def examine(self, suspect):
helo_name = suspect.get_value('helo_name')
if helo_name is None:
self.logger.error('missing helo')
return DUNNO
helo_tld = helo_name.split('.')[-1].lower()
#initialize loaders
tld_file = self.config.get(self.section, 'tldfile')
if self.tld_loader is None:
self.tld_loader = FileList(tld_file,
lowercase=True,
minimum_time_between_reloads=3600)
if helo_tld in self.tld_loader.get_list():
return DUNNO, ''
exceptionfile = self.config.get(self.section, 'exceptionfile')
if self.exception_loader is None:
self.exception_loader = FileList(exceptionfile,
lowercase=True,
minimum_time_between_reloads=10)
if helo_tld in self.exception_loader.get_list():
return DUNNO, ''
message = apply_template(
self.config.get(self.section, 'messagetemplate'), suspect,
dict(helo_tld=helo_tld))
action = self.config.get(self.section, "on_fail")
return action, message
def check_this_domain(self, from_domain):
global SETTINGSCACHE
do_check = False
selective_sender_domain_file = self.config.get(
self.section, 'domain_selective_spf_file', '').strip()
if selective_sender_domain_file != '' and os.path.exists(
selective_sender_domain_file):
if self.selective_domain_loader is None:
self.selective_domain_loader = FileList(
selective_sender_domain_file, lowercase=True)
if from_domain.lower() in self.selective_domain_loader.get_list():
do_check = True
if not do_check:
dbconnection = self.config.get(self.section, 'dbconnection',
'').strip()
sqlquery = self.config.get(self.section, 'domain_sql_query')
if dbconnection != '' and SQLALCHEMY_AVAILABLE:
if SETTINGSCACHE is None:
SETTINGSCACHE = SettingsCache()
do_check = get_domain_setting(from_domain, dbconnection,
sqlquery, SETTINGSCACHE, False,
self.logger)
elif dbconnection != '' and not SQLALCHEMY_AVAILABLE:
self.logger.error(
'dbconnection specified but sqlalchemy not available - skipping db lookup'
)
return do_check
def ip_whitelisted(self, addr):
if self.is_private_address(addr):
return True
#check ip whitelist
ip_whitelist_file = self.config.get(self.section, 'ip_whitelist_file',
'').strip()
if ip_whitelist_file != '' and os.path.exists(ip_whitelist_file):
plainlist = []
if self.ip_whitelist_loader is None:
self.ip_whitelist_loader = FileList(ip_whitelist_file,
lowercase=True)
if self.ip_whitelist_loader.file_changed():
plainlist = self.ip_whitelist_loader.get_list()
if HAVE_NETADDR:
self.ip_whitelist = [IPNetwork(x) for x in plainlist]
else:
self.ip_whitelist = plainlist
if HAVE_NETADDR:
checkaddr = IPAddress(addr)
for net in self.ip_whitelist:
if checkaddr in net:
return True
else:
if addr in plainlist:
return True
return False
def enforce_domain(self, to_domain):
global SETTINGSCACHE
dbconnection = self.config.get(self.section, 'dbconnection',
'').strip()
domainlist = self.config.get(self.section, 'domainlist')
enforce = False
if domainlist.strip() == '':
enforce = True
elif domainlist.startswith('txt:'):
domainfile = domainlist[4:]
if self.selective_domain_loader is None:
self.selective_domain_loader = FileList(domainfile,
lowercase=True)
if to_domain in self.selective_domain_loader.get_list():
enforce = True
elif domainlist.startswith('sql:') and dbconnection != '':
if SETTINGSCACHE is None:
SETTINGSCACHE = SettingsCache()
sqlquery = domainlist[4:]
enforce = get_domain_setting(to_domain, dbconnection, sqlquery,
SETTINGSCACHE, False, self.logger)
return enforce
def check_this_domain(self, from_domain):
do_check = False
selective_sender_domain_file = self.config.get(
self.section, 'domain_selective_spf_file', '').strip()
if selective_sender_domain_file != '' and os.path.exists(
selective_sender_domain_file):
if self.selective_domain_loader is None:
self.selective_domain_loader = FileList(
selective_sender_domain_file, lowercase=True)
if from_domain.lower() in self.selective_domain_loader.get_list():
do_check = True
if not do_check:
dbconnection = self.config.get(self.section, 'dbconnection',
'').strip()
sqlquery = self.config.get(self.section, 'domain_sql_query')
if dbconnection != '' and SQL_EXTENSION_ENABLED:
cache = get_default_cache()
do_check = get_domain_setting(from_domain, dbconnection,
sqlquery, cache, self.section,
False, self.logger)
elif dbconnection != '' and not SQL_EXTENSION_ENABLED:
self.logger.error(
'dbconnection specified but sqlalchemy not available - skipping db lookup'
)
return do_check
def _is_whitelisted(self, from_domain):
whitelist_file = self.config.get(self.section, 'whitelist_file',
'').strip()
if whitelist_file == '':
return False
whitelisted = False
self.whitelist = FileList(whitelist_file, lowercase=True)
if from_domain in self.whitelist.get_list():
whitelisted = True
return whitelisted
def __init__(self, config, section=None):
ScannerPlugin.__init__(self, config, section)
self.logger = self._logger()
self.requiredvars = {
'action': {
'default': 'REJECT',
'description': 'Action if sender uses invalid TLD',
},
'message': {
'default': 'forged rDNS TLD',
},
'tldfile': {
'default': '/etc/mail/tlds-alpha-by-domain.txt',
},
}
self.filelist = FileList(filename=None,
strip=True,
skip_empty=True,
skip_comments=True,
lowercase=True,
minimum_time_between_reloads=86400)
