Ok... my 2 pennies (still only worth 1.75 pennies cause I'm Canadian) I don't know python, but assuming maildrop is your delivery agent wouldn't you be better off doing any easy accepts in maildrop before calling out to another program (save compile, load and exec... etc.)
I can't argue for or against - just asking. m/ > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Lloyd > Zusman > Sent: Sunday, February 08, 2004 6:37 PM > To: [EMAIL PROTECTED] > Subject: [courier-users] Re: Definitive way to determine whether there's > been authorization? > > > Lloyd Zusman <[EMAIL PROTECTED]> writes: > > > "Mitch \(WebCob\)" <[EMAIL PROTECTED]> writes: > > > >> If the last received header (the one added by YOUR server says > AUTH, you can > >> trust it - otherwise it can be spoofed. I just read the headers. > >> > >> You can use a for loop and a counter to ensure you only check the first > >> received header. > >> > >> m/ > > > > Got it. Thanks. I'll post my corrected filter script in a > little while. > > ... and here it is. How does it look? > > > #!/usr/bin/python > > import re > import sys > import string > import courier.control > import courier.config > > # Accepts all incoming messages that have been submitted via a > # successful AUTH dialog. > > # Run before the spf filter. Its 'order' variable is set to 2. > order = 1 > > # Record in the system log that this filter was initialized. > sys.stderr.write( 'Initialized the AUTH python filter\n' ) > > eohpat = re.compile(r'^\s*$') > whitepat = re.compile(r'^\s') > rcvdpat = re.compile(r'^Received:\s') > authpat = re.compile(r'\(AUTH:\s+LOGIN\s+(\S+?)\s*\)', re.I | re.M) > accepted = '200 Ok' > intfail = '451 Internal failure locating message data file' > moretests = '' > user = None > verbose = False > > def isReceived( header ): > if header is None: > return False > match = rcvdpat.search(header) > if match: > return True > else: > return False > > def isAuth( header ): > global user > if header is None: > return False > match = authpat.search(header) > if match: > user = match.group(1) > return True > else: > user = None > return False > > def dofilter( message_data_file, message_ctrl_files ): > > global user > > result = moretests > currHeader = None > user = None > > try: > lines = open(message_data_file,'r').readlines() > except: > return intfail > > for line in lines: > match = eohpat.search(line) > if match: > # If we're here, we have reached the end of the > # headers, and we haven't yet seen any "Received:" > # lines. The only line we haven't tested yet is > # the header that is currently being built. If > # it's a "Received:" line, then it must therefore be > # the first line of this type, and we can then > # test to see if it indicates an AUTH was done. If > # so, we accept the message without further > # (courier-)filtering; if not, we pass it on to any > # subsequent filtering steps. > if isReceived(currHeader) and isAuth(currHeader): > result = accepted > if verbose and currHeader is not None: > sys.stderr.write( currHeader ) > break > match = whitepat.search(line) > if match: > # If we're here, the line begins with white space, which > # means that it needs to be appended to the header that > # we're currently building. > if currHeader is None: > # The first line in the message file is an incomplete > # header. Something is wrong. Bye-bye. > break > currHeader = currHeader + line > elif isReceived(currHeader): > # We only look at the first "Received:" header. If it's > # an AUTH, then we know that our local server has done > # a successful authorization and we accept the message > # with no further (courier-)filtering; however, if this > # "Received:" header is not an AUTH, then we know > # definitively that the user came in without an > # authorization, and therefore, this message is still > # eligible for more filtering tests. > if isAuth(currHeader): > result = accepted > if verbose: # not necessary to test currHeader for None here > sys.stderr.write( currHeader ) > break > else: > # If we're here, the line is not a "Received:" header. > currHeader = line > > if result == accepted: > sys.stderr.write( 'Successful AUTH for "%s": message accepted\n' % > (user,) ) > > return result > > -- > Lloyd Zusman > [EMAIL PROTECTED] > > > > ------------------------------------------------------- > The SF.Net email is sponsored by EclipseCon 2004 > Premiere Conference on Open Tools Development and Integration > See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. > http://www.eclipsecon.org/osdn > _______________________________________________ > courier-users mailing list > [EMAIL PROTECTED] > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users > ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
