Commits

Zhang Huangbin committed 8ede84b

Allow to use same logging hander in plugins, print plugin debug message.

  • Participants
  • Parent commits 473289e

Comments (0)

Files changed (7)

 iRedAPD-1.3.4:
+    * Allow to use same logging hander in plugins, print plugin debug message.
+    * Queary user aliases as allowed sender.
     * Print error message if plugin module doesn't exist.
     * New plugin: ldap_domain_wblist, used for per-domain white/blacklist
       support (including domain alias). NOTE: This plugin requires latest

File src/iredapd.py

                             dbConn=self.db,
                             senderReceiver=senderReceiver,
                             smtpSessionData=map,
+                            logger=logging,
                         )
 
                         logging.debug('Response from plugin (%s): %s' % (module.__name__, pluginAction))
                             ldapRecipientDn=recipientDn,
                             ldapRecipientLdif=recipientLdif,
                             smtpSessionData=map,
+                            logger=logging,
                         )
 
                         logging.debug('Response from plugin (%s): %s' % (module.__name__, pluginAction))

File src/plugins/__init__.py

-#!/usr/bin/env python
-# encoding: utf-8
-
-# Author: Zhang Huangbin <michaelbibby (at) gmail.com>
-
-
-

File src/plugins/block_amavisd_blacklisted_senders.py

-#!/usr/bin/env python
-# encoding: utf-8
-
-# Author: Zhang Huangbin (zhb@iredmail.org)
+# Author: Zhang Huangbin <zhb@iredmail.org>
 
 import sys
+import os
 
-def restriction(smtpSessionData, ldapRecipientLdif, **kargs):
+PLUGIN_NAME = os.path.basename(__file__)
+
+def restriction(smtpSessionData, ldapRecipientLdif, logger, **kargs):
     # Get sender address.
     sender = smtpSessionData.get('sender').lower()
     splited_sender_domain = str(sender.split('@')[-1]).split('.')
     # Get list of amavisWhitelistSender.
     wlSenders = [v.lower() for v in ldapRecipientLdif.get('amavisWhitelistSender', [])]
 
+    logger.debug('(%s) Sender: %s' % (PLUGIN_NAME, sender))
+    logger.debug('(%s) Blacklisted senders: %s' % (PLUGIN_NAME, ', '.join(blSenders)))
+    logger.debug('(%s) Whitelisted senders: %s' % (PLUGIN_NAME, ', '.join(wlSenders)))
+
     #
     # Process whitelisted senders first.
     #

File src/plugins/ldap_domain_wblist.py

-#!/usr/bin/env python
-# encoding: utf-8
-
-# Author: Zhang Huangbin <zhb@ iredmail.org>
+# Author: Zhang Huangbin <zhb@iredmail.org>
 
 # ----------------------------------------------------------------------------
 # This plugin is used for per-domain white-/blacklist.
 # ----------------------------------------------------------------------------
 
 import sys
+import os
 from ldap.filter import escape_filter_chars
 
+PLUGIN_NAME = os.path.basename(__file__)
+
 ACTION_REJECT = 'REJECT Not Authorized'
 
-def restriction(ldapConn, ldapBaseDn, smtpSessionData, **kargs):
+def restriction(ldapConn, ldapBaseDn, smtpSessionData, logger, **kargs):
     sender = smtpSessionData['sender'].lower()
     senderDomain = sender.split('@')[-1]
     splitedSenderDomain = str(sender.split('@')[-1]).split('.')
     recipient = smtpSessionData['recipient'].lower()
     recipientDomain = recipient.split('@')[-1]
 
+    logger.debug('(%s) Sender: %s' % (PLUGIN_NAME, sender))
+    logger.debug('(%s) Recipient: %s' % (PLUGIN_NAME, recipient))
+
     # Query ldap to get domain dn, with domain alias support.
     try:
         resultDnOfDomain = ldapConn.search_s(
             ['dn'],
         )
         dnOfRecipientDomain = resultDnOfDomain[0][0]
+        logger.debug('(%s) DN of recipient domain: %s' % (PLUGIN_NAME, dnOfRecipientDomain))
     except Exception, e:
         return 'DUNNO Error while fetching domain dn: %s' % (str(e))
 
