8 commits - bin/kolab_smtp_access_policy.py conf/kolab.conf pykolab/cli pykolab/imap saslauthd/__init__.py
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Thu Nov 21 16:01:44 CET 2013
bin/kolab_smtp_access_policy.py | 49 ++++++++++++++++++++++++------
conf/kolab.conf | 8 +++-
pykolab/cli/cmd_list_deleted_mailboxes.py | 6 +--
pykolab/cli/cmd_list_mailbox_metadata.py | 11 +++---
pykolab/cli/cmd_undelete_mailbox.py | 8 ++++
pykolab/imap/__init__.py | 41 +++++++++++++++----------
pykolab/imap/cyrus.py | 13 ++++++-
saslauthd/__init__.py | 36 ++++++++++++++++++----
8 files changed, 127 insertions(+), 45 deletions(-)
New commits:
commit 7a6d55c34d58f5901d6e3b27167574a97160c0fd
Merge: 0c105fd 7a07218
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Nov 21 16:00:37 2013 +0100
Merge branch 'master' of ssh://git.kolabsys.com/git/pykolab
commit 0c105fd4f0a1b014e458fb3c09091f1defe72008
Author: Timotheus Pokorra (TBits.net) <tp at tbits.net>
Date: Thu Nov 21 15:55:16 2013 +0100
Test if metadata holds the key we're about to use to print the value (#2253)
diff --git a/pykolab/cli/cmd_list_mailbox_metadata.py b/pykolab/cli/cmd_list_mailbox_metadata.py
index ac98283..e77caea 100644
--- a/pykolab/cli/cmd_list_mailbox_metadata.py
+++ b/pykolab/cli/cmd_list_mailbox_metadata.py
@@ -87,8 +87,9 @@ def execute(*args, **kw):
metadata = imap.get_metadata(folder)
- for annotation in metadata[folder].keys():
- print " %-49s %s" % (
- annotation,
- metadata[folder][annotation]
- )
+ if metadata.has_key(folder):
+ for annotation in metadata[folder].keys():
+ print " %-49s %s" % (
+ annotation,
+ metadata[folder][annotation]
+ )
commit 6280ac3c7e5b7209b7b5da7fd0c7d57e7d3744ca
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Nov 21 15:53:06 2013 +0100
Add new setting [kolab_smtp_access_policy] empty_sender_networks to the default kolab.conf
diff --git a/conf/kolab.conf b/conf/kolab.conf
index c84f4bb..8fd7934 100644
--- a/conf/kolab.conf
+++ b/conf/kolab.conf
@@ -24,7 +24,7 @@ sync_interval = 300
; Primary and secondary recipient address policies. This is called the
; recipient policy as documented in:
-;
+;
; http://docs.kolab.org/administrator-guide/configuring-the-kolab-server.html#recipient-policy
;
; Note this is the global default, and each [$domain] section can have
@@ -225,7 +225,7 @@ quota_attribute = mailquota
;
; For OpenLDAP, use 'entrydn' - the 'entryUUID' can regrettably not be searched
; with.
-;
+;
; For Active Directory, use 'objectsid'.
unique_attribute = nsuniqueid
@@ -260,6 +260,10 @@ cache_uri = mysql://user:pass@localhost/database
cache_retention = 86400
address_search_attrs = mail, alias
+; Allow hosts in these networks to submit messages with empty envelope senders,
+; such as web-clients responding to MDN requests.
+empty_sender_hosts = 3.2.1.0/24, 6.6.6.0/24
+
; Section for Hosted client interface settings. This is not enabled by default.
;[kolab_hosting]
;
commit 2a4c22da772d05b21ad899281f6a2475d4935727
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Nov 21 15:51:52 2013 +0100
Try/except the actual routines of the Kolab SMTP Access Policy, and push a traceback through log.error (#2329)
Allow empty sender addresses from trusted hosts, or do not crash but return False (#2329)
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index 9db2c2a..ed588c2 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -1000,6 +1000,31 @@ class PolicyRequest(object):
sender_verified = False
+ if self.sender == None:
+ # Trusted host?
+ if not hasattr(self, 'client_address') or \
+ self.client_address == "" or \
+ self.client_address == None:
+
+ # Nothing to compare to.
