diff options
author | Mark Sapiro <mark@msapiro.net> | 2016-04-09 15:43:47 -0700 |
---|---|---|
committer | Mark Sapiro <mark@msapiro.net> | 2016-04-09 15:43:47 -0700 |
commit | 325a8d245275d421094f71eb026801a0bc1b8a5f (patch) | |
tree | 1c41ac031c5945bf0b9aa4d5475ef8d03663cde1 | |
parent | 93f11f1a9b9e6f2f1251b1efb75131e0c9839029 (diff) | |
download | mailman2-325a8d245275d421094f71eb026801a0bc1b8a5f.tar.gz mailman2-325a8d245275d421094f71eb026801a0bc1b8a5f.tar.xz mailman2-325a8d245275d421094f71eb026801a0bc1b8a5f.zip |
Honor an organizational domain's DMARC sp= policy for sub-domains.
Diffstat (limited to '')
-rw-r--r-- | Mailman/Utils.py | 19 | ||||
-rw-r--r-- | NEWS | 3 |
2 files changed, 17 insertions, 5 deletions
diff --git a/Mailman/Utils.py b/Mailman/Utils.py index 37336e0d..f6cf607e 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -1250,12 +1250,12 @@ def IsDMARCProhibited(mlist, email): return x o_dom = get_org_dom(f_dom) if o_dom != f_dom: - x = _DMARCProhibited(mlist, email, '_dmarc.' + o_dom) + x = _DMARCProhibited(mlist, email, '_dmarc.' + o_dom, org=True) if x != 'continue': return x return False -def _DMARCProhibited(mlist, email, dmarc_domain): +def _DMARCProhibited(mlist, email, dmarc_domain, org=False): try: resolver = dns.resolver.Resolver() @@ -1315,14 +1315,23 @@ def _DMARCProhibited(mlist, email, dmarc_domain): testing them all""", dmarc_domain, len(dmarc)) for entry in dmarcs: - if re.search(r'\bp=reject\b', entry, re.IGNORECASE): + mo = re.search(r'\bsp=(\w*)\b', entry, re.IGNORECASE) + if org and mo: + policy = mo.group(1).lower() + else: + mo = re.search(r'\bp=(\w*)\b', entry, re.IGNORECASE) + if mo: + policy = mo.group(1).lower() + else: + continue + if policy == 'reject': syslog('vette', '%s: DMARC lookup for %s (%s) found p=reject in %s = %s', mlist.real_name, email, dmarc_domain, name, entry) return True if (mlist.dmarc_quarantine_moderation_action and - re.search(r'\bp=quarantine\b', entry, re.IGNORECASE)): + policy == 'quarantine'): syslog('vette', '%s: DMARC lookup for %s (%s) found p=quarantine in %s = %s', mlist.real_name, email, dmarc_domain, name, entry) @@ -1331,7 +1340,7 @@ def _DMARCProhibited(mlist, email, dmarc_domain): if (mlist.dmarc_none_moderation_action and mlist.dmarc_quarantine_moderation_action and mlist.dmarc_moderation_action in (1, 2) and - re.search(r'\bp=none\b', entry, re.IGNORECASE)): + policy == 'none'): syslog('vette', '%s: DMARC lookup for %s (%s) found p=none in %s = %s', mlist.real_name, email, dmarc_domain, name, entry) @@ -19,6 +19,9 @@ Here is a history of user visible changes to Mailman. Bug fixes and other patches + - DMARC mitigations for a sub-domain of an organizational domain will now + use the organizational domain's sp= policy if any. (LP: #1568398) + - Modified NewsRunner.py to ensure that messages gated to Usenet have a non-blank Subject: header and when munging the Message-ID to add the original to References: to help with threading. (LP: #557955) |