             # No white/blacklist available.
             return 'DUNNO No white-/blacklist found.'
 
+        ###################
         # Whitelist first.
+        #
         whitelistedSenders = resultWblists[0][1].get('domainWhitelistSender', [])
         whitelistedIPAddresses = resultWblists[0][1].get('domainWhitelistIP', [])
 
+        logger.debug('(%s) Whitelisted senders: %s' % (PLUGIN_NAME, ', '.join(whitelistedSenders)))
+        logger.debug('(%s) Whitelisted IP addresses: %s' % (PLUGIN_NAME, ', '.join(whitelistedIPAddresses)))
+
         if len(set(listOfRestrictedSenders) & set(whitelistedSenders)) > 0 or \
            len(set(listOfRestrictedIPAddresses) & set(whitelistedIPAddresses)) > 0:
             return 'DUNNO Whitelisted.'
 
+        ###################
         # Blacklist.
+        #
         blacklistedSenders = resultWblists[0][1].get('domainBlacklistSender', [])
         blacklistedIPAddresses = resultWblists[0][1].get('domainBlacklistIP', [])
 
+        logger.debug('(%s) Blacklisted senders: %s' % (PLUGIN_NAME, ', '.join(blacklistedSenders)))
+        logger.debug('(%s) Blacklisted IP addresses: %s' % (PLUGIN_NAME, ', '.join(blacklistedIPAddresses)))
+
         if len(set(listOfRestrictedSenders) & set(blacklistedSenders)) > 0 or \
            len(set(listOfRestrictedIPAddresses) & set(blacklistedIPAddresses)) > 0:
             return 'REJECT Blacklisted'

File src/plugins/ldap_maillist_access_policy.py

 # ----------------------------------------------------------------------------
 
 import sys
+import os
 
 ACTION_REJECT = 'REJECT Not Authorized.'
+PLUGIN_NAME = os.path.basename(__file__)
 
-def __get_allowed_senders(ldapConn, ldapBaseDn, listDn, sender, recipient, policy,):
+def __get_allowed_senders(ldapConn, ldapBaseDn, listDn, sender, recipient, policy, logger, *kw, **kargs):
     """return search_result_list_based_on_access_policy"""
 
+    logger.debug('(%s) Get allowed senders...' % (PLUGIN_NAME))
+
     basedn = ldapBaseDn
     searchScope = 2     # Use SCOPE_BASE to improve performance.
 
         searchFilter = "(|(&(|(objectClass=mailUser)(objectClass=mailExternalUser))(memberOfGroup=%s))(&(objectclass=mailList)(mail=%s)))" % (recipient, recipient, )
         searchAttr = ['mail', 'shadowAddress', 'listAllowedUser',]
 
+    logger.debug('(%s) base dn: %s' % (PLUGIN_NAME, basedn))
+    logger.debug('(%s) search scope: %s' % (PLUGIN_NAME, searchScope))
+    logger.debug('(%s) search filter: %s' % (PLUGIN_NAME, searchFilter))
+    logger.debug('(%s) search attributes: %s' % (PLUGIN_NAME, ', '.join(searchAttr)))
+
     try:
         result = ldapConn.search_s(basedn, searchScope, searchFilter, searchAttr)
         userList = []
                     userList += obj[1][k]
                 else:
                     pass
+        logger.debug('(%s) search result: %s' % (PLUGIN_NAME, str(userList)))
         return userList
-
     except Exception, e:
+        logger.debug('(%s) Error: %s' % (PLUGIN_NAME, str(e)))
         return []
 
-def restriction(ldapConn, ldapBaseDn, ldapRecipientDn, ldapRecipientLdif, smtpSessionData, **kargs):
+def restriction(ldapConn, ldapBaseDn, ldapRecipientDn, ldapRecipientLdif, smtpSessionData, logger, **kargs):
     # Return if recipient is not a mail list object.
     if 'maillist' not in [v.lower() for v in ldapRecipientLdif['objectClass']]:
         return 'DUNNO Not a mail list account.'
 
