aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Mailman/Utils.py19
-rw-r--r--NEWS3
2 files changed, 17 insertions, 5 deletions
diff --git a/Mailman/Utils.py b/Mailman/Utils.py
index 37336e0d..f6cf607e 100644
--- a/Mailman/Utils.py
+++ b/Mailman/Utils.py
@@ -1250,12 +1250,12 @@ def IsDMARCProhibited(mlist, email):
return x
o_dom = get_org_dom(f_dom)
if o_dom != f_dom:
- x = _DMARCProhibited(mlist, email, '_dmarc.' + o_dom)
+ x = _DMARCProhibited(mlist, email, '_dmarc.' + o_dom, org=True)
if x != 'continue':
return x
return False
-def _DMARCProhibited(mlist, email, dmarc_domain):
+def _DMARCProhibited(mlist, email, dmarc_domain, org=False):
try:
resolver = dns.resolver.Resolver()
@@ -1315,14 +1315,23 @@ def _DMARCProhibited(mlist, email, dmarc_domain):
testing them all""",
dmarc_domain, len(dmarc))
for entry in dmarcs:
- if re.search(r'\bp=reject\b', entry, re.IGNORECASE):
+ mo = re.search(r'\bsp=(\w*)\b', entry, re.IGNORECASE)
+ if org and mo:
+ policy = mo.group(1).lower()
+ else:
+ mo = re.search(r'\bp=(\w*)\b', entry, re.IGNORECASE)
+ if mo:
+ policy = mo.group(1).lower()
+ else:
+ continue
+ if policy == 'reject':
syslog('vette',
'%s: DMARC lookup for %s (%s) found p=reject in %s = %s',
mlist.real_name, email, dmarc_domain, name, entry)
return True
if (mlist.dmarc_quarantine_moderation_action and
- re.search(r'\bp=quarantine\b', entry, re.IGNORECASE)):
+ policy == 'quarantine'):
syslog('vette',
'%s: DMARC lookup for %s (%s) found p=quarantine in %s = %s',
mlist.real_name, email, dmarc_domain, name, entry)
@@ -1331,7 +1340,7 @@ def _DMARCProhibited(mlist, email, dmarc_domain):
if (mlist.dmarc_none_moderation_action and
mlist.dmarc_quarantine_moderation_action and
mlist.dmarc_moderation_action in (1, 2) and
- re.search(r'\bp=none\b', entry, re.IGNORECASE)):
+ policy == 'none'):
syslog('vette',
'%s: DMARC lookup for %s (%s) found p=none in %s = %s',
mlist.real_name, email, dmarc_domain, name, entry)
diff --git a/NEWS b/NEWS
index 2ebf3246..5deb83cc 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,9 @@ Here is a history of user visible changes to Mailman.
Bug fixes and other patches
+ - DMARC mitigations for a sub-domain of an organizational domain will now
+ use the organizational domain's sp= policy if any. (LP: #1568398)
+
- Modified NewsRunner.py to ensure that messages gated to Usenet have a
non-blank Subject: header and when munging the Message-ID to add the
original to References: to help with threading. (LP: #557955)