Commit b4235456 authored by Nick Mathewson's avatar Nick Mathewson 👉
Browse files

r17512@catbus: nickm | 2008-01-07 15:46:31 -0500

 Revise todo; add (configurable) code to check for DKIM headers


svn:r13063
parent 7a9aa564
For dec:
o write a README
o proper logging
- check that incoming IP of email is sane.
- check more email headers for sanity
o Send back useful messages in response to requests.
Soon:
o Send back an email even if there are no bridges
- Check dkim headers for sanity.
- Make the 'magic word' for the email configurable, case-tolerant,
html-tolerant, and punctuation-tolerant
- make all the rest of the email options configurable.
Later:
- bug: the email handler gets really upset when the email doesn't have
a message-id header in it.
Not now:
- check that incoming IP of email is sane.
- check more email headers for sanity
Later:
- document stuff better
- better area division logic
- make all proxies get stuck in their own area.
- implement hop
- implement slightly nicer logging
o implement slightly nicer logging
- add captchas
- decent template for web interface
- decent template for mail interface
o decent template for web interface
o decent template for mail interface
- implement 'help' command
- Reload configuration on sighup; not just bridges.
- Reply with locale support.
......
......@@ -73,10 +73,12 @@ EMAIL_DOMAIN_MAP = { "mail.google.com" : "gmail.com",
# Map from canonical domain to list of options for that domain. Recognized
# options are:
# "ignore_dots" -- the service ignores "." characters in email addresses.
# "dkim" -- if there is not a X-DKIM-Authentication-Result header
# with the value "pass", then drop the message.
#
# Note that unrecognized options are ignored; be sure to spell them right!
EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots"],
'yahoo.com' : [ ]
EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots", "dkim"],
'yahoo.com' : ["dkim"]
}
# If there are any IPs in this list, only allow incoming connections from
# those IPs.
......
......@@ -58,8 +58,8 @@ CONFIG = Conf(
EMAIL_DOMAINS = [ "gmail.com", "yahoo.com", "catbus.wangafu.net" ],
EMAIL_DOMAIN_MAP = { "mail.google.com" : "gmail.com",
"googlemail.com" : "gmail.com", },
EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots"],
'yahoo.com' : [] },
EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots", "dkim"],
'yahoo.com' : ["dkim"] },
EMAIL_RESTRICT_IPS=[],
EMAIL_BIND_IP="127.0.0.1",
EMAIL_PORT=6725,
......
......@@ -162,7 +162,24 @@ def getMailResponse(lines, ctx):
logging.info("No From or Sender header on incoming mail.")
return None,None
# Was the magic string included?
_, addrdomain = bridgedb.Dist.extractAddrSpec(clientAddr.lower())
if not addrdomain:
logging.info("Couldn't parse domain from %r", clientAddr)
if addrdomain and ctx.cfg.EMAIL_DOMAIN_MAP:
addrdomain = ctx.cfg.EMAIL_DOMAIN_MAP.get(addrdomain, addrdomain)
rules = ctx.cfg.EMAIL_DOMAIN_RULES.get(addrdomain, [])
if 'dkim' in rules:
# getheader() returns the last of a given kind of header; we want
# to get the first, so we use getheaders() instead.
dkimHeaders = msg.getheaders("X-DKIM-Authentication-Result")
dkimHeader = "<no header>"
if dkimHeaders: dkimHeader = dkimHeaders[0]
if not dkimHeader.startswith("pass"):
logging.info("Got a bad dkim header (%r) on an incoming mail; "
"rejecting it.", dkimHeader)
return None, None
# Was the magic string included
for ln in lines:
if ln.strip().lower() in ("get bridges", "subject: get bridges"):
break
......@@ -308,6 +325,7 @@ def addSMTPServer(cfg, dist, sched):
EMAIL_BIND_IP
EMAIL_PORT
EMAIL_N_BRIDGES_PER_ANSWER
EMAIL_DOMAIN_RULES
dist -- an EmailBasedDistributor object.
sched -- an IntervalSchedule object.
"""
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment