon_from = '@'.join(parse_addr(mailfrom))
     self.fp.write('From %s %s\n' % (self.canon_from,time.ctime()))
@@ -104,7 +107,6 @@ class myMilter(Milter.Base):
   def eom(self):
     self.fp.seek(0)
     msg = email.message_from_file(self.fp)
-    self.setreply('250','2.5.1','Grokked by pymilter')
     # many milter functions can only be called from eom()
     # example of adding a Bcc:
     self.addrcpt('<%s>' % 'spy@example.com')

miltermodule.c

@@ -35,6 +35,9 @@ $ python setup.py help
      libraries=["milter","smutil","resolv"]
 
  * $Log$
+ * Revision 1.35  2013/03/14 22:11:25  customdesigned
+ * Release 0.9.8
+ *
  * Revision 1.34  2013/03/09 05:42:14  customdesigned
  * Make TestBase members private, fix getsymlist misspelling.
  *
@@ -641,7 +644,8 @@ milter_set_exception_policy(PyObject *self, PyObject *args) {
   if (!PyArg_ParseTuple(args, "i:set_exception_policy", &i))
     return NULL;
   switch (i) {
-  case SMFIS_REJECT: case SMFIS_TEMPFAIL: case SMFIS_CONTINUE:
+  case SMFIS_REJECT: case SMFIS_TEMPFAIL:
+  case SMFIS_CONTINUE: case SMFIS_ACCEPT:
     exception_policy = i;
     Py_INCREF(Py_None);
     return Py_None;
@@ -661,9 +665,9 @@ _release_thread(PyThreadState *t) {
   The interpreter is locked when we are called, and we unlock it.  */
 static int _report_exception(milter_ContextObject *self) {
   char untrapped_msg[80];
-  sprintf(untrapped_msg,"pymilter: untrapped exception in %.40s",
-  	description.xxfi_name);
   if (PyErr_Occurred()) {
+    sprintf(untrapped_msg,"pymilter: untrapped exception in %.40s",
+	  description.xxfi_name);
     PyErr_Print();
     PyErr_Clear();	/* must clear since not returning to python */
     _release_thread(self->t);
@@ -675,8 +679,11 @@ static int _report_exception(milter_ContextObject *self) {
 	smfi_setreply(self->ctx, "451", "4.3.0", untrapped_msg);
 	return SMFIS_TEMPFAIL;
     }
-    return SMFIS_CONTINUE;
+    return exception_policy;
   }
+  /* This should never happen, _report_exception is only called when
+   * the caller has already detected a python exception.  If it
+   * does somehow happen, pretend nothing is wrong... */
   _release_thread(self->t);
   return SMFIS_CONTINUE;
 }

pymilter.spec

@@ -6,9 +6,10 @@
 
 Summary: Python interface to sendmail milter API
 Name: %{pythonbase}-pymilter
-Version: 0.9.8
+Version: 1.0
 Release: 1%{dist}
 Source: http://downloads.sourceforge.net/pymilter/pymilter-%{version}.tar.gz
+Source1: pymilter.te
 License: GPLv2+
 Group: Development/Libraries
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -26,11 +27,23 @@ attach to sendmail's libmilter functionality.  Additional python
 modules provide for navigating and modifying MIME parts, sending
 DSNs, and doing CBV.
 
+%package selinux
+Summary: SELinux policy module for pymilter
+Group: System Environment/Base
+Requires: policycoreutils, selinux-policy, %{name}
+BuildRequires: policycoreutils, checkpolicy
+
+%description selinux
+SELinux policy module for using pymilter with sendmail with selinux enforcing
+
 %prep
 %setup -q -n pymilter-%{version}
+cp %{SOURCE1} pymilter.te
 
 %build
 env CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build
+checkmodule -m -M -o pymilter.mod pymilter.te
+semodule_package -o pymilter.pp -m pymilter.mod
 
