Commits

Zhang Huangbin committed ca03b65

Add domain alias support in plugin: ldap_domain_wblist.

Comments (0)

Files changed (6)

 iRedAPD-1.3.4:
     * New plugin: ldap_domain_wblist, used for per-domain white/blacklist
-      support. NOTE: This plugin requires latest iRedMail LDAP schema file for
-      proper attributes. It's shipped in iRedMail >= 0.6.1.
+      support (including domain alias). NOTE: This plugin requires latest
+      iRedMail LDAP schema file for proper attributes. It's shipped in
+      iRedMail >= 0.6.1.
 
 iRedAPD-1.3.3:
     * Fix bug in src/plugins-rr/ldap_recipient_restriction.py. Thanks

src/iredapd-rr.py

 import logging
 import daemon
 
-__version__ = "1.4.0"
+__version__ = "1.3.4"
 
 sys.path.append(os.path.abspath(os.path.dirname(__file__)) + '/plugins-rr')
 
 import logging
 import daemon
 
-__version__ = "1.4.0"
+__version__ = "1.3.4"
 
 sys.path.append(os.path.abspath(os.path.dirname(__file__)) + '/plugins')
 

src/plugins/block_amavisd_blacklisted_senders.py

 
     # Bypass whitelisted senders.
     if len(set(list_senders) & set(wlSenders)) > 0:
-        return 'DUNNO'
+        return 'DUNNO Whitelisted'
 
     # Reject blacklisted senders.
     if len(set(list_senders) & set(blSenders)) > 0:
-        return 'REJECT Not Authorized'
+        return 'REJECT Blacklisted'
 
     # Neither blacklisted nor whitelisted.
-    return 'DUNNO'
+    return 'DUNNO No white-/blacklist records found.'

src/plugins/ldap_domain_wblist.py

 
     recipient = smtpSessionData['recipient'].lower()
     recipientDomain = recipient.split('@')[-1]
-    dnOfRecipientDomain = escape_filter_chars('domainName=' + recipientDomain + ',' + ldapBaseDn)
+
+    # Query ldap to get domain dn, with domain alias support.
+    try:
+        resultDnOfDomain = ldapConn.search_s(
+            ldapBaseDn,
+            1,                  # 1 = ldap.SCOPE_ONELEVEL
+            '(|(domainName=%s)(domainAliasName=%s))' % (recipientDomain, recipientDomain),
+            ['dn'],
+        )
+        dnOfRecipientDomain = resultDnOfDomain[0][0]
+    except Exception, e:
+        return 'DUNNO Error while fetching domain dn: %s' % (str(e))
 
     # Get list of restricted ip addresses.
     senderIP = smtpSessionData['client_address']
         filterOfIPAddr += '(domainWhitelistIP=%s)(domainBlacklistIP=%s)' % (i, i,)
 
     # Generate final search filter.
-    filter = '(&(objectClass=mailDomain)(domainName=%s)(|%s))' % (
+    filter = '(&(objectClass=mailDomain)(|(domainName=%s)(domainAliasName=%s))(|%s))' % (
+        recipientDomain,
         recipientDomain,
         filterOfSenders + filterOfIPAddr,
     )
 
         if len(resultWblists) == 0:
             # No white/blacklist available.
-            return 'DUNNO'
+            return 'DUNNO No white-/blacklist found.'
 
         # Whitelist first.
         whitelistedSenders = resultWblists[0][1].get('domainWhitelistSender', [])
 
         if len(set(listOfRestrictedSenders) & set(whitelistedSenders)) > 0 or \
            len(set(listOfRestrictedIPAddresses) & set(whitelistedIPAddresses)) > 0:
-            return 'DUNNO Whitelisted'
+            return 'DUNNO Whitelisted.'
 
         # Blacklist.
         blacklistedSenders = resultWblists[0][1].get('domainBlacklistSender', [])
            len(set(listOfRestrictedIPAddresses) & set(blacklistedIPAddresses)) > 0:
             return 'REJECT Blacklisted'
 
-        return 'DUNNO'
+        return 'DUNNO Not listed in white-/blacklist records.'
     except Exception, e:
         # Error while quering LDAP server, return 'DUNNO' instead of rejecting emails.
-        return 'DUNNO'
+        return 'DUNNO Error while fetching white-/blacklist records: %s' % (str(e))

src/plugins/ldap_maillist_access_policy.py

 
 import sys
 
-ACTION_REJECT = 'REJECT Not Authorized'
+ACTION_REJECT = 'REJECT Not Authorized.'
 
 def __get_allowed_senders(ldapConn, ldapBaseDn, listDn, sender, recipient, policy,):
     """return search_result_list_based_on_access_policy"""
 def restriction(ldapConn, ldapBaseDn, ldapRecipientDn, ldapRecipientLdif, smtpSessionData, **kargs):
     # Return if recipient is not a mail list object.
     if 'maillist' not in [v.lower() for v in ldapRecipientLdif['objectClass']]:
-        return 'DUNNO'
+        return 'DUNNO Not a mail list account.'
 
     sender = smtpSessionData['sender'].lower()
     sender_domain = sender.split('@')[-1]
 
     if policy == "public":
         # No restriction.
-        return 'DUNNO'
+        return 'DUNNO Access policy: public.'
     elif policy == "domain":
         # Bypass all users under the same domain.
         if sender_domain == recipient_domain:
-            return 'DUNNO'
+            return 'DUNNO Access policy: domain'
         else:
-            return ACTION_REJECT
+            return ACTION_REJECT + ' Access policy: domain.'
     elif policy == "subdomain":
         # Bypass all users under the same domain and sub domains.
         if sender.endswith('.' + recipient_domain):
-            return 'DUNNO'
+            return 'DUNNO Access policy: sub domains.'
         else:
-            return ACTION_REJECT
+            return ACTION_REJECT + ' Access policy: sub domains.'
     else:
         # Handle other access policies: membersOnly, allowedOnly, membersAndModeratorsOnly.
         allowedSenders = __get_allowed_senders(
                 )
 
         if sender.lower() in [v.lower() for v in allowedSenders]:
-            return 'DUNNO'
+            return 'DUNNO Allowed sender.'
         else:
             return ACTION_REJECT