Commits

Zhang Huangbin  committed f00ab61

New plugin for all backends: reject_sender_login_mismatch.
Reject sender login mismatch (sender in mail header and SASL username).

  • Participants
  • Parent commits b0813c4

Comments (0)

Files changed (3)

 iRedAPD-1.4.0:
+    * New plugin for all backends: reject_sender_login_mismatch.
+      Reject sender login mismatch (sender in mail header and SASL username).
     * No iredapd-rr.py any more, we need only one instance of iRedAPD.
     * Remove dependence of web.py.
     * Better user alias and alias domain support in plugin
-* rename variables: ldapSenderLdif -> sender_ldif or ldif_of_sender
-* plugin/ldap_expired_passwd.py: set password last update date to today if
-  shadowLastChange is not present or 0?
 * Query required SQL columns instead of all
 * Plugins:
     + HELO restrictions

File plugins/reject_sender_login_mismatch.py

+"""Reject sender login mismatch (sender in mail header and SASL username).
+
+You should remove "sender_login_mismatch" in Postfix
+"smtpd_sender_restrictions" and let this plugin do it for you.
+"""
+
+import logging
+from libs import SMTP_ACTIONS
+
+REQUIRE_LOCAL_SENDER = False
+REQUIRE_LOCAL_RECIPIENT = False
+SENDER_SEARCH_ATTRLIST = []
+RECIPIENT_SEARCH_ATTRLIST = []
+
+# Allow sender login mismatch for below senders.
+ALLOWED_SENDERS = []
+
+def restriction(**kwargs):
+    # The sender appears in 'From:' header.
+    sender = kwargs['sender']
+
+    # Username used to perform SMTP auth
+    sasl_username = kwargs['smtp_session_data'].get('sasl_username', '').lower()
+
+    logging.debug('Sender: %s, SASL username: %s' % (sender, sasl_username))
+
+    if sasl_username:    # Is a outgoing email
+        # Compare them
+        if sender != sasl_username:
+            if sasl_username in ALLOWED_SENDERS:
+                return SMTP_ACTIONS['default']
+            else:
+                # Reject without reason.
+                #return SMTP_ACTIONS['reject']
+
+                # Reject with reason.
+                # There must be a space between smtp action and reason text.
+                return SMTP_ACTIONS['reject'] + ' ' + 'Sender login mismatch.'
+
+                # Log message without reject.
+                #logging.info('Sender login mismatch.')
+
+    return SMTP_ACTIONS['default']