def examine(self, suspect): helo_name = suspect.get_value('helo_name') if helo_name is None: self.logger.error('missing helo') return DUNNO helo_tld = helo_name.split('.')[-1].lower() #initialize loaders tld_file = self.config.get(self.section, 'tldfile') if self.tld_loader is None: self.tld_loader = FileList(tld_file, lowercase=True, minimum_time_between_reloads=3600) if helo_tld in self.tld_loader.get_list(): return DUNNO, '' exceptionfile = self.config.get(self.section, 'exceptionfile') if self.exception_loader is None: self.exception_loader = FileList(exceptionfile, lowercase=True, minimum_time_between_reloads=10) if helo_tld in self.exception_loader.get_list(): return DUNNO, '' message = apply_template( self.config.get(self.section, 'messagetemplate'), suspect, dict(helo_tld=helo_tld)) action = self.config.get(self.section, "on_fail") return action, message
def check_this_domain(self, from_domain): global SETTINGSCACHE do_check = False selective_sender_domain_file = self.config.get( self.section, 'domain_selective_spf_file', '').strip() if selective_sender_domain_file != '' and os.path.exists( selective_sender_domain_file): if self.selective_domain_loader is None: self.selective_domain_loader = FileList( selective_sender_domain_file, lowercase=True) if from_domain.lower() in self.selective_domain_loader.get_list(): do_check = True if not do_check: dbconnection = self.config.get(self.section, 'dbconnection', '').strip() sqlquery = self.config.get(self.section, 'domain_sql_query') if dbconnection != '' and SQLALCHEMY_AVAILABLE: if SETTINGSCACHE is None: SETTINGSCACHE = SettingsCache() do_check = get_domain_setting(from_domain, dbconnection, sqlquery, SETTINGSCACHE, False, self.logger) elif dbconnection != '' and not SQLALCHEMY_AVAILABLE: self.logger.error( 'dbconnection specified but sqlalchemy not available - skipping db lookup' ) return do_check
def ip_whitelisted(self, addr): if self.is_private_address(addr): return True #check ip whitelist ip_whitelist_file = self.config.get(self.section, 'ip_whitelist_file', '').strip() if ip_whitelist_file != '' and os.path.exists(ip_whitelist_file): plainlist = [] if self.ip_whitelist_loader is None: self.ip_whitelist_loader = FileList(ip_whitelist_file, lowercase=True) if self.ip_whitelist_loader.file_changed(): plainlist = self.ip_whitelist_loader.get_list() if HAVE_NETADDR: self.ip_whitelist = [IPNetwork(x) for x in plainlist] else: self.ip_whitelist = plainlist if HAVE_NETADDR: checkaddr = IPAddress(addr) for net in self.ip_whitelist: if checkaddr in net: return True else: if addr in plainlist: return True return False
def enforce_domain(self, to_domain): global SETTINGSCACHE dbconnection = self.config.get(self.section, 'dbconnection', '').strip() domainlist = self.config.get(self.section, 'domainlist') enforce = False if domainlist.strip() == '': enforce = True elif domainlist.startswith('txt:'): domainfile = domainlist[4:] if self.selective_domain_loader is None: self.selective_domain_loader = FileList(domainfile, lowercase=True) if to_domain in self.selective_domain_loader.get_list(): enforce = True elif domainlist.startswith('sql:') and dbconnection != '': if SETTINGSCACHE is None: SETTINGSCACHE = SettingsCache() sqlquery = domainlist[4:] enforce = get_domain_setting(to_domain, dbconnection, sqlquery, SETTINGSCACHE, False, self.logger) return enforce
def check_this_domain(self, from_domain): do_check = False selective_sender_domain_file = self.config.get( self.section, 'domain_selective_spf_file', '').strip() if selective_sender_domain_file != '' and os.path.exists( selective_sender_domain_file): if self.selective_domain_loader is None: self.selective_domain_loader = FileList( selective_sender_domain_file, lowercase=True) if from_domain.lower() in self.selective_domain_loader.get_list(): do_check = True if not do_check: dbconnection = self.config.get(self.section, 'dbconnection', '').strip() sqlquery = self.config.get(self.section, 'domain_sql_query') if dbconnection != '' and SQL_EXTENSION_ENABLED: cache = get_default_cache() do_check = get_domain_setting(from_domain, dbconnection, sqlquery, cache, self.section, False, self.logger) elif dbconnection != '' and not SQL_EXTENSION_ENABLED: self.logger.error( 'dbconnection specified but sqlalchemy not available - skipping db lookup' ) return do_check
def _is_whitelisted(self, from_domain): whitelist_file = self.config.get(self.section, 'whitelist_file', '').strip() if whitelist_file == '': return False whitelisted = False self.whitelist = FileList(whitelist_file, lowercase=True) if from_domain in self.whitelist.get_list(): whitelisted = True return whitelisted
def __init__(self, config, section=None): ScannerPlugin.__init__(self, config, section) self.logger = self._logger() self.requiredvars = { 'action': { 'default': 'REJECT', 'description': 'Action if sender uses invalid TLD', }, 'message': { 'default': 'forged rDNS TLD', }, 'tldfile': { 'default': '/etc/mail/tlds-alpha-by-domain.txt', }, } self.filelist = FileList(filename=None, strip=True, skip_empty=True, skip_comments=True, lowercase=True, minimum_time_between_reloads=86400)