gunnar: server/perl-kolab/bin kolab_smtpdpolicy.in,1.2.2.1,1.2.2.2
cvs at kolab.org
cvs at kolab.org
Fri Dec 4 17:33:54 CET 2009
Author: gunnar
Update of /kolabrepository/server/perl-kolab/bin
In directory doto:/tmp/cvs-serv24111/bin
Modified Files:
Tag: kolab_2_2_branch
kolab_smtpdpolicy.in
Log Message:
kolab/issue1340 (RFC: restrict users to sending mail only to internal recipients) - Doh, shouldn't test this with the webclient as it is always in the permit hosts. This next step reacts toward a single - which denies all recipients.
Index: kolab_smtpdpolicy.in
===================================================================
RCS file: /kolabrepository/server/perl-kolab/bin/kolab_smtpdpolicy.in,v
retrieving revision 1.2.2.1
retrieving revision 1.2.2.2
diff -u -d -r1.2.2.1 -r1.2.2.2
--- kolab_smtpdpolicy.in 4 Dec 2009 15:38:22 -0000 1.2.2.1
+++ kolab_smtpdpolicy.in 4 Dec 2009 16:33:52 -0000 1.2.2.2
@@ -288,29 +288,28 @@
AGAIN:
my $mesg = $ldap->search( base=> $conf_basedn,
scope=> 'sub',
- filter=> "(&(objectClass=kolabinetorgperson)(|(mail=$sender)(alias=$sender)))",
+ filter=> "(&(objectClass=kolabinetorgperson)(|(mail=$username)(uid=$username)))",
attrs => [ 'kolabAllowSMTPRecipient' ]);
if( !$mesg->code && $mesg->count() > 0 ) {
mylog($syslog_priority, "LDAP search returned ".$mesg->count()." objects") if $verbose;
foreach my $entry ( $mesg->entries ) {
- mylog($syslog_priority, lc($entry->get_value('uid')." is the uid of ".$sender)) if $verbose;
my $allowed_recipient;
for $allowed_recipient ($entry->get_value('kolabAllowSMTPRecipient')) {
-
+ mylog($syslog_priority, lc($entry->get_value('uid')." has allowed recipient ".$allowed_recipient)) if $verbose;
+ return undef if $allowed_recipient eq '-';
# TODO
}
- # Allow sending if there was no entry or no entry rejcted
- return 1;
- }
- } elsif( $mesg->code && $mesg->code != LDAP_NO_SUCH_OBJECT && $tries++ <= $ldap_max_tries ) {
- mylog($syslog_priority, "LDAP Connection error during CHECKRESTRICTEDSENDER: ".$mesg->error.", trying to reconnect" );
- ldap_connect;
- goto AGAIN;
- } elsif( $mesg->code ) {
- mylog( $syslog_priority, "LDAP Error during CHECKRESTRICTEDSENDER: ".$mesg->error ) if $verbose;
- # Just fall through and accept the message in case there was an LDAP problem.
}
+ # Allow sending if there was no entry or no entry rejcted
+ return 1;
+ } elsif( $mesg->code && $mesg->code != LDAP_NO_SUCH_OBJECT && $tries++ <= $ldap_max_tries ) {
+ mylog($syslog_priority, "LDAP Connection error during CHECKRESTRICTEDSENDER: ".$mesg->error.", trying to reconnect" );
+ ldap_connect;
+ goto AGAIN;
+ } elsif( $mesg->code ) {
+ mylog( $syslog_priority, "LDAP Error during CHECKRESTRICTEDSENDER: ".$mesg->error ) if $verbose;
+ # Just fall through and accept the message in case there was an LDAP problem.
}
return 1;
}
@@ -341,6 +340,9 @@
eval{ $username = lookup_uid($username) }; return "DEFER_IF_PERMIT $@" if $@;
+ # Check for valid access from a restricted sender
+ return "REJECT Recipient denied" unless check_restricted_sender($username, $recipient);
+
# See if sender is owned by someone
my @uids;
eval { @uids = lookup_sender_uids($sender) }; return "DEFER_IF_PERMIT $@" if $@;
@@ -369,9 +371,6 @@
# Check for valid access to restricted distribution lists
return "REJECT Access denied" unless check_dist_list($username, $recipient);
-
- # Check for valid access from a restricted sender
- return "REJECT Recipient denied" unless check_restricted_sender($username, $recipient);
# The result can be any action that is allowed in a Postfix access(5) map.
#
More information about the commits
mailing list