Lloyd Zusman <[EMAIL PROTECTED]> writes:
> "Mitch \(WebCob\)" <[EMAIL PROTECTED]> writes:
>
>> If the last received header (the one added by YOUR server says AUTH, you can
>> trust it - otherwise it can be spoofed. I just read the headers.
>>
>> You can use a for loop and a counter to ensure you only check the first
>> received header.
>>
>> m/
>
> Got it. Thanks. I'll post my corrected filter script in a little while.
... and here it is. How does it look?
#!/usr/bin/python
import re
import sys
import string
import courier.control
import courier.config
# Accepts all incoming messages that have been submitted via a
# successful AUTH dialog.
# Run before the spf filter. Its 'order' variable is set to 2.
order = 1
# Record in the system log that this filter was initialized.
sys.stderr.write( 'Initialized the AUTH python filter\n' )
eohpat = re.compile(r'^\s*$')
whitepat = re.compile(r'^\s')
rcvdpat = re.compile(r'^Received:\s')
authpat = re.compile(r'\(AUTH:\s+LOGIN\s+(\S+?)\s*\)', re.I | re.M)
accepted = '200 Ok'
intfail = '451 Internal failure locating message data file'
moretests = ''
user = None
verbose = False
def isReceived( header ):
if header is None:
return False
match = rcvdpat.search(header)
if match:
return True
else:
return False
def isAuth( header ):
global user
if header is None:
return False
match = authpat.search(header)
if match:
user = match.group(1)
return True
else:
user = None
return False
def dofilter( message_data_file, message_ctrl_files ):
global user
result = moretests
currHeader = None
user = None
try:
lines = open(message_data_file,'r').readlines()
except:
return intfail
for line in lines:
match = eohpat.search(line)
if match:
# If we're here, we have reached the end of the
# headers, and we haven't yet seen any "Received:"
# lines. The only line we haven't tested yet is
# the header that is currently being built. If
# it's a "Received:" line, then it must therefore be
# the first line of this type, and we can then
# test to see if it indicates an AUTH was done. If
# so, we accept the message without further
# (courier-)filtering; if not, we pass it on to any
# subsequent filtering steps.
if isReceived(currHeader) and isAuth(currHeader):
result = accepted
if verbose and currHeader is not None:
sys.stderr.write( currHeader )
break
match = whitepat.search(line)
if match:
# If we're here, the line begins with white space, which
# means that it needs to be appended to the header that
# we're currently building.
if currHeader is None:
# The first line in the message file is an incomplete
# header. Something is wrong. Bye-bye.
break
currHeader = currHeader + line
elif isReceived(currHeader):
# We only look at the first "Received:" header. If it's
# an AUTH, then we know that our local server has done
# a successful authorization and we accept the message
# with no further (courier-)filtering; however, if this
# "Received:" header is not an AUTH, then we know
# definitively that the user came in without an
# authorization, and therefore, this message is still
# eligible for more filtering tests.
if isAuth(currHeader):
result = accepted
if verbose: # not necessary to test currHeader for None here
sys.stderr.write( currHeader )
break
else:
# If we're here, the line is not a "Received:" header.
currHeader = line
if result == accepted:
sys.stderr.write( 'Successful AUTH for "%s": message accepted\n' %
(user,) )
return result
--
Lloyd Zusman
[EMAIL PROTECTED]
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
