summaryrefslogtreecommitdiffstats
path: root/bin
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2011-07-13 11:10:20 +0200
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2011-07-13 11:10:20 +0200
commitd3952cd88932febef95e4198516d05323d624cc1 (patch)
treee210ab9f5a7bedd870d9e86fa355cbdacb11236e /bin
parent19d239e8f668b735d4cd69c51e3989590618d025 (diff)
downloadpykolab-d3952cd88932febef95e4198516d05323d624cc1.tar.gz
Can't indefinitely loop
Diffstat (limited to 'bin')
-rw-r--r--bin/kolab_smtp_access_policy.py185
1 files changed, 88 insertions, 97 deletions
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index eab18d4..5aa9073 100644
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -669,121 +669,112 @@ if __name__ == "__main__":
# Start the work
while True:
policy_request = read_request_input()
+ break
+ # Set the overall default policy in case nothing attracts any particular
+ # type of action.
+ #
+ # When either is configured or specified to be verified, negate
+ # that policy to be false by default.
+ #
+ sender_allowed = True
+ recipient_allowed = True
+
+ if conf.verify_sender:
+ sender_allowed = False
+
+ log.debug(_("Verifying sender."), level=8)
+
+ # If no sender is specified, we bail out.
+ if policy_request['sender'] == "":
+ log.debug(_("No sender specified."), level=8)
+ reject(_("Invalid sender"))
+
+ # If no sasl username exists, ...
+ if policy_request['sasl_username'] == "":
+ log.debug(_("No SASL username in request."), level=8)
+
+ if not conf.allow_unauthenticated:
+ log.debug(
+ _("Not allowing unauthenticated senders."),
+ level=8
+ )
- # Set the overall default policy in case nothing attracts any particular
- # type of action.
- #
- # When either is configured or specified to be verified, negate
- # that policy to be false by default.
- #
- sender_allowed = True
- recipient_allowed = True
-
- if conf.verify_sender:
- sender_allowed = False
-
- log.debug(_("Verifying sender."), level=8)
-
- # If no sender is specified, we bail out.
- if policy_request['sender'] == "":
- log.debug(_("No sender specified."), level=8)
- reject(_("Invalid sender"))
- continue
-
- # If no sasl username exists, ...
- if policy_request['sasl_username'] == "":
- log.debug(_("No SASL username in request."), level=8)
+ reject(_("Access denied for unauthenticated senders"))
- if not conf.allow_unauthenticated:
- log.debug(
- _("Not allowing unauthenticated senders."),
- level=8
- )
+ else:
+ log.debug(_("Allowing unauthenticated senders."), level=8)
- reject(_("Access denied for unauthenticated senders"))
- continue
+ if not verify_domain(policy_request['sender'].split('@')[1]):
+ sender_allowed = True
+ permit(_("External sender"))
else:
- log.debug(_("Allowing unauthenticated senders."), level=8)
+ sender_allowed = verify_sender(policy_request)
- if not verify_domain(policy_request['sender'].split('@')[1]):
- sender_allowed = True
- permit(_("External sender"))
- continue
-
- else:
- sender_allowed = verify_sender(policy_request)
-
- # If the authenticated username is the sender...
- elif policy_request["sasl_username"] == policy_request["sender"]:
- log.debug(
- _("Allowing authenticated sender %s to send as %s.") %(
- policy_request["sasl_username"],
- policy_request["sender"]
- ),
- level=8
- )
-
- sender_allowed = True
+ # If the authenticated username is the sender...
+ elif policy_request["sasl_username"] == policy_request["sender"]:
+ log.debug(
+ _("Allowing authenticated sender %s to send as %s.") %(
+ policy_request["sasl_username"],
+ policy_request["sender"]
+ ),
+ level=8
+ )
- permit(
- _("Authenticated as sender %s") %(
- policy_request['sender']
- )
- )
+ sender_allowed = True
- continue
+ permit(
+ _("Authenticated as sender %s") %(
+ policy_request['sender']
+ )
+ )
- # Or if the authenticated username is the sender but the sender address
- # lists an address with a recipient delimiter...
- #
- # TODO: The recipient delimiter is configurable!
- elif policy_request["sasl_username"] == \
- parse_address(
- policy_request["sender"]
- ):
+ # Or if the authenticated username is the sender but the sender address
+ # lists an address with a recipient delimiter...
+ #
+ # TODO: The recipient delimiter is configurable!
+ elif policy_request["sasl_username"] == \
+ parse_address(
+ policy_request["sender"]
+ ):
- sender_allowed = True
+ sender_allowed = True
- permit(
- _("Authenticated as sender %s") %(
- parse_address(policy_request["sender"])
- )
- )
+ permit(
+ _("Authenticated as sender %s") %(
+ parse_address(policy_request["sender"])
+ )
+ )
- continue
+ else:
+ sender_allowed = verify_sender(policy_request)
- else:
- sender_allowed = verify_sender(policy_request)
+ if conf.verify_recipient:
+ recipient_allowed = False
- if conf.verify_recipient:
- recipient_allowed = False
+ log.debug(_("Verifying recipient."), level=8)
- log.debug(_("Verifying recipient."), level=8)
+ if policy_request['recipient'] == "":
+ reject(_("Invalid recipient"))
- if policy_request['recipient'] == "":
- reject(_("Invalid recipient"))
- continue
+ if policy_request['sasl_username'] == "":
+ log.debug(_("No SASL username in request."), level=8)
- if policy_request['sasl_username'] == "":
- log.debug(_("No SASL username in request."), level=8)
+ if not conf.allow_unauthenticated:
+ log.debug(_("Not allowing unauthenticated senders."), level=8)
+ reject(_("Access denied for unauthenticated senders"))
- if not conf.allow_unauthenticated:
- log.debug(_("Not allowing unauthenticated senders."), level=8)
- reject(_("Access denied for unauthenticated senders"))
- continue
- else:
- recipient_allowed = verify_recipient(policy_request)
else:
recipient_allowed = verify_recipient(policy_request)
-
- # TODO: Insert whitelists.
- if conf.verify_sender and not sender_allowed:
- reject(_("Sender access denied"), policy_request)
- continue
- elif conf.verify_recipient and not recipient_allowed:
- reject(_("Recipient access denied"), policy_request)
- continue
else:
- permit(_("No objections"))
- continue \ No newline at end of file
+ recipient_allowed = verify_recipient(policy_request)
+
+ # TODO: Insert whitelists.
+ if conf.verify_sender and not sender_allowed:
+ reject(_("Sender access denied"), policy_request)
+
+ elif conf.verify_recipient and not recipient_allowed:
+ reject(_("Recipient access denied"), policy_request)
+
+ else:
+ permit(_("No objections")) \ No newline at end of file