diff options
Diffstat (limited to 'Mailman')
| -rwxr-xr-x | Mailman/Defaults.py.in | 7 | ||||
| -rwxr-xr-x | Mailman/MailList.py | 7 | ||||
| -rw-r--r-- | Mailman/Utils.py | 21 |
3 files changed, 34 insertions, 1 deletions
diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in index fc72ef0d..a124832d 100755 --- a/Mailman/Defaults.py.in +++ b/Mailman/Defaults.py.in @@ -142,9 +142,14 @@ RECAPTCHA_SECRET_KEY = None # in the installation. This supplements the individual list's ban_list. # For example, to ban xxx@aol.com and any @gmail.com address beginning with # yyy, set -# GLOBAL_BAN_LIST = ['xxx@aol.com', '^yyy.*@gmail\.com$'] +# GLOBAL_BAN_LIST = ['xxx@aol\.com', '^yyy.*@gmail\.com$'] GLOBAL_BAN_LIST = [] +# IF the following is set to Yes, and a web subscribe comes from an IPv4 +# address and the IP is listed in Spamhaus ZEN, the subscription will be +# blocked. +BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE = No + # Command that is used to convert text/html parts into plain text. This # should output results to standard output. %(filename)s will contain the # name of the temporary file that the program should operate on. diff --git a/Mailman/MailList.py b/Mailman/MailList.py index 619c3206..ecd6ce5c 100755 --- a/Mailman/MailList.py +++ b/Mailman/MailList.py @@ -908,6 +908,13 @@ class MailList(HTMLFormatter, Deliverer, ListAdmin, syslog('vette', '%s banned subscription: %s%s (matched: %s)', realname, email, whence, pattern) raise Errors.MembershipIsBanned, pattern + # See if this is from a spamhaus listed IP. + if remote and BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE: + if Utils.banned_ip(remote): + whence = ' from %s' % remote + syslog('vette', '%s banned subscription: %s%s (Spamhaus IP)', + realname, email, whence) + raise Errors.MembershipIsBanned, pattern # Sanity check the digest flag if digest and not self.digestable: raise Errors.MMCantDigestError diff --git a/Mailman/Utils.py b/Mailman/Utils.py index fd6ac796..2f9bda63 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -1495,3 +1495,24 @@ def xml_to_unicode(s, cset): else: return s +def banned_ip(ip): + if not dns_resolver: + return False + parts = ip.split('.') + if len(parts) != 4: + return False + lookup = '{}.{}.{}.{}.zen.spamhaus.org'.format(parts[3], + parts[2], + parts[1], + parts[0]) + resolver = dns.resolver.Resolver() + try: + ans = resolver.query(lookup, dns.rdatatype.A) + except DNSException: + return False + if not ans: + return False + text = ans.rrset.to_text() + if re.search(r'127\.0\.0\.\d{1,2}$', text, re.MULTILINE): + return True + return False |