Update of /cvsroot/tmda/tmda/TMDA
In directory usw-pr-cvs1:/tmp/cvs-serv9060/TMDA
Modified Files:
ChangeLog Defaults.py MessageLogger.py Util.py
Log Message:
Add support for the ``X-Primary-Address'' header in order to
help users of challenge/response systems like TMDA interact more
seamlessly.
Previously, when TMDA users interacted, there was no way for the user
to specify which address he prefers be "whitelisted" after he
successfully confirmed his first message. This problem was
exacerbated by use of 'dated' addresses, since you'd have to confirm
each of your messages over and over until the recipient stepped in and
manually added a "wildcard" entry for you.
We now support a header called ``X-Primary-Address'' which allows the
user to specify the address he prefers be whitelisted. A general name
was chosen for this header to encourage other C/R systems to adopt it.
The take advantage of this feature, you should configure your MUA to
add an X-Primary-Address: address field to your outgoing message. e.g,
X-Primary-Address: [EMAIL PROTECTED]
If you use tmda-sendmail or tmda-ofmipd to send your outgoing mail,
you can do this with an `ADDED_HEADERS_CLIENT' entry in your
~/.tmda/config.
Now, if an incoming message contains an ``X-Primary-Address'' header,
TMDA will CONFIRM_APPEND that address instead of the Return-Path address
when the message is confirmed.
TMDA will also check the address in ``X-Primary-Address'' against
FILTER_INCOMING along with the envelope sender, From and Reply-To.
To limit the potential for abuse where a sender would specify an
external address to get it whitelisted, TMDA will only honor
``X-Primary-Address'' if the address looks sufficiently similar to the
envelope sender address. If not, TMDA falls back on using the envelope
sender address instead. The necessary degree of closeness can be tuned
by setting the PRIMARY_ADDRESS_MATCH variable. The default setting is
to accept if the domains of the addresses match. This should be
flexible enough to cover most users while still greatly limiting
potential abuse.
Overall, this mechanism should reduce the amount of thinking and
planning ahead you need to do when sending mail to a new correspondent
who may or may not use a C/R system.
Thanks to Gre7g Luterman for this idea.
Index: ChangeLog
===================================================================
RCS file: /cvsroot/tmda/tmda/TMDA/ChangeLog,v
retrieving revision 1.240
retrieving revision 1.241
diff -u -r1.240 -r1.241
--- ChangeLog 10 Nov 2002 23:21:08 -0000 1.240
+++ ChangeLog 13 Nov 2002 01:56:53 -0000 1.241
@@ -1,3 +1,11 @@
+2002-11-12 Jason R. Mastaler <[EMAIL PROTECTED]>
+
+ * Util.py (confirm_append_address): New function.
+
+ * MessageLogger.py (MessageLogger.write): Log X-Primary-Address.
+
+ * Defaults.py (PRIMARY_ADDRESS_MATCH): New variable.
+
2002-11-10 Jason R. Mastaler <[EMAIL PROTECTED]>
* Util.py (build_cdb): Uniquify ftmp when doing cdbmake.
Index: Defaults.py
===================================================================
RCS file: /cvsroot/tmda/tmda/TMDA/Defaults.py,v
retrieving revision 1.152
retrieving revision 1.153
diff -u -r1.152 -r1.153
--- Defaults.py 9 Nov 2002 00:56:29 -0000 1.152
+++ Defaults.py 13 Nov 2002 01:56:53 -0000 1.153
@@ -1112,6 +1112,44 @@
if not vars().has_key('ADDED_HEADERS_SERVER'):
ADDED_HEADERS_SERVER = None
+# PRIMARY_ADDRESS_MATCH
+# An integer which controls how closely the address in the
+# ``X-Primary-Address'' header of an incoming messages must match the
+# envelope sender address before it's honored.
+#
+# If the match is close enough, this address will be used for
+# CONFIRM_APPEND instead of the envelope sender, and also added to the
+# list of addresses checked against FILTER_INCOMING.
+#
+# This option is available to limit cases of abuse where a sender
+# attempts to "whitelist" an address not his own by using an external
+# address in an ``X-Primary-Address'' header.
+#
+# Available options:
+#
+# 0 - Never a match. Equivalent to disabling X-Primary-Address recognition.
