[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[minion-cvs] Refine restrictions on rfc822 addresses

Update of /home/minion/cvsroot/src/minion/lib/mixminion
In directory moria.mit.edu:/tmp/cvs-serv9270/lib/mixminion

Modified Files:
	test.py Common.py 
Log Message:
Refine restrictions on rfc822 addresses

Index: test.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/test.py,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -d -r1.57 -r1.58
--- test.py	4 Jan 2003 04:38:44 -0000	1.57
+++ test.py	4 Jan 2003 20:42:17 -0000	1.58
@@ -219,7 +219,7 @@
         for addr in ("(foo)@bar.com", "z.d" "z@", "@z", "@foo.com", "aaa",
                      "foo.bar@", "foo\177@bar.com", "foo@bar\177.com",
                      "foo@bar;cat /etc/shadow;echo ","foo bar@baz.com",
-                     "a@b@c"):
+                     "a@b@c", "foo@[127.0.0.1]", "foo@127.0.0.1", "foo@127"):
             self.assert_(not isSMTPMailbox(addr))
 
     def test_intervalset(self):
@@ -4311,7 +4311,6 @@
 
         suspendLog()
         joe = edesc["Joe"]
-        lisa = edesc["Lisa"]
         alice = edesc["Alice"]
         lola = edesc["Lola"]
         fred = edesc["Fred"]
@@ -4446,7 +4445,6 @@
         bob = ks.getServerInfo("Bob")
         joe = ks.getServerInfo("Joe")
         lola = ks.getServerInfo("Lola")
-        lisa = ks.getServerInfo("Lisa")
 
         def pathIs(p, exp, self=self):
             if isinstance(p[0],mixminion.ServerInfo.ServerInfo):

Index: Common.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/Common.py,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -d -r1.41 -r1.42
--- Common.py	4 Jan 2003 04:12:51 -0000	1.41
+++ Common.py	4 Jan 2003 20:42:17 -0000	1.42
@@ -703,8 +703,11 @@
 
 # Regular expressions to valide RFC822 addresses.
 # (This is more strict than RFC822, actually.  RFC822 allows tricky stuff to
-#  quote special characters, and I don't trust every MTA or delivery command
-#  to support addresses like <bob@bob."; rm -rf /; echo".com>)
+#   quote special characters, and I don't trust every MTA or delivery command
+#   to support addresses like <bob@bob."; rm -rf /; echo".com>
+# (Also, allowing trickier syntax like president@[198.137.241.45] or
+#  w@"whitehouse".gov, or makes it far harder to implement exit-address
+#  blacklisting.)
 
 # An 'Atom' is a non-escape, non-null, non-space, non-punctuation character.
 _ATOM_PAT = r'[^\x00-\x20()\[\]()<>@,;:\\".\x7f-\xff]+'
@@ -714,11 +717,19 @@
 # A mailbox is two 'local parts' separated by an @ sign.
 _RFC822_PAT = r"\A%s@%s\Z" % (_LOCAL_PART_PAT, _LOCAL_PART_PAT)
 RFC822_RE = re.compile(_RFC822_PAT)
+# We explicitly check for IPs in the domain part, and block them, for reasons
+# described above.  (Enough MTA's deliver x@127.0.0.1 as if it were
+# x@[127.0.0.1] that we need to be careful.)
+_EMAIL_BY_IP_PAT = r"\A.*@\d+(?:\.\d+)*\Z"
+EMAIL_BY_IP_RE = re.compile(_EMAIL_BY_IP_PAT)
 
 def isSMTPMailbox(s):
     """Return true iff s is a valid SMTP address"""
     m = RFC822_RE.match(s)
-    return m is not None
+    if m is None:
+        return 0
+    m = EMAIL_BY_IP_RE.match(s)
+    return m is None
 
 #----------------------------------------------------------------------
 # Signal handling