+ return False
+
+ try:
+ import netaddr
+
+ networks = conf.get_list(
+ 'kolab_smtp_access_policy',
+ 'empty_sender_hosts'
+ )
+
+ trusted = False
+ for network in networks:
+ if netaddr.IPNetwork(self.client_address) in netaddr.IPNetwork(network):
+ return True
+
+ except ImportError, errmsg:
+ return False
+
if not cache == False:
records = cache_select(
sender=self.sender,
@@ -1483,17 +1508,23 @@ if __name__ == "__main__":
sender_allowed = False
recipient_allowed = False
- if conf.verify_sender:
- sender_allowed = policy_requests[instance].verify_sender()
- else:
- sender_allowed = True
+ try:
+ if conf.verify_sender:
+ sender_allowed = policy_requests[instance].verify_sender()
+ else:
+ sender_allowed = True
- if conf.verify_recipient:
- recipient_allowed = \
- policy_requests[instance].verify_recipients()
+ if conf.verify_recipient:
+ recipient_allowed = \
+ policy_requests[instance].verify_recipients()
- else:
- recipient_allowed = True
+ else:
+ recipient_allowed = True
+
+ except Exception, errmsg:
+ import traceback
+ log.error(_("Unhandled exception caught: %r") % (errmsg))
+ log.error(traceback.format_exc())
if not sender_allowed:
reject(_("Sender access denied"))
commit d54170b4b5ecbdcd7238d7cfadfd261f5db93366
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Nov 21 14:58:07 2013 +0100
Take the autocreate_folders setting from the [kolab] section if it exists there, and no domain specific autocreate_folders exists (#2492)
diff --git a/pykolab/imap/__init__.py b/pykolab/imap/__init__.py
index 52dfdc1..b154476 100644
--- a/pykolab/imap/__init__.py
+++ b/pykolab/imap/__init__.py
@@ -427,24 +427,33 @@ class IMAP(object):
if not self.domain == None:
if conf.has_option(self.domain, "autocreate_folders"):
- _additional_folders = conf.get_raw(
- self.domain,
- "autocreate_folders"
- )
+ _additional_folders = conf.get_raw(
+ self.domain,
+ "autocreate_folders"
+ )
- additional_folders = conf.plugins.exec_hook(
- "create_user_folders",
- kw={
- 'folder': folder_name,
- 'additional_folders': _additional_folders
- }
- )
+ elif conf.has_option('kolab', "autocreate_folders"):
+ _additional_folders = conf.get_raw(
+ 'kolab',
+ "autocreate_folders"
+ )
+ else:
+ _additional_folders = {}
+
+ additional_folders = conf.plugins.exec_hook(
+ "create_user_folders",
+ kw={
+ 'folder': folder_name,
+ 'additional_folders': _additional_folders
+ }
+ )
+
+ if not additional_folders == None:
+ self.user_mailbox_create_additional_folders(
+ mailbox_base_name,
+ additional_folders
+ )
- if not additional_folders == None:
- self.user_mailbox_create_additional_folders(
- mailbox_base_name,
- additional_folders
- )
if conf.has_option(self.domain, "sieve_mgmt"):
sieve_mgmt_enabled = conf.get(self.domain, 'sieve_mgmt')
if utils.true_or_false(sieve_mgmt_enabled):
commit a8d3a2e13ff4cfda96e09356bc249c5932f71f41
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Nov 21 14:45:47 2013 +0100
Fix listing deleted mailboxes' domain list iteration
diff --git a/pykolab/cli/cmd_list_deleted_mailboxes.py b/pykolab/cli/cmd_list_deleted_mailboxes.py
index d39f890..637b491 100644
--- a/pykolab/cli/cmd_list_deleted_mailboxes.py
+++ b/pykolab/cli/cmd_list_deleted_mailboxes.py
@@ -62,10 +62,8 @@ def execute(*args, **kw):
domains = auth.list_domains()
folders = []
- for primary,secondaries in domains:
- folders.extend(imap.lm("DELETED/*@%s" % (primary)))
- for secondary in secondaries:
- folders.extend(imap.lm("DELETED/*@%s" % (secondary)))
+ for domain in list(set(domains.keys())):
+ folders.extend(imap.lm("DELETED/*@%s" % (domain)))
folders.extend(imap.lm("DELETED/*"))
commit 6bf3cdc14e8b41e303f5204545c380c8813a30a5
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Nov 21 14:43:59 2013 +0100
Add an option --dry-run to undelete-mailbox cmd
diff --git a/pykolab/cli/cmd_undelete_mailbox.py b/pykolab/cli/cmd_undelete_mailbox.py
index 46eec85..8f9c791 100644
--- a/pykolab/cli/cmd_undelete_mailbox.py
+++ b/pykolab/cli/cmd_undelete_mailbox.py
@@ -30,6 +30,14 @@ conf = pykolab.getConf()
def __init__():
commands.register('undelete_mailbox', execute, description=description())
+def cli_options():
+ my_option_group = conf.add_cli_parser_option_group(_("CLI Options"))
+ my_option_group.add_option( '--dry-run',
+ dest = "dry_run",
+ action = "store_true",
+ default = False,
+ help = _("Do not actually execute, but state what would have been executed."))
