github-public-mirror/ExOTA-Milter
1
0
Fork 0
mirror of https://github.com/chillout2k/ExOTA-Milter.git synced 2025-12-12 18:00:19 +00:00
Code Issues Releases Wiki Activity

Policy check: expect valid UUIDs

Browse Source
This commit is contained in:
Dominik Chilla 2020-12-04 09:14:29 +01:00
parent 8e16abdd17
commit 2cc2d0b47e
4 changed files with 21 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -131,12 +131,12 @@ Prerequisites: `docker-compose` installed
* Create the policy file `data/policy.json` with following content:
```
{
"lalalulu.onmicrosoft.com": {
"yad.onmicrosoft.com": {
"tenant_id": "1234abcd-18c5-45e8-88de-123456789abc",
"dkim_enabled": true
},
"asdf2.onmicrosoft.com": {
"tenant_id": "asdftasdfa",
"example.com": {
"tenant_id": "abcd1234-18c5-45e8-88de-987654321cba",
"dkim_enabled": false
}
}

15
app/policy.py
View File

@ -1,6 +1,7 @@
import json
import traceback
import re
from uuid import UUID
class ExOTAPolicyException(Exception):
def __init__(self, message):
@ -30,14 +31,16 @@ class ExOTAPolicy():
"Policy must have a 'tenant_id' attribute!"
)
else:
if policy_dict['tenant_id'] == '':
try:
UUID(policy_dict['tenant_id'])
except ValueError as e:
raise ExOTAPolicyInvalidException(
"'tenant_id' must not be empty!"
)
if re.match(r'^.*\s+.*$', policy_dict['tenant_id']):
"Invalid 'tenant_id': {0}".format(str(e))
) from e
except Exception as e:
raise ExOTAPolicyInvalidException(
"'tenant_id' must not contain whitespace characters!"
)
"Invalid 'tenant_id': {0}".format(traceback.format_exc())
) from e
if 'dkim_enabled' not in policy_dict:
raise ExOTAPolicyInvalidException(
"Policy must have a 'dkim_enabled' attribute!"

10
tests/miltertest.lua
View File

@ -27,7 +27,7 @@ if mt.getreply(conn) ~= SMFIR_CONTINUE then
end
-- HEADER
if mt.header(conn, "From", '"Blah Blubb" <O365ConnectorValidation@lalalulu.onmicrosoft.com>') ~= nil then
if mt.header(conn, "From", '"Blah Blubb" <O365ConnectorValidation@yad.onmicrosoft.com>') ~= nil then
error "mt.header(From) failed"
end
if mt.header(conn, "X-MS-Exchange-CrossTenant-Id", "1234abcd-18c5-45e8-88de-123456789abc") ~= nil then
@ -36,16 +36,16 @@ end
--if mt.header(conn, "X-MS-Exchange-CrossTenant-Id", "4321abcd-18c5-45e8-88de-blahblubb") ~= nil then
-- error "mt.header(Subject) failed"
--end
if mt.header(conn, "Authentication-Results", "another-wrong-auth-serv-id;\n dkim=fail header.d=lalalulu.onmicrosoft.com header.s=selector1-lalalulu-onmicrosoft-com header.b=mmmjFpv8") ~= nil then
if mt.header(conn, "Authentication-Results", "another-wrong-auth-serv-id;\n dkim=fail header.d=yad.onmicrosoft.com header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then
error "mt.header(Subject) failed"
end
if mt.header(conn, "Authentication-Results", "wrong-auth-serv-id;\n dkim=pass header.d=lalalulu.onmicrosoft.com header.s=selector1-lalalulu-onmicrosoft-com header.b=mmmjFpv8") ~= nil then
if mt.header(conn, "Authentication-Results", "wrong-auth-serv-id;\n dkim=pass header.d=yad.onmicrosoft.com header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then
error "mt.header(Subject) failed"
end
if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n dkim=pass header.d=lalalulu.onmicrosoft.com header.s=selector1-lalalulu-onmicrosoft-com header.b=mmmjFpv8") ~= nil then
if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n dkim=pass header.d=yad.onmicrosoft.com header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then
error "mt.header(Subject) failed"
end
if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n dkim=fail header.d=lalalulu.onmicrosoft.com header.s=selector2-asdf header.b=mmmjFpv8") ~= nil then
if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n dkim=fail header.d=yad.onmicrosoft.com header.s=selector2-asdf header.b=mmmjFpv8") ~= nil then
error "mt.header(Subject) failed"
end
if mt.header(conn, "Authentication-Results", "some-validating-host;\n dkim=pass header.d=paypal.de header.s=pp-dkim1 header.b=PmTtUzer;\n dmarc=pass (policy=reject) header.from=paypal.de;\n spf=pass (some-validating-host: domain of service@paypal.de designates 173.0.84.226 as permitted sender) smtp.mailfrom=service@paypal.de") ~= nil then

8
tests/policy.json
View File

@ -1,10 +1,10 @@
{
"lalalulu.onmicrosoft.com": {
"yad.onmicrosoft.com": {
"tenant_id": "1234abcd-18c5-45e8-88de-123456789abc",
"dkim_enabled": true
},
"asdf2.onmicrosoft.com": {
"tenant_id": "asdftasdfa",
"dkim_enabled": true
"example.com": {
"tenant_id": "abcd1234-18c5-45e8-88de-987654321cba",
"dkim_enabled": false
}
}