[Mailman-checkins] [Branch ~mailman-coders/mailman/2.1] Rev 1639: Honor an organizational domain's DMARC sp= policy for sub-domains.

Sat, 09 Apr 2016 15:46:54 -0700 

------------------------------------------------------------
revno: 1639
fixes bug: https://launchpad.net/bugs/1568398
committer: Mark Sapiro <m...@msapiro.net>
branch nick: 2.1
timestamp: Sat 2016-04-09 15:43:47 -0700
message:
  Honor an organizational domain's DMARC sp= policy for sub-domains.
modified:
  Mailman/Utils.py
  NEWS


--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1

Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to 
https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription

=== modified file 'Mailman/Utils.py'
--- Mailman/Utils.py	2016-03-06 20:25:06 +0000
+++ Mailman/Utils.py	2016-04-09 22:43:47 +0000
@@ -1250,12 +1250,12 @@
         return x
     o_dom = get_org_dom(f_dom)
     if o_dom != f_dom:
-        x = _DMARCProhibited(mlist, email, '_dmarc.' + o_dom)
+        x = _DMARCProhibited(mlist, email, '_dmarc.' + o_dom, org=True)
         if x != 'continue':
             return x
     return False
 
-def _DMARCProhibited(mlist, email, dmarc_domain):
+def _DMARCProhibited(mlist, email, dmarc_domain, org=False):
 
     try:
         resolver = dns.resolver.Resolver()
@@ -1315,14 +1315,23 @@
                        testing them all""",
                         dmarc_domain, len(dmarc))
             for entry in dmarcs:
-                if re.search(r'\bp=reject\b', entry, re.IGNORECASE):
+                mo = re.search(r'\bsp=(\w*)\b', entry, re.IGNORECASE)
+                if org and mo:
+                    policy = mo.group(1).lower()
+                else:
+                    mo = re.search(r'\bp=(\w*)\b', entry, re.IGNORECASE)
+                    if mo:
+                        policy = mo.group(1).lower()
+                    else:
+                        continue
+                if policy == 'reject':
                     syslog('vette',
                       '%s: DMARC lookup for %s (%s) found p=reject in %s = %s',
                       mlist.real_name,  email, dmarc_domain, name, entry)
                     return True
 
                 if (mlist.dmarc_quarantine_moderation_action and
-                    re.search(r'\bp=quarantine\b', entry, re.IGNORECASE)):
+                    policy == 'quarantine'):
                     syslog('vette',
                   '%s: DMARC lookup for %s (%s) found p=quarantine in %s = %s',
                           mlist.real_name,  email, dmarc_domain, name, entry)
@@ -1331,7 +1340,7 @@
                 if (mlist.dmarc_none_moderation_action and
                     mlist.dmarc_quarantine_moderation_action and
                     mlist.dmarc_moderation_action in (1, 2) and
-                    re.search(r'\bp=none\b', entry, re.IGNORECASE)):
+                    policy == 'none'):
                     syslog('vette',
                   '%s: DMARC lookup for %s (%s) found p=none in %s = %s',
                           mlist.real_name,  email, dmarc_domain, name, entry)

=== modified file 'NEWS'
--- NEWS	2016-04-03 06:18:40 +0000
+++ NEWS	2016-04-09 22:43:47 +0000
@@ -19,6 +19,9 @@
 
   Bug fixes and other patches
 
+    - DMARC mitigations for a sub-domain of an organizational domain will now
+      use the organizational domain's sp= policy if any.  (LP: #1568398)
+
     - Modified NewsRunner.py to ensure that messages gated to Usenet have a
       non-blank Subject: header and when munging the Message-ID to add the
       original to References: to help with threading.  (LP: #557955)


_______________________________________________
Mailman-checkins mailing list
Mailman-checkins@python.org
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org

Reply via email to