LamSession init

2025-12-11 02:30:17 +00:00 · 2022-03-06 11:56:42 +01:00 · 2022-03-06 11:56:42 +01:00 · cc4bcc1e69
commit cc4bcc1e69
parent d6af0c648d
2 changed files with 15 additions and 11 deletions
--- a/app/lam.py
+++ b/app/lam.py
@ -9,6 +9,7 @@ from lam_backends import g_config_backend, g_policy_backend
 from lam_rex import g_rex_domain, g_rex_srs
 from lam_logger import log_debug, log_info, log_warning, log_error
 from lam_exceptions import LamSoftException, LamHardException
+from lam_session import LamSession

 class LdapAclMilter(Milter.Base):
  # Each new connection is handled in an own thread
@ -100,14 +101,6 @@ class LdapAclMilter(Milter.Base):
      self.setreply(smtp_code, smtp_ecode, message)
    return smfir

-  # Not registered/used callbacks
-  @Milter.nocallback
-  def eoh(self):
-    return self.milter_action(action = 'continue')
-  @Milter.nocallback
-  def body(self, chunk):
-    return self.milter_action(action = 'continue')
-
  def connect(self, IPname, family, hostaddr):
    self.reset()
    self.proto_stage = 'CONNECT'
@ -262,6 +255,14 @@ class LdapAclMilter(Milter.Base):
          self.log_info("AR-parse exception: {0}".format(str(e)))
    return self.milter_action(action = 'continue')

+  # Not registered/used callbacks
+  @Milter.nocallback
+  def eoh(self):
+    return self.milter_action(action = 'continue')
+  @Milter.nocallback
+  def body(self, chunk):
+    return self.milter_action(action = 'continue')
+
  def eom(self):
    self.proto_stage = 'EOM'
    if g_config_backend.milter_max_rcpt_enabled:
--- a/app/lam_policy_backend.py
+++ b/app/lam_policy_backend.py
@ -9,6 +9,7 @@ from lam_exceptions import (
  LamPolicyBackendException, LamHardException, LamSoftException
 )
 from lam_config_backend import LamConfigBackend
+from lam_session import LamSession

 class LamPolicyBackend():
  def __init__(self, lam_config: LamConfigBackend):
@ -59,7 +60,7 @@ class LamPolicyBackend():
    log_debug("{0} rcpt_domain={1}".format(mcid, rcpt_domain))
    try:
      if self.config.milter_schema == True:
-        # LDAP-ACL-Milter schema
+        # LDAP-ACL-Milter schema enabled
        auth_method = ''
        if self.config.milter_expect_auth == True:
          auth_method = "(|(allowedClientAddr=" + lam_session.client_addr + ")%SASL_AUTH%%X509_AUTH%)"
@ -124,14 +125,16 @@ class LamPolicyBackend():
          )
        else:
          # Wildcard-domain DISABLED
-          # Asterisk must be ASCII-HEX encoded for LDAP queries
+          # Asterisk (*) must be ASCII-HEX encoded for LDAP queries
          query_from = from_addr.replace("*","\\2a")
          query_to = rcpt_addr.replace("*","\\2a")
          self.ldap_conn.search(self.config.ldap_base,
            "(&" +
              auth_method +
              "(allowedSenders=" + query_from + ")" +
+              "(!(deniedSenders=" + query_from + "))" +
              "(allowedRcpts=" + query_to + ")" +
+              "(!(deniedRcpts=" + query_to + "))" +
            ")",
            attributes=['policyID']
          )
@ -149,7 +152,7 @@ class LamPolicyBackend():
            ))
          # Policy found in LDAP, but which one?
          entry = self.ldap_conn.entries[0]
-          log_info("{0} match: '{1}' from_src={2}".format(
+          log_info("{0} match='{1}' from_src={2}".format(
            mcid, entry.policyID.value, from_source
          ))
        elif len(self.ldap_conn.entries) > 1: