diff --git a/Milter/cache.py b/Milter/cache.py
index 16a5a1be25977f7ed055ba2de743a4c19a3b2484..d03048f480ec824739c1fba9ca4d1c729b727aef 100644
--- a/Milter/cache.py
+++ b/Milter/cache.py
@@ -10,6 +10,11 @@
# CBV results.
#
# $Log$
+# Revision 1.8 2007/09/03 16:18:45 customdesigned
+# Delete unparseable timestamps when loading address cache. These have
+# arisen because of failure to parse MAIL FROM properly. Will have to
+# tighten up MAIL FROM parsing to match RFC.
+#
# Revision 1.7 2007/01/25 22:47:26 customdesigned
# Persist blacklisting from delayed DSNs.
#
@@ -89,8 +94,10 @@ class AddrCache(object):
except IOError:
lock.unlock()
- def has_key(self,sender):
- "True if sender is cached and has not expired."
+ def has_precise_key(self,sender):
+ """True if precise sender is cached and has not expired. Don't
+ try looking up wildcard entries.
+ """
try:
lsender = sender and sender.lower()
ts,res = self.cache[lsender]
@@ -98,16 +105,17 @@ class AddrCache(object):
if not ts or ts > too_old:
return True
del self.cache[lsender]
- try:
- user,host = sender.split('@',1)
- return self.has_key(host)
- except ValueError:
- pass
- except KeyError:
- try:
- user,host = sender.split('@',1)
- return self.has_key(host)
- except: pass
+ except KeyError: pass
+ return False
+
+ def has_key(self,sender):
+ "True if sender is cached and has not expired."
+ if self.has_precise_key(sender):
+ return True
+ try:
+ user,host = sender.split('@',1)
+ return self.has_precise_key(host)
+ except: pass
return False
__contains__ = has_key
diff --git a/TODO b/TODO
index fca32934e830586535f0e03df6450082facb438b..b097fe9b2c14410598838236e9b0cdc9a0004579 100644
--- a/TODO
+++ b/TODO
@@ -1,5 +1,3 @@
-Add parseaddr test case for 'foo@bar.com <baz@barf.biz>'
-
Check ESMTP NOTIFY before sending real DSNs. Just use CBV if DSNs are
not wanted.
@@ -22,7 +20,8 @@ MTA. The mail is flagged external, so we don't list example.com in
internal_domains (or we would get "spam from self"). But, if we try to do a
CBV, we get "fraudulent MX", because the MX is ourself! So we need to
avoid doing CBV on such domains. Currently, we try to make sure the SPF
-policies don't do CBV.
+policies don't do CBV. The real solution is for users to use SMTP AUTH,
+but some of them are stubborn.
We now don't check internal domains for incoming mail if there is an
SPF record.
@@ -190,6 +189,8 @@ Need a test module to feed sample messages to a milter though a live
sendmail and SMTP. The mockup currently used is probably not very accurate,
and doesn't test the threading code.
+DONE Add parseaddr test case for 'foo@bar.com <baz@barf.biz>'
+
DONE Require signed MFROM for all incoming bounces when signing all outgoing
mail - except from trusted relays.
diff --git a/bms.py b/bms.py
index 75db951232c525c5ae6008be267bacb88a86d63c..39d0d9c6af1ccf4431705d5d4b544f077388e158 100644
--- a/bms.py
+++ b/bms.py
@@ -1,6 +1,9 @@
#!/usr/bin/env python
# A simple milter that has grown quite a bit.
# $Log$
+# Revision 1.121 2008/04/10 14:59:35 customdesigned
+# Configure gossip TTL.
+#
# Revision 1.120 2008/04/02 18:59:14 customdesigned
# Release 0.8.10
#
@@ -1112,10 +1115,13 @@ class bmsMilter(Milter.Milter):
self.setreply('550','5.7.1','Invalid SES signature')
return Milter.REJECT
# reject for certain recipients are delayed until after DATA
- if srs_reject_spoofed \
- and not user.lower() in ('postmaster','abuse'):
- return self.forged_bounce()
- self.data_allowed = not srs_reject_spoofed
+ if auto_whitelist.has_precise_key(self.canon_from):
+ self.log("WHITELIST: DSN from",self.canon_from)
+ else:
+ if srs_reject_spoofed \
+ and user.lower() not in ('postmaster','abuse'):
+ return self.forged_bounce()
+ self.data_allowed = not srs_reject_spoofed
if not self.internal_connection and domain in private_relay:
self.log('REJECT: RELAY:',to)