Lines 50-57
def listfilter(attr):
|
Link Here
|
---|
|
50 |
|
50 |
|
51 |
sender = attr.get("sender", None) |
51 |
sender = attr.get("sender", None) |
52 |
recipient = attr.get("recipient", None) |
52 |
recipient = attr.get("recipient", None) |
53 |
action = "DUNNO default" |
|
|
54 |
allowed = {} |
55 |
|
53 |
|
56 |
if not options.ldap_base: |
54 |
if not options.ldap_base: |
57 |
return "443 LDAP base not set." |
55 |
return "443 LDAP base not set." |
Lines 59-66
def listfilter(attr):
|
Link Here
|
---|
|
59 |
# We will never get here, because an empty recipient will have been rejected |
57 |
# We will never get here, because an empty recipient will have been rejected |
60 |
# earlier by Postfix with '554 5.5.1 Error: no valid recipients'. |
58 |
# earlier by Postfix with '554 5.5.1 Error: no valid recipients'. |
61 |
return "REJECT Access denied for empty recipient." |
59 |
return "REJECT Access denied for empty recipient." |
62 |
elif not sender: |
|
|
63 |
return "REJECT Access denied for empty sender." |
64 |
else: |
60 |
else: |
65 |
# reuse secret file of univention-mail-cyrus |
61 |
# reuse secret file of univention-mail-cyrus |
66 |
ldap = univention.uldap.getMachineConnection(ldap_master=False, secret_file="/etc/listfilter.secret") |
62 |
ldap = univention.uldap.getMachineConnection(ldap_master=False, secret_file="/etc/listfilter.secret") |
Lines 72-88
def listfilter(attr):
|
Link Here
|
---|
|
72 |
|
68 |
|
73 |
# try the ldap stuff, if that fails send email anyway |
69 |
# try the ldap stuff, if that fails send email anyway |
74 |
try: |
70 |
try: |
75 |
# get dn and groups of sender |
|
|
76 |
filter = '(&(|(mailPrimaryAddress=%s)(mailAlternativeAddress=%s)(mail=%s))(objectclass=posixAccount))' % (sender, sender, sender) |
77 |
userResult = ldap.search(base=options.ldap_base, filter=filter, attr=["dn"]) |
78 |
if userResult: |
79 |
userDn = userResult[0][0] |
80 |
filter = '(uniqueMember=%s)' % userDn |
81 |
groupResult = ldap.search(base=options.ldap_base, filter=filter, attr=["dn"]) |
82 |
if groupResult: |
83 |
for i in groupResult: |
84 |
userGroups.append(i[0]) |
85 |
|
86 |
# get recipient restriction |
71 |
# get recipient restriction |
87 |
ldapAttr = ["univentionAllowedEmailGroups", "univentionAllowedEmailUsers"] |
72 |
ldapAttr = ["univentionAllowedEmailGroups", "univentionAllowedEmailUsers"] |
88 |
filter = '(&(mailPrimaryAddress=%s)(|(objectclass=univentionMailList)(objectclass=posixGroup)))' % recipient |
73 |
filter = '(&(mailPrimaryAddress=%s)(|(objectclass=univentionMailList)(objectclass=posixGroup)))' % recipient |
Lines 95-100
def listfilter(attr):
|
Link Here
|
---|
|
95 |
for u in result[0][1].get("univentionAllowedEmailUsers", []): |
80 |
for u in result[0][1].get("univentionAllowedEmailUsers", []): |
96 |
allowedUserDns.append(u) |
81 |
allowedUserDns.append(u) |
97 |
|
82 |
|
|
|
83 |
# check if there are restrictions, check sender first |
84 |
if allowedUserDns or allowedGroupDns: |
85 |
if not sender: |
86 |
return "REJECT Access denied for empty sender to restricted list %s" % (recipient, ) |
87 |
|
88 |
# get dn and groups of sender |
89 |
filter = '(&(|(mailPrimaryAddress=%s)(mailAlternativeAddress=%s)(mail=%s))(objectclass=posixAccount))' % (sender, sender, sender) |
90 |
userResult = ldap.search(base=options.ldap_base, filter=filter, attr=["dn"]) |
91 |
if userResult: |
92 |
userDn = userResult[0][0] |
93 |
filter = '(uniqueMember=%s)' % userDn |
94 |
groupResult = ldap.search(base=options.ldap_base, filter=filter, attr=["dn"]) |
95 |
if groupResult: |
96 |
for i in groupResult: |
97 |
userGroups.append(i[0]) |
98 |
|
98 |
# check if there are restrictions |
99 |
# check if there are restrictions |
99 |
if allowedUserDns or allowedGroupDns: |
100 |
if allowedUserDns or allowedGroupDns: |
100 |
|
101 |
|