~millimarg/mailman/german-translation

« back to all changes in this revision

Viewing changes to Mailman/Utils.py

  • Committer: Mark Sapiro
  • Date: 2016-04-09 22:43:47 UTC
  • Revision ID: mark@msapiro.net-20160409224347-cprq33kisr8bkd1t
Honor an organizational domain's DMARC sp= policy for sub-domains.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1250
1250
        return x
1251
1251
    o_dom = get_org_dom(f_dom)
1252
1252
    if o_dom != f_dom:
1253
 
        x = _DMARCProhibited(mlist, email, '_dmarc.' + o_dom)
 
1253
        x = _DMARCProhibited(mlist, email, '_dmarc.' + o_dom, org=True)
1254
1254
        if x != 'continue':
1255
1255
            return x
1256
1256
    return False
1257
1257
 
1258
 
def _DMARCProhibited(mlist, email, dmarc_domain):
 
1258
def _DMARCProhibited(mlist, email, dmarc_domain, org=False):
1259
1259
 
1260
1260
    try:
1261
1261
        resolver = dns.resolver.Resolver()
1315
1315
                       testing them all""",
1316
1316
                        dmarc_domain, len(dmarc))
1317
1317
            for entry in dmarcs:
1318
 
                if re.search(r'\bp=reject\b', entry, re.IGNORECASE):
 
1318
                mo = re.search(r'\bsp=(\w*)\b', entry, re.IGNORECASE)
 
1319
                if org and mo:
 
1320
                    policy = mo.group(1).lower()
 
1321
                else:
 
1322
                    mo = re.search(r'\bp=(\w*)\b', entry, re.IGNORECASE)
 
1323
                    if mo:
 
1324
                        policy = mo.group(1).lower()
 
1325
                    else:
 
1326
                        continue
 
1327
                if policy == 'reject':
1319
1328
                    syslog('vette',
1320
1329
                      '%s: DMARC lookup for %s (%s) found p=reject in %s = %s',
1321
1330
                      mlist.real_name,  email, dmarc_domain, name, entry)
1322
1331
                    return True
1323
1332
 
1324
1333
                if (mlist.dmarc_quarantine_moderation_action and
1325
 
                    re.search(r'\bp=quarantine\b', entry, re.IGNORECASE)):
 
1334
                    policy == 'quarantine'):
1326
1335
                    syslog('vette',
1327
1336
                  '%s: DMARC lookup for %s (%s) found p=quarantine in %s = %s',
1328
1337
                          mlist.real_name,  email, dmarc_domain, name, entry)
1331
1340
                if (mlist.dmarc_none_moderation_action and
1332
1341
                    mlist.dmarc_quarantine_moderation_action and
1333
1342
                    mlist.dmarc_moderation_action in (1, 2) and
1334
 
                    re.search(r'\bp=none\b', entry, re.IGNORECASE)):
 
1343
                    policy == 'none'):
1335
1344
                    syslog('vette',
1336
1345
                  '%s: DMARC lookup for %s (%s) found p=none in %s = %s',
1337
1346
                          mlist.real_name,  email, dmarc_domain, name, entry)