+#
+# 1 - Identical addresses match. e.g, [EMAIL PROTECTED] and
+# [EMAIL PROTECTED]
+#
+# 2 - Usernames and hostnames must match. e.g, [EMAIL PROTECTED] and
+# [EMAIL PROTECTED]
+#
+# 3 - Usernames and domains must match. e.g, [EMAIL PROTECTED] and
+# [EMAIL PROTECTED]
+#
+# 4 - Hostnames must match. e.g, [EMAIL PROTECTED] and
+# [EMAIL PROTECTED]
+#
+# 5 - Domains must match. e.g, [EMAIL PROTECTED] and
+# [EMAIL PROTECTED]
+#
+# 6 - Always a match. e.g, [EMAIL PROTECTED] and [EMAIL PROTECTED]
+#
+# Default is 5
+if not vars().has_key('PRIMARY_ADDRESS_MATCH'):
+ PRIMARY_ADDRESS_MATCH = 5
+
# PURGED_HEADERS
# A list containing one or more message headers that should be removed
# from outgoing client-side messages (i.e, messages sent with
Index: MessageLogger.py
===================================================================
RCS file: /cvsroot/tmda/tmda/TMDA/MessageLogger.py,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- MessageLogger.py 30 Sep 2002 23:45:54 -0000 1.2
+++ MessageLogger.py 13 Nov 2002 01:56:53 -0000 1.3
@@ -49,14 +49,18 @@
Write a log entry for this message in a common format.
Date: (timestamp)
- Sndr: (envelope sender address if different from From:)
- From: (From: header)
- Rept: (Reply-To: header)
+ XPri: (X-Primary-Address header if present)
+ Sndr: (envelope sender address if different than From)
+ From: (From header)
+ Rept: (Reply-To header if present)
To: (envelope recipient address)
- Subj: (Subject: header)
+ Subj: (Subject header)
Actn: (message trigger and size of message)
"""
self.__writeline('Date', Util.unixdate())
+ XPri = self.msg.get('x-primary-address')
+ if XPri:
+ self.__writeline('XPri', XPri)
envsender = self.vardict.get('envsender', None)
if (envsender
and parseaddr(self.msg.get('from'))[1] != envsender):
Index: Util.py
===================================================================
RCS file: /cvsroot/tmda/tmda/TMDA/Util.py,v
retrieving revision 1.74
retrieving revision 1.75
diff -u -r1.74 -r1.75
--- Util.py 10 Nov 2002 23:44:20 -0000 1.74
+++ Util.py 13 Nov 2002 01:56:53 -0000 1.75
@@ -362,6 +362,55 @@
return sender.lower()
+def confirm_append_address(xp, rp):
+ """
+ xp is an address from the ``X-Primary-Address'' header.
+ rp is the envelope sender address.
+
+ Compare the two addresses, and return the address appropriate for
+ CONFIRM_APPEND use based on the PRIMARY_ADDRESS_MATCH setting.
+ """
+ if not xp:
+ return rp
+ import Defaults
+ rpl = rp.lower()
+ xpl = xp.lower()
+ rplocal, rphost = rpl.split('@', 1)
+ rpdomain = '.'.join(rphost.split('.')[-2:])
+ rpusername = rplocal.split(Defaults.RECIPIENT_DELIMITER)[0]
+ xplocal, xphost = xpl.split('@', 1)
+ xpdomain = '.'.join(xphost.split('.')[-2:])
+ xpusername = xplocal.split(Defaults.RECIPIENT_DELIMITER)[0]
+ match = Defaults.PRIMARY_ADDRESS_MATCH
+ if match == 0:
+ # never a match
+ return rp
+ elif match == 1:
+ # only identical addresses match
+ if xpl == rpl:
+ return xp
+ elif match == 2:
+ # usernames and hostnames must match
+ if xpusername == rpusername and xphost == rphost:
+ return xp
+ elif match == 3:
+ # usernames and domains must match
+ if xpusername == rpusername and xpdomain == rpdomain:
+ return xp
+ elif match == 4:
+ # hostnames must match
+ if xphost == rphost:
+ return xp
+ elif match == 5:
+ # domains must match
+ if xpdomain == rpdomain:
+ return xp
+ elif match == 6:
+ # always a match
+ return xp
+ return rp
+
+
def sendmail(msgstr, envrecip, envsender):
"""Send e-mail via direct SMTP, or by opening a pipe to the
sendmail program.
_______________________________________
tmda-cvs mailing list
http://tmda.net/lists/listinfo/tmda-cvs
