summaryrefslogtreecommitdiffstats
path: root/bin
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2014-02-11 14:30:14 +0100
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2014-02-11 14:30:14 +0100
commit14ef739a27fa305d159ad04990842e2638a832e9 (patch)
tree32104bee820ccf906c7096ad581aaddaad372521 /bin
parent84133cf3535c77dac77ac1f41955c6594f357a58 (diff)
downloadpykolab-14ef739a27fa305d159ad04990842e2638a832e9.tar.gz
Add new settings to control when (under what circumstances) a Sender:, X-Sender: or even an obscured X-Authenticated-As: header is prepended to email submitted through Kolab.
Diffstat (limited to 'bin')
-rwxr-xr-xbin/kolab_smtp_access_policy.py126
1 files changed, 118 insertions, 8 deletions
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index 304ab85..935fc6e 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -1333,14 +1333,124 @@ def hold(message, policy_request=None):
def permit(message, policy_request=None):
log.info(_("Returning action PERMIT: %s") % (message))
- if hasattr(policy_request, 'sasl_username'):
- sender = conf.get('kolab_smtp_access_policy', 'sender_header')
- if utils.true_or_false(sender):
- print "action=PREPEND Sender: %s" % (policy_request.sasl_username)
-
- xsender = conf.get('kolab_smtp_access_policy', 'xsender_header')
- if utils.true_or_false(xsender):
- print "action=PREPEND X-Sender: %s" % (policy_request.sasl_username)
+ # If we have no policy request, we have been called for a reason,
+ # and everything relevant has been figured out already.
+ if policy_request == None:
+ print "action=PERMIT\n\n"
+ sys.exit(0)
+
+ # If the user is not authenticated, there's no reason to do
+ # extra checks here -- to have been performed already.
+ if not hasattr(policy_request, 'sasl_username'):
+ print "action=PERMIT\n\n"
+ sys.exit(0)
+
+ # Same here.
+ if policy_request.sasl_username == None:
+ print "action=PERMIT\n\n"
+ sys.exit(0)
+
+ delegate_sender_header = None
+ alias_sender_header = None
+
+ # If the sender is a delegate of the envelope sender address, take into
+ # account the preferred domain policy for appending the Sender and/or
+ # X-Sender headers.
+ #
+ # Note that a delegatee by very definition is not using an alias.
+ #
+ if policy_request.sasl_user_is_delegate:
+ # Domain-specific setting?
+ if not policy_request.sender_domain == None:
+ delegate_sender_header = conf.get(policy_request.sender_domain, 'delegate_sender_header')
+
+ # Global setting?
+ if delegate_sender_header == None:
+ delegate_sender_header = conf.get('kolab_smtp_access_policy', 'delegate_sender_header')
+
+ # Default
+ if delegate_sender_header == None:
+ delegate_sender_header = True
+
+ # If the sender is using an alias as the envelope sender address, take
+ # into account the preferred domain policy for appending the Sender
+ # and/or X-Sender headers.
+ elif policy_requiest.sasl_user_uses_alias:
+ # Domain-specific setting?
+ if not policy_request.sender_domain == None:
+ alias_sender_header = conf.get(policy_request.sender_domain, 'alias_sender_header')
+
+ # Global setting?
+ if alias_sender_header == None:
+ alias_sender_header = conf.get('kolab_smtp_access_policy', 'alias_sender_header')
+
+ # Default
+ if alias_sender_header == None:
+ alias_sender_header = True
+
+ # Make the values booleans
+ delegate_sender_header = utils.true_or_false(delegate_sender_header)
+ alias_sender_header = utils.true_or_false(alias_sender_header)
+
+ # Do we use a (simple) encryption key to obscure the headers' contents?
+ # Note that using an encryption key voids the actual use of proper Sender
+ # and X-Sender headers such as they could be interpreted by a client
+ # application.
+ enc_key = conf.get(policy_request.sender_domain, 'sender_header_enc_key')
+ if enc_key == None:
+ enc_key = conf.get('kolab_smtp_access_policy', 'sender_header_enc_key')
+
+ sender_header = None
+ xsender_header = None
+
+ if delegate_sender_header or alias_sender_header:
+ # Domain specific?
+ sender_header = conf.get(policy_request.sender_domain, 'sender_header')
+
+ # Global setting?
+ if sender_header == None:
+ sender_header = conf.get('kolab_smtp_access_policy', 'sender_header')
+
+ # Default
+ if sender_header == None:
+ sender_header = True
+
+ # Domain specific?
+ xsender_header = conf.get(policy_request.sender_domain, 'xsender_header')
+
+ # Global setting?
+ if xsender_header == None:
+ xsender_header = conf.get('kolab_smtp_access_policy', 'xsender_header')
+
+ # Default
+ if xsender_header == None:
+ xsender_header = True
+
+ # Note that if the user is not a delegatee, and not using an alias, the sender
+ # address is the envelope sender address, and the defaults for sender_header
+ # and xsender_header being None, ultimately evaluating to False seems
+ # appropriate.
+
+ # Make the values booleans
+ sender_header = utils.true_or_false(sender_header)
+ xsender_header = utils.true_or_false(xsender_header)
+
+ if sender_header or xsender_header:
+ # Do the encoding, if any
+ if not enc_key == None:
+ header = 'X-Authenticated-As'
+ xheader = None
+ sender = utils.encode(enc_key, policy_request.sasl_username)
+ else:
+ header = 'Sender'
+ xheader = 'X-Sender'
+ sender = policy_request.sasl_username
+
+ if sender_header:
+ print "action=PREPEND %s: %s" % (header, sender)
+
+ if xsender_header and not xheader == None:
+ print "action=PREPEND %s: %s" % (xheader, sender)
print "action=PERMIT\n\n"
sys.exit(0)