 %install
 rm -rf $RPM_BUILD_ROOT
@@ -38,31 +51,11 @@ rm -rf $RPM_BUILD_ROOT
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/milter
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/milter
 mkdir -p $RPM_BUILD_ROOT%{libdir}
-cp start.sh $RPM_BUILD_ROOT%{libdir}
-ed $RPM_BUILD_ROOT%{libdir}/start.sh <<'EOF'
-/^datadir=/
-c
-datadir="%{_localstatedir}/log/milter"
-.
-/^piddir=/
-c
-piddir="%{_localstatedir}/run/milter"
-.
-/^libdir=/
-c
-libdir="%{libdir}"
-.
-/^python=/
-c
-python="%{__python}"
-.
-w
-q
-EOF
-chmod a+x $RPM_BUILD_ROOT%{libdir}/start.sh
 
-# start.sh is used by spfmilter, srsmilter, and milter, and could be used by
-# other milters using pymilter.
+# install selinux modules
+mkdir -p %{buildroot}%{_datadir}/selinux/targeted
+cp -p pymilter.pp %{buildroot}%{_datadir}/selinux/targeted
+
 %files
 %defattr(-,root,root,-)
 %doc README ChangeLog NEWS TODO CREDITS sample.py milter-template.py
@@ -71,17 +64,41 @@ chmod a+x $RPM_BUILD_ROOT%{libdir}/start.sh
 %dir %attr(0755,mail,mail) %{_localstatedir}/run/milter
 %dir %attr(0755,mail,mail) %{_localstatedir}/log/milter
 
+%files selinux
+%doc pymilter.te
+%{_datadir}/selinux/targeted/*
+
 %clean
 rm -rf $RPM_BUILD_ROOT
 
+%post selinux
+/usr/sbin/semodule -s targeted -i %{_datadir}/selinux/targeted/pymilter.pp \
+	&>/dev/null || :
+
+%postun selinux
+if [ $1 -eq 0 ] ; then
+/usr/sbin/semodule -s targeted -r pymilter &> /dev/null || :
+fi
+
 %changelog
+* Sat Mar  1 2014 Stuart Gathman <stuart@gathman.org> 1.0-2
+- Remove start.sh to track EPEL repository, suggest daemonize as replacement
+- Selinux subpackage should not care about pymilter version
+
+* Wed Jun 26 2013 Stuart Gathman <stuart@gathman.org> 1.0-1
+- Allow ACCEPT as untrapped exception policy
+- Optional dir for getaddrset and getaddrdict in Milter.config
+- Show registered milter name in untrapped exception message.
+- Include selinux subpackage
+- Provide Milter.greylist export and Milter.greylist import to migrate data
+
 * Sat Mar  9 2013 Stuart Gathman <stuart@bmsi.com> 0.9.8-1
 - Add Milter.test module for unit testing milters.
 - Fix typo that prevented setsymlist from being active.
 - Change untrapped exception message to:
 - "pymilter: untrapped exception in milter app"
 
-* Sat Feb 25 2012 Stuart Gathman <stuart@bmsi.com> 0.9.7-1
+* Thu Apr 12 2012 Stuart Gathman <stuart@bmsi.com> 0.9.7-1
 - Raise RuntimeError when result != CONTINUE for @noreply and @nocallback
 - Remove redundant table in miltermodule
 - Fix CNAME chain duplicating TXT records in Milter.dns (from pyspf).

pymilter.te

@@ -0,0 +1,13 @@
+module pymilter 1.0;
+
+require {
+	type sendmail_t;
+	type var_run_t;
+	type initrc_t;
+	class sock_file { write getattr };
+	class unix_stream_socket connectto;
+}
+
+#============= sendmail_t ==============
+allow sendmail_t initrc_t:unix_stream_socket connectto;
+allow sendmail_t var_run_t:sock_file { write getattr };

setup.cfg

@@ -1,5 +1,5 @@
 [bdist_rpm]
 python=python2.6
-doc_files=README NEWS TODO
-packager=Stuart D. Gathman <stuart@bmsi.com>
+doc_files=README NEWS TODO COPYING CREDITS
+packager=Stuart D. Gathman <stuart@gathman.org>
 release=1

setup.py

@@ -13,7 +13,7 @@ libs = ["milter"]
 libdirs = ["/usr/lib/libmilter"]    # needed for Debian
 
 # NOTE: importing Milter to obtain version fails when milter.so not built
-setup(name = "pymilter", version = '0.9.8',
+setup(name = "pymilter", version = '1.0',
 	description="Python interface to sendmail milter API",
 	long_description="""\
 This is a python extension module to enable python scripts to