     policy = ldapRecipientLdif.get('accessPolicy', ['public'])[0].lower()
 
+    logger.debug('(%s) Sender: %s' % (PLUGIN_NAME, sender))
+    logger.debug('(%s) Recipient: %s' % (PLUGIN_NAME, recipient))
+    logger.debug('(%s) Policy: %s' % (PLUGIN_NAME, policy))
+
     if policy == "public":
         # No restriction.
         return 'DUNNO Access policy: public.'
     else:
         # Handle other access policies: membersOnly, allowedOnly, membersAndModeratorsOnly.
         allowedSenders = __get_allowed_senders(
-                ldapConn=ldapConn,
-                ldapBaseDn=ldapBaseDn,
-                listDn=ldapRecipientDn,
-                sender=sender,
-                recipient=recipient,
-                policy=policy,
-                )
+            ldapConn=ldapConn,
+            ldapBaseDn=ldapBaseDn,
+            listDn=ldapRecipientDn,
+            sender=sender,
+            recipient=recipient,
+            policy=policy,
+            logger=logger,
+        )
 
         if sender.lower() in [v.lower() for v in allowedSenders]:
             return 'DUNNO Allowed sender.'

File src/plugins/sql_alias_access_policy.py

-#!/usr/bin/env python
-# encoding: utf-8
+# Author: Zhang Huangbin <zhb@iredmail.org>
 
-# Author: Zhang Huangbin <michaelbibby (at) gmail.com>
 # Date: 2010-03-12
 # Purpose: Apply access policy on sender while recipient is an alias.
 
 #   - membersAndModeratorsOnly: Only members and moderators are allowed.
 
 import sys
+import os
 
 ACTION_REJECT = 'REJECT Not Authorized'
+PLUGIN_NAME = os.path.basename(__file__)
 
 # Policies. MUST be defined in lower case.
 POLICY_PUBLIC = 'public'
 POLICY_ALLOWEDONLY = 'allowedOnly'      # Same as @POLICY_MODERATORSONLY
 POLICY_MEMBERSANDMODERATORSONLY = 'membersandmoderatorsonly'
 
-def restriction(dbConn, senderReceiver, smtpSessionData, **kargs):
+def restriction(dbConn, senderReceiver, smtpSessionData, logger, **kargs):
     # Get alias account from alias table.
     # If you need to run RAW SQL command, use dbConn.query() instead.
     # Reference: http://webpy.org/cookbook/query
     # Sample:
     #   result = dbConn.query('''SELECT * FROM alias WHERE address=$recipient''', vars=senderReceiver,)
 
-    result = dbConn.select('alias',
-                           senderReceiver,
-                           where='address = $recipient AND domain = $recipient_domain',
-                           limit=1,
-                          )
+    result = dbConn.select(
+        'alias',
+        senderReceiver,
+        where='address = $recipient AND domain = $recipient_domain',
+        limit=1,
+    )
 
-    # Return if recipient account doesn't exist.
+    # Recipient account doesn't exist.
     if len(result) != 1:
-        return 'DUNNO'
+        return 'DUNNO Account does not exist.'
 
     # Use the first SQL record.
     sqlRecord = result[0]
     members = [str(v.lower()) for v in sqlRecord.get('goto', '').split(',')]
     moderators = [str(v.lower()) for v in sqlRecord.get('moderators', '').split(',')]
 
+    logger.debug('(%s) policy: %s' % (PLUGIN_NAME, policy))
+    logger.debug('(%s) members: %s' % (PLUGIN_NAME, ', '.join(members)))
+    logger.debug('(%s) moderators: %s' % (PLUGIN_NAME, ', '.join(moderators)))
+
     if policy == POLICY_PUBLIC:
         # Return if no access policy available or policy is @POLICY_PUBLIC.
         return 'DUNNO'
             return ACTION_REJECT
     else:
         # Bypass all if policy is not defined in this plugin.
-        return 'DUNNO'
+        return 'DUNNO Policy is not defined in plugin (%s): %s.' % (PLUGIN_NAME, policy)