Commits

Zhang Huangbin committed 904fdf8

Fixed: Check sender domain immediately instead of querying addition domain
names: plugins/ldap_maillist_access_policy.py.

Comments (0)

Files changed (2)

 iRedAPD-1.4.1:
     * Fixed:
-        + Incorrect LDAP attribute name in plugin ldap_recipient_restrictions:
+        + Check sender domain immediately instead of querying addition domain
+          names: plugins/ldap_maillist_access_policy.py.
+        + Incorrect LDAP attribute name in plugins/ldap_recipient_restrictions:
           mailBlacklistedRecipient -> mailBlacklistRecipient (no 'ed').
           Thanks Ho ho <ho.iredmail _at_ gmail.com> for the report.
 

plugins/ldap_maillist_access_policy.py

     conn = kwargs['conn']
     base_dn = kwargs['base_dn']
     sender = kwargs['sender']
+    sender_domain = kwargs['sender_domain']
     recipient = kwargs['recipient']
     recipient_dn = kwargs['recipient_dn']
 
         # No restriction.
         return 'DUNNO (Access policy: public)'
     elif policy == "domain":
-        sender_domain = sender.split('@', 1)[-1]
         # Bypass all users under the same domain.
         if sender_domain in recipient_alias_domains:
             return 'DUNNO (Access policy: domain)'
     elif policy in ['membersonly', 'allowedonly', 'membersandmoderatorsonly']:
         allowed_senders = recipient_ldif.get('listAllowedUser', [])
         if policy == 'allowedonly':
-            if sender in allowed_senders:
+            if sender in allowed_senders or sender_domain in allowed_senders:
                 return 'DUNNO (Allowed explicitly)'
             logging.debug('Sender is not explicitly allowed, query user aliases and alias domains.')