[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r13063: Revise todo; add (configurable) code to check for DKIM heade (in bridgedb/trunk: . lib/bridgedb)



Author: nickm
Date: 2008-01-07 15:58:11 -0500 (Mon, 07 Jan 2008)
New Revision: 13063

Modified:
   bridgedb/trunk/
   bridgedb/trunk/TODO
   bridgedb/trunk/bridgedb.conf
   bridgedb/trunk/lib/bridgedb/Main.py
   bridgedb/trunk/lib/bridgedb/Server.py
Log:
 r17512@catbus:  nickm | 2008-01-07 15:46:31 -0500
 Revise todo; add (configurable) code to check for DKIM headers



Property changes on: bridgedb/trunk
___________________________________________________________________
 svk:merge ticket from /bridgedb/trunk [r17512] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: bridgedb/trunk/TODO
===================================================================
--- bridgedb/trunk/TODO	2008-01-07 20:58:09 UTC (rev 13062)
+++ bridgedb/trunk/TODO	2008-01-07 20:58:11 UTC (rev 13063)
@@ -1,25 +1,25 @@
 
-For dec:
-o write a README
-o proper logging
-- check that incoming IP of email is sane.
-- check more email headers for sanity
-o Send back useful messages in response to requests.
+Soon:
+o Send back an email even if there are no bridges
+- Check dkim headers for sanity.
 - Make the 'magic word' for the email configurable, case-tolerant,
   html-tolerant, and punctuation-tolerant
 - make all the rest of the email options configurable.
+- bug: the email handler gets really upset when the email doesn't have
+  a message-id header in it.
 
+Not now:
+- check that incoming IP of email is sane.
+- check more email headers for sanity
+
 Later:
-- bug: the email handler gets really upset when the email doesn't have
-  a message-id header in it.
 - document stuff better
 - better area division logic
 - make all proxies get stuck in their own area.
-- implement hop
-- implement slightly nicer logging
+o implement slightly nicer logging
 - add captchas
-- decent template for web interface
-- decent template for mail interface
+o decent template for web interface
+o decent template for mail interface
 - implement 'help' command
 - Reload configuration on sighup; not just bridges.
 - Reply with locale support.

Modified: bridgedb/trunk/bridgedb.conf
===================================================================
--- bridgedb/trunk/bridgedb.conf	2008-01-07 20:58:09 UTC (rev 13062)
+++ bridgedb/trunk/bridgedb.conf	2008-01-07 20:58:11 UTC (rev 13063)
@@ -73,10 +73,12 @@
 # Map from canonical domain to list of options for that domain.  Recognized
 # options are:
 #     "ignore_dots" -- the service ignores "." characters in email addresses.
+#     "dkim" -- if there is not a X-DKIM-Authentication-Result header
+#        with the value "pass", then drop the message.
 #
 # Note that unrecognized options are ignored; be sure to spell them right!
-EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots"],
-                       'yahoo.com' : [ ]
+EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots", "dkim"],
+                       'yahoo.com' : ["dkim"]
                        }
 # If there are any IPs in this list, only allow incoming connections from
 # those IPs.

Modified: bridgedb/trunk/lib/bridgedb/Main.py
===================================================================
--- bridgedb/trunk/lib/bridgedb/Main.py	2008-01-07 20:58:09 UTC (rev 13062)
+++ bridgedb/trunk/lib/bridgedb/Main.py	2008-01-07 20:58:11 UTC (rev 13063)
@@ -58,8 +58,8 @@
     EMAIL_DOMAINS = [ "gmail.com", "yahoo.com", "catbus.wangafu.net" ],
     EMAIL_DOMAIN_MAP = { "mail.google.com" : "gmail.com",
                          "googlemail.com" : "gmail.com", },
-    EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots"],
-                           'yahoo.com' : [] },
+    EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots", "dkim"],
+                           'yahoo.com' : ["dkim"] },
     EMAIL_RESTRICT_IPS=[],
     EMAIL_BIND_IP="127.0.0.1",
     EMAIL_PORT=6725,

Modified: bridgedb/trunk/lib/bridgedb/Server.py
===================================================================
--- bridgedb/trunk/lib/bridgedb/Server.py	2008-01-07 20:58:09 UTC (rev 13062)
+++ bridgedb/trunk/lib/bridgedb/Server.py	2008-01-07 20:58:11 UTC (rev 13063)
@@ -162,7 +162,24 @@
         logging.info("No From or Sender header on incoming mail.")
         return None,None
 
-    # Was the magic string included?
+    _, addrdomain = bridgedb.Dist.extractAddrSpec(clientAddr.lower())
+    if not addrdomain:
+        logging.info("Couldn't parse domain from %r", clientAddr)
+    if addrdomain and ctx.cfg.EMAIL_DOMAIN_MAP:
+        addrdomain = ctx.cfg.EMAIL_DOMAIN_MAP.get(addrdomain, addrdomain)
+    rules = ctx.cfg.EMAIL_DOMAIN_RULES.get(addrdomain, [])
+    if 'dkim' in rules:
+        # getheader() returns the last of a given kind of header; we want
+        # to get the first, so we use getheaders() instead.
+        dkimHeaders = msg.getheaders("X-DKIM-Authentication-Result")
+        dkimHeader = "<no header>"
+        if dkimHeaders: dkimHeader = dkimHeaders[0]
+        if not dkimHeader.startswith("pass"):
+            logging.info("Got a bad dkim header (%r) on an incoming mail; "
+                         "rejecting it.", dkimHeader)
+            return None, None
+
+    # Was the magic string included
     for ln in lines:
         if ln.strip().lower() in ("get bridges", "subject: get bridges"):
             break
@@ -308,6 +325,7 @@
                 EMAIL_BIND_IP
                 EMAIL_PORT
                 EMAIL_N_BRIDGES_PER_ANSWER
+                EMAIL_DOMAIN_RULES
          dist -- an EmailBasedDistributor object.
          sched -- an IntervalSchedule object.
     """