|
Lines 50-57
def listfilter(attr):
|
Link Here
|
|---|
|
|---|
| 50 |
|
50 |
|
| 51 |
sender = attr.get("sender", None) |
51 |
sender = attr.get("sender", None) |
| 52 |
recipient = attr.get("recipient", None) |
52 |
recipient = attr.get("recipient", None) |
| 53 |
action = "DUNNO default" |
|
|
| 54 |
allowed = {} |
| 55 |
|
53 |
|
| 56 |
if not options.ldap_base: |
54 |
if not options.ldap_base: |
| 57 |
return "443 LDAP base not set." |
55 |
return "443 LDAP base not set." |
|
Lines 59-66
def listfilter(attr):
|
Link Here
|
|---|
|
|---|
| 59 |
# We will never get here, because an empty recipient will have been rejected |
57 |
# We will never get here, because an empty recipient will have been rejected |
| 60 |
# earlier by Postfix with '554 5.5.1 Error: no valid recipients'. |
58 |
# earlier by Postfix with '554 5.5.1 Error: no valid recipients'. |
| 61 |
return "REJECT Access denied for empty recipient." |
59 |
return "REJECT Access denied for empty recipient." |
| 62 |
elif not sender: |
|
|
| 63 |
return "REJECT Access denied for empty sender." |
| 64 |
else: |
60 |
else: |
| 65 |
# reuse secret file of univention-mail-cyrus |
61 |
# reuse secret file of univention-mail-cyrus |
| 66 |
ldap = univention.uldap.getMachineConnection(ldap_master=False, secret_file="/etc/listfilter.secret") |
62 |
ldap = univention.uldap.getMachineConnection(ldap_master=False, secret_file="/etc/listfilter.secret") |
|
Lines 72-88
def listfilter(attr):
|
Link Here
|
|---|
|
|---|
| 72 |
|
68 |
|
| 73 |
# try the ldap stuff, if that fails send email anyway |
69 |
# try the ldap stuff, if that fails send email anyway |
| 74 |
try: |
70 |
try: |
| 75 |
# get dn and groups of sender |
|
|
| 76 |
filter = '(&(|(mailPrimaryAddress=%s)(mailAlternativeAddress=%s)(mail=%s))(objectclass=posixAccount))' % (sender, sender, sender) |
| 77 |
userResult = ldap.search(base=options.ldap_base, filter=filter, attr=["dn"]) |
| 78 |
if userResult: |
| 79 |
userDn = userResult[0][0] |
| 80 |
filter = '(uniqueMember=%s)' % userDn |
| 81 |
groupResult = ldap.search(base=options.ldap_base, filter=filter, attr=["dn"]) |
| 82 |
if groupResult: |
| 83 |
for i in groupResult: |
| 84 |
userGroups.append(i[0]) |
| 85 |
|
| 86 |
# get recipient restriction |
71 |
# get recipient restriction |
| 87 |
ldapAttr = ["univentionAllowedEmailGroups", "univentionAllowedEmailUsers"] |
72 |
ldapAttr = ["univentionAllowedEmailGroups", "univentionAllowedEmailUsers"] |
| 88 |
filter = '(&(mailPrimaryAddress=%s)(|(objectclass=univentionMailList)(objectclass=posixGroup)))' % recipient |
73 |
filter = '(&(mailPrimaryAddress=%s)(|(objectclass=univentionMailList)(objectclass=posixGroup)))' % recipient |
|
Lines 95-100
def listfilter(attr):
|
Link Here
|
|---|
|
|---|
| 95 |
for u in result[0][1].get("univentionAllowedEmailUsers", []): |
80 |
for u in result[0][1].get("univentionAllowedEmailUsers", []): |
| 96 |
allowedUserDns.append(u) |
81 |
allowedUserDns.append(u) |
| 97 |
|
82 |
|
|
|
83 |
# check if there are restrictions, check sender first |
| 84 |
if allowedUserDns or allowedGroupDns: |
| 85 |
if not sender: |
| 86 |
return "REJECT Access denied for empty sender to restricted list %s" % (recipient, ) |
| 87 |
|
| 88 |
# get dn and groups of sender |
| 89 |
filter = '(&(|(mailPrimaryAddress=%s)(mailAlternativeAddress=%s)(mail=%s))(objectclass=posixAccount))' % (sender, sender, sender) |
| 90 |
userResult = ldap.search(base=options.ldap_base, filter=filter, attr=["dn"]) |
| 91 |
if userResult: |
| 92 |
userDn = userResult[0][0] |
| 93 |
filter = '(uniqueMember=%s)' % userDn |
| 94 |
groupResult = ldap.search(base=options.ldap_base, filter=filter, attr=["dn"]) |
| 95 |
if groupResult: |
| 96 |
for i in groupResult: |
| 97 |
userGroups.append(i[0]) |
| 98 |
|
| 98 |
# check if there are restrictions |
99 |
# check if there are restrictions |
| 99 |
if allowedUserDns or allowedGroupDns: |
100 |
if allowedUserDns or allowedGroupDns: |
| 100 |
|
101 |
|