+
def description(*args, **kw):
return _("Recover mailboxes previously deleted.")
diff --git a/pykolab/imap/cyrus.py b/pykolab/imap/cyrus.py
index 6034b48..ae90fd6 100644
--- a/pykolab/imap/cyrus.py
+++ b/pykolab/imap/cyrus.py
@@ -18,6 +18,7 @@
#
import cyruslib
+import sys
import time
from urlparse import urlparse
@@ -323,10 +324,16 @@ class Cyrus(cyruslib.CYRUS):
target_server = self.find_mailfolder_server(target_folder)
- if not target_server == self.server:
- self.xfer(undelete_folder,target_server)
+ if hasattr(conf,'dry_run') and not conf.dry_run:
+ if not target_server == self.server:
+ self.xfer(undelete_folder,target_server)
- self.rename(undelete_folder,target_folder)
+ self.rename(undelete_folder,target_folder)
+ else:
+ if not target_server == self.server:
+ print >> sys.stdout, _("Would have transfered %s from %s to %s") % (undelete_folder, self.server, target_server)
+
+ print >> sys.stdout, _("Would have renamed %s to %s") % (undelete_folder, target_folder)
def parse_mailfolder(self, mailfolder):
"""
commit 998804c66908f84e5e7b2da4685dd3043b8e8c1c
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Nov 21 14:42:34 2013 +0100
Attempt to circumvent interrupted system calls on UCS / Debian Squeeze
diff --git a/saslauthd/__init__.py b/saslauthd/__init__.py
index 4eaba67..90a7413 100644
--- a/saslauthd/__init__.py
+++ b/saslauthd/__init__.py
@@ -30,6 +30,7 @@ from ConfigParser import SafeConfigParser
import os
import shutil
+import sys
import time
import traceback
@@ -86,11 +87,15 @@ class SASLAuthDaemon(object):
conf.finalize_conf()
- utils.ensure_directory(
- os.path.dirname(conf.pidfile),
- conf.process_username,
- conf.process_groupname
- )
+ try:
+ utils.ensure_directory(
+ os.path.dirname(conf.pidfile),
+ conf.process_username,
+ conf.process_groupname
+ )
+ except Exception, errmsg:
+ log.error(_("Could not create %r: %r") % (os.path.dirname(conf.pidfile), errmsg))
+ sys.exit(1)
self.thread_count = 0
@@ -167,7 +172,26 @@ class SASLAuthDaemon(object):
s.listen(5)
while 1:
- (clientsocket, address) = s.accept()
+ max_tries = 20
+ cur_tries = 0
+ bound = False
+ while not bound:
+ cur_tries += 1
+ try:
+ (clientsocket, address) = s.accept()
+ bound = True
+ except Exception, errmsg:
+ log.error(
+ _("kolab-saslauthd could not accept " + \
+ "connections on socket: %r") % (errmsg)
+ )
+
+ if cur_tries >= max_tries:
+ log.fatal(_("Maximum tries exceeded, exiting"))
+ sys.exit(1)
+
+ time.sleep(1)
+
received = clientsocket.recv(4096)
login = []
More information about the commits
mailing list