Commits

Zhang Huangbin committed f728586

Ability to handle policy 'subdomain'. Bypass if sender is under same domain or sub domains.

  • Participants
  • Parent commits 0bfab3a

Comments (0)

Files changed (3)

 iRedAPD-1.2.4-RC1:
+    * Ability to handle policy 'subdomain'. Bypass if sender is under same
+      domain or sub domains.
+    * Ability to handle policy 'membersAndAllowedOnly'.
     * Support MySQL backend.
     * Add rc script for FreeBSD.
-    * Ability to handle policy 'membersAndAllowedOnly'.
 
 iRedAPD-1.2.3:
     * Change default action to 'DUNNO', so that we won't miss any email while

File src/plugins/ldap_maillist_access_policy.py

 
 # ----------------------------------------------------------------------------
 # This plugin is used for mail deliver restriction.
+#
+# Handled policies:
+#   - public:   Unrestricted
+#   - domain:   Only users under same domain are allowed.
+#   - subdomain:    Only users under same domain and sub domains are allowed.
+#   - membersOnly:  Only members are allowed.
+#   - moderatorsOnly:   Only moderators are allowed.
+#   - membersAndModeratorsOnly: Only members and moderators are allowed.
+
 # ----------------------------------------------------------------------------
 
 import sys
         return 'DUNNO'
 
     sender = smtpSessionData['sender'].lower()
+    sender_domain = sender.split('@')[1]
+
     recipient = smtpSessionData['recipient'].lower()
+    recipient_domain = recipient.split('@')[1]
+
     policy = ldapRecipientLdif.get('accessPolicy', ['public'])[0].lower()
 
     if policy == "public":
         return 'DUNNO'
     elif policy == "domain":
         # Bypass all users under the same domain.
-        if sender.split('@')[1] == recipient.split('@')[1]: return 'DUNNO'
-        else: return ACTION_REJECT
+        if sender_domain == recipient_domain:
+            return 'DUNNO'
+        else:
+            return ACTION_REJECT
+    elif policy == "subdomain":
+        # Bypass all users under the same domain and sub domains.
+        if sender.endswith('.' + recipient_domain):
+            return 'DUNNO'
+        else:
+            return ACTION_REJECT
     else:
         # Handle other access policies: membersOnly, allowedOnly, membersAndAllowedOnly.
         allowedSenders = __get_allowed_senders(

File src/plugins/sql_alias_access_policy.py

 # Handled policies:
 #   - public:   Unrestricted
 #   - domain:   Only users under same domain are allowed.
+#   - subdomain:    Only users under same domain and sub domains are allowed.
 #   - membersOnly:  Only members are allowed.
 #   - moderatorsOnly:   Only moderators are allowed.
 #   - membersAndModeratorsOnly: Only members and moderators are allowed.
 # Policies. MUST be defined in lower case.
 POLICY_PUBLIC = 'public'
 POLICY_DOMAIN = 'domain'
+POLICY_SUBDOMAIN = 'subdomain'
 POLICY_MEMBERSONLY = 'membersonly'
 POLICY_MODERATORSONLY = 'moderatorsonly'
 POLICY_ALLOWEDONLY = 'allowedOnly'      # Same as @POLICY_MODERATORSONLY
 
 def restriction(dbConn, sqlRecord, smtpSessionData, **kargs):
     policy = sqlRecord.get('accesspolicy', 'public').lower()
+
     sender = smtpSessionData['sender'].lower()
+    sender_domain = sender.split('@')[1]
+
     recipient = smtpSessionData['recipient'].lower()
+    recipient_domain = recipient.split('@')[1]
+
     members = [str(v.lower()) for v in sqlRecord.get('goto', '').split(',')]
     moderators = [str(v.lower()) for v in sqlRecord.get('moderators', '').split(',')]
 
         return 'DUNNO'
     elif policy == POLICY_DOMAIN:
         # Bypass all users under the same domain.
-        if sender.split('@')[1] == recipient.split('@')[1]:
+        if sender_domain == recipient_domain:
+            return 'DUNNO'
+        else:
+            return ACTION_REJECT
+    elif policy == POLICY_SUBDOMAIN:
+        # Bypass all users under the same domain or sub domains.
+        if sender.endswith('.' + recipient_domain):
             return 'DUNNO'
         else:
             return ACTION_REJECT