summaryrefslogtreecommitdiff
path: root/src/leap
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2015-03-24 15:09:18 -0300
committerdrebs <drebs@leap.se>2015-03-25 17:06:25 -0300
commit5a45acd3486f4e7f830647953731353cda916d51 (patch)
treeb25c6bc90b81b98348b289507cb5f674f4f5486e /src/leap
parent938cada00298243f0cf51c9bfd460ecb16938b57 (diff)
[feat] reject incoming mail if no pgp key found
Implement a PGP key lookup in the postfix smtp recipient restriction and virtual alias mapping levels. If no PGP key is found, then the address is rejected with a temporary error. Closes: #6795
Diffstat (limited to 'src/leap')
-rw-r--r--src/leap/mx/alias_resolver.py45
-rw-r--r--src/leap/mx/check_recipient_access.py5
2 files changed, 25 insertions, 25 deletions
diff --git a/src/leap/mx/alias_resolver.py b/src/leap/mx/alias_resolver.py
index 45a3ed2..4247b57 100644
--- a/src/leap/mx/alias_resolver.py
+++ b/src/leap/mx/alias_resolver.py
@@ -28,10 +28,11 @@ TODO:
try:
# TODO: we should probably use the system alias somehow
- # from twisted.mail import alias
+ # from twisted.mail import alias
from twisted.protocols import postfix
from twisted.python import log
from twisted.internet import defer
+ from twisted.internet.protocol import ServerFactory
except ImportError:
print "This software requires Twisted. Please see the README file"
print "for instructions on getting required dependencies."
@@ -39,19 +40,20 @@ except ImportError:
class LEAPPostFixTCPMapserver(postfix.PostfixTCPMapServer):
def _cbGot(self, value):
- if value is None:
+ uuid, pubkey = value
+ if uuid is None:
self.sendCode(500, postfix.quote("NOT FOUND SRY"))
+ elif pubkey is None:
+ self.sendCode(400, postfix.quote("4.7.13 USER ACCOUNT DISABLED"))
else:
self.sendCode(200, postfix.quote(value))
-class AliasResolverFactory(postfix.PostfixTCPMapDeferringDictServerFactory):
+class AliasResolverFactory(ServerFactory):
protocol = LEAPPostFixTCPMapserver
- def __init__(self, couchdb, *args, **kwargs):
- postfix.PostfixTCPMapDeferringDictServerFactory.__init__(
- self, *args, **kwargs)
+ def __init__(self, couchdb):
self._cdb = couchdb
def _to_str(self, result):
@@ -64,14 +66,14 @@ class AliasResolverFactory(postfix.PostfixTCPMapDeferringDictServerFactory):
log.msg("Result not found")
return result
- def spit_result(self, result):
- """
- Formats the return codes in a postfix friendly format.
- """
- if result is None:
- return None
- else:
- return defer.succeed(result)
+ def _getPubKey(self, uuid):
+ if uuid is None:
+ return defer.succeed([None, None])
+ d = defer.gatherResults([
+ self._to_str(uuid),
+ self._cdb.getPubKey(uuid),
+ ])
+ return d
def get(self, key):
"""
@@ -79,13 +81,8 @@ class AliasResolverFactory(postfix.PostfixTCPMapDeferringDictServerFactory):
At some point we will have to consider the domain part too.
"""
- try:
- log.msg("Query key: %s" % (key,))
- d = self._cdb.queryByAddress(key)
-
- d.addCallback(self._to_str)
- d.addCallback(self.spit_result)
- d.addErrback(log.err)
- return d
- except Exception as e:
- log.err('exception in get: %r' % e)
+ log.msg("Query key: %s" % (key,))
+ d = self._cdb.queryByAddress(key)
+ d.addCallback(self._getPubKey)
+ d.addErrback(log.err)
+ return d
diff --git a/src/leap/mx/check_recipient_access.py b/src/leap/mx/check_recipient_access.py
index b80ccfd..d4ae339 100644
--- a/src/leap/mx/check_recipient_access.py
+++ b/src/leap/mx/check_recipient_access.py
@@ -32,8 +32,11 @@ class LEAPPostFixTCPMapserverAccess(postfix.PostfixTCPMapServer):
# For more info, see:
# http://www.postfix.org/tcp_table.5.html
# http://www.postfix.org/access.5.html
- if value is None:
+ uuid, pubkey = value
+ if uuid is None:
self.sendCode(500, postfix.quote("REJECT"))
+ elif pubkey is None:
+ self.sendCode(400, postfix.quote("4.7.13 USER ACCOUNT DISABLED"))
else:
self.sendCode(200, postfix.quote("OK"))