LamSession init

app/lam.py

@@ -9,6 +9,7 @@ from lam_backends import g_config_backend, g_policy_backend
 from lam_rex import g_rex_domain, g_rex_srs
 from lam_logger import log_debug, log_info, log_warning, log_error
 from lam_exceptions import LamSoftException, LamHardException
+from lam_session import LamSession
 
 class LdapAclMilter(Milter.Base):
   # Each new connection is handled in an own thread
@@ -100,14 +101,6 @@ class LdapAclMilter(Milter.Base):
       self.setreply(smtp_code, smtp_ecode, message)
     return smfir
 
-  # Not registered/used callbacks
-  @Milter.nocallback
-  def eoh(self):
-    return self.milter_action(action = 'continue')
-  @Milter.nocallback
-  def body(self, chunk):
-    return self.milter_action(action = 'continue')
-
   def connect(self, IPname, family, hostaddr):
     self.reset()
     self.proto_stage = 'CONNECT'
@@ -262,6 +255,14 @@ class LdapAclMilter(Milter.Base):
           self.log_info("AR-parse exception: {0}".format(str(e)))
     return self.milter_action(action = 'continue')
 
+  # Not registered/used callbacks
+  @Milter.nocallback
+  def eoh(self):
+    return self.milter_action(action = 'continue')
+  @Milter.nocallback
+  def body(self, chunk):
+    return self.milter_action(action = 'continue')
+
   def eom(self):
     self.proto_stage = 'EOM'
     if g_config_backend.milter_max_rcpt_enabled:

app/lam_policy_backend.py

@@ -9,6 +9,7 @@ from lam_exceptions import (
   LamPolicyBackendException, LamHardException, LamSoftException
 )
 from lam_config_backend import LamConfigBackend
+from lam_session import LamSession
 
 class LamPolicyBackend():
   def __init__(self, lam_config: LamConfigBackend):
@@ -59,7 +60,7 @@ class LamPolicyBackend():
     log_debug("{0} rcpt_domain={1}".format(mcid, rcpt_domain))
     try:
       if self.config.milter_schema == True:
-        # LDAP-ACL-Milter schema
+        # LDAP-ACL-Milter schema enabled
         auth_method = ''
         if self.config.milter_expect_auth == True:
           auth_method = "(|(allowedClientAddr=" + lam_session.client_addr + ")%SASL_AUTH%%X509_AUTH%)"
@@ -124,14 +125,16 @@ class LamPolicyBackend():
           )
         else:
           # Wildcard-domain DISABLED
-          # Asterisk must be ASCII-HEX encoded for LDAP queries
+          # Asterisk (*) must be ASCII-HEX encoded for LDAP queries
           query_from = from_addr.replace("*","\\2a")
           query_to = rcpt_addr.replace("*","\\2a")
           self.ldap_conn.search(self.config.ldap_base,
             "(&" +
               auth_method +
               "(allowedSenders=" + query_from + ")" +
+              "(!(deniedSenders=" + query_from + "))" +
               "(allowedRcpts=" + query_to + ")" +
+              "(!(deniedRcpts=" + query_to + "))" +
             ")",
             attributes=['policyID']
           )
@@ -149,7 +152,7 @@ class LamPolicyBackend():
             ))
           # Policy found in LDAP, but which one?
           entry = self.ldap_conn.entries[0]
-          log_info("{0} match: '{1}' from_src={2}".format(
+          log_info("{0} match='{1}' from_src={2}".format(
             mcid, entry.policyID.value, from_source
           ))
         elif len(self.ldap_conn.entries) > 1: