github-public-mirror/ldap-acl-milter
1
0
Fork 0
mirror of https://github.com/chillout2k/ldap-acl-milter.git synced 2025-12-13 19:30:18 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #24 from chillout2k/devel

Browse Source 
RCPT-Whitelist
This commit is contained in:
Dominik Chilla 2019-09-12 12:22:32 +02:00 committed by GitHub
commit c9afe94bf5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -81,6 +81,8 @@ services:
# outbound email traffic, where senders must authenticate before submission. # outbound email traffic, where senders must authenticate before submission.
# Default: False (inbound mode) # Default: False (inbound mode)
MILTER_EXPECT_AUTH: 'True' MILTER_EXPECT_AUTH: 'True'
# Blank or comma separated list of valid email recipients to whitelist,
MILTER_WHITELISTED_RCPTS: 'postmaster@example.com,hostmaster@example.org'
hostname: ldap-acl-milter hostname: ldap-acl-milter
volumes: volumes:
- "lam_socket:/socket/:rw" - "lam_socket:/socket/:rw"

23
app/ldap-acl-milter.py
View File

@ -24,12 +24,15 @@ g_ldap_bindpw = 'TopSecret;-)'
g_ldap_base = 'ou=users,dc=example,dc=org' g_ldap_base = 'ou=users,dc=example,dc=org'
g_ldap_query = '(&(mail=%rcpt%)(allowedEnvelopeSender=%from%))' g_ldap_query = '(&(mail=%rcpt%)(allowedEnvelopeSender=%from%))'
g_re_domain = re.compile(r'^\S*@(\S+)$') g_re_domain = re.compile(r'^\S*@(\S+)$')
# http://emailregex.com/ -> Python
g_re_email = re.compile(r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)")
g_loglevel = logging.INFO g_loglevel = logging.INFO
g_milter_mode = 'test' g_milter_mode = 'test'
g_milter_default_policy = 'reject' g_milter_default_policy = 'reject'
g_milter_schema = False g_milter_schema = False
g_milter_schema_wildcard_domain = False # works only if g_milter_schema == True g_milter_schema_wildcard_domain = False # works only if g_milter_schema == True
g_milter_expect_auth = False g_milter_expect_auth = False
g_milter_whitelisted_rcpts = {}
class LdapAclMilter(Milter.Base): class LdapAclMilter(Milter.Base):
# Each new connection is handled in an own thread # Each new connection is handled in an own thread
@ -115,6 +118,12 @@ class LdapAclMilter(Milter.Base):
time_start = timer() time_start = timer()
to = to.replace("<","") to = to.replace("<","")
to = to.replace(">","") to = to.replace(">","")
if to in g_milter_whitelisted_rcpts:
time_end = timer()
self.env_rcpts.append({
"rcpt": to, "action":'whitelisted_rcpt',"time_start":time_start,"time_end":time_end
})
return Milter.CONTINUE
m = g_re_domain.match(to) m = g_re_domain.match(to)
if m == None: if m == None:
logging.error(self.mconn_id + "/RCPT " + logging.error(self.mconn_id + "/RCPT " +
@ -394,6 +403,20 @@ if __name__ == "__main__":
if 'MILTER_EXPECT_AUTH' in os.environ: if 'MILTER_EXPECT_AUTH' in os.environ:
if re.match(r'^true$', os.environ['MILTER_EXPECT_AUTH'], re.IGNORECASE): if re.match(r'^true$', os.environ['MILTER_EXPECT_AUTH'], re.IGNORECASE):
g_milter_expect_auth = True g_milter_expect_auth = True
if 'MILTER_WHITELISTED_RCPTS' in os.environ:
# A blank separated list is expected
whitelisted_rcpts_str = os.environ['MILTER_WHITELISTED_RCPTS']
# for whitelisted_rcpt in whitelisted_rcpts_str.split():
for whitelisted_rcpt in re.split(',|\s', whitelisted_rcpts_str):
if g_re_email.match(whitelisted_rcpt) == None:
logging.error(
"ENV[MILTER_WHITELISTED_RCPTS]: invalid email address: " +
whitelisted_rcpt
)
sys.exit(1)
else:
logging.info("ENV[MILTER_WHITELISTED_RCPTS]: " + whitelisted_rcpt)
g_milter_whitelisted_rcpts[whitelisted_rcpt] = {}
set_config_parameter("RESTARTABLE_SLEEPTIME", 2) set_config_parameter("RESTARTABLE_SLEEPTIME", 2)
set_config_parameter("RESTARTABLE_TRIES", 2) set_config_parameter("RESTARTABLE_TRIES", 2)
server = Server(g_ldap_server, get_info=NONE) server = Server(g_ldap_server, get_info=NONE)