From 25b6378631a2c2ac62fa1548798018a01b3246f0 Mon Sep 17 00:00:00 2001 From: Stuart Gathman <stuart@gathman.org> Date: Sun, 23 Oct 2005 16:01:30 +0000 Subject: [PATCH] Consider MAIL FROM a match for supply_sender when a subdomain of From or Sender --- NEWS | 4 ++++ bms.py | 8 ++++++-- milter.html | 9 ++++++++- milter.rc | 2 +- milter.rc7 | 2 +- milter.spec | 4 +++- 6 files changed, 23 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index ccfbc1a..4069c13 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ Here is a history of user visible changes to Python milter. 0.8.4 Auto-whitelist recipients of outgoing email. + Fix SPF policy via sendmail access map (case insensitive keys). + Train screener on whitelisted messages + Optional idx parameter to addheader to invoke smfi_insheader + Activate progress API when SMFIR_PROGRESS defined 0.8.3 Keep screened honeypot mail, but optionally discard honeypot only mail. spf_accept_fail option for braindead SPF senders (treats fail like softfail) diff --git a/bms.py b/bms.py index 4bcb6a3..819667a 100644 --- a/bms.py +++ b/bms.py @@ -1,6 +1,9 @@ #!/usr/bin/env python # A simple milter that has grown quite a bit. # $Log$ +# Revision 1.35 2005/10/20 18:47:27 customdesigned +# Configure auto_whitelist senders. +# # Revision 1.34 2005/10/19 21:07:49 customdesigned # access.db stores keys in lower case # @@ -1233,8 +1236,9 @@ class bmsMilter(Milter.Milter): msg = rfc822.Message(self.fp) for rn,hf in msg.getaddrlist('from')+msg.getaddrlist('sender'): t = parse_addr(hf) - if len(t) == 2 and t[1].lower() == mf_domain: - break + if len(t) == 2: + hd = t[1].lower() + if hd == mf_domain or mf_domain.endswith('.'+hd): break else: for f in msg.getallmatchingheaders('from'): self.log(f) diff --git a/milter.html b/milter.html index 4e52bd0..d2298c2 100644 --- a/milter.html +++ b/milter.html @@ -24,7 +24,7 @@ ALT="Viewable With Any Browser" BORDER="0"></A> Stuart D. Gathman</a><br> This web page is written by Stuart D. Gathman<br>and<br>sponsored by <a href="http://www.bmsi.com">Business Management Systems, Inc.</a> <br> -Last updated Oct 12, 2005</h4> +Last updated Oct 20, 2005</h4> See the <a href="faq.html">FAQ</a> | <a href="http://sourceforge.net/project/showfiles.php?group_id=139894">Download now</a> | <a href="/mailman/listinfo/pymilter">Subscribe to mailing list</a> | @@ -51,6 +51,13 @@ Python milter has been moved to <a href="http://sourceforge.net/projects/pymilter/">pymilter Sourceforge project</a> for development and release downloads. <p> +Release 0.8.4 makes configuring SPF policy via access.db actually work. +The honeypot idea is enhanced by auto-whitelisting recipients of +email sent from selected domains. Whitelisted messages are then used +to train the honeypot. This makes the honeypot screener entirely self +training. The smfi_progress() API is now automatically supported when present. +An optional idx parameter to milter.addheader() invokes smfi_insheader(). +<p> Release 0.8.3 uses the standard logging module, and supports configuring more detailed SPF policy via the sendmail access map. SMTP AUTH connections are considered INTERNAL. Preventing forgery between internal domains is diff --git a/milter.rc b/milter.rc index cd43cf9..aca5845 100755 --- a/milter.rc +++ b/milter.rc @@ -5,7 +5,7 @@ # chkconfig: 2345 80 30 # description: Milter is a process that filters messages sent through sendmail. # processname: milter -# config: /var/log/milter/bms.py +# config: /etc/mail/pymilter.cfg # pidfile: /var/run/milter/milter.pid python="python2.3" diff --git a/milter.rc7 b/milter.rc7 index 5445ca2..21931b6 100755 --- a/milter.rc7 +++ b/milter.rc7 @@ -5,7 +5,7 @@ # chkconfig: 2345 80 30 # description: Milter is a process that filters messages sent through sendmail. # processname: milter -# config: /var/log/milter/bms.py +# config: /etc/mail/pymilter.cfg # pidfile: /var/run/milter/milter.pid python="python2.3" diff --git a/milter.spec b/milter.spec index 0187d50..446305b 100644 --- a/milter.spec +++ b/milter.spec @@ -55,7 +55,7 @@ modules provide for navigating and modifying MIME parts. #%patch -p1 %build -env CFLAGS="$RPM_OPT_FLAGS" %{python} setup.py build +env CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" %{python} setup.py build %install rm -rf $RPM_BUILD_ROOT @@ -169,6 +169,8 @@ rm -rf $RPM_BUILD_ROOT /usr/share/sendmail-cf/hack/rhsbl.m4 %changelog +* Fri Oct 21 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-2 +- Don't supply sender when MFROM is subdomain of header from/sender. * Thu Oct 20 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-1 - Fix SPF policy via sendmail access map (case insensitive keys). - Auto whitelist senders, train screener on whitelisted messages -- GitLab