Commits

Zhang Huangbin committed a7a542b

Use 'Permission denied' instead of 'Not Authorized' as reject message, otherwise Fail2ban will ban rejected clients.

Comments (0)

Files changed (6)

src/iredapd-rr.py

 
 ACTION_ACCEPT = 'DUNNO'
 ACTION_DEFER = 'DEFER_IF_PERMIT Service temporarily unavailable'
-ACTION_REJECT = 'REJECT Not Authorized'
+ACTION_REJECT = 'REJECT Permission denied'
 ACTION_DEFAULT = 'DUNNO'
 
 PLUGIN_DIR = os.path.abspath(os.path.dirname(__file__)) + '/plugins-rr'
 
 ACTION_ACCEPT = 'DUNNO'
 ACTION_DEFER = 'DEFER_IF_PERMIT Service temporarily unavailable'
-ACTION_REJECT = 'REJECT Not Authorized'
+ACTION_REJECT = 'REJECT Permission denied'
 ACTION_DEFAULT = 'DUNNO'
 
 PLUGIN_DIR = os.path.abspath(os.path.dirname(__file__)) + '/plugins'

src/plugins-rr/ldap_recipient_restrictions.py

 
     # Reject blacklisted recipients if has intersection set.
     if len(set(recipients) & set(blRecipients)) > 0 or '@.' in blRecipients:
-        return 'REJECT Not authorized'
+        return 'REJECT Permission denied'
 
     # If not matched bl/wl list:
     return 'DUNNO'

src/plugins/ldap_domain_wblist.py

 # This plugin is used for per-domain white-/blacklist.
 # ----------------------------------------------------------------------------
 
-import sys
 import os
-from ldap.filter import escape_filter_chars
 
 PLUGIN_NAME = os.path.basename(__file__)
 
-ACTION_REJECT = 'REJECT Not Authorized'
+ACTION_REJECT = 'REJECT Permission denied'
 
 def restriction(ldapConn, ldapBaseDn, smtpSessionData, logger, **kargs):
     sender = smtpSessionData['sender'].lower()
-    senderDomain = sender.split('@')[-1]
     splitedSenderDomain = str(sender.split('@')[-1]).split('.')
 
     #filterOfSender = '(domainWhitelistSender=%s)' % (sender,)

src/plugins/ldap_maillist_access_policy.py

 
 import os
 
-ACTION_REJECT = 'REJECT Not Authorized.'
+ACTION_REJECT = 'REJECT Permission denied'
 PLUGIN_NAME = os.path.basename(__file__)
 
 def __get_allowed_senders(ldapConn, ldapBaseDn, listDn, sender, recipient, policy, logger, *kw, **kargs):

src/plugins/sql_alias_access_policy.py

 import os
 from web import sqlquote
 
-ACTION_REJECT = 'REJECT Not Authorized'
+ACTION_REJECT = 'REJECT Permission denied'
 PLUGIN_NAME = os.path.basename(__file__)
 
 # Policies. MUST be defined in lower case.