1 files changed, 57 insertions, 11 deletions

diff --git a/src/leap/mx/check_recipient_access.py b/src/leap/mx/check_recipient_access.py
index b80ccfd..55460a6 100644
--- a/src/leap/mx/check_recipient_access.py
+++ b/src/leap/mx/check_recipient_access.py
@@ -17,26 +17,72 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 """
-Classes for resolving postfix recipient access
+Classes for resolving postfix recipient access.
+
+The resolver is queried by the mail server before delivery to the mail spool
+directory, and should check if the address is able to receive messages.
+Examples of reasons for denying delivery would be that the user is out of
+quota, is user, or have no pgp public key in the server.
 
 Test this with postmap -v -q "foo" tcp:localhost:2244
 """
 
 from twisted.protocols import postfix
 
-from leap.mx.alias_resolver import AliasResolverFactory
+from leap.mx.tcp_map import LEAPPostfixTCPMapServerFactory
+from leap.mx.tcp_map import TCP_MAP_CODE_SUCCESS
+from leap.mx.tcp_map import TCP_MAP_CODE_TEMPORARY_FAILURE
+from leap.mx.tcp_map import TCP_MAP_CODE_PERMANENT_FAILURE
+
+
+class LEAPPostFixTCPMapAccessServer(postfix.PostfixTCPMapServer):
+    """
+    A postfix tcp map recipient access checker server.
 
+    The server potentially receives the uuid and a PGP key for the user, which
+    are looked up by the factory, and will return a permanent or a temporary
+    failure in case either the user or the key don't exist, respectivelly.
+    """
 
-class LEAPPostFixTCPMapserverAccess(postfix.PostfixTCPMapServer):
     def _cbGot(self, value):
-        # For more info, see:
-        # http://www.postfix.org/tcp_table.5.html
-        # http://www.postfix.org/access.5.html
-        if value is None:
-            self.sendCode(500, postfix.quote("REJECT"))
+        """
+        Return a code and message depending on the result of the factory's
+        get().
+
+        If there's no pgp public key for the user, we currently return a
+        temporary failure saying that the user account is disabled.
+
+        For more info, see: http://www.postfix.org/access.5.html
+
+        :param value: The uuid and public key.
+        :type value: list
+        """
+        uuid, pubkey = value
+        if uuid is None:
+            self.sendCode(
+                TCP_MAP_CODE_PERMANENT_FAILURE,
+                postfix.quote("REJECT"))
+        elif pubkey is None:
+            self.sendCode(
+                TCP_MAP_CODE_TEMPORARY_FAILURE,
+                postfix.quote("4.7.13 USER ACCOUNT DISABLED"))
         else:
-            self.sendCode(200, postfix.quote("OK"))
+            self.sendCode(
+                TCP_MAP_CODE_SUCCESS,
+                postfix.quote("OK"))
+
+
+class CheckRecipientAccessFactory(LEAPPostfixTCPMapServerFactory):
+    """
+    A factory for the recipient access checker.
+
+    When queried, the factory looks up the user's uuid and a PGP key for that
+    user and returns the result to the server's _cbGot() method.
+    """
+
+    protocol = LEAPPostFixTCPMapAccessServer
 
+    @property
+    def _query_message(self):
+        return "Checking recipient access for"
 
-class CheckRecipientAccessFactory(AliasResolverFactory):
-    protocol = LEAPPostFixTCPMapserverAccess