steffen: server/kolab-resource-handlers/kolab-resource-handlers/resmgr kolabfilter.php, 1.25, 1.26

cvs at intevation.de cvs at intevation.de
Wed Jun 15 13:05:47 CEST 2005


Author: steffen

Update of /kolabrepository/server/kolab-resource-handlers/kolab-resource-handlers/resmgr
In directory doto:/tmp/cvs-serv29743

Modified Files:
	kolabfilter.php 
Log Message:
Issue783 (From rewriting)

Index: kolabfilter.php
===================================================================
RCS file: /kolabrepository/server/kolab-resource-handlers/kolab-resource-handlers/resmgr/kolabfilter.php,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- kolabfilter.php	10 Jun 2005 23:54:37 -0000	1.25
+++ kolabfilter.php	15 Jun 2005 11:05:45 -0000	1.26
@@ -79,6 +79,25 @@
 }
 register_shutdown_function( 'cleanup' );
 
+function is_my_domain( $addr ) {
+  global $params;
+  if( is_array($params['email_domain']) ) {
+	$domains = $params['email_domain'];
+  } else {
+	$domains = array($params['email_domain']);
+  }
+  
+  $adrs = imap_rfc822_parse_adrlist($addr, $params['email_domain']);
+  foreach ($adrs as $adr) {
+    $adrdom = $adr->host;
+	foreach( $domains as $dom ) {
+	  if( $dom == $adrdom ) return true;
+	  if( $params['verify_subdomains'] && substr($adrdom, -strlen($dom)-1) == ".$dom" ) return true;
+	}
+  }
+  return false;
+}
+
 // Check that mail from our domains have trustable
 // From: header and that mail from the outside
 // does not impersonate any user from our domain
@@ -98,22 +117,22 @@
     $senderdom = substr(strrchr($sender, '@'), 1);
     foreach( $domains as $domain ) {
       if( $params['verify_subdomains'] ) {	
-	//myLog( "Checking if ".substr($senderdom, -strlen($domain)-1)." == .$domain", RM_LOG_DEBUG );
-	//myLog( "Checking if ".substr($fromdom, -strlen($domain)-1)." == .$domain", RM_LOG_DEBUG );
-	if( $client_addr != '127.0.0.1' && 
-	    ($senderdom == $domain ||
-	     $fromdom   == $domain ||
-	     substr($senderdom, -strlen($domain)-1) == ".$domain" ||
-	     substr($fromdom, -strlen($domain)-1) == ".$domain" ) &&
-	    $sender != $from ) {
-	  return false;
-	}
+		//myLog( "Checking if ".substr($senderdom, -strlen($domain)-1)." == .$domain", RM_LOG_DEBUG );
+		//myLog( "Checking if ".substr($fromdom, -strlen($domain)-1)." == .$domain", RM_LOG_DEBUG );
+		if( $client_addr != '127.0.0.1' && 
+			($senderdom == $domain ||
+			 $fromdom   == $domain ||
+			 substr($senderdom, -strlen($domain)-1) == ".$domain" ||
+			 substr($fromdom, -strlen($domain)-1) == ".$domain" ) &&
+			$sender != $from ) {
+		  return false;
+		}
       } else {
-	if( ($senderdom == $domain ||
-	     $fromdom   == $domain ) &&
-	    $sender != $from ) {
-	  return false;
-	}
+		if( ($senderdom == $domain ||
+			 $fromdom   == $domain ) &&
+			$sender != $from ) {
+		  return false;
+		}
       }
     }
   }
@@ -162,10 +181,17 @@
       if( !verify_sender( strtolower($sender), strtolower($from), $client_address) ) {
 		myLog("$sender and $from differ!", RM_LOG_DEBUG);
 		if( $params['reject_forged_from_header'] ) {
+		  // Always reject mismatches
 		  $senderok = false;
 		} else {
-		  myLog("Rewriting From header", RM_LOG_DEBUG);
-		  $rewrittenfrom = "From: $from (UNTRUSTED, sender is \"$sender\")\r\n";
+		  // Only rewrite if from is ours and envelope not
+		  if( is_my_domain( $from ) && !is_my_domain( $sender )) {
+			myLog("Rewriting From header", RM_LOG_DEBUG);
+			$rewrittenfrom = "From: $from (UNTRUSTED, sender is \"$sender\")\r\n";
+		  } else {
+			// Not our domain in From, reject
+			$senderok = false;			
+		  }
 		}
       }
     }





More information about the commits mailing list