[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r13063: Revise todo; add (configurable) code to check for DKIM heade (in bridgedb/trunk: . lib/bridgedb)
Author: nickm
Date: 2008-01-07 15:58:11 -0500 (Mon, 07 Jan 2008)
New Revision: 13063
Modified:
bridgedb/trunk/
bridgedb/trunk/TODO
bridgedb/trunk/bridgedb.conf
bridgedb/trunk/lib/bridgedb/Main.py
bridgedb/trunk/lib/bridgedb/Server.py
Log:
r17512@catbus: nickm | 2008-01-07 15:46:31 -0500
Revise todo; add (configurable) code to check for DKIM headers
Property changes on: bridgedb/trunk
___________________________________________________________________
svk:merge ticket from /bridgedb/trunk [r17512] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: bridgedb/trunk/TODO
===================================================================
--- bridgedb/trunk/TODO 2008-01-07 20:58:09 UTC (rev 13062)
+++ bridgedb/trunk/TODO 2008-01-07 20:58:11 UTC (rev 13063)
@@ -1,25 +1,25 @@
-For dec:
-o write a README
-o proper logging
-- check that incoming IP of email is sane.
-- check more email headers for sanity
-o Send back useful messages in response to requests.
+Soon:
+o Send back an email even if there are no bridges
+- Check dkim headers for sanity.
- Make the 'magic word' for the email configurable, case-tolerant,
html-tolerant, and punctuation-tolerant
- make all the rest of the email options configurable.
+- bug: the email handler gets really upset when the email doesn't have
+ a message-id header in it.
+Not now:
+- check that incoming IP of email is sane.
+- check more email headers for sanity
+
Later:
-- bug: the email handler gets really upset when the email doesn't have
- a message-id header in it.
- document stuff better
- better area division logic
- make all proxies get stuck in their own area.
-- implement hop
-- implement slightly nicer logging
+o implement slightly nicer logging
- add captchas
-- decent template for web interface
-- decent template for mail interface
+o decent template for web interface
+o decent template for mail interface
- implement 'help' command
- Reload configuration on sighup; not just bridges.
- Reply with locale support.
Modified: bridgedb/trunk/bridgedb.conf
===================================================================
--- bridgedb/trunk/bridgedb.conf 2008-01-07 20:58:09 UTC (rev 13062)
+++ bridgedb/trunk/bridgedb.conf 2008-01-07 20:58:11 UTC (rev 13063)
@@ -73,10 +73,12 @@
# Map from canonical domain to list of options for that domain. Recognized
# options are:
# "ignore_dots" -- the service ignores "." characters in email addresses.
+# "dkim" -- if there is not a X-DKIM-Authentication-Result header
+# with the value "pass", then drop the message.
#
# Note that unrecognized options are ignored; be sure to spell them right!
-EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots"],
- 'yahoo.com' : [ ]
+EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots", "dkim"],
+ 'yahoo.com' : ["dkim"]
}
# If there are any IPs in this list, only allow incoming connections from
# those IPs.
Modified: bridgedb/trunk/lib/bridgedb/Main.py
===================================================================
--- bridgedb/trunk/lib/bridgedb/Main.py 2008-01-07 20:58:09 UTC (rev 13062)
+++ bridgedb/trunk/lib/bridgedb/Main.py 2008-01-07 20:58:11 UTC (rev 13063)
@@ -58,8 +58,8 @@
EMAIL_DOMAINS = [ "gmail.com", "yahoo.com", "catbus.wangafu.net" ],
EMAIL_DOMAIN_MAP = { "mail.google.com" : "gmail.com",
"googlemail.com" : "gmail.com", },
- EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots"],
- 'yahoo.com' : [] },
+ EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots", "dkim"],
+ 'yahoo.com' : ["dkim"] },
EMAIL_RESTRICT_IPS=[],
EMAIL_BIND_IP="127.0.0.1",
EMAIL_PORT=6725,
Modified: bridgedb/trunk/lib/bridgedb/Server.py
===================================================================
--- bridgedb/trunk/lib/bridgedb/Server.py 2008-01-07 20:58:09 UTC (rev 13062)
+++ bridgedb/trunk/lib/bridgedb/Server.py 2008-01-07 20:58:11 UTC (rev 13063)
@@ -162,7 +162,24 @@
logging.info("No From or Sender header on incoming mail.")
return None,None
- # Was the magic string included?
+ _, addrdomain = bridgedb.Dist.extractAddrSpec(clientAddr.lower())
+ if not addrdomain:
+ logging.info("Couldn't parse domain from %r", clientAddr)
+ if addrdomain and ctx.cfg.EMAIL_DOMAIN_MAP:
+ addrdomain = ctx.cfg.EMAIL_DOMAIN_MAP.get(addrdomain, addrdomain)
+ rules = ctx.cfg.EMAIL_DOMAIN_RULES.get(addrdomain, [])
+ if 'dkim' in rules:
+ # getheader() returns the last of a given kind of header; we want
+ # to get the first, so we use getheaders() instead.
+ dkimHeaders = msg.getheaders("X-DKIM-Authentication-Result")
+ dkimHeader = "<no header>"
+ if dkimHeaders: dkimHeader = dkimHeaders[0]
+ if not dkimHeader.startswith("pass"):
+ logging.info("Got a bad dkim header (%r) on an incoming mail; "
+ "rejecting it.", dkimHeader)
+ return None, None
+
+ # Was the magic string included
for ln in lines:
if ln.strip().lower() in ("get bridges", "subject: get bridges"):
break
@@ -308,6 +325,7 @@
EMAIL_BIND_IP
EMAIL_PORT
EMAIL_N_BRIDGES_PER_ANSWER
+ EMAIL_DOMAIN_RULES
dist -- an EmailBasedDistributor object.
sched -- an IntervalSchedule object.
"""