If the last received header (the one added by YOUR server says AUTH, you can trust it - otherwise it can be spoofed. I just read the headers.
You can use a for loop and a counter to ensure you only check the first received header. m/ > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Lloyd > Zusman > Sent: Sunday, February 08, 2004 4:23 PM > To: [EMAIL PROTECTED] > Subject: [courier-users] Definitive way to determine whether there's > been authorization? > > > In the courier-pythonfilter module below, I am looking into the message > data file for a line that looks like this among the message headers: > > (AUTH: LOGIN whatever) > > When I see this, I accept the message and don't send it through my > subsequent SPF processing. > > However, I just realized that this can be easily spoofed, as follows: > > % telnet mx.myhost.com 25 > ehlo somewhere.com > mail from: <[EMAIL PROTECTED]> > rcpt to: <[EMAIL PROTECTED]> > data > (AUTH: LOGIN foobar) > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: whatever > > Message > . > > Because of this, I'd like to know if there is a definitive way from > within a courierfilter module to determine whether a given SMTP dialog > is the result of a successful authorization, or whether it's a simple, > non-authorized dialog, such as the one above. > > I don't see any way to find this out from the message data file or from > the message control file, but I hope that I'm overlooking something. > > Any ideas? > > Thanks in advance. > > > Here's the courier-pythonfilter module that I mentioned above: > > > import re > > import sys > > import string > > import courier.control > > import courier.config > > > > # Accepts all incoming messages that have been submitted via a > > # successful AUTH dialog. > > > > # Run before any other filter. > > order = 1 > > > > # Record in the system log that this filter was initialized. > > sys.stderr.write( 'Initialized the AUTH python filter\n' ) > > > > authpat = re.compile(r'^\(AUTH:\s+LOGIN\s+\S+\)', re.I) > > emptypat = re.compile(r'^\s*$') > > > > def dofilter( message_data_file, message_ctrl_files ): > > lines = open(message_data_file,'r').readlines() > > lines = map(string.strip, lines) > > for line in lines: > > match = emptypat.search(line) > > if match: > > # Stop processing after final message header > > return '' > > match = authpat.search(line) > > if match: > > sys.stderr.write( 'Login authorization succeeded: > message accepted\n' ) > > return '200 Ok' > > return '' > > -- > Lloyd Zusman > [EMAIL PROTECTED] > > > > ------------------------------------------------------- > The SF.Net email is sponsored by EclipseCon 2004 > Premiere Conference on Open Tools Development and Integration > See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. > http://www.eclipsecon.org/osdn > _______________________________________________ > courier-users mailing list > [EMAIL PROTECTED] > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users > ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
